Security

In order for your integration to receive Paddle’s webhook alerts, please ensure that the full list of IP addresses listed below are whitelisted:

The following cipher suites listed below are supported for successfully securing the network connection between Paddle and your endpoint:

  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_GCM_SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-GCM-SHA384
  • DHE-RSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-CHACHA20-POLY1305
  • ECDHE-RSA-CHACHA20-POLY1305
  • DHE-RSA-CHACHA20-POLY1305
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-GCM-SHA256
  • DHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-RSA-AES256-SHA384
  • DHE-RSA-AES256-SHA256
  • ECDHE-ECDSA-AES128-SHA256
  • ECDHE-RSA-AES128-SHA256
  • DHE-RSA-AES128-SHA256
  • ECDHE-ECDSA-AES256-SHA
  • ECDHE-RSA-AES256-SHA
  • DHE-RSA-AES256-SHA
  • ECDHE-ECDSA-AES128-SHA
  • ECDHE-RSA-AES128-SHA
  • DHE-RSA-AES128-SHA
  • RSA-PSK-AES256-GCM-SHA384
  • DHE-PSK-AES256-GCM-SHA384
  • RSA-PSK-CHACHA20-POLY1305
  • DHE-PSK-CHACHA20-POLY1305
  • ECDHE-PSK-CHACHA20-POLY1305
  • AES256-GCM-SHA384
  • PSK-AES256-GCM-SHA384
  • PSK-CHACHA20-POLY1305
  • RSA-PSK-AES128-GCM-SHA256
  • DHE-PSK-AES128-GCM-SHA256
  • AES128-GCM-SHA256
  • K-AES128-GCM-SHA256
  • AES256-SHA256
  • AES128-SHA256
  • ECDHE-PSK-AES256-CBC-SHA384
  • ECDHE-PSK-AES256-CBC-SHA
  • SRP-RSA-AES-256-CBC-SHA
  • SRP-AES-256-CBC-SHA
  • RSA-PSK-AES256-CBC-SHA384
  • DHE-PSK-AES256-CBC-SHA384
  • RSA-PSK-AES256-CBC-SHA
  • DHE-PSK-AES256-CBC-SHA
  • AES256-SHA
  • PSK-AES256-CBC-SHA384
  • PSK-AES256-CBC-SHA
  • ECDHE-PSK-AES128-CBC-SHA256
  • ECDHE-PSK-AES128-CBC-SHA
  • SRP-RSA-AES-128-CBC-SHA
  • SRP-AES-128-CBC-SHA
  • RSA-PSK-AES128-CBC-SHA256
  • DHE-PSK-AES128-CBC-SHA256
  • RSA-PSK-AES128-CBC-SHA
  • DHE-PSK-AES128-CBC-SHA
  • AES128-SHA
  • AES128-CBC-SHA256
  • PSK-AES128-CBC-SHA