Advisory: HTTPS Walled Garden URLs for Payment Gateways

Updated: 23 July 2020

We have added the walled garden HTTPS domains feature as the recommended approach to allow downstream devices to access the payment gateways before login. In doing so, we are effectively decommissioning the IP Address-based walled garden configuration.

As such, it is advised to add the relevant HTTPS domains to the walled garden and consequently remove the IP address walled garden entries that correspond to the payment gateways.  Removal of unnecessary IP addresses from the walled garden is important for fast downstream login experience.

Here is the list of walled garden HTTPS domains required for all supported payment gateways:

Payment GatewayModeRequired Exact-Match HTTPS Walled Garden Entries
Authorize.Net Accept.jsProductionapi.authorize.net
js.authorize.net
Testapitest.authorize.net
jstest.authorize.net
Authorize.Net SIMProductionsecure.authorize.net
Testtest.authorize.net
Worldpay Select JuniorProductionsecure.worldpay.com
Testsecure-test.worldpay.com
Paypal Payflow LinkProductionpayflowlink.paypal.com
Testpayflowlink.paypal.com
Paypal Payflow ProProductionpayflowpro.paypal.com
Testpilot-payflowpro.paypal.com
PaywayProductionapi.payway.com.au
Testapi.payway.com.au

Steps

  1. Go to Gateway Admin GUI > LAN > Walled Garden > HTTPS Domains.
  2. Add the HTTPS domains relevant to the payment gateways you are integrating with.  For example:
  3. Ensure that the Type is Exact Match and Action is Passthru.

    For Payway for example, the desired walled garden HTTPS domains list could look like this:

  4. Go to Gateway Admin GUI > LAN > Walled Garden > IP Addresses.
  5. Remove the IP addresses that correspond to the payment gateways as evident from the descriptions.  These IP addresses are no longer needed as you have already added the relevant HTTPS domains to the walled garden.  For example:

After you have completed the above, you should verify that the downstream is able to browse to the payment gateway’s payment page and that the response is received after payment information is submitted.