Skip to main content
Mutual TLS (mTLS) enhances standard TLS by requiring both the client and the server to authenticate each other using digital certificates. This ensures only trusted parties can establish communication with Truv’s API.

mTLS API endpoints

EnvironmentEndpoint
Productionapi-mtls.truv.com
Sandboxapi-sandbox-mtls.truv.com

Set up mTLS for APIs

1

Generate a private key and CSR

Create a Certificate Signing Request using X.509v3 format with RSA or ECDSA keys and SHA256:
CN: api-mtls.<your-name>.truv.com
O:  Truv Inc
L:  Miami
ST: Florida
C:  US
2

Submit your CSR to Truv

Truv will issue a signed certificate valid for one year.
3

Connect using your certificate

curl --cert $CERT.pem --key $PRIVATE_KEY.key https://api-mtls.truv.com/v1/orders/
4

Configure your firewall

Allow Truv’s IP addresses through your firewall:Production: 35.167.32.174, 35.165.53.192, 54.71.147.242Sandbox: 44.235.37.104, 35.83.220.165, 52.38.209.190
5

Contact Truv Support

Work with Truv Support to enable mTLS on your account.

mTLS for webhooks

Truv supports mTLS for webhook communication. Two authentication approaches are available:

Truv’s signed certificate

Configure the public certificate from mtls-prod.truv.com on your webhook endpoint to verify that requests originate from Truv.

Client-signed certificate

Truv submits a CSR and you issue a signed certificate. Truv then uses your certificate when delivering webhooks to your endpoint.

OAuth 2.0 (optional)

Truv supports OAuth 2.0 authentication when invoking webhooks. Truv obtains access tokens for secure webhook delivery. Contact Truv Support to configure OAuth settings.

Custom headers

You can configure custom headers (Client ID and Client Secret) on webhook deliveries for an additional authentication layer. Work with Truv Support to configure.

Originating IP addresses

See Webhook Security for the full list of IP addresses used for webhook delivery.