Microsoft Power Apps Static IPs

Give any allowlisted partner API two fixed IPs from your Power Apps custom connectors and Power Automate flows. Register the pair once and every call arrives from the same two addresses.

Power Apps reaches external APIs through custom connectors and Power Automate, and neither exposes an HTTP proxy field. A small relay function you host routes those calls through QuotaGuard, so the target API sees two static IPs instead of Microsoft's shifting ranges.

QuotaGuard Static starts at $19/month direct. Point your connector at the relay URL, allowlist both IPs, and the integration is done.

Power Apps custom connector calling a hosted relay function that egresses through QuotaGuard, with the target API seeing two static IPs

Send Custom Connector Calls From Two Fixed IPs

You give an allowlisted API a stable source address by pointing your custom connector at a relay you host. A custom connector is an OpenAPI wrapper with a Host and a Base URL, and it has no proxy setting to fill in. So you set that Host to the relay function URL, the relay egresses through QuotaGuard, and the API sees your two static IPs.

The relay is a small AWS Lambda or Google Cloud Function that forwards through the QUOTAGUARDSTATIC_URL connection. It is already published and documented, so you deploy it rather than build it. See the no-proxy platform pattern and the ready-to-run relay example.

Set the connector Host to your relay URL

The Host and Base URL fields in the connector definition decide where every operation is sent. Point them at your relay function, which forwards each request through QuotaGuard on your behalf.

Two headers carry the secret and the target

Each operation sends X-Relay-Key, a shared secret the relay checks, and X-Target-URL, the real API to reach. The relay validates the key, forwards to the target through the static pair, and returns the response unchanged.

The payload stays encrypted end to end

QuotaGuard Static tunnels your HTTPS request and never decrypts it at the proxy. The relay and the static exit move the bytes without opening them, so your credentials and data are readable only by the target API.

Custom connector Host pointed at a relay URL, sending X-Relay-Key and X-Target-URL headers, relay forwarding through QuotaGuard to an allowlisted API

Cover Power Automate Flows With the Same Relay

Your flows egress from the same fixed pair with no extra setup. Power Automate flows behind your app call external APIs through the same custom connectors or the HTTP action, and both leave from Microsoft's shared ranges. Routed through the relay, every one of those calls arrives from your two static IPs.

One relay serves apps and flows

The same relay function backs canvas apps, model-driven apps, and Power Automate flows. Whatever calls the relay URL egresses through the same two addresses, so you allowlist one pair for the whole environment.

Confirm the pair before you touch the allowlist

Point X-Target-URL at https://ip.quotaguard.com and the relay returns one of your two static IPs. Run it from a test flow to prove the path works before you ask the partner to allowlist anything.

Inbound webhooks are a separate path

A Power Automate flow can receive events on an HTTP-request trigger, but that inbound URL is Microsoft-hosted and not governed by the outbound pair. The static IPs control calls you send, not callbacks you receive.

One relay function serving canvas apps, model-driven apps, and Power Automate flows, all egressing from the same two static IPs

Run on a Load-Balanced Static IP Pair

Behind the relay, QuotaGuard gives every subscription two static IPs, not one. The pair is load balanced with automatic failover, so a health event on one address does not drop your Power Apps traffic.

Two static IPs per subscription

Each subscription gets two load-balanced static IPs with automatic failover. Allowlist both on the partner API so traffic keeps flowing when one address is taken out of rotation.

Choose the AWS region that fits

QuotaGuard runs in eleven AWS regions. Place the static exit close to both your relay and the target API to keep the added hop short.

Static for standard APIs, Shield for regulated data

QuotaGuard Static from $19/month direct fits standard HTTPS API calls. QuotaGuard Shield from $29/month direct adds SSL passthrough for data under HIPAA, PCI-DSS, or SOC 2.

Load-balanced pair of static IPs with failover across AWS regions, both entries registered on a partner allowlist

FAQs

Common questions about Microsoft Power Apps static IPs and QuotaGuard.

Does every Power Apps integration need a static IP?

No. You need one only when the API you call enforces a customer-controlled IP allowlist. Many public APIs do not check source IP at all, and those need nothing here. The reason Power Apps forces the question is that its outbound calls leave from Microsoft's large, changing IP ranges, which you cannot hand a partner as a short allowlist. When an allowlist is enforced, the relay through QuotaGuard replaces those ranges with two fixed addresses you can register once.

How long does setup take?

Most of the work is deploying the published relay and setting a secret. Deploy the ready-to-run relay example, set its X-Relay-Key value, point your custom connector Host at the relay URL, and register the two static IPs on the partner allowlist. The full reusable pattern is written up at the no-proxy platform guide, so you are following a documented path rather than inventing one.

Should I use Static or Shield for my data?

Use QuotaGuard Static, from $19/month direct, for standard HTTPS API calls. Static tunnels the request end to end and never decrypts it at the proxy, so it is the right choice for the large majority of integrations. Use QuotaGuard Shield, from $29/month direct, only when the data is regulated under HIPAA, PCI-DSS, or SOC 2. Shield uses SSL passthrough for those compliance regimes.

Can the partner allowlist both IPs?

Yes, and you should register both. QuotaGuard gives you a load-balanced pair, so entering only one address means traffic is refused whenever the other is in use. Most allowlists accept multiple entries or a small CIDR range. The exact field format depends on the partner API, so check their allowlist documentation, but registering two individual addresses works everywhere a list is accepted.

How do I check or confirm the IPs later?

Point X-Target-URL at https://ip.quotaguard.com and the relay returns one of your two static IPs, so you can read the current pair any time from a test flow. The two addresses belong to your subscription and stay fixed as you change plans within it, so once the partner has both on file you do not need to update the allowlist again.

Does OAuth or API-key auth still work through the relay?

Yes. The relay forwards your headers unchanged, so API keys and bearer tokens the connector sends reach the target exactly as issued. If the target's own OAuth token endpoint is itself behind the same IP allowlist, route that token request through the relay too by setting its X-Target-URL to the token URL. Auth configuration otherwise stays on the connector where you defined it.

What about inbound webhooks back to my app?

The static pair governs outbound calls you send, not callbacks you receive. Power Apps and Power Automate accept inbound events on Microsoft-hosted URLs, such as a Power Automate HTTP-request trigger, and those endpoints use Microsoft's IPs, which QuotaGuard does not control. If a provider needs to allowlist your callback address, that is a separate concern from the outbound pair and is not solved by the relay.

🚀 Ready to Get Started? Choose Your QuotaGuard Path

QuotaGuard STATIC

Why: You need a rock-solid, fixed IP for general API access, AI workflows, or standard third-party integrations.
Best For: Developers, startups, and general application connectivity.
Key Feature: SOCKS5 support for secure database access.
Sign Up for QG Static

QuotaGuard SHIELD

Why: You handle HIPAA, PCI, or sensitive PII data and require End-to-End Encryption (E2EE) for full compliance.
Best For: Regulated industries, financial services, and healthcare.
Key Feature: SSL Passthrough and key isolation.
Sign Up for QG Shield

Trusted by Engineering Teams Everywhere

Reliability Engineered for the Modern Cloud

For over a decade, QuotaGuard has provided reliable, high-performance static IP and proxy solutions for cloud environments like Heroku, Kubernetes, and AWS.

Get the fixed identity and security your application needs today.