Setting up Staffology and Modulr

Using Modulr with Staffology requires a PGP key which must be customer-generated.

Follow the steps below to get set up.

PGP Key – What is it and why is it important?

A PGP key is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.

Modulr will use a PGP key, provided by a customer, to ensure that only the customer themselves will have access to use the API key we provide as the HMAC will be used authenticate calls. Modulr will have access to the HMAC.

When creating a PGP key, you are given the PGP Public and the PGP Private keys.

  • Public – This is the key that you need to provide to Modulr.
  • Private – This should be kept by the customer and use to decrypt the output given to the customer by Modulr.

PGP Key creation

Please follow the below steps to create a PGP key.

  1. Access this site - https://pgptool.org/
  2. Fill out the requested information for name and email address. For the algorithm field please select “RSA” and select your key size in the required field. This is the customer choice in terms of key size. Recommendations are given on the site.
  3. You will also need to enter a “passphrase”. It is essential you remember what this is set to as you will be using this when decrypting the output from Modulr.
  4. Press “Generate Keys”.
  5. Save the Public and Private PGP Keys in separate files. Do not share the Private PGP Key with Modulr or any other business.
  6. Public PGP Key to be shared with Modulr alongside the request for an API Key via email.

PGP Decryption

Please follow the steps below to decrypt the output returned to the customer by Modulr.

  1. Access this site - https://pgptool.org/ and select the tab “Decrypt (+Verify)”.
  2. Input your Private PGP key in the section titled “Receiver’s Private Key”.
  3. Enter the Passphrase you created when generating your PGP keys in the text box titled “Passphrase for private key”.
  4. Paste the output provided by Modulr into the section titled “Encrypted PGP Message” the click the button labelled “Decrypt the message”.
  5. You will be displayed with your HMAC Secret. Please note, the customer is responsible for their own API credentials. Modulr cannot be held responsible if the Key and HMAC are lost/stolen.
  6. Select the Payment Services tab in Staffology – you’ll see a popup where you enter your API key and HMAC Secret, Select ‘Connect’ and your Modulr account is connected to Staffology.
    st_key and secret