Skip to main content

Prerequisite

Before starting to integrate the GTR solution, you should have a GTR account that has already passed the company information review, allowing you to download the required files from the website.

  • Ensure preparation of your certificate.p12 file according to directives mentioned in the Chapter: Create API Key and mTLS Certificate.
  • For correct file setup, adhere to the instructions provided in the Chapter: About mTLS. Verify that your files align with the following file hierarchy
  • Proceed to configure your public key and callback URL

Now you should already have these files with follow the instruction of Chapter: Create API Key and mTLS Certificate:

key_and_certificate.zip
├── api_key.csv
├── client-truststore.p12
└── certificate.pem (follow the Chapter: About mTLS to make this file)

Explanation of the Files:

  • api_key.csv: This file is used to store the secret required to log in to the GTR server to gain authorization.
  • client-truststore.pem: This file is the client-trust CA bundle that holds a whitelist of client certificates that may be needed to authenticate a request coming from the GTR server. It handles requests from the GTR server to your server (for callback from GTR).
  • certificate.pem: This is the mTLS certificate that is required for any HTTPS request directed at the GTR server, such as login, and handles your outgoing requests to the GTR. You create this file in accordance with the instructions provided in Chapter: About mTLS, and secure it with a custom password.

Open the api_key.csv, and you will see 4 rows as follows:

Row NameExampleDescription
access_key2DF9SDJ3RFA93HFA0F93HAB0S93FThe part of the login payload.
secret_keyDFSD0JFN43SGNDSPIAN30IHSIDFN0SAR3BNFA0ISFNBI0N3RNFWE0FThe user's secret key must not be exposed in this field. Instead, the login payload should use the SHA-512(secret_key) value to generate the signedSecretKey. The signedSecretKey will then become a component of the login payload. To send the request securely, include the signedSecretKey in the payload and use the provided certificate.p12 file.
vasp_codef93_faj30ae3Your immutable VASP code serves as your unique identity, allowing others to easily recognize your business service.
client_truststore_passwordMIGf02kjadlsadF0anDQIDF0dasfjFSAThe password that can extract client-truststore.jks

Copyright (C) 2025 Global Travel Rule. All Rights Reserved
General
About
FAQ
Contact
Developer
Documentation
Legal
Terms of Use
Privacy Policy