π Network Requirements: NX Whitelist URLs, Firewall Rules and Ports
For NX systems to operate reliably, all required cloud services, APIs, and third-party integrations must be reachable from the venue network.
This document outlines all domains, subdomains, and ports that must be whitelisted in your firewall or network security configuration.
βοΈ Overview
NX relies on secure cloud communication between:
- NX POS Devices
- NX Cloud
- Third-party monitoring, analytics, and payment systems
Network restrictions or content filtering can interrupt communication with NX servers, leading to degraded or non-functional POS behavior.
Ensuring proper domain and port whitelisting is essential for real-time operations, payment processing, logging, and analytics.
βοΈ NX Cloud API Endpoints
These endpoints provide access to the NX Cloud infrastructure, including venue management, configuration synchronization, reporting, and API services.
| Environment | Domain | Description |
|---|---|---|
| Production | prod.api.nxapp.net | Primary production API endpoint |
| Beta | beta.api.nxapp.net | Staging and beta testing environment |
| QA | qa.api.nxapp.net | Quality assurance and testing endpoint |
| Production (East Region) | east.prod.api.nxapp.net | Secondary production region endpoint (US East) |
| Beta (East Region) | east.beta.api.nxapp.net | Beta region mirror |
| QA (East Region) | east.qa.api.nxapp.net | QA region mirror |
β Ports Required:
- TCP 443 (HTTPS) β Secure communication for all API calls
- TCP 80 (HTTP) β Used only for fallback or redirection (rarely)
β οΈ Cloud Logging & Monitoring
NX uses Loggly for centralized cloud log collection and analysis.
| Service | Domain | Purpose |
|---|---|---|
| Loggly | logs-01.loggly.com | Cloud logging endpoint for POS and cloud services |
β Ports Required:
- TCP 443 (HTTPS) β Log ingestion via secure API
π Ensure that outgoing logs are permitted over HTTPS. NX does not use UDP syslog forwarding.
π± Firebase Services (Google)
NX uses Google Firebase for application monitoring, analytics, and messaging.
These endpoints are used by both NX POS and NX Mobile apps.
| Service | Domains | Purpose |
|---|---|---|
| Firebase Cloud Messaging (FCM) | fcm.googleapis.com | Push notifications and real-time event communication |
| Firebase Analytics | app-measurement.com, firebase-settings.crashlytics.com | Logging and analytics |
| Firebase Crashlytics | crashlyticsreports-pa.googleapis.com | Crash reporting and stability tracking |
| Google Identity | accounts.google.com, oauth2.googleapis.com | Authentication and secure token validation |
| Google Cloud Storage | firebasestorage.googleapis.com | File upload/download and media access |
β Ports Required:
- TCP 443 (HTTPS)
- TCP 5228β5230 (for FCM push notifications via Android OS)
π‘ If using Android tablets or terminals, ensure that FCM ports (5228β5230) are open for real-time messaging.
π BugSnag (Crash Analytics)
NX uses BugSnag for advanced crash analytics and performance monitoring.
| Service | Domain | Purpose |
|---|---|---|
| BugSnag API | notify.bugsnag.com | Report crash and error events |
| BugSnag Sessions | sessions.bugsnag.com | Manage active app sessions |
β Ports Required:
- TCP 443 (HTTPS) β Secure communication to BugSnag cloud
π MQTT / AWS IoT Messaging
NX POS devices connect to the NX Cloud in real time using MQTT via AWS IoT Core.
This enables live device synchronization, updates, and transaction messaging.
| Service | Domain | Purpose |
|---|---|---|
| AWS IoT MQTT Broker | a2pajwtrxh4h20-ats.iot.us-west-2.amazonaws.com | Real-time MQTT messaging for device communication |
β Ports Required:
- TCP 8883 β MQTT over TLS (primary port)
- TCP 443 β MQTT over WebSockets (fallback)
π MQTT uses TLS 1.2+ for all communication. Ensure your firewall allows outbound connections on port 8883.
π§Ύ NX Payment and Integration Services (when applicable)
Depending on your payment processor and configuration, additional endpoints may be required.
NX POS uses secure HTTPS connections for tokenization, authorization, and settlement.
| Service | Example Domain(s) | Purpose |
|---|---|---|
| NX Payment Gateway | prod1.netepayhosted.dcap.com prod2.netepayhosted.dcap.com webroute.dcap.com | Secure payment processing |
| Device Provisioning | device.api.nxapp.net | POS registration and linking |
| CDN / Static Resources | cdn.nxapp.net, assets.nxapp.net | Static assets, configuration, and update delivery |
β Ports Required:
- TCP 443 (HTTPS) β Payment and provisioning APIs
- TCP 9000/9100 β Payment and provisioning APIs
π₯οΈ Additional Cloud Dependencies
NX may communicate with the following common service domains depending on your setup:
| Domain | Purpose |
|---|---|
time.google.com | Network time synchronization |
ntp.ubuntu.com | Backup NTP for clock synchronization |
s3.amazonaws.com | File storage and cloud backup |
updates.esper.io | Esper device management agent updates |
console.esper.io | Esper device control interface |
ota.esper.io | Over-the-air updates for Esper-enrolled devices |
β οΈ Time synchronization (NTP) is critical for accurate transaction timestamps and secure token validation.
π Summary: Whitelist Reference
| Category | Domains | Ports |
|---|---|---|
| NX Cloud APIs | prod.api.nxapp.net, beta.api.nxapp.net, qa.api.nxapp.net, east.prod.api.nxapp.net, east.beta.api.nxapp.net, east.qa.api.nxapp.net | 443 |
| Cloud Logging | logs-01.loggly.com | 443 |
| Firebase Services | fcm.googleapis.com, app-measurement.com, crashlyticsreports-pa.googleapis.com, firebasestorage.googleapis.com | 443, 5228β5230 |
| BugSnag | notify.bugsnag.com, sessions.bugsnag.com | 443 |
| MQTT / AWS IoT | a2pajwtrxh4h20-ats.iot.us-west-2.amazonaws.com | 8883, 443 |
| Payments | prod1.netepayhosted.dcap.com prod2.netepayhosted.dcap.com | 9000 9100 |
| Payments | webroute.dcap.com | 443 |
| Esper Management | console.esper.io, updates.esper.io, ota.esper.io | 443 |
| CDN / Static Assets | cdn.nxapp.net, assets.nxapp.net, s3.amazonaws.com | 443 |
| Time Sync | time.google.com, ntp.ubuntu.com | 123 (UDP) |
β Recommended Firewall Configuration Summary
| Protocol | Direction | Ports | Purpose |
|---|---|---|---|
| TCP | Outbound | 443 | Secure HTTPS communication |
| TCP | Outbound | 8883 | MQTT over TLS (AWS IoT) |
| TCP | Outbound | 9000/9100 | Secure payment gateway |
| TCP | Outbound | 5228β5230 | Firebase Cloud Messaging |
| UDP | Outbound | 123 | Network time synchronization (NTP) |
π¬ Key Takeaway
To ensure NX POS and NX Cloud function correctly, allow outbound HTTPS (TCP 443) and MQTT (TCP 8883) traffic to NX, Firebase, Loggly, BugSnag, and AWS IoT domains.
Restrictive firewalls or content filters can prevent app updates, logging, or payment communication, leading to degraded system functionality.