Network changes on Adyen's incoming and outgoing endpoints
June 9, 2023 11:47
Adyen introduced network changes to its endpoints used in the communications between merchants' systems and Adyen's TEST and LIVE environment.
1) Will I be affected by this network change? Likely this change does not affect your integration. Only merchants that do (custom) IP allowlisting on incoming communication sent from merchants' systems to Adyen's endpoints or IP allowlisting on outgoing requests (webhooks and notifications under the DNS name "out.adyen.com") sent from Adyen to merchants may need to check if the full list of IP addresses used by Adyen is accepted by their firewall.
2) How can I verify if I am doing IP allowlisting? IP allowlisting is done on the merchant’s side of the integration, outside of the Adyen platform. Therefore, merchants' IP allowlisting strategies are not visible to Adyen. In case you are unsure, please check with your technical team, service administrator, or system integrator.
Merchants who do not perform IP allowlisting, do not require to take action.
Please bear in mind that IP allowlisting may be performed on:
a) Incoming communications from merchants' systems to Adyen: Requests and communications from merchants' systems towards the Adyen platform should always use DNS to resolve the current list of IP addresses used by Adyen on a specific moment in time.
b) Outgoing communications from the Adyen platform: Communications from the Adyen platform towards merchants' systems are sent via webhooks and notifications under the DNS name: out.adyen.com. To retrieve the list of addresses used for these communication, please refer to this article: Adyen domain and IP addresses
3) What is Adyen's recommendation on IP validation? By default, Adyen does not recommend to perform IP allowlisting on Adyen's IP addresses since this may impact connectivity to Adyen's systems at the moment a new set of IP addresses is enabled or removed from the LIVE or TEST environment. In practice and for various reasons, Adyen may decide to make changes in the list of IP addresses being used at different moments in time (with or without prior communication).
In order to ensure the trustability of the domains used on Adyen's incoming and outgoing endpoints, Adyen provides on each domain a DNS certificate of authority authorisation (CAA). Upon establishing a connection to Adyen's domains and endpoints, merchants are required to authenticate the connection before any type of communication is exchanged between both parties.
4) How can I check which domain(s) is/are relevant for my integration? You can self-check the domain(s) that you use for API requests to Adyen. Usually, the domains can be found from your configuration. Your technical team or system integrator will be able to determine which endpoint(s) is/are being used in your integration.
For more information about Adyen's domains and endpoints, please refer to this page: Live Endpoint Structure.
5) Can I verify my network connectivity with Adyen?
In case you perform IP allowlisting on the Adyen's API endpoints, you will need to get in touch with Adyen support via support.adyen.com.