SePay public IP addresses

List of IP addresses used by SePay to send webhooks, IPN callbacks, and API requests. Whitelist these IPs to ensure secure server-to-server communication.

||

SePay uses the IP addresses listed below to send outbound connections to your systems. These connections include:

  • Webhooks — Real-time transaction notifications
  • IPN (Instant Payment Notification) — Payment notifications from Payment Gateway and Bank Hub
  • Other callbacks — All connections from SePay to your server

If your system uses a firewall or any IP filtering mechanism, you must add all IP addresses below to your allowlist (whitelist) to ensure you receive notifications from SePay.

IP Address List

IPv4

Code
1
2
3
4
5
6
172.236.138.20
172.233.83.68
171.244.35.2
151.158.108.68
151.158.109.79
103.255.238.139

IPv6

Code
1
2
2400:8905::2000:8cff:fe98:45cd
2600:3c15::2000:8aff:fedd:874b
Important

You must allowlist all IP addresses above (both IPv4 and IPv6). SePay may send requests from any IP in this list. The IP list may be updated in the future — check this page periodically or follow announcements from SePay.

Firewall Configuration

If you need to configure your firewall, allow inbound connections from the IPs above to the port your server listens on (typically port 443 for HTTPS).

HTTPS Required

Your webhook and IPN URLs must use HTTPS. SePay does not send requests to unencrypted HTTP URLs.

Configuration Examples

iptables (Linux) — IPv4:

Bash
1
2
3
4
5
6
7
# Allow connections from SePay to port 443
iptables -A INPUT -s 172.236.138.20 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -s 172.233.83.68 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -s 171.244.35.2 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -s 151.158.108.68 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -s 151.158.109.79 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -s 103.255.238.139 -p tcp --dport 443 -j ACCEPT

ip6tables (Linux) — IPv6:

Bash
1
2
3
# IPv6 uses ip6tables, not iptables
ip6tables -A INPUT -s 2400:8905::2000:8cff:fe98:45cd -p tcp --dport 443 -j ACCEPT
ip6tables -A INPUT -s 2600:3c15::2000:8aff:fedd:874b -p tcp --dport 443 -j ACCEPT

Nginx (allow directive):

NGINX
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# In the location block that receives webhooks
location /webhook {
    # IPv4
    allow 172.236.138.20;
    allow 172.233.83.68;
    allow 171.244.35.2;
    allow 151.158.108.68;
    allow 151.158.109.79;
    allow 103.255.238.139;
    # IPv6
    allow 2400:8905::2000:8cff:fe98:45cd;
    allow 2600:3c15::2000:8aff:fedd:874b;
    deny all;
 
    proxy_pass http://your_backend;
}

Verifying Request Origin

In addition to IP filtering, SePay recommends using the following authentication methods:

  • API Key — SePay sends an Authorization: Apikey YOUR_API_KEY header with every request. Verify this header to confirm the request is from SePay.
  • OAuth 2.0 — For integrations requiring higher security levels.

Combining IP filtering with API Key/OAuth 2.0 authentication provides two layers of security for your system.

Related Documentation

Previous page
Next page