Skip to main content
knowledgecenter.avangate.com

Secure webhooks

Overview

To secure access from Avangate web services such as IPN (Instant Payment Notification), LCN (License Change Notification) and Electronic Delivery. set up IP filtering for inbound traffic. Avangate is using the following IP networks, which need to be set as allowed in your firewalls in order to receive connections from Avangate:

  • 91.220.121.0/25
  • 5.35.210.128/25
  • 184.106.7.192/29
  • 85.17.14.128/27

The IP networks, corresponding to Avangate servers, are not specific IPs but subnets as defined by RFC 917 of IETF, namely ranges of IP addresses.

Here are the ranges of IP addresses corresponding to each subnet mask:

  • 91.220.121.0/25 covers all IPs ranging from 91.220.121.1 to 91.220.121.126
  • 5.35.210.128/25 covers all IPs ranging from 5.35.210.129 to 5.35.210.254
  • 184.106.7.192/29 covers all IPs ranging from 184.106.7.193 to 184.106.7.198
  • 85.17.14.128/27 covers all IPs ranging from 85.17.14.129 to 85.17.14.158

Note: Avangate continually expands its server infrastructure and you should expect and be prepared for the expansion of IP addresses used for our services. Make sure to use the Avangate IP networks mentioned in this document to ensure continued usage of the Avangate services, minimizing potential disruptions.

If you're using a firewall that restricts inbound traffic only to a limited number of IP addresses, you will need to adapt the ACL (Access Control List) rules to permit connections from the Avangate IP addresses. This is valid in scenarios in which service listeners such as IPN and LCN placed behind the firewall need to receive data from Avangate's services.

The usage of DNS (domain name system) must be ensured for API requests and webhooks callbacks to Avangate (IDN, IRN and ISE protocols) and your firewall must NOT restrict outgoing traffic to a limited set of IP addresses. Avangate employs advanced routing and multiple globally distributed PoPs (Point of Presence) to ensure high availability of the endpoints.