IP Address Update for PayPal Secure FTP Reporting/Batch Servers

If your integration is set up to systematically exchange files with PayPal’s Secure FTP Reporting/ Batch Servers, please note that the IP addresses for these servers have changed. If your integration is hardcoded to the pervious IP addresses, you will need to upgrade immediately to avoid any disruption of service.

Merchant Security Roadmap

The information that follows is of a highly technical nature and should be reviewed by one of the following:

  • Your web hosting company
  • Your e-commerce software provider
  • Your in-house web programmer/system administrator

In a Nutshell...

Merchants and partners use PayPal’s Secure FTP Reporting/Batch Servers to systematically exchange files with PayPal. While the most common use of these servers is to retrieve daily reports, other uses include submitting and retrieving files for batch processing, creating and managing accounts, and processing disputes. In an effort to improve the reliability and security of these Secure FTP Servers, we have moved them to new IP addresses.

This change is complete as of May 12, 2016

What do I need to do?

Flow chart
NOTE:
Depending on the client used to access PayPal’s Secure FTP server, you may be asked to manually update the host key associated with the endpoint you are accessing. For example, if you are connecting via Linux/Unix system command line either systematically or manually, you may need to update the known_hosts file by clearing out the existing entries associated with the endpoint.

Technical Details

The following endpoints can be used to access PayPal’s Secure FTP Reporting/Batch Servers and will be impacted by the IP address change:

  • reports.paypal.com
  • batch.paypal.com
  • accounts.paypal.com
  • disputes.paypal.com

Ready Now

On March 20, 2016, the following IP addresses were added to the DNS records for PayPal’s Secure FTP endpoints:

  • 173.0.84.139
  • 173.0.88.139

On April 14, 2016, the following IP addresses were removed from the DNS records for PayPal’s Secure FTP endpoints. On May 12, 2016, they were decommissioned and no longer route to PayPal’s Secure FTP servers:

  • 173.0.84.161
  • 173.0.84.198
  • 173.0.88.161
  • 173.0.88.198

If you have firewall rules allowing access to PayPal’s Secure FTP Servers based on specific IP addresses, you should also include the following IP address in your rules. This IP address is not normally in the DNS entry for the Secure FTP endpoints but may be added as needed for maintenance and disaster recovery:

  • 66.211.168.93

FAQs

What do I need to do for this change?

If your systems access the PayPal Secure FTP Reporting or Batch Server, notify your relevant technical and operations teams of the changes. Have them ensure that your connections use DNS to reference the servers. If your systems do use hard-coded IP addresses, they will need to be updated immediately.

Why does PayPal recommend DNS over hard-coding?

PayPal may move these and any other services to different IP addresses in the future. To avoid having to make manual changes, PayPal recommends the use of DNS.

Is the Sandbox Secure FTP environment getting new IP addresses?

No.

Why am I receiving a "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" error message when I try to access the Secure FTP servers?

Your known_hosts file likely has an old entry for the Secure FTP endpoint to which you are trying to connect. To clear the error, remove entries from your known_hosts files for any of the Secure FTP endpoints.