Attention All BridgePay Gateway Integrators
To continue our alignment with industry standard security practices, BridgePay will only allow access to the BridgePay Gateway via our processing URLs, also referred to as Server Name Identification (SNI). This will go into effect in July 2022. Going forward, BridgePay will no longer support the whitelisting of specific IP addresses to access our gateway via API.
All integrations using the current direct external access via processing IP addresses must update the integration prior to July 2022 to avoid processing interruptions.
This includes integrations using the direct post API for:
- T-Gate/PathwayLINK and BridgeComm
- WebLINK 2 and WebLINK 3.0
- Boarding API
- Reporting API
- Recurring Billing API
- Wallet API
- PayGuardian Desktop
- PayGuardian Cloud
This change is both a security enhancement and enablement of customer connectivity to BridgePay’s multiple datacenters to ensure flawless processing.
This change is live in UAT. We strongly encourage all partners test their integration in UAT using the SNI as soon as possible.
Starting July 2022, BridgePay will no longer support whitelisting of specific IP addresses to access our gateway via API or Portal URLs. Merchants who have implemented IP address whitelisting must update their firewalls with URL whitelisting. IP addresses will no longer be published.
This security enhancement will require that the client-side SNI (Server Name Identification) field within the TLS header be populated with the target hostname allowing the Web Application Firewall (WAF) to properly establish a secure connection.
If you receive an error in UAT (e.g., error 404), please email firstname.lastname@example.org for further assistance.
Integrators must use updated TLS Cipher Suites within their networking environment. To avoid a processing disruption, one TLS Cipher must be enabled at a minimum.
The following Cipher Suites will be enabled on all URLs in July 2022:
# TLS 1.3 (suites in server-preferred order)