I am making an iOS and Android App. We require Recharge Functionality in the app. We are planning on using a Recharge API provided by a company.

Due to security reasons the API allows request only through specific IP whitelisted IP addresses.

This IP address should ideally be the IP of our server.

But we are using Firebase as the database and storage and authentication in our app.

So how can we make such that the API requests made through the App by our users will go through and not cause an error as the user's IP address won't be whitelisted ?

You will need to proxy API requests from your users, such that, to your API provider all requests appear to originate from the same static IP address which will be whitelisted.

A proxy is a passive software component that essentially receives requests on one end, and forwards them to the API server on the other end. In other words, it makes API calls on behalf of your users.

You can use NGINX, HAProxy or just any available reverse proxy, or write a custom one using a language of your choice - since it is not a difficult assignment.

Here, is how to set up a reverse proxy using HAProxy on a linux box.

First, install haproxy from a linux terminal

apt update && apt install haproxy

Then navigate to folder /etc/haproxy

cd /etc/haproxy

Rename the default configuration file to haproxy.cfg.backup

mv haproxy.cfg{,.backup}

Now, create a new configuration file, haproxy.cfg

nano haproxy.cfg

With the following content, and then save changes.

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

defaults
    log global
    mode http
    timeout connect 5000
    timeout client  50000
    timeout server  50000

frontend api_proxy
    bind *:8080
    mode http
    default_backend remote_api_server

backend remote_api_server
    #replace 10.10.10.10 with the actual Ip address
    server server1 10.10.10.10:443 ssl

Replace 10.10.10.10 with API provider IP address and 443 with the actual port.

If the API is not using HTTPS, remove the ssl option

8080 is the port your users will be connecting to. Change to whatever you want.

Now, start haproxy using the command below:

haproxy -D -f haproxy.cfg

You can verify that haproxy is listening on port 8080

telnet localhost 8080

Configure your app to call the recharge API through the proxy URL, which will be:

http://your_server_ip_address:8080/your/api/url

Your will need to configure HTTPS in production environment though.

Check the link below on how to config SSL with haproxy

https://www.ibm.com/support/knowledgecenter/en/SSTPQH_1.0.0/com.ibm.cloudant.local.install.doc/topics/configure_haproxy.html

Let me know if this helps.

Deploy a server of your choice could be Ubuntu or Windows with your choice of language that could route your requests to the required 3rd party API.

So ideally, all requests from your client will be sent to your server and then your server will resolve the request to the 3rd party and respond back to your clients.

You can look at an example NodeJS/Express REST implementation that can be extended for your required use-case.

https://scotch.io/tutorials/build-a-restful-api-using-node-and-express-4