Whitelisting access to headless wordpress during builds via nginx

Is it possible to whitelist access to a headless Wordpress instance (serving a graphQL endpoint) during build time? As .htaccess is being phased out by WPEngine (the instance host), the configuration would need to be done via their nginx config.

Essentially our client wishes to lock down access to the wp-admin dashboard (which will be whitelisted to the admin’s IP address). However they also wish to limit access to the endpoint to only the developer’s IP for local testing and also to netlify as it consumes the api at build time.

As the netlify IPs are subject to change I’ve been advised that this wouldn’t necessarily be suitable and that something around netlify.app would be more appropriate. Just wanted to check if anyone else had done something similar and had an example nginx directive that I could pass on to WP Engine to implement.

The frontend is a GatsbyJS site which builds upon pushes to bitbucket.

Hey @brianm, you’re correct that our IP addresses change frequently so that method’s a no-go. You could certainly do something URL-based. You could also set a header or secret in a Netlify Function that you check on the server side, or set a cookie on our side that you check on your side. I’m linking to a post where someone else was asking something similar:

Please let us know if we can answer any other questions on this!