General Information

PreviousIntegrating Saferpay NextData Security and PCI DSS

Last updated 15 days ago

Was this helpful?

General Information

The following information is aplicable for multiple or all Saferpay Interfaces, like technical limitations, support for certain browsers and features, that are supported by multiple interfaces.

TLS Security and Communication Settings

We regularly review our security settings and try to find an optimal balance between maximum security and backward compatibility. Due to current developments in communication standards and regulatory requirements, it is nevertheless necessary to make occasional adjustments to our communication endpoints.

SSL Certificates

SSL certificates are used to encrypt the data-transfer between you and the Saferpay payment gateway. As threats grow more frequent and also dangerous, it is necessary to frequently change these certificates.

For most systems, this may not be an issue, however there are cases, where you -the merchant- may be in need of getting said certificates, for example in case of a trust-store, where your system only trusts certificates, that have been added to the trust store.

For further information and a download of all the relevant certificates,

Furthermore, Saferpay does not recommend, that you use "Certificate pinning". This will lead to issues due to unannounced changes.

TLS Version

For encrypted communication (HTTPS) with Saferpay, TLS 1.2 must be used as protocol for transport encryption. Unencrypted communication (HTTP) or earlier versions of TLS or SSL are not supported.

Cipher Suites

Furthermore, at least one of the following encryption algorithms (Cipher Suites) must be used to establish a connection to Saferpay:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (Supported until 2025-05-26 on live system. Was deactivated on test environment on 2025-02-13.)
DHE_RSA_WITH_AES_128_CBC_SHA256 (Supported until 2025-05-26 on the live system. Was deactivated on test environment on 2025-02-13.)

Hosts, IP Addresses and ports, used by Saferpay

In some cases it may be necessary to whitelist the outgoing and especially incoming hosts inside your firewall.

Incoming

The following hosts are for incoming connections towards Saferpay:

www.saferpay.com for connecting to the production environment
test.saferpay.com for connecting to the sandbox (test environment)

Outgoing

The following hosts are for outgoing connections towards the merchant:

When possible, please whitelist the host wave.six-group.com.

Should this not be possible, you should implement an IP lookup against this host, maybe once every month, e.g.

nslookup wave.six-group.com

Any kind of authentication towards the merchant-system -e.g. client certificate-, is currently not supported by Saferpay.

Are both options not available to you, you can find the outgoing IPs below.

Please note that the IP addresses listed below may change on short or even without prior notification. We highly recommend using one of the previously mentioned options instead.

153.46.97.94 153.46.97.98 153.46.97.121 153.46.105.98 153.46.105.121 153.46.244.84 193.247.180.4

Ports

For both, incoming and outgoing, Saferpay will use the standard http(s) ports 80 and 443. Other ports are currently not supported.

HTTPS Headers

Usually, Saferpay can process any official header, that is sent during communication. However, there are certain things to make sure, in order to not run into problems:

Please do not use Connection: keep-alive for communicating with Saferpay. It can cause connection-issues and poor performance, due to it circumventing our load-balancing and failover-behaviors. Please make sure, that you use Connection: close instead, so Saferpay can correctly manage your incoming requests, to provide the best service.
Some environments send their own custom headers and values. While Saferpay aims to handle these, we are also bound by certain rules, to protect our network. These rules could lead to your request being rejected, if suspicious headers, or values are detected.

Supported Browsers

Saferpay Supports all common, modern browsers, like

Chrome/Chromium (and all Chromium-based browsers, like Edge, Opera etc.)
Firefox
Safari

The following browsers are not supported

Microsoft Internet Explorer (all versions)
Internet Explorer compatibility mode for Microsoft Edge

Please note, that integrated browsers and web-view libraries for Apps can behave differently from their bigger counterparts.

Generally, Saferpay does support and has been tested with the default core-libraries from modern Operating-Systems (iOS, Android etc.). However, their behavior is also dependent on your specific integration. 3rd party libraries could also cause issues and weird behavior, if they deviate from the standard.

This does not mean, that Saferpay will not function correctly. You should just be aware of these challanges, before starting an integration, that is reliant on these special libraries and tools.

PreviousIntegrating Saferpay NextData Security and PCI DSS

Last updated 15 days ago

Was this helpful?

The following information is aplicable for multiple or all Saferpay Interfaces, like technical limitations, support for certain browsers and features, that are supported by multiple interfaces.

TLS Security and Communication Settings

SSL Certificates

For further information and a download of all the relevant certificates,

Furthermore, Saferpay does not recommend, that you use "Certificate pinning". This will lead to issues due to unannounced changes.

TLS Version

For encrypted communication (HTTPS) with Saferpay, TLS 1.2 must be used as protocol for transport encryption. Unencrypted communication (HTTP) or earlier versions of TLS or SSL are not supported.

Cipher Suites

Furthermore, at least one of the following encryption algorithms (Cipher Suites) must be used to establish a connection to Saferpay:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (Supported until 2025-05-26 on live system. Was deactivated on test environment on 2025-02-13.)
DHE_RSA_WITH_AES_128_CBC_SHA256 (Supported until 2025-05-26 on the live system. Was deactivated on test environment on 2025-02-13.)

Hosts, IP Addresses and ports, used by Saferpay

In some cases it may be necessary to whitelist the outgoing and especially incoming hosts inside your firewall.

Incoming

The following hosts are for incoming connections towards Saferpay:

www.saferpay.com for connecting to the production environment
test.saferpay.com for connecting to the sandbox (test environment)

Outgoing

The following hosts are for outgoing connections towards the merchant:

When possible, please whitelist the host wave.six-group.com.

Should this not be possible, you should implement an IP lookup against this host, maybe once every month, e.g.

nslookup wave.six-group.com

Any kind of authentication towards the merchant-system -e.g. client certificate-, is currently not supported by Saferpay.

Are both options not available to you, you can find the outgoing IPs below.

Please note that the IP addresses listed below may change on short or even without prior notification. We highly recommend using one of the previously mentioned options instead.

153.46.97.94 153.46.97.98 153.46.97.121 153.46.105.98 153.46.105.121 153.46.244.84 193.247.180.4

Ports

For both, incoming and outgoing, Saferpay will use the standard http(s) ports 80 and 443. Other ports are currently not supported.

HTTPS Headers

Usually, Saferpay can process any official header, that is sent during communication. However, there are certain things to make sure, in order to not run into problems:

Please do not use Connection: keep-alive for communicating with Saferpay. It can cause connection-issues and poor performance, due to it circumventing our load-balancing and failover-behaviors. Please make sure, that you use Connection: close instead, so Saferpay can correctly manage your incoming requests, to provide the best service.
Some environments send their own custom headers and values. While Saferpay aims to handle these, we are also bound by certain rules, to protect our network. These rules could lead to your request being rejected, if suspicious headers, or values are detected.
- Likewise, some environments also send custom authentication values and certificates (Aside the standard SSL certificate). Please make sure, that this is not the case, as Saferpay will consider these for , which will lead to a rejected authentication.

Supported Browsers

Saferpay Supports all common, modern browsers, like

Chrome/Chromium (and all Chromium-based browsers, like Edge, Opera etc.)
Firefox
Safari

The following browsers are not supported

Microsoft Internet Explorer (all versions)
Internet Explorer compatibility mode for Microsoft Edge

Please note, that integrated browsers and web-view libraries for Apps can behave differently from their bigger counterparts.

should help you greatly in identifying these problems, but note, that Saferpay also redirects towards 3rd party web-sites (Like PayPal, iDeal etc.), that are not under the control of Saferpay and could cause issues.

This does not mean, that Saferpay will not function correctly. You should just be aware of these challanges, before starting an integration, that is reliant on these special libraries and tools.