Worldpay's payment gateway (WPG) is designed to be simple to integrate to and flexible enough to meet your needs. To make the most of your integration with WPG, and to ensure you're always up to date, follow our best practice.
You must ensure that any systems that contact Worldpay (either server software or browsers) trust certificates signed by the following CA root:
DigiCert Global Root G2
For a limited time, trusting the following legacy root will still allow you to validate Worldpay services, but you must ensure that you add the above root certificate as soon as possible:
VeriSign Class 3 Public Primary Certification Authority - G5
In all cases, you must ensure that you perform validation based on root certificates alone. Intermediate certificates should never be trusted directly as they may change at any time.
Ensure that you:
We will always announce a change of CA root or signing algorithm, but we cannot commit to announcing other changes in advance
Additional hostnames may be communicated to you for specific purposes. These hostnames should only be used for the purposes and for the period of time specified by us.
To ensure stable and consistent communication with WPG you must not lock down your firewalls to a set number of individual IP addresses.
Feedback or bugs to report?
Ask our developer community.
Search our documentation, API references and articles.