Commerce API safelist

Understand the purpose of a safelist.

When integrating with the Commerce API, ensuring seamless communication between your systems and Digital River is critical. One essential step is configuring your firewall to accept incoming webhook notifications from Digital River. This is achieved by safelisting specific IP addresses Digital River uses to send these notifications. Below is a safelist of IP addresses that you should configure within your firewall settings to ensure you receive all necessary webhook notifications without interruption.

The safelist is a list of IP addresses Digital River uses to send webhook notifications. To receive webhook notifications from Digital River, you must open your firewall to these IP addresses.

Understanding webhooks and the importance of safelisting

Webhooks are automated messages sent from apps when something happens. In the Commerce API integration context, Digital River uses webhooks to notify your systems of events such as payments, order updates, and more. These real-time updates allow your systems to react promptly, ensuring a seamless transaction process.

However, to maintain the security and reliability of these communications, it's critical to ensure that your systems only accept these notifications from trusted sources. This is where safelisting comes into play. By configuring your firewalls only to allow incoming notifications from known Digital River IP addresses, you protect your systems from unauthorized access and potential security threats. Safelisting the specified IP addresses ensures that you receive crucial webhook notifications without interruption, enhancing the integrity and efficiency of your integration with Digital River.

To enhance the security of webhooks and ensure safe communication with Digital River, follow these best practices:

  • Safelist IP addresses: Only allow incoming webhook notifications from known Digital River IP addresses. Below is a list of IP addresses to safelist in your firewall settings:

    • 54.204.214.106/32

    • 100.25.55.35/32

    • 3.94.74.169/32

    • 52.207.145.30/32

    • 35.167.151.150/32

    • 50.112.167.211/32

    • 52.36.133.196/32

    • 54.68.3.105/32

    • 52.19.155.167/32

    • 34.241.30.95/32

    • 209.87.180.0/24

    • 217.65.128.0/24

    • 210.242.154.0/29

Note that the slash at the end is CIDR notation and represents a range of IP addresses.

We recommend you periodically check the safelist for any changes to the list of IP addresses used for webhook notifications.

Last updated