{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"78db668d-81c4-4b4c-b608-7c6f3f2e4882","name":"Tipalti Payments (SOAP) and iFrame","description":"# [Using the Tipalti Endpoints](https://support.tipalti.com/Content/Topics/Development/APIs/UseTipaltisApis.htm)\n\nTipalti provides the following types of endpoints:\n\n1. **Payee Functions** - API requests related to payees in the tipalti instance (creating suppliers etc.)\n2. **Payer Functions** - API requests related to payer actions in the tipalti instance (sending payments etc.)\n    \n\nTipalti uses a phased approach for development, testing and deployment.\n\n- The Tipalti sandbox environment is for development and testing phases.\n- The Tipalti production environment is for deployment.\n    \n\n### Tipalti Endpoints\n\n> Current version is v11\n\n### Payee API\n\n- Sandbox\n    \n\n> [`https://api.sandbox.tipalti.com/v11/PayeeFunctions.asmx`](https://api.sandbox.tipalti.com/v11/PayeeFunctions.asmx)\n\n- Production\n    \n\n> [`https://api.tipalti.com/v11/PayeeFunctions.asmx`](https://api.tipalti.com/v11/PayeeFunctions.asmx)\n\n### Payer API\n\n- Sandbox\n    \n\n> [`https://api.sandbox.tipalti.com/v11/PayerFunctions.asmx`](https://api.sandbox.tipalti.com/v11/PayerFunctions.asmx)\n\n- Production\n    \n\n> [`https://api.tipalti.com/v11/PayerFunctions.asmx`](https://api.tipalti.com/v11/PayerFunctions.asmx)\n\n# [Authentication : Using Encryption Key](https://support.tipalti.com/Content/Topics/Development/APIs/UseEncryptionKey.htm)\n\nAll calls to Tipalti's API web service carry an encryption key. Every request to Tipalti must contain authentication information to establish the identity of the organization making the request. The authentication process is accomplished by signing the headers using a calculated signature \\[hmac\\] (Hashkey).\n\nThere are 4 steps in which the signature is calculated:\n\n1. An authentication string, which contains\n    1. Payer name \\[PayerName\\]\n    2. Payee ID \\[idap\\] (for payee functions)\n    3. Unix Timestamp \\[now\\] (UTC time)\n2. Add any EAT parameters(based on function) to the authentication string. Each function has listed it's EAT parameter.\n3. UTF-8 encode the authorization string\n4. Encrypt the authorization string with the private API key using HMACSHA256\n    \n\n> Note: We have incorporated each functions signature calculation for authorization in the pre-request scripts of the function. Please look at each pre-request script or function definition below.\n\n### Using Postman Environment and pre-request scripts for authentication\n\n#### Tipalti Payments API Environment - Description\n\n| **Variable** | **Description** | **Fixed / Dynamic** | **Functions** |\n| --- | --- | --- | --- |\n| PayerName | The name of the payer, as assigned by Tipalti | Fixed | All |\n| API_SANDBOX_KEY | Private API Key, found in Tipalti AP Hub | Fixed (unless changed) | All |\n| idap | Unique payee identifier (the payee ID) | Assign Values | All |\n| street1 | Intended to be used for any EAT Parameters for UpdateOrCreatePayeeInfo | Assign Values (Optional) | UpdateOrCreatePayeeInfo (street1) |\n| paymentGroupTitle | Intended to be used for any EAT Parameters for ProcessPayments | Assign Values (Optional) | ProcessPayments (paymentGroupTitle) |\n| now | Current time (UTC) when the request is sent | Dynamic (Auto-generated) | All |\n| encoded | UTF-8 encoded authorization string | Dynamic (Auto-generated) | All |\n| hmac | Calculated signature encryption key (Hashkey) | Dynamic (Auto-generated) | All |\n| pay_amount | The amount to be paid to the payee | Dynamic (Auto-generated) | ProcessPayments |\n| ref_code | The reference code for the payment order. Must be unique.  <br>  <br>Calculated using idap+now+pay_amount | Dynamic (Auto-generated) | ProcessPayments |\n\n### Calculation of signature key / Hashkey / hmac in pre-request scripts\n\n> Example of hmac calculation for Payer APIs - ProcessPayments in Postman pre-request scripts\n\n``` javascript\n//Example of hmac calculation for Payer APIs - ProcessPayments in Postman pre-request scripts\n//Get the timestamp, and remove leading 0s\nlet now = Math.floor(Date.now() / 1000) \n//Set the time to variable 'now'\npm.environment.set('now',now)\n//Retrieve the payer name from the environment\nlet payer = pm.variables.get(\"PayerName\")\n//Retrieve the idap from the environment, reuse if idap needs to get passed in the encryption\nlet idap = pm.variables.get(\"idap\")\n//Retrieve the API Key for this sandbox instance\nlet key = encodeURI(environment.API_SANDBOX_KEY, 'utf-8')\n//Calculate the authentication string without EAT parameter\nlet encoded = payer+now;\n/* ProcessPayments with EATParameter\nlet encoded = payer+now+paymentGroupTitle;*/\n//Encrypt the Authentication string (encoded) with the API key\nlet hmac = CryptoJS.HmacSHA256(encoded, key).toString(CryptoJS.digest)\n//Set the generated hashkey to environment variable as 'hmac'\npm.environment.set('hmac',hmac);\n\n```\n\n### Calculation of signature key / Hashkey / hmac using Python\n\n| **Postman Environment Variable** | **Python Example Variable** |\n| --- | --- |\n| API_SANDBOX_KEY | api_key |\n| encoded | auth_str |\n| hmac | key |\n\n> Example of hmac calculation for Payer APIs - ProcessPayments using Python (No EATparameter)\n\n``` python\n# Import Libraries\nimport math\nimport time\nimport hmac\nimport hashlib\n#Step 1 & 2 - Set variables, Payer Name and Private Key\nPayerName = \"YOUR-PAYER-API\"\napi_key = \"YOUR-API-KEY\"\n#Calculate the time stamp\nnow = str(math.floor(time.time()))\n#Define authentication string\nauth_str = PayerName+now\n#auth_str = PayerName+now+paymentGroupTitle if EAT is passed\n#Step 3 - Encode the authentication string\nauth_str.encode(encoding = 'UTF-8')\n#Step 4 -Encrypt the authentication string and private key with SHA256\nkey = hmac.new(api_key.encode(), auth_str.encode(), hashlib.sha256).hexdigest()\n#If using EAT parameter, define authentication string as:\n\"\"\"\"\nEATparameter = 'Enter Value' \nauth_str = PayerName+now+EATparameter\n\"\"\"\"\n\n```","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"18889564","team":3890825,"collectionId":"78db668d-81c4-4b4c-b608-7c6f3f2e4882","publishedId":"2s8YmSqL8Z","public":true,"publicUrl":"https://documenter-api.postman.tech/view/18889564/2s8YmSqL8Z","privateUrl":"https://go.postman.co/documentation/18889564-78db668d-81c4-4b4c-b608-7c6f3f2e4882","customColor":{"top-bar":"Ffa","right-sidebar":"303030","highlight":"EF5B26"},"documentationLayout":"classic-double-column","customisation":null,"version":"8.10.0","publishDate":"2022-11-20T01:18:20.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{},"logos":{}},"statusCode":200},"environments":[{"name":"Tipalti Payments API","id":"9e11839e-2b39-40be-adc6-7ba012dcb305","owner":"18889564","values":[{"key":"PayerName","value":"","enabled":true,"type":"default"},{"key":"API_SANDBOX_KEY","value":"","enabled":true,"type":"secret"},{"key":"idap","value":"","enabled":true,"type":"default"},{"key":"hmac","value":"","enabled":true,"type":"default"},{"key":"now","value":"","enabled":true,"type":"default"},{"key":"ref_code","value":"","enabled":false,"type":"any"},{"key":"street1","value":"","enabled":false,"type":"default"},{"key":"paymentGroupTitle","value":"","enabled":true,"type":"default"},{"key":"parameterstring","value":"","enabled":false,"type":"default"},{"key":"additionalParameters","value":"","enabled":false,"type":"default"},{"key":"pay_amount","value":"","enabled":true,"type":"any"},{"key":"ref_code","value":"","enabled":true,"type":"any"}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/a86663dde6e0e6db842bf32184669941f5dfedde022986d24ad778d9d2f40d29","favicon":""},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"Tipalti Payments API","value":"18889564-9e11839e-2b39-40be-adc6-7ba012dcb305"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/2s8YmSqL8Z"}