--- title: Setting Up Your Server framework: applepayontheweb role: article role_heading: Article path: applepayontheweb/setting-up-your-server --- # Setting Up Your Server Set up your server for secure communications with Apple Pay. ## Overview Overview These are the requirements for incorporating Apple Pay on your website: You must serve all pages that include Apple Pay over HTTPS. Your domain must have a valid SSL certificate. Your server must support the Transport Layer Security (TLS) protocol version 1.2 or later, and one of the cipher suites listed here: | | | | | | | Allow Apple Pay IP Addresses To successfully connect with Apple Pay IP addresses and domains, your server needs to allow access over HTTPS (TCP over port 443) and include the TLS Server Name Indication (SNI) extension. Apple Pay requires SNI on all connections. Your server needs to connect to the Apple Pay IP addresses and domains provided listed in Listing 1, below. important: Use a strict allow list for Apple IP addresses and domains provided in Listing 1. Do not allow your server to access any other IP addresses or domains. Listing 1. Apple Pay IP addresses and domain names for production. Domain apple-pay-gateway.apple.com (Global) This name resolves to the IP addresses / CIDR block below: 17.171.78.7/32, 17.171.78.71/32, 17.171.78.135/32, 17.171.78.199/32, 17.171.79.12/32 17.141.128.7/32, 17.141.128.71/32, 17.141.128.135/32, 17.141.128.199/32, 17.141.129.12/32 17.32.214.7/32, 17.157.96.181/32 17.33.194.239/32, 17.33.192.38/32, 17.33.193.110/32 17.33.202.35/32, 17.33.201.101/32, 17.33.200.169/32 Domain cn-apple-pay-gateway.apple.com (China Region) This name resolves to the IP addresses / CIDR block below: 101.230.204.232/32, 101.230.204.242/32, 101.230.204.240/32 60.29.205.104/32, 60.29.205.106/32, 60.29.205.108/32 important: Use the IP addresses, in Listing 2 for development and sandbox testing only. Do not allow your production apps or production servers to use these testing services in production. Listing 2. Apple Pay IP addresses and domain names for testing (development sandbox). For sandbox testing only: Domain apple-pay-gateway-cert.apple.com (Global) This name resolves to the IP addresses / CIDR block below: 17.171.85.7/32 17.179.124.181/32, 17.32.214.56/32 17.33.194.218/32, 17.33.192.145/32, 17.33.193.45/32 17.33.200.47/32, 17.33.202.99/32, 17.33.201.105/32 Domain cn-apple-pay-gateway-cert.apple.com (China Region) This name resolves to the IP addresses / CIDR block below: 101.230.204.235/32 For more information about merchant validation, see Providing Merchant Validation. Allow Apple IP Addresses for Domain Verification Apple uses the following IP addresses when you register or verify your merchant domain. If you protect your domain from public access and you wish to complete domain verification, you need to allow the following IP address ranges. 17.23.4.96/27 17.23.19.0/27 17.23.24.32/27 17.32.139.128/26 17.132.108.64/26 17.140.126.0/26 17.157.32.0/27 17.157.40.128/27 17.157.44.128/27 17.179.144.128/25 17.253.0.0/16 See Register and Verify Your Domain for more information. ## See Also ### Apple Pay setup - [Configuring Your Environment](applepayontheweb/configuring-your-environment.md) - [Maintaining Your Environment](applepayontheweb/maintaining-your-environment.md)