Our web service uses the standard SSL (secure socket layer) on port 443 with the addresses:
As “In and Out” SOAP traffic during API calls is handled during the API call, the AvaTax web service does not contact the client server at any time. Therefore, all you need to do is add one or both of the URLs to your proxy server configuration to allow outgoing calls.
The way that client applications connect to Avalara’s services is through our published URL:https://avatax.avalara.net/This URL is translated into an IP address by DNS (Domain Name System) behind the scenes. It is critical that all Avalara clients use this published URL instead of the corresponding IP address when connecting to the Avalara service. The reason is Avalara may change the IP address associated with the URL at any time without notice as part of our practice of load-balancing our services across multiple data centers and/or across multiple ISPs.Therefore, to maintain uninterrupted access to the AvaTax web service, the client must implement “best practices” around DNS access. Otherwise, transactions destined for an outdated IP address (from a localhosts file, for example) will fail and are not protected by Avalara’s SLA (service level agreement).Client adapters must respect the Time To Live (TTL) setting associated with the DNS record (60 seconds). Any adapter, environment variables, or configurations that “cache” the IP address longer than the TTL interval are considered to not be following best practices for accessing Internet-based SaaS products.
The default Java behavior is to cache DNS lookups indefinitely, which does not follow best practices for Internet hosts. There are two properties that can be used to override the default behavior. These two Java security properties control the TTL values used for positive and negative host name resolution caching. They are:
What needs to be done:networkaddress.cache.ttl and networkaddress.cache.negative.ttl are not typically set Java properties. They are security related properties that can be set in one of two ways:
Avalara’s web services do not support host files. The system accessing our service must use DNS to lookup IP addressing. Failure to do so will put the client’s adaptor at risk in a failover situation (meaning our primary web service has been switched to a secondary due to an outage or preventative maintenance cycle).
If your company deploys a security practice that requires locking down outbound /inbound traffic, it is recommended that you use the DNS names of development.avalara.net or avatax.avalara.net to resolve any issues.