Configure security features

Required user role Technical

You can configure:

  • Encryption keys (master, read-only and dynamic keys) used for secured communications between the payer and Tipalti environments
  • IP Internet Protocol sources from where API calls are allowed to originate

API keys

You can generate and manage API keys for Tipalti APIs. A master key is available automatically for you once you begin using the Tipalti Solution.

  1. Go to Administration > API integration > API keys. Keys are masked by asterisks.
  2. To view a key, click Eye icon beside the key. The decrypted key displays.

Master key

  1. To change the master key:
    1. Click Change key. A Change key dialog displays asking you to confirm your selection.
    2. Click Confirm. A new key (masked by asterisks) displays in the Master key field and the old key displays below it. The old key will remain active until it is revoked.
  2. To revoke the old key:
    1. Click Revoke old key. A Revoke old key dialog displays asking you to confirm your selection.
    2. Click Confirm. The old key is removed.

Read-only key

  1. To generate a read-only key:
    1. Beside Advanced options, click "Plus" button. Two options display.
    2. In the Read-only key field, click Generate key. A Generate key dialog displays asking you to confirm your selection.
    3. Click Confirm. The read-only key (masked by asterisks) displays.
  2. To delete the read-only key:
    1. Click Delete key. A Delete Key dialog displays asking you to confirm your selection.
    2. Click Confirm. The read-only key is removed.

Dynamic key

When you first start using the Tipalti Solution, by default, the dynamic key functionality is turned off. To change the setting:

  1. Click Pencil icon. The field becomes editable.
  2. Click Drop-down arrow and select Optional or Required. An Expiration field displays.
    • Optional: Allows you to use either the dynamic key or master key to call the APIs.
    • Required: You must use the master key to call the GetDynamicKey API function, which generates the dynamic key. Then use the dynamic key to call any of the other API functions.
  3. Click the check mark to confirm your selection.
  4. In the Expiration field, click Pencil icon. The field becomes editable.
    1. Type the desired number of minutes before the key expires.
    2. Click the check mark to confirm your selection.

Allowed IPs

If you are using Tipalti's APIs, you need to specify IP sources that are allowed to make calls to Tipalti (a minimum of one source is required).

To define an IP source:

  1. Go to Administration > API integration > Allowed IPs.
  2. Click Add IP source.
  3. In the Source type field, select either API or Tipalti Hub.

  4. In the Status field, select Active or Inactive.

  5. In the Description field, type a description of the traffic source.

  6. In the Address type field, select IP range or DNS Domain Name System IP/Host.

  7. Do one of the following.
    1. In the DNS IP/Host field, type either the IP address or host name (e.g., 123.456.789.123 or www.abcdefg.com).
    2. In the IP min range and IP max range fields, type the minimum and maximum traffic ranges, respectively.

  8. When you’re done, click Add to add the new entry.

To edit an IP source:

  1. Go to Administration > API integration > Allowed IPs.
  2. Find the relevant IP source.
  3. At the end of the row, click the 3-dot menu and select Edit.
  4. In the Edit IP source dialog, edit the relevant fields.
  5. Click Save to save your changes.

To delete an IP source:

  1. Go to Administration > API integration > Allowed IPs.
  2. Find the relevant IP source.
  3. At the end of the row, click the 3-dot menu and select Delete.
  4. In the Delete IP source? dialog, click Delete source.