...
As required by the PSD2 European Directive, Fiorano PSD2 APIs can be protected by Mutual TLS protocols based on eIDAS Certificates. This means that if you want to access one of our PSD2 APIs, you need to use an eIDAS TLS Client Certificate for your requests.
In the absence of a certificate, download a mock eIDAS Certificate from our Developer Portal as follows:
Login to the Developer Portal
Go to Applications, select Application, and Download QWAC Certificate).
| Note |
|---|
Our mock certificate nevertheless only allows access to Sandbox APIs. To access Production, you need to get your own PSD2 eIDAS Certificate from a Qualified Trust Service Provider. |
At the application level, the PSD2 APIs require message signing following HTTP-signature specification, with the signing of QSeal certificate (different from the one used as Client Certificate). To access the Sandbox, Fiorano provides a mock certificate for message signing. The Download QSeal certificate button is located next to the one for downloading a QWAC Certificate.In the Fiorano APIGateway server, where the actual PSD2 APIs are exposed, the eIDAS certificate will be parsed and all the parameter required to validate the request will be pushed to the content variables. Use the prebuilt API policies to perform necessary actions based on these values in the context variables.
...
Provide the Client ID which is the Consumer Key mentioned in the Fetching Consumer Key and Customer Secret section of the respective product and click Authorize.
...