Advisory: HTTPS Walled Garden URLs for Payment Gateways
Updated: 23 July 2020
We have added the walled garden HTTPS domains feature as the recommended approach to allow downstream devices to access the payment gateways before login. In doing so, we are effectively decommissioning the IP Address-based walled garden configuration.
As such, it is advised to add the relevant HTTPS domains to the walled garden and consequently remove the IP address walled garden entries that correspond to the payment gateways. Removal of unnecessary IP addresses from the walled garden is important for fast downstream login experience.
Here is the list of walled garden HTTPS domains required for all supported payment gateways:
Payment Gateway | Mode | Required Exact-Match HTTPS Walled Garden Entries |
Authorize.Net Accept.js | Production | api.authorize.net js.authorize.net |
Test | apitest.authorize.net jstest.authorize.net | |
Authorize.Net SIM | Production | secure.authorize.net |
Test | test.authorize.net | |
Worldpay Select Junior | Production | secure.worldpay.com |
Test | secure-test.worldpay.com | |
Paypal Payflow Link | Production | payflowlink.paypal.com |
Test | payflowlink.paypal.com | |
Paypal Payflow Pro | Production | payflowpro.paypal.com |
Test | pilot-payflowpro.paypal.com | |
Payway | Production | api.payway.com.au |
Test | api.payway.com.au |
Steps
- Go to Gateway Admin GUI > LAN > Walled Garden > HTTPS Domains.
- Add the HTTPS domains relevant to the payment gateways you are integrating with. For example:
Ensure that the Type is Exact Match and Action is Passthru.
For Payway for example, the desired walled garden HTTPS domains list could look like this:
After you have completed the above, you should verify that the downstream is able to browse to the payment gateway’s payment page and that the response is received after payment information is submitted.
Related Posts
IG 4 Update #20 – WeChat, Walled Garden update, HTTPS web server upgrade