Saas Ai Webflow Website Datalog Template

Mercury Bank

View IntegrationContact Support
Mercury's docs recommend QuotaGuard for static IP allowlisting on the Mercury API. Built for Mercury's IP Allowlist Requirement and Banking API Calls.

Mercury Bank requires IP allowlisting for any API token with write access to your account. Read and Write tokens reject requests from unregistered IPs. Custom tokens with write scopes are subject to the same rule. Cloud platforms like Render, Railway, Heroku, Fly.io, and AWS Lambda assign dynamic outbound IPs that change on every deploy, every restart, and sometimes mid-session. Mercury rejects the request. Your integration breaks.

QuotaGuard is the recommended solution for satisfying Mercury's IP allowlist requirement and is named directly in Mercury's official API documentation. Trusted by fintech teams and AI-driven app builders connecting to Mercury at production scale since 2013.

  • Two-Minute Setup: Add your QuotaGuard connection URL as the QUOTAGUARDSTATIC_URL environment variable in your app. Configure your HTTP client to use it as a proxy for outbound calls to api.mercury.com. Register your two static IPs in Mercury's developer settings.
  • Mercury Recommends QuotaGuard by Name: Mercury's API Token Security Policies page explicitly recommends QuotaGuard for static IPs. Direct quote: "For Heroku, you can use the Fixie or QuotaGuard Add-Ons."
  • Multi-Platform Support: Works whether you host on Heroku, Render, Railway, Fly.io, AWS Lambda, Vercel, Netlify Functions, Kubernetes, or direct VPS. The same QuotaGuard configuration applies; just set the env var in your hosting platform's settings.
  • Production-Grade Reliability: A load-balanced pair of static IPs with automated failover. API calls stay consistent through deploys, restarts, and infrastructure migrations. Both IPs go on Mercury's allowlist, and traffic routes through whichever responds first.
  • Shield for Regulated Banking Data: For PCI-DSS, SOC 2, or HIPAA-bound integrations, QuotaGuard Shield uses SSL passthrough so QuotaGuard never decrypts the data flowing between your app and Mercury. Banking-grade compliance coverage when your auditors review third-party network paths.

Token type note: Mercury's IP allowlist requirement applies to Read and Write tokens and Custom tokens with write scopes. Read Only tokens are exempt. If your integration only fetches balances and transactions, you don't need a static IP. If it initiates transactions, manages recipients, or performs any write operation, you do.

Reliability Engineered for the Modern Cloud

For over a decade, QuotaGuard has provided reliable, high-performance static IP and proxy solutions for cloud environments like Heroku, Kubernetes, and AWS.

Get the fixed identity and security your application needs today.

Start Free TrialTalk to an Engineer