Inbound and outbound IP addresses
Reference information about inbound and outbound connectivity at Zuora.
Some organizations limit outbound communication to the Internet from internal resources for security purposes and require an allow list of trusted inbound and outbound connections. If your firewalls require outbound connection permissions, you must add the Zuora IP address to your allow list. For information about the Zuora full certification chain for production and API Sandbox environments, see Full certification chain.
Inbound IP addresses to Zuora
As part of our ongoing commitment to ensure the highest availability and optimal security of Zuora services, we leverage next-generation cloud technologies. Due to the dynamic nature of public cloud infrastructure, Zuora services are not hosted on a fixed set of IP addresses. If you need to permit Zuora traffic, we recommend you use DNS based allow lists for Zuora integrations.
It is important to Payment Gateways which IP allow list our traffic or customers who have to configure inbound firewall rules to all HTTPS notification calls from Zuora. Usually, there is no impact on the ability of customers to receive emails from Zuora application.
IP addresses to US services environments
DNS based allow list is preferred because the registered service name stays the same when the service expands to use more IP addresses.
Due to the dynamic nature of public cloud infrastructure that Zuora's Service Environments are deployed on, we discourage our customers from implementing outbound allow list capability based on IP address restrictions. IP addresses are subject to change without advance notice as new server instances are created to handle the load.