VPN Integration

API Connectivity

Connectivity to the production environment requires either a PKI or VPN integration, with PKI being the recommended approach. Please view the relevant guide for your chosen integration.

Our API services are accessible using a secure Virtual Private Network (VPN). This guide explains how to create a VPN connection between your official URL and the Solaris API system.

Virtual Private Network (VPN) is a secure connection between a machine and network. It is an IPSEC, site-to-site connection for exchange of encrypted data between two endpoints.

VPN Setup process

  • Step 1 After you sign up for a card scheme your Solaris Project Manager (PM) will send you a VPN setup form. The form contains network configuration information for the Solaris Datacentre.
  • Step 2 You provide your network’s configuration information and send the form back to Solaris PM.
  • Step 3 Our networking team validates and checks the connection. Networking issues, if any, are resolved
  • Step 4 We then send you a PSK (Pre-Shared Key) to authenticate the connection between your IP/server and that of Solaris.

How long will it take?

It will take 15 days to set up VPN connection from the date you provide your network configuration parameters to Solaris Networking team.

Password exchange

We use a two-factor authentication process when exchanging password. Our networking team generates the PSK and a file-generated password. The file is compressed emailed to your technical lead or manager, as described in the VPN form. The password for the file is then sent via SMS to the manager’s mobile phone.

VPN Disaster recovery

You will get two separate VPN setup forms for Beta or Staging and Live. Beta or Staging can use the same VPN connection.

During VPN setup for the Live environment, you will also complete a disaster recovery form that has your network’s configuration details, which in the event of disaster will ensure continuity of API service.

VPN setup Notes

  • It is mandatory that your host should be a public IP, if not please click here.
  • Your private IP address must be of type /29 .
  • If your IP clashes with Solaris you should provide an alternative or network range.
  • Amazon Web Services and Azure automatically generate PSKs. If you use either of these services, please ensure that the key is sent to Solaris using a secure method.
  • The PSK must be sufficiently long enough and use complex characters.
  • You must connect to Solaris via HTTPS with TLS 1.2
  • It is mandatory to use Perfect Forward Secrecy (PFS) enabled SSL (TLS 1.2).
  • AES 256 is an ideal need of Internet Key (IKE). AES 128 and AES 192 are also acceptable. The IKE is of version 1 and 2, while IKE mode is Main .

Acceptable Perfect Forward Secrecy (PFS) and hashing algorithms

Acceptable Diffie-Hellman PFS

DH 1, DH 2, DH 5, DH 14, DH 15, DH 16, DH 17, DH 18, DH 19, DH 20, DH 21

Acceptable Hashing Algorithms

SHA1, SHA2, SHA 384, SHA 512

Using a private IP address

In an exceptional case, if you or your client do not have the public IP, Solaris CTO authorizes VPN connection with a private IP.

Solaris is the brand name for the regulated entities Contis Financial Services Ltd and UAB „Finansinės paslaugos „Contis“, which are part of the Solaris Group.