1

Assume a "public" API Gateway having a single domain name (ex. api.mybigcompany.com) and a set of 8 static IP addresses assigned to an "East" hosting facility to load balance that domain.

A subset of my API consumers need to whitelist these IPs in their firewall so that their calling application will only go to these IPs, and also I have committed to return only these IPs in DNS for that domain.

In the future, I may want to expand the pool either in the same facility, or at a "West" facility, etc.

Are there any "industry standard" SLAs for the change management notification lead time to my external API consumers when I need to change the IP pool?

busse
  • 111
  • 3

2 Answers2

2

Not that I've ever seen. I would think that 30 days would be enough. This would give the customer time to get the change through any testing and change control bureaucracy.

Have you asked your customer what notification period they'd prefer?

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • Assuming I'm supporting multiple customers, I'd prefer to follow a standard (if it exists) rather than make something up :-) Also allows me to deflect special requests shoudl they come. 30 days is definitely what I'm leaning toward but wanted to do my due diligence as well. Thanks! – busse Sep 10 '15 at 16:22
1

AFAIK there is no industry standard.

If your API is not completely open but users must subscribe/sign-up to get an API key you can simply send them an e-mail mailing when you plan on changing the IP-range and/or setup a low-volume mailinglist people can subscribe to for such notifications. @EEAA's 1 month lead time seems about right.

In addition you can follow Google's example and publish your network ranges in DNS TXT records, which you can update well before updating the A records for your API host. Many monitoring tools can monitor and alert on changes to DNS records, which somewhat removes the human element.

HBruijn
  • 72,524
  • 21
  • 127
  • 192