Grants.gov - APPLICANT SYSTEM-TO-SYSTEM FAQs

Search Contact Us Site Map Help RSS Home

For Applicants

Applicant System-to-System

Development Process

Testing

Support Process

Applicant System-to-System FAQs

Listserv

Archive

For Grantors

About Grants.gov

Help

Site Map

APPLICANT SYSTEM-TO-SYSTEM FAQs

What are the prerequisites for using the S2S interface?

Where do I find documentation for creating a system-to-system application?

Can I use a self-signed certificate?

What is a certificate? How is it related to an AOR?

What steps should I follow for the certificate/authorization process?

Where do I get a certificate? What kind of certificate do I need?

Why is my testing certificate installed under a DUNS of all zeros?

What security controls are used to prevent loss of data to outside entities?

I need to get my public certificate registered with Grants.gov. What information do I need to provide to Grants.gov to ensure registration?

What do I need to do to ensure that my organization's certificate has been setup in the Grants.gov acceptance testing environment?

What assistance is available for S2S developers from Grants.gov?

Is there a sample S2S client that I can use as an example as I build my own application?

How is Web Services Security Implemented by Grants.gov?

What are the prerequisites for using the S2S interface?

The S2S interface is intended to be used by organizations that have an existing grants management system (which does not use the application forms provided by Grants.gov), and yet want to submit applications directly from that system to Grants.gov. Integrating your system with Grants.gov can take a significant amount of effort. Factors to consider when determining if you should use the S2S interface include the following:

Application volume: Using the S2S interface might not be cost effective if you are submitting less than 100 applications per year.

Technical capacity: Your organization must have the technical capacity to develop to and integrate with the S2S interface. This includes having a technical staff member familiar with Web Services technology, XML, and SOAP with Attachments.

Knowledge of the Grants.gov forms and submission process: Your organization must be familiar with the flow of applications processed through the graphical user interface (GUI), since the S2S interface works with the same process. Using a third-party system that has already been integrated with Grants.gov requires substantially less effort. Some knowledge of system configuration and the role of digital certificates for S2S authentication is required.

Where do I find documentation for creating a system-to-system application?

This documentation can be found on the Applicant System-to-System page.

Can I use a self-signed certificate?

No, only certificates from a recognized certificate authority can be used. Self-signed certificates are too difficult to set up and maintain.

What is a certificate? How is it related to an AOR?

A certificate is digitally signed information that allows the Grants.gov system to identify your system and securely exchange information with it. Just as GUI users provide a user ID and password to identify themselves, S2S clients use a certificate (rather than storing user ID's and passwords in code). The primary difference between the two methods is that certificates identify your system but may or may not identify the individual user, i.e. an Authorized Organization Representative (AOR). Your system is responsible for ensuring that only AORs can submit applications. Associating your certificate with an AOR is part of the registration process for S2S users.

What steps should I follow for the certificate/authorization process?

Submit the certificate to Grants.gov using the required PDF to Vincent.Sprouls@hhs.gov; see http://www.grants.gov/assets/CertificateRequests3.pdf;
Grants.gov will notify you via email once it has been installed;
After the certificate has been installed, the E-Biz Point of Contact (POC) must authorize certificate (this step is not needed in the testing (AT) environment );
This same process must be followed for renewal process for both AT and production.

Where do I get a certificate? What kind of certificate do I need?

If you are using a third-party grants application system, your service provider can supply a certificate. You can also get certificates from a recognized certificate authority such as Verisign, Entrust, ACES,Thawte or GoDaddy. You will need a 1024 or 2048 bit RSA SSL certificate. The Applicant Web Services Security document Adobe PDF Document

provides detailed information on obtaining and using certificates.

Why is my testing certificate installed under a DUNS of all zeros (DUNS0000000000000)?

Certificate DUNS0000000000000 is used to expedite your development and testing as there will be no need to wait for any necessary authorizations from Grants.gov.

What security controls are used to prevent loss of data to outside entities?

Grants.gov uses the SSL protocol with mutual authentication to provide a secure communication channel between your system and Grants.gov.

I need to get my certificate registered with Grants.gov. What information do I need to provide to Grants.gov to ensure registration?

Provide the Grants.gov PMO the following information in a Certificate Request Form Adobe PDF Document .

Certificate HEX number
Your Organization's DUNS number
Email address for notifications
AOR name and email address
Name of your organization

What do I need to do to ensure that my organization's certificate is setup in the Grants.gov Production and/or Acceptance Testing (AT) environment?
You will need to complete and submit the certificate request form Adobe PDF Document . Normally, certifcates are installed within a few business days but may take up to one week after the certificate request form is received to be installed. You will receive a notification email confirming that your certificate has been installed from the Grants.gov Program Management Office (PMO).
Please remember to keep track of your certificate expiration date, since Grants.gov does not maintain your organization’s certificate expiration information.

What assistance is available for S2S developers from Grants.gov?

Grants.gov provides limited support to S2S developers. Please see the documentation for information on contacting Grants.gov for support.

Is there a sample S2S client that I can use as an example as I build my own application?

Yes, a reference implementation is available for developers to give them a head start in the development process. The reference implementation was developed using the Java programming language and MySQL database. The full source code is available at: http://www.grants.gov/techlib/ApplicantWebServices.zip Win Zip Document .

How is Web Services Security Implemented by Grants.gov?

Grants.gov uses Secure Socket Layer (SSL) and mutual authentication for managing the security of a message transmission over the Internet. Grants.gov requires both server-side and client-side authentication. Web Services needs to be implemented securely; i.e., the data transferred over the Web Service needs to be safe from interception, tampering and unauthorized access.

Please refer to the Grants.gov Applicant Web Services Security Adobe PDF Document document for in-depth information on security.

[TOP OF PAGE]

Sign-up for our "Succeed" Quarterly Newsletter

Quick Links