As part of our ongoing commitment to ensure the highest availability and optimal security of our services we are making some updates to the way our services are made available. For any new integration, Zuora will no longer support static IP addresses for customers to whitelist. For existing integrations, this change will take effect on below listed dates. This change is being made after thorough assessment of evolving security risks and will allow us to take full advantage of latest cloud technologies to provide greater availability and resiliency for you as our customer.
Sandbox and PT1: 16 January, 2019
(Impacted endpoints: apisandbox.zuora.com, apisandboxstatic.zuora.com, rest.apisandbox.zuora.com, apisandbox-api.zuora.com, rest.pt1.zuora.com, and pt1.zuora.com)
Production: 16 February, 2019
(Impacted endpoints: www.zuora.com, rest.zuora.com, api.zuora.com, and static.zuora.com, gateway.prod.auw2.zuora.com)
Actions you need to take:
If you use IP whitelisting to connect Zuora services, please remove IP whitelists to lift any restriction on IP addresses to connect to Zuora services.
Other actions you can take for secure integration:
If egress traffic filtering is a key security control for you, one or multiple of the below traffic filtering approaches can be used as alternative.
- Domain name based filtering: You may use domain name based filtering to whitelist *.zuora.com
- Access Control List using Proxy: You may use forward proxy and restrict proxy to allow only *.zuora.com domain.
- Tenant IP Access Control List: Use IP Whitelisting within your tenant configuration to restrict access from origin IP addresses authorized by you.
How Zuora ensures security of your integration:
- Encryption in transit: Zuora ensures latest and secure TLS protocols are used to encrypt all traffic to Zuora in transit.
- Authentication: Zuora enforces strong authentication for all APIs used during integration.
- Threat Detection: Zuora uses multiple state-of-the-art security tools to detect and mitigate any threat to Zuora services and customer data round the clock.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.