QuotaGuard and Bubble.io Integration Guide

QuotaGuard and Bubble.io Integration Guide

QuotaGuard Static IPs allow your Bubble.io applications to send outbound traffic through a load-balanced pair of static IP addresses. Once set up, you can use QuotaGuard’s IPs to connect to firewalled databases and APIs that require IP allowlisting.

You do not need QuotaGuard for internal Bubble operations. Connections to Bubble’s built-in database, file storage, and internal workflows work without a proxy. QuotaGuard is for connecting to external services that require a known, static source IP address.

Why Bubble Apps Need Static IPs

Bubble uses a globally distributed cloud infrastructure where outbound traffic originates from thousands of rotating AWS IP addresses. Bubble explicitly states they do not support static outbound IP addresses on standard plans.

This creates problems when your Bubble app needs to connect to:

• External SQL databases like Azure SQL, AWS RDS, or PostgreSQL servers with firewall rules
• Payment gateways that require IP allowlisting for PCI compliance
• Corporate APIs behind enterprise firewalls
• Government systems with strict IP-based access controls
• Banking integrations that only accept requests from known IP addresses

The result is connection failures and blocked requests that have nothing to do with your app logic. Your API keys are valid. Your configuration is correct. The external service is simply blocking requests from Bubble’s dynamic IP addresses.

QuotaGuard gives your Bubble app a fixed, verifiable identity that partners can add to their firewall allowlists once.

Native Option: Dedicated Instance (Enterprise Only)

Bubble offers a Dedicated Instance option that provides static outbound IPs. Here’s how it compares to QuotaGuard:

Use Dedicated Instance if you’re already on an Enterprise plan and need isolated infrastructure for other reasons.

Use QuotaGuard if you’re on a Starter ($32/month), Growth, or Team plan. You get the same static IP functionality at a fraction of the cost.

Getting Started

After creating a QuotaGuard account, you will be redirected to your dashboard where you can find your proxy credentials and static IP addresses.

Choose the right proxy region: Bubble’s shared clusters are hosted primarily in AWS US-East-1 (Virginia). Select QuotaGuard’s US-East region to minimize latency.

Your proxy URL will look like this:

http://username:password@us-east-static-01.quotaguard.com:9293

Finding Your Static IPs: Your two static IPs are displayed in the QuotaGuard dashboard. Both IPs are active simultaneously for high availability. Add both to any firewall allowlists you’re configuring on the target service side.

Configuring the API Connector

Bubble’s API Connector plugin is the primary way to make outbound HTTP requests. You can route these requests through QuotaGuard by adding proxy headers.

Method 1: Using a Proxy Intermediary

The API Connector does not have native proxy support. The recommended approach is to use QuotaGuard’s HTTP proxy with a custom server-side intermediary. However, for Bubble’s no-code environment, the most practical solution is using the Proxy headers method with services that support it.

Method 2: Direct API Calls with IP Allowlisting

For many use cases, the simpler approach is:

1. Configure your external API or database to allowlist QuotaGuard’s static IPs
2. Use the API Connector normally to make requests
3. Route the traffic through QuotaGuard using one of the methods below

Setting Up QuotaGuard with Bubble

Step 1: Get Your QuotaGuard Credentials

1. Log in to your QuotaGuard dashboard
2. Copy your proxy URL: http://username:password@us-east-static-01.quotaguard.com:9293
3. Note your two static IP addresses (you’ll need these for firewall allowlists)

Step 2: Configure Your External Service

Add both of your QuotaGuard static IPs to the firewall allowlist of your external database or API:

• For Azure SQL: Add the IPs to the firewall rules in the Azure portal
• For AWS RDS: Add the IPs to your security group’s inbound rules
• For MongoDB Atlas: Add the IPs in Network Access settings
• For corporate APIs: Provide the IPs to your IT team for their firewall

Step 3: Use a Backend Workflow or Plugin

Since Bubble’s API Connector lacks native proxy support, you have several options:

Option A: Use a proxy-enabled plugin

Search the Bubble plugin marketplace for HTTP request plugins that support proxy configuration. Some community plugins allow specifying proxy settings.

Option B: Use an external serverless function

Create a simple AWS Lambda, Google Cloud Function, or Cloudflare Worker that:

1. Receives requests from your Bubble app
2. Forwards them through QuotaGuard to the target API
3. Returns the response to Bubble

This is a common pattern for Bubble apps that need advanced networking features.

Option C: Use QuotaGuard’s Inbound Proxy

For webhook-based integrations where external services call YOUR app, use QuotaGuard’s inbound proxy feature.

SQL Database Connector

Bubble’s SQL Database Connector allows direct connections to PostgreSQL, MySQL, and Microsoft SQL Server. The challenge is that these databases typically require IP allowlisting.

Connecting to Azure SQL

1. In your Azure portal, navigate to your SQL Server
2. Go to Networking or Firewalls and virtual networks
3. Add both QuotaGuard static IPs as allowed client IP addresses:
   • Rule 1: 52.x.x.x (your first QuotaGuard IP)
   • Rule 2: 52.x.x.x (your second QuotaGuard IP)
4. Save the firewall rules

In Bubble:

1. Add the SQL Database Connector plugin
2. Configure your connection string as normal
3. Traffic will route through the proxy when configured with your backend intermediary

Connecting to AWS RDS

1. In AWS Console, navigate to your RDS instance
2. Click on the associated Security Group
3. Add inbound rules for PostgreSQL (5432) or MySQL (3306):
   • Source: Your first QuotaGuard IP with /32 CIDR
   • Source: Your second QuotaGuard IP with /32 CIDR
4. Save the security group

Connecting to MongoDB Atlas

1. In MongoDB Atlas, go to Network Access
2. Click Add IP Address
3. Add both QuotaGuard static IPs
4. Confirm the allowlist

Note: MongoDB Atlas also offers a Data API that works over HTTPS. This may be simpler for Bubble integration than the native SQL connector approach.

Inbound Webhooks (Reverse Proxy)

If external services need to send webhooks TO your Bubble app but require a static destination IP for their firewall, QuotaGuard can help with inbound traffic.

Setting Up Inbound Proxy

1. Open your QuotaGuard dashboard
2. Navigate to Setup > Inbound
3. Enter your Bubble webhook URL (e.g., https://your-app.bubbleapps.io/api/1.1/wf/webhook-endpoint)
4. QuotaGuard generates a unique URL like a62b1d0b4983db763450411fd393b3ce-us-east-1.getstatica.com

This URL resolves to your two static IPs. External services can send webhooks to this URL, and QuotaGuard forwards them to your actual Bubble endpoint.

Use Cases for Inbound Proxy

• Stripe webhooks when your payment processor requires outbound IP whitelisting
• Plaid callbacks for banking integrations
• Partner systems that only allow outbound traffic to known IPs

HIPAA and PCI Compliance

Bubble does not sign Business Associate Agreements (BAAs) for HIPAA compliance on shared hosting plans. If you’re building a healthcare app on Bubble’s standard plans, this creates compliance challenges.

QuotaGuard Shield provides:

• End-to-end TLS encryption (SSL passthrough)
• HIPAA-eligible infrastructure
• PCI-DSS compliant data handling
• SOC 2 certified operations

For regulated industries, QuotaGuard Shield at $69/month may be more practical than upgrading to Bubble’s Enterprise plan for a BAA.

Testing Your Implementation

Verify your static IP configuration by testing the connection from your intermediary service or checking that your external database accepts connections.

Test with ip.quotaguard.com

If you’re using a serverless function as your intermediary, add this test endpoint:

// Example AWS Lambda test function
const https = require('https');
const { HttpsProxyAgent } = require('https-proxy-agent');

exports.handler = async (event) => {
    const proxyUrl = process.env.QUOTAGUARDSTATIC_URL;
    const agent = new HttpsProxyAgent(proxyUrl);
    
    return new Promise((resolve, reject) => {
        https.get('https://ip.quotaguard.com', { agent }, (res) => {
            let data = '';
            res.on('data', chunk => data += chunk);
            res.on('end', () => resolve({
                statusCode: 200,
                body: data
            }));
        }).on('error', reject);
    });
};

Expected response:

{"ip":"52.34.188.175"}

The returned IP should match one of your two static IPs shown in the QuotaGuard dashboard.

Test Database Connection

After adding QuotaGuard IPs to your database firewall:

1. In Bubble, go to Plugins > SQL Database Connector
2. Configure your connection string
3. Click Test Connection
4. If successful, the connection routes through your allowlisted IPs

Latency Considerations

Bubble enforces a 30-second timeout on external API calls. QuotaGuard adds minimal latency when properly configured:

The 10-15ms added latency is negligible for most API calls and database queries. You will stay well within Bubble’s 30-second timeout.

Recommendation: Always use QuotaGuard’s US-East region for Bubble apps on the default shared cluster.

Troubleshooting

Connection Refused to Database

1. Verify both QuotaGuard static IPs are added to your database firewall
2. Check that the firewall rules are for the correct port (5432 for PostgreSQL, 3306 for MySQL, 1433 for SQL Server)
3. Ensure the security group or firewall allows inbound connections, not just outbound

API Requests Still Blocked

1. Confirm the external API has both QuotaGuard IPs allowlisted
2. Check if the API requires additional authentication beyond IP allowlisting
3. Verify your intermediary function is correctly routing through the proxy

Wrong IP Address Returned

If ip.quotaguard.com returns an unexpected IP:

1. Verify the proxy URL is correctly configured in your intermediary
2. Check that the https-proxy-agent or equivalent is installed
3. Ensure environment variables are set correctly in your serverless function

407 Proxy Authentication Required

Your credentials are incorrect. Verify:

1. Username and password match your QuotaGuard dashboard
2. No extra spaces or special characters were copied incorrectly
3. The proxy URL format is correct: http://username:password@hostname:9293

Bubble SQL Connector Timeout

The SQL Database Connector has its own timeout limits:

1. Ensure your query is optimized and completes within the timeout window
2. Consider using Bubble’s backend workflows for long-running queries
3. Test the query directly against your database to verify performance

Architecture Patterns for Bubble

Pattern 1: Serverless Proxy Function

Bubble App → API Connector → AWS Lambda/Cloudflare Worker → QuotaGuard → External API

Best for: One-off API integrations, flexibility, custom logic.

Pattern 2: Direct Database with IP Allowlist

Bubble App → SQL Connector → [Firewall: QuotaGuard IPs allowed] → Database

Best for: Simple database connections where Bubble’s connector works directly.

Pattern 3: Inbound Webhook Proxy

External Service → QuotaGuard Inbound URL → Your Bubble Webhook

Best for: Payment providers, banking APIs, partner integrations that require outbound IP whitelisting.

Common Use Cases

Connecting to Azure SQL

Azure SQL requires IP allowlisting by default. Add your QuotaGuard IPs to the firewall rules, then use Bubble’s SQL Database Connector normally.

Payment Gateway Integration

Financial services often require IP whitelisting. Route payment API calls through your serverless intermediary with QuotaGuard, or use the inbound proxy for webhook callbacks.

Corporate API Access

When connecting to a partner’s internal API behind a corporate firewall, provide your QuotaGuard static IPs for their allowlist. This avoids the need for VPN configurations or Bubble Enterprise upgrades.

LDAP/Active Directory

For enterprise authentication scenarios requiring connection to LDAP servers, the serverless intermediary pattern works well. Your Lambda or Cloud Function handles the LDAP connection through QuotaGuard.

Ready to Get Started?

Get in touch or create a free trial account.

Try QuotaGuard Now

View Bubble.io Integration Features

HIPAA-Compliant Static IPs (QuotaGuard Shield)

Contact Support