Advisory: HTTPS Walled Garden URLs for Payment Gateways
Updated: 23 July 2020
We have added the walled garden HTTPS domains feature as the recommended approach to allow downstream devices to access the payment gateways before login. In doing so, we are effectively decommissioning the IP Address-based walled garden configuration.
As such, it is advised to add the relevant HTTPS domains to the walled garden and consequently remove the IP address walled garden entries that correspond to the payment gateways. Removal of unnecessary IP addresses from the walled garden is important for fast downstream login experience.
Here is the list of walled garden HTTPS domains required for all supported payment gateways:
|Payment Gateway||Mode||Required Exact-Match HTTPS Walled Garden Entries|
|Worldpay Select Junior||Production||secure.worldpay.com|
|Paypal Payflow Link||Production||payflowlink.paypal.com|
|Paypal Payflow Pro||Production||payflowpro.paypal.com|
- Go to Gateway Admin GUI > LAN > Walled Garden > HTTPS Domains.
- Add the HTTPS domains relevant to the payment gateways you are integrating with. For example:
- Go to Gateway Admin GUI > LAN > Walled Garden > IP Addresses.
- Remove the IP addresses that correspond to the payment gateways as evident from the descriptions. These IP addresses are no longer needed as you have already added the relevant HTTPS domains to the walled garden. For example:
Ensure that the Type is Exact Match and Action is Passthru.
For Payway for example, the desired walled garden HTTPS domains list could look like this:
After you have completed the above, you should verify that the downstream is able to browse to the payment gateway’s payment page and that the response is received after payment information is submitted.