QuotaGuard and Replit Integration Guide
Table of contents
QuotaGuard and Replit Integration Guide
QuotaGuard Static IPs allow your Replit applications to send outbound traffic through a load-balanced pair of static IP addresses. Once set up, you can use QuotaGuard’s IPs to connect to firewalled databases and APIs that require IP allowlisting.
Why Replit Apps Need Static IPs
Replit runs deployments on Google Cloud VMs. Every time you deploy, Replit provisions a new container from a rotating pool of infrastructure. That container gets a different outbound IP address each time.
This is invisible when your app only talks to public APIs. It becomes a hard blocker the moment you need to connect to anything that restricts access by IP address. Common scenarios:
- MongoDB Atlas: Requires IP allowlisting in Network Access settings
- Amazon RDS: Security groups with IP-based inbound rules
- Payment gateways: Stripe Connect, Adyen, and banking APIs that only accept requests from registered IPs
- Partner and vendor APIs: Corporate firewalls that require a known source address
- Internal systems: On-premise databases and legacy ERPs behind firewall allowlists
- AI agent workflows: Replit Agent-built apps calling protected APIs or enterprise data sources
The result is connection failures and blocked requests that have nothing to do with your code. Your credentials are valid. Your application logic is correct. The external service is simply blocking requests from unknown cloud IP addresses.
QuotaGuard gives your Replit applications a fixed, verifiable identity that external services can allowlist once.
Getting Started
After creating a QuotaGuard account, you will be redirected to your dashboard where you can find your proxy credentials and static IP addresses.
Your proxy URL will look like this:
http://username:password@us-east-static-01.quotaguard.com:9293
Finding your static IPs: Your two static IPs are displayed in the QuotaGuard dashboard. Both are active simultaneously for high availability. Add both to any firewall allowlists you configure on the target service.
Choose the right proxy region: Match your QuotaGuard region to your Replit deployment region to minimize latency.
| Replit Deployment Region | Recommended QuotaGuard Region |
|---|---|
| US (default) | US-East |
| Europe | EU-West (Ireland) or EU-Central (Frankfurt) |
| Asia Pacific | AP-Northeast (Tokyo) or AP-Southeast (Singapore) |
Configuring Your Replit Application
Step 1: Add Your Proxy URL as a Replit Secret
In your Replit project, open the Secrets panel by clicking the lock icon in the left sidebar. Add a new secret:
- Key:
QUOTAGUARDSTATIC_URL - Value: your full proxy URL from the QuotaGuard dashboard
Replit Secrets are available as environment variables at runtime in both dev mode and production deployments. This keeps your credentials out of your code and version control.
Step 2: Configure Your Application Code
Node.js
Install the proxy agent:
npm install https-proxy-agent
With Axios:
const axios = require('axios');
const { HttpsProxyAgent } = require('https-proxy-agent');
const proxyUrl = process.env.QUOTAGUARDSTATIC_URL;
const agent = new HttpsProxyAgent(proxyUrl);
const response = await axios.get('https://api.example.com/data', {
httpsAgent: agent
});
console.log(response.data);
With native fetch via undici:
import { ProxyAgent, fetch } from 'undici';
const proxyUrl = process.env.QUOTAGUARDSTATIC_URL;
const dispatcher = new ProxyAgent(proxyUrl);
const response = await fetch('https://api.example.com/data', { dispatcher });
const data = await response.json();
Install undici: npm install undici
With node-fetch:
const fetch = require('node-fetch');
const { HttpsProxyAgent } = require('https-proxy-agent');
const proxyUrl = process.env.QUOTAGUARDSTATIC_URL;
const agent = new HttpsProxyAgent(proxyUrl);
const response = await fetch('https://api.example.com/data', { agent });
const data = await response.json();
Python
With requests:
import os
import requests
proxy_url = os.environ.get('QUOTAGUARDSTATIC_URL')
proxies = {
'http': proxy_url,
'https': proxy_url
}
response = requests.get('https://api.example.com/data', proxies=proxies)
print(response.json())
With HTTPX (sync and async):
import os
import httpx
proxy_url = os.environ.get('QUOTAGUARDSTATIC_URL')
# Sync
with httpx.Client(proxy=proxy_url) as client:
response = client.get('https://api.example.com/data')
# Async
async with httpx.AsyncClient(proxy=proxy_url) as client:
response = await client.get('https://api.example.com/data')
With aiohttp (async):
import os
import aiohttp
proxy_url = os.environ.get('QUOTAGUARDSTATIC_URL')
async with aiohttp.ClientSession() as session:
async with session.get('https://api.example.com/data', proxy=proxy_url) as response:
data = await response.json()
Ruby
With Net::HTTP:
require 'net/http'
require 'uri'
proxy_uri = URI.parse(ENV['QUOTAGUARDSTATIC_URL'])
http = Net::HTTP.new(
'api.example.com',
443,
proxy_uri.host,
proxy_uri.port,
proxy_uri.user,
proxy_uri.password
)
http.use_ssl = true
response = http.get('/data')
puts response.body
With Faraday:
require 'faraday'
conn = Faraday.new(proxy: ENV['QUOTAGUARDSTATIC_URL']) do |f|
f.request :json
f.response :json
end
response = conn.get('https://api.example.com/data')
Go
package main
import (
"fmt"
"net/http"
"net/url"
"os"
)
func main() {
proxyURL, _ := url.Parse(os.Getenv("QUOTAGUARDSTATIC_URL"))
client := &http.Client{
Transport: &http.Transport{
Proxy: http.ProxyURL(proxyURL),
},
}
resp, err := client.Get("https://api.example.com/data")
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("Status:", resp.Status)
}
PHP
With cURL:
<?php
$proxyUrl = getenv('QUOTAGUARDSTATIC_URL');
$proxy = parse_url($proxyUrl);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.example.com/data');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_PROXY, $proxy['host'] . ':' . $proxy['port']);
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy['user'] . ':' . $proxy['pass']);
$response = curl_exec($ch);
curl_close($ch);
print_r(json_decode($response, true));
With Guzzle:
use GuzzleHttp\Client;
$client = new Client([
'proxy' => getenv('QUOTAGUARDSTATIC_URL')
]);
$response = $client->get('https://api.example.com/data');
Java
With OkHttp:
import okhttp3.*;
import java.net.*;
public class ProxiedClient {
public static OkHttpClient createClient() throws Exception {
String proxyUrlStr = System.getenv("QUOTAGUARDSTATIC_URL");
URL proxyUrl = new URL(proxyUrlStr);
String[] userInfo = proxyUrl.getUserInfo().split(":");
Proxy proxy = new Proxy(Proxy.Type.HTTP,
new InetSocketAddress(proxyUrl.getHost(), proxyUrl.getPort()));
Authenticator proxyAuth = (route, response) -> {
String credential = Credentials.basic(userInfo[0], userInfo[1]);
return response.request().newBuilder()
.header("Proxy-Authorization", credential)
.build();
};
return new OkHttpClient.Builder()
.proxy(proxy)
.proxyAuthenticator(proxyAuth)
.build();
}
}
C# / .NET
var proxyUrl = Environment.GetEnvironmentVariable("QUOTAGUARDSTATIC_URL");
var proxyUri = new Uri(proxyUrl);
var proxy = new WebProxy(proxyUri.GetLeftPart(UriPartial.Authority))
{
Credentials = new NetworkCredential(
Uri.UnescapeDataString(proxyUri.UserInfo.Split(':')[0]),
Uri.UnescapeDataString(proxyUri.UserInfo.Split(':')[1])
)
};
var handler = new HttpClientHandler { Proxy = proxy, UseProxy = true };
var client = new HttpClient(handler);
var response = await client.GetAsync("https://api.example.com/data");
Database Connections (SOCKS5)
For non-HTTP protocols like PostgreSQL, MySQL, or MongoDB, use QuotaGuard’s SOCKS5 proxy on port 1080. Your SOCKS5 proxy URL is available in your QuotaGuard dashboard.
socks5://username:password@us-east-static-01.quotaguard.com:1080
Python with PySocks:
import os
import socks
import socket
import psycopg2
socks.set_default_proxy(
socks.SOCKS5,
os.environ.get('QUOTAGUARD_SOCKS_HOST'),
1080,
username=os.environ.get('QUOTAGUARD_SOCKS_USER'),
password=os.environ.get('QUOTAGUARD_SOCKS_PASS')
)
socket.socket = socks.socksocket
conn = psycopg2.connect(
host='your-database.example.com',
database='mydb',
user='dbuser',
password='dbpass'
)
Install dependencies: pip install PySocks psycopg2-binary
Using QGTunnel: For complex multi-protocol setups, QGTunnel creates local port mappings that route traffic through QuotaGuard’s SOCKS5 proxy transparently. Your application connects to localhost and QGTunnel handles the proxying. See the QuotaGuard docs for tunnel setup.
Selective Proxying
Only route requests that need static IPs through the proxy. This minimizes latency for requests to public APIs while ensuring protected services always receive requests from your allowlisted addresses.
const axios = require('axios');
const { HttpsProxyAgent } = require('https-proxy-agent');
const proxyAgent = new HttpsProxyAgent(process.env.QUOTAGUARDSTATIC_URL);
// Only these domains route through the static IP proxy
const PROTECTED_DOMAINS = [
'api.paymentprovider.com',
'api.partner.com',
'your-db-host.amazonaws.com'
];
function needsStaticIP(url) {
const hostname = new URL(url).hostname;
return PROTECTED_DOMAINS.some(domain => hostname.includes(domain));
}
async function smartRequest(url, options = {}) {
const config = { ...options };
if (needsStaticIP(url)) {
config.httpsAgent = proxyAgent;
}
return axios(url, config);
}
Testing Your Implementation
Verify your static IP is working by calling the QuotaGuard test endpoint from within your app:
# Python
import os, requests
proxies = {'http': os.environ['QUOTAGUARDSTATIC_URL'], 'https': os.environ['QUOTAGUARDSTATIC_URL']}
response = requests.get('https://ip.quotaguard.com', proxies=proxies)
print(response.json()) # {"ip": "52.34.188.175"}
// Node.js
const { HttpsProxyAgent } = require('https-proxy-agent');
const axios = require('axios');
const agent = new HttpsProxyAgent(process.env.QUOTAGUARDSTATIC_URL);
const response = await axios.get('https://ip.quotaguard.com', { httpsAgent: agent });
console.log(response.data); // {"ip": "52.34.188.175"}
The returned IP should match one of the two static IPs shown in your QuotaGuard dashboard. Run multiple times to see both IPs appear as the load balancer rotates between them.
Troubleshooting
407 Proxy Authentication Required. Your credentials are incorrect. Verify the QUOTAGUARDSTATIC_URL secret is set correctly in Replit’s Secrets panel, and that the username and password match your QuotaGuard dashboard exactly.
Connection timeout. Verify the proxy hostname is correct in your dashboard. Ensure port 9293 is used for HTTP proxy and port 1080 for SOCKS5. Check that your Replit deployment allows outbound connections to external hosts.
Wrong IP address returned. The proxy may not be wired up to the specific request. Verify the environment variable is being read, that you are passing the proxy agent to the right HTTP client instance, and that you are not reusing a client created before the proxy was configured.
SSL/TLS errors. Ensure you are using httpsAgent (not httpAgent) for HTTPS requests in Node.js. Check that your HTTP client library supports modern TLS.
Works in dev mode but not in deployment. Replit Secrets are available in both modes, but double-check that the secret name matches exactly. Environment variable names are case-sensitive.
QuotaGuard Static vs QuotaGuard Shield
| Feature | QuotaGuard Static | QuotaGuard Shield |
|---|---|---|
| Protocol | HTTP / SOCKS5 | HTTPS / SOCKS5 over TLS |
| Encryption | Standard proxy | SSL Passthrough (end-to-end) |
| Best for | General API access and database connections | HIPAA, PCI-DSS, regulated data |
| Starting price | $19/month | $69/month |
For most Replit applications, QuotaGuard Static provides everything you need. Choose Shield if you are handling protected health information, payment card data, or have specific compliance requirements where end-to-end encryption through the proxy is mandatory.
Ready to Get Started?
Get in touch or create a free trial account.