SePay IP Addresses
List of IP addresses used by SePay to send webhooks, IPN callbacks, and other outbound connections to your systems. Add these IPs to your firewall allowlist to ensure you receive notifications from SePay.
SePay uses the IP addresses listed below to send outbound connections to your systems. These connections include:
- Webhooks — Real-time transaction notifications
- IPN (Instant Payment Notification) — Payment notifications from Payment Gateway and BankHub
- Other callbacks — All connections from SePay to your server
If your system uses a firewall or any IP filtering mechanism, you must add all IP addresses below to your allowlist (whitelist) to ensure you receive notifications from SePay.
IP Address List
172.236.138.20172.233.83.68171.244.35.2151.158.108.68151.158.109.79103.255.238.139
You must allowlist all IP addresses above. SePay may send requests from any IP in this list. The IP list may be updated in the future — check this page periodically or follow announcements from SePay.
Firewall Configuration
If you need to configure your firewall, allow inbound connections from the IPs above to the port your server listens on (typically port 443 for HTTPS).
Your webhook and IPN URLs must use HTTPS. SePay does not send requests to unencrypted HTTP URLs.
Configuration Examples
iptables (Linux):
# Allow connections from SePay to port 443iptables -A INPUT -s 172.236.138.20 -p tcp --dport 443 -j ACCEPTiptables -A INPUT -s 172.233.83.68 -p tcp --dport 443 -j ACCEPTiptables -A INPUT -s 171.244.35.2 -p tcp --dport 443 -j ACCEPTiptables -A INPUT -s 151.158.108.68 -p tcp --dport 443 -j ACCEPTiptables -A INPUT -s 151.158.109.79 -p tcp --dport 443 -j ACCEPTiptables -A INPUT -s 103.255.238.139 -p tcp --dport 443 -j ACCEPT
Nginx (allow directive):
# In the location block that receives webhookslocation /webhook {allow 172.236.138.20;allow 172.233.83.68;allow 171.244.35.2;allow 151.158.108.68;allow 151.158.109.79;allow 103.255.238.139;deny all;proxy_pass http://your_backend;}
Verifying Request Origin
In addition to IP filtering, SePay recommends using the following authentication methods:
- API Key — SePay sends an
Authorization: Apikey YOUR_API_KEYheader with every request. Verify this header to confirm the request is from SePay. - OAuth 2.0 — For integrations requiring higher security levels.
Combining IP filtering with API Key/OAuth 2.0 authentication provides two layers of security for your system.
Related Documentation
- Getting Started with Webhooks — Overview guide for webhook integration
- Programming Webhooks (PHP) — Sample code for receiving webhooks with PHP
- Programming Webhooks (Node.js) — Sample code for receiving webhooks with Node.js
- Balance Change Notifications (BankHub) — IPN configuration for BankHub