Identity and access service
You'll need to be able to:
- get and set up a TLS (SSL) connection client side X509 certificate for web service client connections in test and production (primarily for Cloud originating connections)
- complete OAuth2 integration
- identify internet-facing IP addresses that SOAP requests will come from
- apply X509 client certificates for client side of TLS mutual authentication for all connection requests
- do a local network trace to see exactly what has been sent and received, including HTTP headers and ideally a TLS handshake.
For services relating to SFTP related set up, you may need to:
- exchange SSH keys
- exchange PGP keys for file signing and encryption
- make firewall changes to open incoming ports
- apply PGP decryption, validation, encryption and signing depending on specific integration.
Identity and access roles
| Party | Requirement | Description |
|---|---|---|
| Inland Revenue |
Provide public certificate for mutual TLS | Inland Revenue's public X.5.9 certificate to support TLS is provided as part of connectivity testing. |
| Software provider |
Get a X.509 certificate from a certificate authority for the test and production environments. | Required when using mutual TLS with cloud-based software providers. |
SOAP API architecture
Our gateway services use the SOAP API architecture.
You'll need to undertake SOAP web service development and testing using:
- request and response operations
- XSD schemas and WSDL.
Last updated:
28 Apr 2021