Arguably, app.example.com and api.example.com are running on the same domain, example.com so it seems like a weird Firewall policy that requires them to be on the same subdomain, when a rule like *.example.com would be sufficient.
That being said corporate firewalls are what they are. You’d probably need to be exploring reverse proxying with Nginx fronting your services here with / being proxied to your front end app and then the /api path being proxied to your API service
Thanks for the reply John.
Indeed corporate proxies are very odd, but we have this issues already with two enterprise customers so I assume it’s a real thing over there at the corporate world.
Anyway, do you have an example on how to set up ngingx with render?