Skip to main content

IP Whitelist

The IP of the system from which you make your request has to be whitelisted to connect with the Cashfree Payments production server. If the IP is not whitelisted, Cashfree Payments will reject all incoming requests. To whitelist your IP,
  1. Go to Payouts Dashboard > Developers section on the left-side navigation > Payouts > Two-Factor Authentication > IP Whitelist.
  2. Click Add IP Address.
  3. Enter the IP Address you want to whitelist and save the details. All the IP’s you have whitelisted will be displayed as shown below. You can whitelist a maximum of 10 IPs.
You might encounter an IP whitelisting error even after whitelisting your IP address. This error typically occurs when you have multiple Payout accounts and the IP address is whitelisted on one account, but the API keys you’re using belong to a different account. To resolve this issue, whitelist the IP address on all your Payout accounts. Also, verify that you’re using the correct API keys for the intended account. Switching to the appropriate account usually resolves the issue and prevents further authentication errors.
Depending on your operating system, you can retrieve the IP of the system via multiple methods. You can also find your IP using helper sites such as https://whatismyipaddress.com/
Please note that the IPv4 has to be whitelisted, not IPv6.

Public key

If you do not have a static IP, you can generate a public key and pass it with the API request.
Note: A password is not required to access the public key in the test environment.
To generate a public key:
  1. Go to Payouts Dashboard > Developers section on the left-side navigation > Payouts > Two-Factor Authentication > Public Key.
  2. Click Generate Public Key. The public key will be downloaded to your computer and the password to access it will be your email ID registered with Cashfree Payments. Only one public key can be generated at a time.
Below are the steps to generate your signature:
  1. Retrieve your clientId (one which you are passing through the header X-Client-Id )
  2. Append this with CURRENT UNIX timestamp separated by a period (.)
  3. Encrypt this data using RSA encrypt with Public key you received – this is the signature.
  4. Pass this signature through the header X-Cf-Signature.
In the case of using our library, go through the libraries section. During the initialization process, you need to pass the key as a parameter.
When using 2FA Public Keys, merchants must include the ‘X-Cf-Signature’ header in their API requests. Failure to do so will result in a ‘Signature missing in the request’ error.
<?php
public static function getSignature() {
    $clientId = "<your clientId here>";
    $publicKey =
openssl_pkey_get_public(file_get_contents("/path/to/certificate/public
_key.pem"));
    $encodedData = $clientId.".".strtotime("now");
    return static::encrypt_RSA($encodedData, $publicKey);
  }
private static function encrypt_RSA($plainData, $publicKey) { if (openssl_public_encrypt($plainData, $encrypted, $publicKey,
OPENSSL_PKCS1_OAEP_PADDING))
      $encryptedData = base64_encode($encrypted);
    else return NULL;
    return $encryptedData;
  }
?>
Note: The generated signature expires after 10 minutes. A new signature must be generated every 10 minutes.

FAQs

Whitelisting the IP address or generating a public key provides a layer of authentication. These cybersecurity techniques prevent anonymous or unknown disbursement requests and allow only verified requests.
A string of characters that identifies each computer using the Internet Protocol to communicate over a network. Computers use IP addresses to communicate with each other over the internet.
Whitelisted IPs are an index of approved entities. A whitelist approves a list of email addresses, IP addresses for communication.
The Cashfree Payments production server allows your API requests.
You can whitelist a maximum of 25 IP addresses.
No, we only support API requests from IPv4 at the moment.
An IP whitelisting error can occur if multiple Payout accounts exist and the IP address is whitelisted only on one account, but the API keys in use belong to a different account. To resolve this, whitelist the IP address on all Payout accounts and ensure the correct set of API keys is used for the intended account. Switching to the appropriate account usually fixes the issue and prevents further authentication errors.
If your IP address is not static, generate a public key in the Cashfree Payments portal.
  1. In the Cashfree Payments dashboard, select Developers from the navigation panel on the left.
  2. Click Two-Factor Authentication from the Payouts card.
  3. Select Public Key from the Select 2FA Method dropdown menu.
  4. Click Generate Public Key.
  5. The public key is downloaded to your computer. Use your registered email ID to access the key.
One. You can generate only 1 public key at a time.
You need to generate a signature and proceed with the API requests.Below are the steps to generate the signature:
  1. Retrieve your client ID.
  2. Append this with CURRENT UNIX timestamp separated by a period (.).
  3. Encrypt this data with the generated public key using RSA encryption - this is the signature.
  4. Pass this signature in the header X-CF-Signature.