Secure a feed
Exposing your feed publicly over the internet might not be desirable for reasons such as privacy concerns.
There are two methods supported by Tweakwise you can choose to secure your feed:
- Authentication: restricting access by using credentials
- Authorization: restricting access to only select IP addresses.
Both methods require intervention on your end to correctly set up the webserver where your feed is hosted.
Authentication
Tweakwise supports two authentication methods that you can use to secure your feed: basic and digest authentication.
Basic authentication is a simple authentication method based on a username/password combination. These credentials are encoded and sent in plain text to the server for verification. After which the server determines whether the provided credentials are correct and whether to give access to the feed or not.
Digest authentication is a more secure authentication method that is similar to basic authentication. The difference lies in that the credentials are encrypted before they are sent to the server. It is therefore that this method is considered more secure than basic authentication.
When used in combination with HTTPS, both basic and digest authentication can be considered secure because the data, including the credentials, are encrypted. However, using digest authentication should still be preferred because it is a good security practice to use the stronger authentication method.
After having set up either basic or digest authentication, you will need to configure your feed import task to make use of the credentials you want Tweakwise to use. You can read more about that in the Import your feed guide.
Restricting access by IP address
An alternative way of securing your feed is by restricting access to only a limited set of IP addresses. That way, only clients with an IP address known to be trusted will have access to your feed.
The following IP address ranges are used by Tweakwise's servers:
- 83.219.83.64/27
- 83.143.189.64/26
By whitelisting these IP address ranges known to be reserved by Tweakwise, you can ensure that only Tweakwise can read your feed.
In the app there is an option with which you are able to download your feed. That means you don't necessarily have to whitelist the IP addresses used by yourself; you'll always be able to access your feed through the app regardless.
The main disadvantage of using this method is that Tweakwiseโs IP address ranges might change in the future. Although weโll notify you of this when it happens, it does require you to update the IP address ranges on your end, which can be inconvenient. We recommended using authentication over IP address whitelisting for this reason.
Resources
If you'd like to know more about the technical details of both basic and digest authentication, then you can read more about that here:
To give you a starting point for implementing either authentication or IP address whitelisting, you can find links below to documentation on how to do that for your webserver of choice. Note that Tweakwise does not endorse any particular webserver and neither offers support in this regard.
Apache:
NGINX:
Microsoft IIS:
Updated 6 months ago