If you need to make an API call to Kinetic in a CPQ configuration (say, to retrieve real-time data and use it in the configuration), that traffic comes from the KBMax server and is inbound to Kinetic. I believe Document Rules are also implemented as an API Post to Kinetic but I could be wrong.
This is a challenge for us On Prem folks who like to block inbound traffic. Typically you’d whitelist the IP of the traffic origin, but KBMax says they don’t have static IPs.
Apparently it’s possible to whitelist by domain name instead of IP but that would require expensive fancy new firewalls…
Is anyone else dealing with this? @askulte you guys are On Prem, right?
I’m using the CPQ BAQ Sync to feed CPQ the data from Epicor. It’s not real-time, but you can schedule it as frequently as you need.
What data are you trying to get via the API? Any chance the IP is static-enough that you can white list their host, and let the last chunk or two be wildcarded?
Our CPQ effort is on hold (we’re not live with it yet) until we’ve got everyone migrated to the browser and through our 2024.2 → 2025.2 upgrade in February.