Looking for advanced configurations?
Rvvup's plugins allow you to get up and running with minimal effort, but if you're looking to get a little more advanced, you might need to know some additional information related to our IP addresses, ports, and domains for both Live and Test mode.
What are Rvvup’s IP Addresses?
Rvvup uses the following IP addresses in the Live and Test modes:
Live | Test |
18.134.218.119 | 18.170.83.194 |
3.11.241.241 | |
3.9.46.3 |
You’ll want to ensure that your servers have these IP addresses added to your allow-list if your environment is using a firewall.
What ports can be used for Rvvup Webhooks?
💡 If you are using the official Rvvup plugins, this will be handled for you.
We allow webhook registration a bit differently for Live and Test modes, where Live strictly requires https.
Live | Test | |
Protocols | https | http, https |
Ports | 443, 8443 | 80, 8080, 443, 8443 |
What domains does Rvvup use?
Live and Test modes will utilise a few different domains, all of which we would recommend allow-listing on your servers:
Component | Description | Test | Live |
API | The endpoint your server-side API calls will use. | https://api.sandbox.rvvup.com/ | https://api.dev.rvvuptech.com |
Consumer Checkout | The endpoint your front-end API will use. These are the domains for Rvvup checkout components. | https://checkout.sandbox.rvvup.com/ | https://checkout.rvvup.com/ |
Content Security Policy Requirements
If your site uses Content Security Policies, you’ll want to add the following directives to ensure your payments can process without issue:
Directive | Source | Address |
script-src | 'self' 'unsafe-inline' | *.securetrading.net *.google-analytics.com pay.google.com *.secure.checkout.visa.co secure.checkout.visa.com *.cardinalcommerce.com *.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu www.paypalobjects.com c.paypal.com |
connect-src | 'self' | *.sentry.io *.cardinalcommerce.com google.com/pay *.browser-intake-datadoghq.eu |
img-src | 'self' | *.google-analytics.com data: *.gstatic.com *.vims.visa.com *.secure.checkout.visa.com secure.checkout.visa.com checkout.paypal.com |
font-src | 'self' | *.gstatic.com |
frame-src | 'self' | *.trustpayments.com *.securetrading.net *.secure.checkout.visa.com secure.checkout.visa.com *.cardinalcommerce.com pay.google.com thm.visa.com *.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu c.paypal.com checkout.rvvup.com checkout.sandbox.rvvup.com |
child-src | c.paypal.com | |
style-src | 'self' 'unsafe-inline' | fonts.googleapis.com |
form-action | 'self' | *.cardinalcommerce.com *.securetrading.net |
default-src | 'none' | |
base-uri | 'self' |