Orbit and API networking access

I have been trying out the Orbit beta feature. However, since the orbit API allows for querying over files content, and since my group has restriction in place for network access via allowed only origins (e.g. offices and VPN origins) I wanted to check if anyone knows if and how I can set those restrictions to apply for usage of the orbit API - in order to make sure this feature does not cause a side-effect of compromising the in-place policy for code access.

:waving_hand: Hey! I am on the Orbit team. Could you give a little more detail on the networking access? Does your group have restrictions on certain URL paths?

For .com, the Orbit API is always at gitlab.com/api/v4/orbit, meaning that the origin should not change.

As for authz, we have strict security measures in place to ensure that the user’s access to any served file content follows their RBAC. Details can be found at Orbit Remote security | GitLab Docs and docs/design-documents/security.md · main · GitLab.org / orbit / GitLab Orbit · GitLab .

Thanks for the reply. I was referring to origin as the originating allowed ip address.

I am using Groups API ip_restriction_ranges to restrict access from office environment.

Will these settings be enforced over the orbit api?