Security
Ensure webhooks are always received from Paddle
IP allowlisting
In order for your integration to receive Paddle’s webhook alerts, please ensure that the full list of IP addresses listed below are allowlisted:
Cipher suites
The following cipher suites listed below are supported for successfully securing the network connection between Paddle and your endpoint:
TLS_AES_256_GCM_SHA384TLS_CHACHA20_POLY1305_SHA256TLS_AES_128_GCM_SHA256ECDHE-ECDSA-AES256-GCM-SHA384ECDHE-RSA-AES256-GCM-SHA384DHE-RSA-AES256-GCM-SHA384ECDHE-ECDSA-CHACHA20-POLY1305ECDHE-RSA-CHACHA20-POLY1305DHE-RSA-CHACHA20-POLY1305ECDHE-ECDSA-AES128-GCM-SHA256ECDHE-RSA-AES128-GCM-SHA256DHE-RSA-AES128-GCM-SHA256ECDHE-ECDSA-AES256-SHA384ECDHE-RSA-AES256-SHA384DHE-RSA-AES256-SHA256ECDHE-ECDSA-AES128-SHA256ECDHE-RSA-AES128-SHA256DHE-RSA-AES128-SHA256ECDHE-ECDSA-AES256-SHAECDHE-RSA-AES256-SHADHE-RSA-AES256-SHAECDHE-ECDSA-AES128-SHAECDHE-RSA-AES128-SHADHE-RSA-AES128-SHARSA-PSK-AES256-GCM-SHA384DHE-PSK-AES256-GCM-SHA384RSA-PSK-CHACHA20-POLY1305DHE-PSK-CHACHA20-POLY1305ECDHE-PSK-CHACHA20-POLY1305AES256-GCM-SHA384PSK-AES256-GCM-SHA384PSK-CHACHA20-POLY1305RSA-PSK-AES128-GCM-SHA256DHE-PSK-AES128-GCM-SHA256AES128-GCM-SHA256K-AES128-GCM-SHA256AES256-SHA256AES128-SHA256ECDHE-PSK-AES256-CBC-SHA384ECDHE-PSK-AES256-CBC-SHASRP-RSA-AES-256-CBC-SHASRP-AES-256-CBC-SHARSA-PSK-AES256-CBC-SHA384DHE-PSK-AES256-CBC-SHA384RSA-PSK-AES256-CBC-SHADHE-PSK-AES256-CBC-SHAAES256-SHAPSK-AES256-CBC-SHA384PSK-AES256-CBC-SHAECDHE-PSK-AES128-CBC-SHA256ECDHE-PSK-AES128-CBC-SHASRP-RSA-AES-128-CBC-SHASRP-AES-128-CBC-SHARSA-PSK-AES128-CBC-SHA256DHE-PSK-AES128-CBC-SHA256RSA-PSK-AES128-CBC-SHADHE-PSK-AES128-CBC-SHAAES128-SHAAES128-CBC-SHA256PSK-AES128-CBC-SHA