Work has begun on upgrades to TitlePage, with an exciting series of improvements underway for accessing and using TitlePage data. You'll find an overview on these upgrades here, while below you'll find FAQs and further details around the information gathering process and user details for the new TitlePage user management system.

Information gathering and security overview

The information we use, how it’s stored, and why we need it

We’re currently undertaking a user information gathering process in preparation for the TitlePage upgrades in 2026, and are looking for TitlePage users to provide us with staff and organisation information to support our new user management system.

Individual information

For individuals the only information we’re asking for is name, email and job title.

  • Name and email are required for authentication, resetting passwords, and access management.

  • Job title helps us contact the correct staff, particularly for publishers, and is less critical for bookstores, libraries and industry partners.

Staff may receive occasional service-related updates, but anyone can opt out of non-essential communications.

Organisation information

For organisations, we’re asking for details of any associated companies, branches or stores. We need to know this so we can setup the appropriate permissions structure for your organisation, and link associated companies and individuals.

How the information is stored and protected

The information you’re providing during this information gathering process is being temporarily stored in secure Google forms. Following this process, your staff and organisation data will be stored in our iMIS system, for user management, and securely synced to the TitlePage platform to manage permissions.

All privileged TitlePage access requires multi-factor authentication, and our systems follow contemporary security standards for data protection, access control, and auditing.

Security and user access

Why do I need individual logins for my organisation? Is a single login available?

The current practice of sharing a single username and password across a number of staff poses a significant security risk. Each staff member at your organisation with access to their own email address should have their own individual TitlePage account.

This provides them with increased personalisation to their TitlePage experience (such as search and display preferences, individual saved lists and downloads) which will save them time.

We understand that in retail environments it is uncommon for individual staff to have their own email addresses, and there’s a need for multiple devices to to be logged in on the same account. This scenario remains supported as part of these upgrades.

Individual accounts also ensure greater security for your organisation account, with the ability to trace access, manage permissions, or protect the account if credentials are compromised. Moving to individual accounts is a core security requirement across the government and corporate sectors, and brings TitlePage into alignment with contemporary standards.

Can multiple people access the same TitlePage account?

While technically possible for low privilege accounts, account sharing is not recommended between staff with access to their own email. Each account represents a single user and needs to be linked to a unique email address for verification.

If shared access is unavoidable, and multiple staff need to have access (for example, in small stores without staff email addresses), we may create a generic shared account to accompany a company admin account:

  • An individual account is created for the key TitlePage contact and Company Admin, with high privilege access which requires MFA (see below) – their login details shouldn’t be shared.
    (an example account would be – Name: John Smith, Manager – ShopFront Bookstore, Email: [email protected])

  • A generic “shared” account is created with a neutral name and a unique email address (which may be generic).
    (an example account would be – Name: ShopFront Bookstore, Email: [email protected])

Shared accounts will have standard access, limited to basic TitlePage functions such as searching, viewing titles, and downloading data. See below for the details of account types and privileges.

Multi-factor Authentication (MFA)

An industry standard that’s regularly required to access online accounts, Multi-Factor Authentication (MFA) is a security step that requires you to prove your identity in more than one way before logging in to an account or website.

MFA will be required for high privilege TitlePage users, who will use an authenticator app to confirm their identity. Opting out of MFA will revert a user to standard access.

If preferred, a larger organisation may create a dedicated account to manage file delivery keys. As a high privilege account, it will need to be enrolled in MFA on a specific device.

Overview of account types and privileges

Bookseller accounts

Standard access (low privilege)

Beyond standard use of core TitlePage functionality (search and view titles, create and save lists), standard bookseller access allows:

  • viewing stock levels
  • downloading title information
  • accessing and downloading prebuilt files
  • longer session times – so won’t need to login every day.

Company Admin (high privilege)

In addition to the standard access, the Company Admin is able to the following actions for their organisation via the APA website:

  • manage staff lists – adding and removing staff/users
  • manage permissions – adding and removing other admin users and roles
  • manage any TitlePage subscriptions
  • access, view, and pay invoices

TitlePage Data Service Manager (high privilege)

In addition to the standard access, the TitlePage Data Service Manager is able to:

  • access ReST APIs
  • Access sFTP/API tokens
  • Access ONIX/CSV feeds according to their subscription
  • Access custom prebuilt files

Library & industry partner accounts

Standard access (low privilege)

Beyond standard use of core TitlePage functionality (search and view titles, create and save lists), standard access allows:

  • longer session times – so won’t need to login every day.

Company Admin (high privilege)

In addition to the standard access, the Company Admin is able to the following actions for their organisation via the APA website:

  • manage staff lists – adding and removing staff/users
  • manage permissions – adding and removing other admin users
  • manage any TitlePage subscriptions
  • access, view, and pay invoices

 

Publisher & distributor accounts

Standard access (low privilege)

Beyond standard use of core TitlePage functionality (search and view titles, create and save lists), standard publisher access allows:

  • viewing stock levels for their organisation
  • downloading titles
  • viewing redacted (no stock) details for all other products
  • longer session times – so won’t need to login every day.

Company Admin (high privilege)

In addition to the standard access, the Company Admin is able to the following actions for their organisation via the APA website:

  • manage staff lists – adding and removing staff/users
  • manage permissions – adding and removing other admin users and roles
  • manage any TitlePage subscriptions
  • access, view, and pay invoices

TitlePage Data Editor (high privilege)

In addition to the standard access, the TitlePage Data Editor is able to:

  • Edit products associated with their publisher
  • Generate and access sFTP keys and API tokens

They can also receive system emails such as ONIX load reports, Data quality reports, and product feedback.

Find more on sFTP keys below.

Publisher sFTP and SSH keys

The new primary method for delivering ONIX files to TitlePage will be sFTP using SSH key authentication. An SSH key consists of two cryptographically linked parts: a private key and a public key, which make a key pair.

Users will generate their key pair within the TitlePage system. The private key must then be securely stored on the user’s local machine or within the software used to transmit ONIX files, while the public key is automatically registered in TitlePage.

The ability to generate an sFTP key is linked to the Publisher Data Editor role. This is a high privilege role that requires multi-factor authentication (MFA). Each key pair is linked to an individual user, not the company. So some advanced users who manage data for multiple publishers may have permission to generate key pairs for more than one account.

If preferred, a publisher may create a dedicated user account to manage ONIX delivery keys. This account must have a unique email address for login and be enrolled in MFA on a specific device.

Multiple users within a publishing company may hold Data Editor permissions and generate their own keys. Each key pair remains unique and traceable to the individual user who created it. If that user leaves the company or loses Data Editor access, any keys generated by that user will automatically become invalid.

This provides organisations with much greater flexibility and control over who can manage their TitlePage data.

Share this information on sFTP and SSH with whoever needs to know about managing your data feeds to TitlePage, and get in touch with the APA by Monday 1 December 2025 if you expect to have issues with sFTP.

Other developments

TitlePage also receives regular product updates and releases to provide performance improvements and bug corrections, as well as the development of new service functionality. Details are provided on this page, while minor updates can be tracked on the roadmap, with the current TitlePage server status information available here.

Contact [email protected] with any questions.