Mutual TLS Authentication

As of the latest Sandbox update RBA's AIS and PIS APIs are protected with QWAC (Qualified Website Authentication Certificate) which TPPs get from the QTSPs (Qualified Trust Service Providers)

Under eIDAS, a QWAC is the legal term for the existing certificates that are issued under the Certification Authority & Browser Forum’s standards for Extended Validation Secure Socket Layer (EV SSL) Certificates.

The primary objectives of an EV SSL Certificate are to:

  • Identify the legal entity that controls a web site by providing reasonable assurance to the user of an Internet browser that the web site the user is accessing is controlled by a specific legal entity identified in the EV Certificate by name, address of Place of Business, Jurisdiction of Incorporation or Registration and Registration Number or other disambiguating information;
  • Enable encrypted communications with a web site by facilitating the exchange of encryption keys in order to enable the encrypted communication of information over the Internet between the user of an Internet browser and a web site.

If you are experiencing issues with your eIDAS certificate, accessing our Sandbox, during the enrollment process/ consumption of our APIs please make sure on the following:

Subcriptions specified:

  • Accounts API (with subscription)
  • Payments API (with a subscription)
  • Periodic Payments API (with subscription)
  • Confirmation of Funds API (with subscription)
  • OAuth API (with a subscription)

Otherwise, in case you are not owning a test certificate or if you are still not able to consume our APIs please contact us here.