Static IP Endpoints
Our standard endpoints (api.stitch.money and secure.stitch.money) are fronted by a global CDN and resolve to a large, rotating range of IP addresses. Some network environments cannot accommodate this, for example, an egress firewall that only permits outbound traffic to individually allowlisted IP addresses.
For these environments, Stitch provides static IP endpoints: alternative hostnames that resolve to a single, fixed IP address that is reserved to Stitch and will not change.
Endpoints
| Static IP Endpoint | Equivalent Standard Endpoint | IP Address |
|---|---|---|
https://api.static.stitch.money | https://api.stitch.money | 20.87.94.79 |
https://secure.static.stitch.money | https://secure.stitch.money | 20.87.94.79 |
Both hostnames resolve to the same IP address. A single firewall allowlist entry covers both.
Using the Static IP Endpoints
The static IP endpoints are functionally identical to the standard endpoints: the same API surface, the same authentication, and the same security protections apply. No additional onboarding or configuration with Stitch is required, simply replace the hostnames in your base URLs:
https://api.stitch.money/graphqlbecomeshttps://api.static.stitch.money/graphqlhttps://secure.stitch.money/connect/tokenbecomeshttps://secure.static.stitch.money/connect/token
When requesting a client token via the static IP endpoint, the audience parameter remains https://secure.stitch.money/connect/token. The audience is an identifier, not a destination, and does not change with the connectivity method.
These endpoints terminate TLS with a standard, publicly-trusted server certificate. No client certificate is involved. If your security policy requires mutual TLS, use the mTLS endpoints instead, which also provide a fixed IP address.
The static IP is reserved to Stitch and provisioned as zone-redundant infrastructure. Should it ever need to change, affected clients will be notified at least 3 months in advance.