Skip to main content

Network Access

In order to be able to access the Scantrust REST API, the below ports and hostnames need to be accessible:


  • 80 - HTTP
  • 443 - HTTPS


Below are the domainnames for our testing and production environment:

Testing / Staging:


NOTE: AWS autoschedules both STAGING and PRODUCTION environments, with backup nodes automatically instantiated in the event of node failure. These backup nodes may have different IP addresses than previously reported. To prevent traffic issues, we recommend applying firewall rules on your environment that filter traffic based on hostnames rather than IP addresses.

HTTS SSL Certificates

For some systems, it is required to add trust-relationships for the SSL certificates used by our servers All Scantrust certificates are derived from the Amazon Root CA Certs:

Root Certificate Authority:

  • CN=Amazon Root CA 1,O=Amazon,C=US
    • SHA-256: fbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2
    • Self-Signed Certificate: DER PEM
    • Test URL's: Valid Revoked Expired

Scantrust currently uses the above CA but to be safe we suggest to add all five amazon root certificate authorities. Though it is unlikely we will change our CA in the near future, it will prevent a failure should a future update occur.