Web Access & Custom Domains
Our services are available to the internet and we don't expect them to be blocked by default. Depending on the firewalls and security products in use in your organisation, you may need to know the IP addresses and hostnames that we use across our products so you can add them to your allow lists.
Reward Gateway supports the browsers listed on Supported browsers for Reward Gateway platforms.
IPs & Domains Used
Each Reward Gateway client is allocated a subdomain on one of five top-level domains that allow the application to identify them uniquely. This will be provided by the Implementation Specialist.
Note: Please replace [program] with the client's specific domain slug.
Images & other assets
Image content and other assets are loaded from servers hosted with MaxCDN, a content delivery network. No personal data is held in this environment.
Live Chat (Employee Support)
We use Zendesk Chat to provide a live chat function for you to contact our support team. Please ensure that you have
Zendesk Chat only uses ports 80 and 443, which should be open on all firewalls as they are standard ports. The more important thing to look for is the following:
- Traffic from *.zopim.com is whitelisted on the firewall. (* is a wildcard and means all subdomains on the zopim.com domain).
- Zendesk Chat relies on Amazon for services. If the customer is blocking Amazon IPs, it could negatively impact chat performance.
For our Wellbeing Centre content we have partnered with GymPass who use Akamai as a CDN. You can find their domains here. Please note this will only be necessary if you would usually block access to these locations.
Your programme runs from a custom hostname underneath one of our domains, which we refer to as a "Internal Domain", for example; clientname.rewardgateway.co.uk. At present, we do not have the ability to run fully custom domains for customers.
However, we do support a 'Redirection Domain' which you can pick yourselves and use to advertise and direct your employees to, for example; clientprogrammename.com. You will always see the 'Internal Domain' in the URL bar when browsing your programme, not the Redirection Domain.
There are several ways we can do this:
Reward Gateway Fully Managed
We can buy the domain for you and host a 'HTTP 301 Redirect' via a service called 'DNS Made Easy'. When visiting your Redirection Domain, the browser will quickly redirect you to your internal domain.
Client Fully Managed
Clients can run their own 'HTTP 301 Redirect' themselves on a domain of their choice. Speak with your Implementation Specialist to confirm your Internal Domain to set as the target for your 301.
Client Owned, Reward Gateway Managed
We understand that clients may wish to keep their domains under their direct ownership, while allowing us to handle the redirect. To do this, you must delegate the domains nameservers to DNS Made Easy (a 3rd party DNS provider we use), and then we will setup the 'HTTP 301 Redirect' to your Internal Domain.
Please set your Redirection Domain's nameservers to at least three of the following:
If you use a Reward Gateway managed Redirection Domain, the details that your IT team may need for firewall allow listing are as follows:
Your chosen redirection domain
About 'HTTP 301 Redirect'
In layman's terms, the redirection domain sends a signal (301) to the user's browser to point it to the internal domain, i.e. a redirection. As this is a permanent redirection from one URL to another, all requests to the redirection domain URL will automatically be sent to the internal domain URL.
Note that for the redirection domain, there is not SSL/TLS certificate attached to it, so it's access with HTTP and not HTTPS.
Do you support framed redirects?
No. In the past we were able to support ‘framed redirects’ but since Chrome and other browsers have started blocking this we have stopped using them altogether.
Can we use HTTPS or an SSL certificate on the Redirection Domain?
Not at the moment. Since framed redirects were deprecated we have begun work on fully supporting custom domains including SSL certificates with SNI. We will publish this update as soon as it becomes available. No sensitive data is transmitted to the Redirection Domain, as it immediately serves a 301 redirection to your actual Internal Domain.
Why can I not point my DNS records at your IP?
Unfortunately, we don’t manually manage host headers as this doesn’t scale across our client base and infrastructure. Instead they are done automatically based on the URL/Internal Domain that you choose underneath a Reward Gateway top level domain (rewardgateway.com/ .co.uk/ .com.au/ .ie/ .co.nz).
If you point a DNS record directly at our inbound IP addresses, you will see SSL certificate errors and the website will not load. The only supported options are the ones listed above under 'Custom Domains'.
What happens to the Custom Domain if we part ways?
We will gladly return the domain to you. Please send the DNS information to your Client Success Manager who will liaise with our internal teams to do this.