As of the latest Sandbox update RBA's AIS and PIS APIs are protected with QWAC (Qualified Website Authentication Certificate) which TPPs get from the QTSPs (Qualified Trust Service Providers)

Under eIDAS, a QWAC is the legal term for the existing certificates that are issued under the Certification Authority & Browser Forum’s standards for Extended Validation Secure Socket Layer (EV SSL) Certificates.

The primary objectives of an EV SSL Certificate are to:

• Identify the legal entity that controls a web site by providing reasonable assurance to the user of an Internet browser that the web site the user is accessing is controlled by a specific legal entity identified in the EV Certificate by name, address of Place of Business, Jurisdiction of Incorporation or Registration and Registration Number or other disambiguating information;
• Enable encrypted communications with a web site by facilitating the exchange of encryption keys in order to enable the encrypted communication of information over the Internet between the user of an Internet browser and a web site.

If you are experiencing issues with your eIDAS certificate, accessing our Sandbox, during the enrollment process/ consumption of our APIs please make sure on the following:

• CA signing your certificate is part of the official list of Qualified Trust Service Providers (QTSPs) available in the European Union,
• certificate is not expired,
• certificate is valid for the role you are authorized (i.e. AISP),
• certificate is not revoked by the National Authority,
• certificate is compliant with ETSI 119495 regarding PSD2 implementation.

Subcriptions specified:

• Accounts API (with subscription)
• Payments API (with a subscription)
• Periodic Payments API (with subscription)
• Confirmation of Funds API (with subscription)
• OAuth API (with a subscription)

Otherwise, in case you are not owning a test certificate or if you are still not able to consume our APIs please contact us here.