Authentication
Client-Initiated Requests
The TGAPI uses an IP whitelist in conjunction with a TokenEx ID and the appropriate API key. The whitelist can be configured directly in the API settings menu within the TokenEx client portal. Clients can manage their API keys and TokenEx IDs via the ticketing system in the support tab of the client portal.
The TokenEx ID and API key will be supplied in the outbound HTTP request as header values.
Third Party Initiated Requests (Proxy)
Proxy tokenization requires a proxy profile to be configured within the Proxy Tokenization menu within the TokenEx client portal. Creating a profile will generate the proxy profile ID. Each profile can generate one or multiple proxy keys, and each proxy key will have an associated IP whitelist. All of this can be configured directly from within the client portal. The profile ID will be appended to the Transparent Proxy endpoint URL.
The proxy key can be supplied in the inbound HTTP request as either a header value (tx-proxy-key) or via HTTP Basic Authentication, using tx-proxy-key as the user name and the proxy key as the password.
To delete IDs or keys, please open a support ticket.
Connections to and from TokenEx APIs must utilize TLS 1.2 (HTTPs).
Approved Hosts
Before you begin using the Transparent Gateway API for client-initiated, outbound requests, you need to check to see if TokenEx has allowed communication with the 3rd party host. This is accomplished by a GET request to https://test-tgapi.tokenex.com/Hosts. If the remote API's host name is not in the list, please open a support ticket in our Customer Portal to have it added to the Approved Hosts list, which acts as an outbound whitelist from TokenEx to third party HTTP endpoints. For a host to be added to the Approved Hosts list, TokenEx will verify that the endpoint meets a few basic security requirements:
- The endpoint is using HTTPs (TLS 1.2)
- The HTTPs protocol is communicating over the standard port – 443.
- The root certificate is from a valid certificate authority.
- The endpoint supports the following HTTP verbs: GET/POST/PUT
Communications with 3rd parties that utilize a non-standard port need to be reviewed by our Operations team for approval. Please open a Support Ticket within the TokenEx portal to submit this request.