To secure access from 2Checkout web services such as IPN (Instant Payment Notification), LCN (License Change Notification) and Electronic Delivery. set up IP filtering for inbound traffic. 2Checkout is using the following IP networks, which need to be set as allowed in your firewalls in order to receive connections from 2Checkout:
The IP networks, corresponding to 2Checkout servers, are not specific IPs but subnets as defined by RFC 917 of IETF, namely ranges of IP addresses.
Here are the ranges of IP addresses corresponding to each subnet mask:
- 188.8.131.52/25 covers all IPs ranging from 184.108.40.206 to 220.127.116.11
- 18.104.22.168/25 covers all IPs ranging from 22.214.171.124 to 126.96.36.199
- 188.8.131.52/29 covers all IPs ranging from 184.108.40.206 to 220.127.116.11
- 18.104.22.168/27 covers all IPs ranging from 22.214.171.124 to 126.96.36.199
- 188.8.131.52/22 covers all IPs ranging from 184.108.40.206 to 220.127.116.11
Note: 2Checkout continually expands its server infrastructure and you should expect and be prepared for the expansion of IP addresses used for our services. Make sure to use the 2Checkout IP networks mentioned in this document to ensure continued usage of the 2Checkout services, minimizing potential disruptions.
If you're using a firewall that restricts inbound traffic only to a limited number of IP addresses, you will need to adapt the ACL (Access Control List) rules to permit connections from the 2Checkout IP addresses. This is valid in scenarios in which service listeners such as IPN and LCN placed behind the firewall need to receive data from 2Checkout's services.
The usage of DNS (domain name system) must be ensured for API requests and webhooks callbacks to 2Checkout (IDN, IRN and ISE protocols) and your firewall must NOT restrict outgoing traffic to a limited set of IP addresses. 2Checkout employs advanced routing and multiple globally distributed PoPs (Point of Presence) to ensure high availability of the endpoints.