As of the latest Sandbox update RBA's AIS and PIS APIs are protected with QWAC (Qualified Website Authentication Certificate) which TPPs get from the QTSPs (Qualified Trust Service Providers)
Under eIDAS, a QWAC is the legal term for the existing certificates that are issued under the Certification Authority & Browser Forum’s standards for Extended Validation Secure Socket Layer (EV SSL) Certificates.
The primary objectives of an EV SSL Certificate are to:
- Identify the legal entity that controls a web site by providing reasonable assurance to the user of an Internet browser that the web site the user is accessing is controlled by a specific legal entity identified in the EV Certificate by name, address of Place of Business, Jurisdiction of Incorporation or Registration and Registration Number or other disambiguating information;
- Enable encrypted communications with a web site by facilitating the exchange of encryption keys in order to enable the encrypted communication of information over the Internet between the user of an Internet browser and a web site.
If you are experiencing issues with your eIDAS certificate, accessing our Sandbox, during the enrollment process/ consumption of our APIs please make sure on the following:
- CA signing your certificate is part of the official list of Qualified Trust Service Providers (QTSPs) available in the European Union,
- certificate is not expired,
- certificate is valid for the role you are authorized (i.e. AISP),
- certificate is not revoked by the National Authority,
- certificate is compliant with ETSI 119495 regarding PSD2 implementation.
Subcriptions specified:
- Accounts API (with subscription)
- Payments API (with a subscription)
- Periodic Payments API (with subscription)
- Confirmation of Funds API (with subscription)
- OAuth API (with a subscription)
Otherwise, in case you are not owning a test certificate or if you are still not able to consume our APIs please contact us here.