Skip to main content

Inbound and Outbound IP Addresses

Zuora

Inbound and Outbound IP Addresses

Some organizations limit outbound communication to the Internet from internal resources for security purposes. This article discusses Zuora IP address whitelist, new Zuora IP addresses, and how to test connectivity. See Full Certification Chain for more information on Zuora's full certification chain for Production and API Sandbox.

Whitelist

A whitelist is a list of your trusted inbound and outbound connections. If your firewalls whitelist outbound connections, you will need to add the Zuora IP addresses to your whitelist.  

Inbound IP Addresses to Zuora

As part of our ongoing commitment to ensure the highest availability and optimal security of Zuora services we leverage next-generation cloud technologies. Due to the dynamic nature of public cloud infrastructure, Zuora services are not hosted on a fixed set of IP Addresses. If you need to whitelist Zuora traffic, we recommend you use DNS based whitelisting for Zuora integrations.  

IP Addresses to US Services Environments

DNS based whitelisting is preferred because the registered service name will stay the same when the service expands to use more IP addresses. 

Please be advised that due to the dynamic nature of public cloud infrastructure that Zuora's Service Environments are deployed on we discourage our customers from implementing outbound whitelisting capability based on IP address restrictions.  IP addresses are subject to change without advance notice as new server instances are created to handle the load.

Outbound IP Addresses from Zuora

When our application (from production or apisandbox) sends out an email or makes an outbound API call (for example, Paypal, Salesforce.com, or the callout/email notification feature), it comes from the following IP addresses.

US Cloud 1 Environment IP Address

Production

  • 34.208.232.20
  • 34.216.115.50
  • 52.24.39.154
  • 52.24.103.254
  • 52.24.220.133
  • 52.27.242.83
  • 52.42.20.82
  • 52.88.164.240
  • 52.89.34.22

In addition to the addresses listed above, the following IP addresses are effective starting from March 10, 2024:

  • 35.155.99.130
  • 35.161.181.38
  • 44.230.234.43
  • 50.112.203.250
  • 54.70.147.75

API Sandbox

  • 34.208.94.64
  • 34.210.117.165
  • 34.216.167.239
  • 52.26.0.121
  • 52.26.187.179
  • 52.26.227.175
  • 52.42.83.24
  • 52.89.30.110
  • 52.89.160.170

In addition to the addresses listed above, the following IP addresses are effective starting from March 10, 2024:

  • 35.161.181.38
  • 44.226.112.161
  • 44.232.2.249
  • 50.112.203.250
  • 52.37.16.34

Central Sandbox

  • 35.160.65.100
  • 35.164.47.146
  • 52.34.236.193
  • 52.37.133.180
  • 52.37.150.86
  • 52.42.235.252
  • 52.43.15.114
  • 52.43.70.243
  • 52.88.249.9
  • 54.148.37.37
  • 100.20.99.125
  • 100.20.124.63
  • 100.21.81.22
  • 100.21.153.177
  • 100.21.181.206
  • 100.21.181.225

In addition to the addresses listed above, the following IP addresses are effective starting from March 10, 2024:

  • 35.161.181.38
  • 44.226.112.161
  • 44.232.2.249
  • 50.112.203.250
  • 52.37.16.34
US Environment IP Address

Production

  • 18.236.40.242
  • 35.81.156.101
  • 35.83.221.34
  • 35.84.156.230
  • 35.161.181.38
  • 35.165.76.151
  • 35.167.158.34
  • 44.236.56.93
  • 44.236.125.171
  • 44.239.189.88
  • 52.10.190.82
  • 52.10.67.173
  • 52.26.221.151
  • 50.112.203.250
  • 54.71.89.113
  • 54.149.112.185
  • 54.213.141.145
  • 54.213.20.246

In addition to the addresses listed above, the following IP addresses are effective starting from March 10, 2024:

  • 35.155.99.130
  • 44.230.234.43
  • 54.70.147.75

API Sandbox

  • 18.236.40.242
  • 34.214.21.228
  • 34.215.104.144
  • 35.166.5.14
  • 35.167.14.110
  • 35.167.166.140
  • 44.228.154.215
  • 44.231.196.100
  • 44.233.16.146
  • 44.233.46.53
  • 44.235.104.146
  • 44.236.25.108
  • 44.236.56.93
  • 44.241.178.154
  • 54.188.210.74
  • 54.213.20.246

In addition to the addresses listed above, the following IP addresses are effective starting from March 10, 2024:

  • 35.161.181.38
  • 44.226.112.161
  • 44.232.2.249
  • 50.112.203.250
  • 52.37.16.34

Production Copy Environment

  • 54.201.65.13

Performance Test Environment

  • 18.236.40.242
  • 35.163.118.31
  • 44.228.189.54
  • 44.235.0.234
  • 44.235.40.32
  • 44.236.56.93
  • 44.236.150.62
  • 52.40.163.152
  • 54.148.216.192
  • 54.189.69.15
  • 54.213.20.246
  • 54.213.78.60
EU Environment IP Address
Production
  • 3.70.123.177 
  • 18.156.89.250 
  • 18.157.243.190 
  • 35.156.85.164
  • 35.157.188.111
  • 35.158.4.224
  • 35.158.5.48
  • 52.28.148.125
  • 52.28.205.34
  • 52.29.201.183
  • 52.57.34.185
  • 52.57.62.165
  • 52.58.92.91
  • 52.58.160.52

In addition to the addresses listed above, the following IP addresses are effective starting from March 10, 2024:

  • 3.66.144.234
  • 3.72.192.189
  • 3.124.7.222
  • 18.193.237.5
  • 18.198.47.111
API Sandbox
  • 3.70.123.177
  • 18.156.89.250
  • 18.157.243.190
  • 35.156.172.83
  • 35.157.94.91
  • 35.157.220.207
  • 35.158.2.118
  • 52.28.148.125
  • 52.28.205.34
  • 52.29.186.45
  • 52.29.201.183
  • 52.57.34.185
  • 52.59.5.76
  • 18.195.115.200
  • 18.198.234.177

In addition to the addresses listed above, the following IP addresses are effective starting from March 10, 2024:

  • 3.65.51.43
  • 3.66.144.234
  • 18.196.79.49
  • 18.196.118.61
  • 18.198.47.111
Central Sandbox
  • 3.120.95.189
  • 3.121.119.183
  • 3.122.143.238
  • 3.122.213.21
  • 3.126.171.17
  • 3.127.123.122
  • 3.127.133.33
  • 3.127.146.24
  • 3.127.158.177
  • 3.127.159.121
  • 3.127.169.60
  • 3.127.2.23
  • 18.194.108.226
  • 18.194.155.82
  • 18.195.112.221
  • 18.195.115.200
  • 18.195.2.104
  • 18.195.247.228
  • 18.195.79.94
  • 18.196.250.84
  • 18.198.234.177
  • 35.156.185.166
  • 35.156.187.236
  • 35.157.20.116
  • 35.157.224.168
  • 35.158.159.52
  • 52.29.239.102
  • 52.29.90.76
  • 52.57.75.132
  • 52.58.61.248
  • 54.93.154.116
  • 54.93.45.29

In addition to the addresses listed above, the following IP addresses are effective starting from March 10, 2024:

  • 3.65.51.43
  • 3.66.144.234
  • 18.196.79.49
  • 18.196.118.61
  • 18.198.47.111

It is important to Payment Gateways which IP Whitelist our traffic or customers who have to configure inbound firewall rules to all HTTPS notification calls from Zuora. Usually, there is no impact on the ability of customers to receive emails from Zuora application.

Inbound and Outbound IP Addresses for Collections, Workflow, Commerce, and Marketplace 

If you want to receive emails, SFTP connection requests, or API calls from Zuora Collections, Zuora Workflow, Zuora Commerce, or Marketplace (formerly known as Connect), you need to add the following IP addresses to your whitelist: 

  • 3.66.181.151
  • 3.72.120.178
  • 3.72.209.33
  • 4.71.24.46 (this IP address is for testing SFTP connections with bank servers)
  • 18.194.185.125
  • 18.197.110.107
  • 34.218.15.157
  • 35.155.216.3
  • 35.156.120.222
  • 52.26.252.153
  • 52.33.107.0
  • 52.35.247.230
  • 52.37.233.34
  • 52.39.100.104
  • 52.40.19.141
  • 52.89.135.4
  • 54.68.23.116
  • 54.71.138.87

In addition to the addresses listed above, the following IP addresses are available for non-production environments beginning March 10, 2024:

  • 3.65.51.43
  • 3.66.144.234
  • 18.196.118.61
  • 18.196.79.49
  • 18.198.47.111
  • 35.161.181.38
  • 44.226.112.161
  • 44.232.2.249
  • 50.112.203.250
  • 52.37.16.34

In addition to the addresses listed above, the following IP addresses are available for production environments beginning March 10, 2024:

  • 3.66.144.234
  • 3.72.192.189
  • 3.124.7.222
  • 18.193.237.5
  • 18.198.47.111
  • 35.155.99.130
  • 35.161.181.38
  • 44.230.234.43
  • 50.112.203.250
  • 54.70.147.75 

Network Connectivity Tests

There are two tests required to validate connectivity:

Test Description
Network Connectivity Test This test validates that application servers can communicate to TCP port 443 for all Zuora Akamai IP addresses listed above.
Certificate Verification Test This test validates that the certificates were imported correctly and customer application’s can establish SSL connections based on the new EV SSL certificates.

Test Network Connectivity

If you whitelist outbound communication, perform the following steps to verify that your systems can connect to all of the new Zuora servers.

  1. Using a Windows or UNIX system, telnet to TCP port 443 on each IP address listed above.

  2. If the telnet connection is successful to all IP addresses listed above, then connectivity has been verified.  

  3. If a connection cannot be established to any of the IP addresses listed above, then your network team must add those specific IP addresses to the whitelist.

Test the Certificate Import

  1. Identify the certificate store that your application uses.
  2. Use the appropriate tool for your environment (keytool, openssl, Windows Certificate Manager, etc) and verify that the Root Certificate labeled “VeriSign Class 3 Public Primary Certification Authority - G5” exists in the store and is trusted.