QuotaGuard gives your Relay.app automations two fixed static IPs to place on any API's allowlist, so a Custom HTTP Request that must reach a locked-down endpoint gets through on every run.
Relay.app's HTTP step has no proxy setting and no published outbound IP, so you host a small relay function that egresses through QuotaGuard. Your step calls the relay, and the destination API sees the two static IPs.
Allowlist both IPs once. They stay fixed across every run and every plan change.
You pin the source address of a Relay.app automation without changing how the workflow runs. The Custom HTTP Request step sends from shared infrastructure and gives you no field to set a proxy, so QuotaGuard sits behind a small relay function that your step calls instead.
The pattern is already documented and ships as a ready-to-run example, so you deploy it rather than build it. See the static IP for platforms with no HTTP proxy guide and the lambda-relay example.
A small AWS Lambda or Google Cloud Function forwards requests out through the QUOTAGUARDSTATIC_URL connection. You deploy it one time from the published example, and every automation reuses it.
Set the Custom HTTP Request URL to your relay function's address and add two headers, X-Relay-Key and X-Target-URL. Nothing else in the step changes, and no proxy field is needed.
The relay forwards the call through QuotaGuard, so the request arrives from the load-balanced pair. The destination's allowlist check passes on either address.
Two headers carry all the routing. One is a shared secret that authorizes the relay, and the other names the API you want to reach, so a single relay serves every allowlisted endpoint your automations call. Verify the path against a known responder before you point it at production.
Relay.app's Secret Store holds the relay's shared secret, so it never sits in plain text inside the workflow. The relay rejects any request that does not present the matching key.
The relay forwards to whatever URL you pass in this header, so one relay and one QuotaGuard subscription cover every allowlisted API. Change the target per step without redeploying anything.
Point X-Target-URL at https://ip.quotaguard.com and the response returns one of your two static IPs. Run it a few times to see both, then register both on the destination's allowlist.
Every QuotaGuard subscription includes two static IPs, not one. Both carry live traffic and both belong on the allowlist, so a single node going down never blocks an automation mid-run.
Two static IPs per subscription are health-checked, and traffic shifts to the healthy address on its own. Allowlist both so either one is accepted.
QuotaGuard runs in eleven AWS regions across North America, Europe, and Asia Pacific. Choosing the region nearest your destination keeps the extra hop short.
QuotaGuard Static from $19/month direct suits standard HTTPS API calls, with the payload tunneled end to end and never decrypted at the proxy. Shield from $29/month direct uses SSL passthrough for regulated data under HIPAA, PCI-DSS, or SOC 2.
Common questions about Relay.app static IPs and QuotaGuard.
Does every Relay.app automation need a static IP?
No. You need one only when the API your HTTP step calls enforces an IP allowlist or an IP-based firewall rule. On those endpoints the source-IP check runs before your credentials are evaluated, so a changing address is refused even when the API key is correct. If the endpoint accepts any source IP, the relay pattern adds no value and you can skip it.
Why can't I just set a proxy on the HTTP step?
Relay.app's Custom HTTP Request step exposes the URL, method, headers, and body, but it has no proxy field. Relay.app also does not publish the outbound IP its steps send from, so you cannot allowlist it directly. The relay function is the supported way to pin the source address to QuotaGuard's static pair, and it leaves the rest of your workflow unchanged. (Flag for review: confirm Relay.app has not added a proxy or published egress IPs since this draft.)
How long does setup take?
Most teams are live in minutes. Deploy the relay function from the published example, add the QUOTAGUARDSTATIC_URL environment variable, then set your HTTP step's URL to the relay and add the two headers. The full walkthrough is in the no-HTTP-proxy guide and the lambda-relay repo.
Should I use Static or Shield for my API?
Use QuotaGuard Static from $19/month direct for standard HTTPS API calls. The payload is tunneled end to end and is never decrypted at the proxy, which fits the large majority of integrations. Choose Shield from $29/month direct when you move regulated data governed by HIPAA, PCI-DSS, or SOC 2, because Shield uses SSL passthrough. Do not put regulated data on Static.
Can I allowlist just one IP instead of two?
Allowlist both. Each QuotaGuard subscription carries two load-balanced static IPs, and either one can serve a given request. Each address is a single /32, so add both entries wherever the destination accepts multiple values. Registering only one risks a refusal the moment traffic fails over to the other.
What about inbound webhooks into Relay.app?
QuotaGuard's static IPs cover the outbound direction, where Relay.app calls an API. Relay.app's inbound webhook trigger gives you a unique URL per workflow, and the external system posts to that Relay.app address rather than to QuotaGuard, so the two static IPs do not apply to the inbound leg. Relay.app's documentation does not describe IP allowlisting or signature checks on that trigger URL, so treat the secret embedded in the URL as the guard for incoming calls and keep it private.
Do the IPs change if I upgrade my plan?
No. The two static IPs are tied to your subscription and stay fixed across plan changes, so an allowlist you set once keeps working. That stability is the point of the pair, which means you never have to re-register addresses on the destination after a billing change.
Can one relay serve more than one API?
Yes. The X-Target-URL header sets the destination per request, so a single relay function and a single QuotaGuard subscription can front every allowlisted API your automations reach. Point different HTTP steps at the same relay and vary only the target header. This keeps one static pair in front of your whole workflow estate.
For over a decade, QuotaGuard has provided reliable, high-performance static IP and proxy solutions for cloud environments like Heroku, Kubernetes, and AWS.
Get the fixed identity and security your application needs today.