Security Notice: Action Required
Attention All BridgePay Gateway Integrators

To continue our alignment with industry standard security practices, BridgePay will only allow access to the BridgePay Gateway via our processing URLs, also referred to as Server Name Identification (SNI). This will go into effect in July 2022. Going forward, BridgePay will no longer support the whitelisting of specific IP addresses to access our gateway via API. 
 
All integrations using the current direct external access via processing IP addresses must update the integration prior to July 2022 to avoid processing interruptions.  
 
This includes integrations using the direct post API for: 
  • T-Gate/PathwayLINK and BridgeComm 
  • WebLINK 2 and WebLINK 3.0 
  • TokenPay  
  • Boarding API 
  • Reporting API 
  • Recurring Billing API 
  • Wallet API 
  • PayLink
  • PayGuardian Desktop
  • PayGuardian Cloud
 
This change is both a security enhancement and enablement of customer connectivity to BridgePay’s multiple datacenters to ensure flawless processing.  
 
This change is live in UAT. We strongly encourage all partners test their integration in UAT using the SNI as soon as possible. 

IMPORTANT REMINDERS: 
  • Starting July 2022, BridgePay will no longer support whitelisting of specific IP addresses to access our gateway via API or Portal URLs. Merchants who have implemented IP address whitelisting must update their firewalls with URL whitelisting. IP addresses will no longer be published.  
  • This security enhancement will require that the client-side SNI (Server Name Identification) field within the TLS header be populated with the target hostname allowing the Web Application Firewall (WAF) to properly establish a secure connection. 
  • If you receive an error in UAT (e.g., error 404), please email integrations.support@bridgepaynetwork.com for further assistance. 
  • Integrators must use updated TLS Cipher Suites within their networking environment. To avoid a processing disruption, one TLS Cipher must be enabled at a minimum. 

The following Cipher Suites will be enabled on all URLs in July 2022: 
 
# TLS 1.3 (suites in server-preferred order) 
AFFECTED URLs & PRODUCTS: 
 
URL’s and Products will vary dependent on reseller partner and/or integration. Notices have been sent to all partners and integrators with specific URL’s and Products that are affected by this update.
  
It is recommended all affected integrators proactively review their environment and connectivity to the appropriate production platform and complete all necessary testing in UAT as soon as possible. 
 
The BridgePay Integrations team is here to help.  Please reach out to integration.support@bridgepaynetwork.com or giving us a call at 866-531-1460, option 4, if you need assistance with this security update. 
Sign up today to access our Integration Support portal
Why do you need a log in to access BridgePay's Integration Support portal? This allows our team to better track and respond to the cases or questions you have entered into our system. The more information we have on your integration, the better we can assist you!
Coding to BridgePay has never been easier!
BridgePay's Developer Center offers our integrators all the tools needed for a simple development effort: SDKs, API documentation, samples galore and robust knowledge base.

Access our Developer Center 24/7/365 -- no login required!