Terminal Network Address Allowlist

The following network addresses will need to be in an allowlist so that terminal can process payments.

You can configure the allowlist as follows:

1. Broad allowlist: Permit HTTPS access to higher-level domains to simplify configuration and reduce ongoing maintenance.
   • *.adyen.com
   • *.adyenpayments.com
2. Restricted allowlist: Permit HTTPS access only to the specific endpoints listed below to align with least privilege network policies.
   • pos-sync-live.adyen.com
   • pos-config-live.adyen.com
   • pos-payment-live.adyen.com
   • terminal-api-live.adyen.com
     
     
   • pos-sync-live-us.adyen.com
   • pos-config-live-us.adyen.com
   • pos-payment-live-us.adyen.com
   • terminal-api-live-us.adyen.com
     
     
   • pos-sync-live-au.adyen.com
   • pos-config-live-au.adyen.com
   • pos-payment-live-au.adyen.com
   • terminal-api-live-au.adyen.com
     
     
   • pal-live-ap-us.adyen.com
   • pal-live-ap-eu.adyen.com
   • pal-live-ap-au.adyen.com
     

Note: Allowlisting should be based on the DNS name of these URLs. Your firewall should dynamically check for IP address updates, at least every 60 seconds. Do not hard-code Endpoint IP addresses, because these can change over time.

In addition the following ports should be open depending on communication method:

• tcp/443 to the internet for cloud communication with payment terminals.
• tcp/8443 on your LAN for local communication with payment terminals.

Parent topic: Set Up the Terminal and Configure Network Settings