(Investigate) how to use better way to securing API umbrella backends

[fec-jli]

We discovered the documentation that recommends against using IP restriction for securing API backends (https://github.com/18F/api.data.gov/wiki/User-Manual:-Agencies#ip-based-restrictions)
but api.data.gov 's IPs might be changing in the future.

Try to look at implementing a better approach.

[lbeaufort]

From API umbrella team:

We will certainly keep in you in mind and be in touch in the event any of our IP addresses do change.

Although, if the IP-based restrictions work easiest or best for your environment, you're certainly welcome to keep using that approach. We were just gently steering people away from that approach for new setups to make it potentially easier for everyone in the event our IPs change. However, we realize some agencies and network teams prefer IP restrictions, or they may be easier to setup, so you can certainly keep using that approach if you'd like. If our IPs do change, we'll be sure to work with all the agencies to give you all plenty of heads up and verify everything is working against new IPs before making any changes that would affect your production API traffic. But if you'd prefer to switch to a different approach so you don't have to worry about IPs, that's also dandy—whatever's easiest for you.