Skip to main content

About mTLS

About Access Key and Secret Key

The Access Key and Secret Key serve as the connecting bridge between your server and the GTR central server. The Access Key is responsible for identifying the account associated with the incoming request, while the Secret Key authenticates the Access Key to confirm its validity.

To boost security, customers are encouraged to generate their own Private Key and Certificate Signing Request (CSR) File within their own environment. The CSR (which contains the public key and identity) is then submitted to GTR for the signature process. After the signature process completes, GTR returns the .PEM certificate (the Public Key/Signed Certificate) to the customer.

On obtaining the .PEM certificate and alongside their privately held key, customers can initialize their server with mutual TLS (mTLS). The detailed steps involved in setting this up are explained in the following section

Create Access Key and Secret Key

Generating an access key and secret key is a straightforward process. To begin, you need to log into the GTR website and navigate to the

API Info Page.

  • The system requires both email and 2FA (Two-Factor Authentication) verification codes to further proceed. If 2FA verification hasn't been set up on your account, please refer to our guide on Config 2FA for instructions on how to register 2FA verification.

There are two types of user categories to consider when creating API keys: Trial User and Professional User.

  • Trial User: Trial users are provided limited access to API key functionalities.
    • They are unable to generate or utilize API keys while their user status is "Under Review" or marked as "Rejected."
  • Professional Users: Professional users have complete access to API key functionalities unless their status is "Under Review" or "Rejected."
    • If a user has already been approved as a Trial User, they can utilize API keys with functionalities limited to trial user level.
    • Users previously approved as Trial Users can choose to continue using their old API key or create a new one.

GTR Website now provides API Keys for two different environments, The creation method and function description are as follows:

Go to [API Info], click [Create API Key] and choose the environment.

  • Test Environment
    • Simply verify via 2FA and get all configurations generated by GTR on your behalf.
    • Need to configure Test IP Whitelist (Settings > IP Whitelist > Test Environment).
    • The configuration is valid for 30 days. If the configuration is revoked, please regenerate it.
  • Production Environment
    • Need to submit CSR certificate request and other configurations.
    • Requires 2FA verification.
    • The configuration is permanently valid until you regenerate a new Key and legacy key will be expired after 72 hours.
Copyright (C) 2025 Global Travel Rule. All Rights Reserved
General
About
FAQ
Contact
Developer
Documentation
Legal
Terms of Use
Privacy Policy