FAQs

What are the prerequisites for using the S2S interface?
The S2S interface is intended to be used by organizations that have an existing grants management system (which does not use the application forms provided by Grants.gov), and yet want to submit applications directly from that system to Grants.gov. Integrating your system with Grants.gov can take a significant amount of effort. Factors to consider when determining if you should use the S2S interface include the following:

• Application volume: Using the S2S interface might not be cost effective if you are only submitting a few applications per year.
• Technical capacity: Your organization must have the technical capacity to develop to and integrate with the S2S interface. This includes having a technical staff member familiar with Web Services technology, XML, and SOAP with Attachments.
• Knowledge of the Grants.gov forms and submission process: Your organization must be familiar with the flow of applications processed through the graphical user interface (GUI), since the S2S interface works with the same process.

Using a third-party system that has already been integrated with Grants.gov requires substantially less effort. Some knowledge of system configuration and the role of digital certificates for S2S authentication is required.

Where do I find documentation for creating a system-to-system application?
This documentation can be found at here: Applicant System-to-System.

Can I use a self-signed certificate?
No, only certificates from a recognized certificate authority can be used. Self-signed certificates are too difficult to set up and maintain.

What is a certificate? How is it related to an AOR?
A certificate is digitally signed information that allows the Grants.gov system to identify your system and securely exchange information with it. Just as GUI users provide a user ID and password to identify themselves, S2S clients use a certificate (rather than storing user ID's and passwords in code). The primary difference between the two methods is that certificates identify your system but may or may not identify the individual user, i.e. an Authorized Organization Representative (AOR). Your system is responsible for ensuring that only AORs can submit applications. Associating your certificate with an AOR is part of the registration process for S2S users.

What steps should I follow for the certificate/authorization process?

• Submit the certificate to Grants.gov using the required PDF to Vincent.Sprouls@hhs.govsee http://www.grants.gov/assets/CertificateRequests3.pdf;
• Grants.gov will notify you via email once it has been installed;
• After the certificate has been installed, the E-Biz Point of Contact (POC) must authorize certificate http://www.grants.gov/applicants/e_biz.jsp (this step is not needed in the testing (AT) environment );
• This same process must be followed for renewal process for both AT and production.

Where do I get a certificate? What kind of certificate do I need?
If you are using a third-party grants application system, your service provider can supply a certificate. You can also get certificates from a recognized certificate authority such as Verisign, Entrust, ACES, or Thawte. You will need a 1024 or 2048 bit RSA SSL certificate. The Applicant Web Services Security document provides detailed information on obtaining and using certificates.

Why is my testing certificate installed under a DUNS of all zeros (DUNS0000000000000)?
Certificate DUNS0000000000000 is used to expedite your development and testing as there will be no need to wait for any necessary authorizations from Grants.gov.

What security controls are used to prevent loss of data to outside entities?
Grants.gov uses the SSL protocol with mutual authentication to provide a secure communication channel between your system and Grants.gov.

I need to get my certificate registered with Grants.gov. What information do I need to provide to Grants.gov to ensure registration?
Provide the Grants.gov PMO the following information in a Certificate Request Form.

• Certificate HEX number
• Your Organization's DUNS number
• Email address for notifications
• AOR name and email address
• Name of your organization

What do I need to do to ensure that my organization's certificate has been setup in the Grants.gov acceptance testing environment?
The PMO will notify you when it is installed. This is typically completed within a few business days.

What assistance is available for S2S developers from Grants.gov?
Grants.gov provides limited support to S2S developers. Please see the documentation for information on contacting Grants.gov for support.

Is there a sample S2S client that I can use as an example as I build my own application?
Yes, a reference implementation is available for developers to give them a head start in the development process. The reference implementation was developed using the Java programming language and MySQL database. The full source code is available at: http://www.grants.gov/techlib/ApplicantWebServices.zip .