Mutual or 2-Way TLS is typically used with SEI partners and clients where user context is not present and a Client/Server application is being registered through the SEI Developer Portal. The SM service account (svcPartnerNameV01) is used to mint the Oauth token using grant_type = client_credentials per SEI’s Information Security requirements and implemented with IP whitelisting. To set up TLS between SEI and the client’s server, the client must obtain an identity certificate from a SSL provider where the Common Name (CN) of the cert is the service account’s username provided by SEI. If the client is unable to obtain an Identity cert from their provider, SEI will distribute a client cert through our SSL provider, Trustwave. This document will be used to walk the user through how to extract the identity certificate after the cert is downloaded from the Trustwave Portal. ;

To establish a successful Two way SSL communication with SEI, the client server making API Calls must: 

  • Come down the TLS URL: (
  • Come from a whitelisted IP source
  • Use a service user credentials
  • Present the identity certificate