...
The eIDAS (electronic IDentification, Authentication and trust Services) certificates are SSL certificates used in PSD2 context for accessing the APIs and signing the HTTP messages. It is an EU regulation on / a set of standards for electronic identification and trust services for electronic transactions. To achieve the PSD2 security requirements, banks and PSD2 service providers will use Qualified Certificates for Websites and Qualified Certificates for Electronic Seals. Those certificates will be issued by Qualified Trust Service Providers (QTSPs) based on the new technical standard , — ETSI TS 119 495, which was published on in May 2018. Qualified Certificates enable the identification and verification of the payment institution by a third party. Identification will be based on the legal name of an organization, registration number and its main role(s) in the payments space.
...
PSD2 APIs require both types of certificates , - QWAC to access the API and QSeal for HTTP-signature, i.e. message signing.
Fiorano implementation of eIDAS certificates
...
As required by the PSD2 European Directive, Fiorano PSD2 APIs can be protected by Mutual TLS protocols based on eIDAS Certificates. This means that if you want to access one of our PSD2 APIs, you need to use an eIDAS TLS Client Certificate for your requests. If you don’t have such
In the absence of a certificate, you can download a mock eIDAS Certificate from our Developer Portal (Login, then go to Applications -> select Application -> as follows:
Login to the Developer Portal
Go to Applications, select Application, and Download QWAC Certificate).
| Note |
|---|
Our mock certificate nevertheless only allows access to Sandbox APIs. To access Production, you need to get your own PSD2 eIDAS Certificate from a Qualified Trust Service Provider. |
At the application level, the PSD2 APIs require message signing following HTTP-signature specification, with the signing of QSeal certificate (different from the one used as client Client Certificate). To access the Sandbox, we also provide you such Fiorano provides a mock certificate for message signing. The "download Download QSeal certificate button " is located just next to the one for downloading a QWAC Certificate.
In the Fiorano APIGateway server, where the actual psd2 PSD2 APIs are exposed, the eIDAS certificate will be parsed and all the parameter required to validate the request will be pushed to the content variables. One can use Use the prebuilt API policies to take perform necessary actions based on these values in the context variables.
...
To access the PSD2 APIs, the TPP has to first get the consent from the PSU. A 3-legged OAuth is used for to achieve this. When the PSU logs into the TPP app, select the bank and ; the TPP redirects the user to the Bank's login page. The PSU provides valid credentials. Once the PSU is authenticated, a consent page with all the scopes will be shown. PSU selects the list of scopes that you are willing requested to take up and provides consent for the same. An Oauth access token gets generated which will be used by TPP to access the PSD2 APIs.
...