Configure security features

Required user role Technical

You can configure:

  • Encryption keys (master, read-only and dynamic keys) used for secured communications between the payer and Tipalti environments
  • IP Internet Protocol sources from where API calls are allowed to originate

API keys

You can generate and manage API keys for Tipalti APIs. A master key is available automatically for you once you begin using the Tipalti Solution.

  1. Go to Administration > API integration > API keys. Keys are masked by asterisks.
  2. To view a key, click Eye icon beside the key. The decrypted key displays.

Master key

  1. To change the master key:
    1. Click "Change key". A "Change key" dialog displays asking you to confirm your selection.
    2. Click "Confirm". A new key (masked by asterisks) displays in the "Master key" field and the old key displays below it. The old key will remain active until it is revoked.
  2. To revoke the old key:
    1. Click "Revoke old key". A "Revoke old key" dialog displays asking you to confirm your selection.
    2. Click "Confirm". The old key is removed.

Read-only key

  1. To generate a read-only key:
    1. Beside "Advanced options", click "Plus" button. Two options display.
    2. In the "Read-only key" field, click "Generate key". A "Generate key" dialog displays asking you to confirm your selection.
    3. Click "Confirm". The read-only key (masked by asterisks) displays.
  2. To delete the read-only key:
    1. Click "Delete key". A "Delete Key" dialog displays asking you to confirm your selection.
    2. Click "Confirm". The read-only key is removed.

Dynamic key

When you first start using the Tipalti Solution, by default, the dynamic key functionality is turned off. To change the setting:

  1. Click Pencil icon. The field becomes editable.
  2. Click Drop-down arrow and select "Optional" or "Required". An "Expiration" field displays.
    • Optional: Allows you to use either the dynamic key or master key to call the APIs.
    • Required: You must use the master key to call the GetDynamicKey API function, which generates the dynamic key. Then use the dynamic key to call any of the other API functions.
  3. Click the check mark to confirm your selection.
  4. In the "Expiration" field, click Pencil icon. The field becomes editable.
    1. Type the desired number of minutes before the key expires.
    2. Click the check mark to confirm your selection.

Allowed IPs

If you are using Tipalti's APIs, you need to specify IP sources that are allowed to make calls to Tipalti (a minimum of one source is required).

To define an IP source:

  1. Go to Administration > API integration > Allowed IPs. A list of defined IP sources displays.
  2. In the empty "Source type" field, click Drop-down arrow and select either "API" or "Tipalti Hub".
  3. In the empty "Description" field, type a description of the traffic source.
  4. Do one of the following.
    1. In the empty "DNS Domain Name System IP/Host" field, type either the IP address or host name (e.g., 123.456.789.123 or www.abcdefg.com).
    2. In the empty "IP min range" and "IP max range" fields, type the minimum and maximum traffic ranges, respectively.
  5. If you do not want the IP source to be active yet, then in the "Active" field, toggle the button "On" . The button is now red. Otherwise, leave the button "On" for immediate activation.
  6. At the end of the row, click Save icon to save the entry.

To edit an IP source:

  1. Go to Administration > API integration > Allowed IPs. A list of defined IP sources displays.
  2. Find the relevant IP source.
  3. At the end of the row, click Pencil icon. The fields become editable.
  4. Edit the fields.
  5. At the end of the row, click Save icon to save the entry.

To delete an IP source:

  1. Go to Administration > API integration > Allowed IPs. A list of defined IP sources displays.
  2. Find the relevant IP source.
  3. At the end of the row, on the right of the pencil icon, click Delete button. The "Delete allowed IP" dialog displays asking you to confirm your selection.
  4. Click "Confirm".