Site Settings

Site settings define the security and system preferences for your Nitro environment.

The Security tab displays your site keys and security information.

Open Nitro Studio > Configuration > Site Settings.
Click the Security tab.

Overview

Field	Description
Name	The name of your Nitro Studio instance.
API key and API secret key	API keys are needed to call APIs, embed blocks, and so on. Your API Key is public and anyone can see it. However, your Secret Key should never be shared or exposed publicly. If your Secret Key is lost or compromised, immediately request a new one. To copy a key, hover over the row and click Copy ().

Field

Description

Name

The name of your Nitro Studio instance.

API key and API secret key

API keys are needed to call APIs, embed blocks, and so on. Your API Key is public and anyone can see it. However, your Secret Key should never be shared or exposed publicly. If your Secret Key is lost or compromised, immediately request a new one.

To copy a key, hover over the row and click Copy ( Copy Button ).

Security Level

Nitro supports server-side and client side API method calling with three security levels:

High Security - Uses the same security features as medium security, and also requires all HTTP API calls to use SSL. Required for programs with an Award Account.
Medium Security - Enables login authentication, which uses a timestamp and signature based on your secret key, and whitelist enforcement, which requires the user to log in from a known whitelisted IP address to execute write API calls. Recommended for most deployments.
Low Security - Disables login authentication and IP whitelist enforcement. Recommended for rapid prototyping in the sandbox environment, but typically should not be used for a production environment.

Anything calling API methods that write data, not just read data, with medium or high security must be whitelisted. This increases security by ensuring only whitelisted servers can make write calls.

Nitro IP Addresses

Nitro's outbound traffic is routed through the following IP addresses. Make sure your firewall does not block these addresses.

QA: 34.208.234.127
Sandbox/Production: 52.41.137.115, 52.35.155.149, and 52.42.40.97

Nitro has elastic load balancers (ELBs) in front of all of our apps, so pinning to specific IP addresses subverts the high availability (HA) of the instances behind it. In general, AWS IP ranges broadly can be used from this URL: https://ip-ranges.amazonaws.com/ip-ranges.json, but this is not recommended for firewalling. The applicable service would be EC2.

The domain api.bunchball.com will always point to the ELB for the API. Trusting that DNS is the most beneficial as that will always point to the latest ELB or application instances.

IP Whitelisting

To whitelist your IP address(es), you need to define the address(es) that are authorized to make write calls to Nitro.

Obtain your IP address(es) as seen by the Nitro server.
- If your server has a fixed IP address, use the command 'ipconfig' (Windows) or 'ifconfig' (UNIX, Linux, or Mac) to retrieve your IP address.
- If you are developing from a laptop/workstation with a dynamic IP address, use http://whatismyipaddress.com to retrieve your IP address.
Open Nitro Studio > Configuration > Site Settings > Security.
In the IP Whitelist section, click New.
In the IP Address field, add a single IP address (for example, 192.168.0.1) or a range of addresses (for example, 192.168.0.1-100 or 192-195.168.0.1).
Alternatively, in the Host field, you can add a host address that will be resolved to the appropriate IP address by the server.
In the Permissions field, select the IP address(es) permission level.
- all writes - The IP address can call all write methods.
- user.logAction only - The IP address can only call the user.logAction method.
In the Description field, add a description of the IP address(es) to help track your servers and third-party servers.
Click Save.