Skip to main content

Offices closed All Inland Revenue offices are currently closed to the public to help limit the spread of COVID-19.

COVID-19 - Level 1 and Level 2 If you've been affected by COVID-19, we may be able to help. Find out more

Identity and access service

You'll need to be able to:

  • get and set up a TLS (SSL) connection client side X509 certificate for web service client connections in test and production (primarily for Cloud originating connections)
  • complete OAuth2 integration
  • identify internet-facing IP addresses that SOAP requests will come from
  • apply X509 client certificates for client side of TLS mutual authentication for all connection requests
  • do a local network trace to see exactly what has been sent and received, including HTTP headers and ideally a TLS handshake.

For services relating to SFTP related set up, you may need to:

  • exchange SSH keys
  • exchange PGP keys for file signing and encryption
  • make firewall changes to open incoming ports
  • apply PGP decryption, validation, encryption and signing depending on specific integration.

Identity and access roles

Party Requirement Description
Inland
Revenue
Provide public certificate for mutual TLS Inland Revenue's public X.5.9 certificate to support TLS is provided as part of connectivity testing.
Software
provider
Get a X.509 certificate from a certificate authority for the test and production environments. Required when using mutual TLS with cloud-based software providers.

Identity and access

SOAP API architecture

Our gateway services use the SOAP API architecture.

You'll need to undertake SOAP web service development and testing using:

  • request and response operations
  • XSD schemas and WSDL.

Operations and message structure