Versions Compared

Old Version 5

changes.mady.by.user Martin Lacher

Saved on

compared with

New Version 6

changes.mady.by.user Martin Lacher

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The eIDAS Certificates referred to in this Document document are SSL Certificates with dedicated protection profiles that allows them to be used in the PSD2 context. To achieve the PSD2 security requirements, Banks banks and PSD2 service providers will use Qualified Certificates for Websites and Qualified Certificates for Electronic Seals. Those Certificates certificates will be issued by Qualified Trust Service Providers (QTSPs) based on the new technical standard, ETSI TS 119 495. Qualified Certificates enable identification and verification of the payment institution by a third party. Identification will be based on the legal name of an organization, registration number and its main role(s) in the payments space.

...

A QWAC can open a secure channel between the Bank and the TPP, enabling a TPP to identify itself to the Bank bank and to create a trustable channel. Instead, a QSeal assures the authenticity and integrity of the transmitted data, getting a legal evidence of the transaction, that can be used as a proof.

...

Client ID and Client Secret are usually used if an ASPSP follows requires the OAuth2 process.

OAuth2 can be integrated in two ways according to Berlin Group specification:

...

After registering your application, you will receive a Client ID and a Client Secret in your application details on Developer the developer portal. The Client ID is considered public information, and is used to build login URLs. The Client Secret must be kept confidential.

Some ASPSPs generate an API Key after successful application creation. API Key is a unique string of alphanumeric characters transmitted as part of an API request that authenticate the source of the API request.

After you have received Client ID and Client Secret and / or API Key, you need to retrieve an Access Token to successfully call your selected API. The process is complex and varies for different Banks and will be done by finAPI Access PSD2.

The easy way: the finAPI PSD2 licence

finAPI takes over all TPP registration, Certificate application and TPP authentication activities for customers using the finAPI PSD2 lincence.

Terms and Definitions

This Document makes reference to various defined terms which have a specific meaning in the context of this Document. In this Document, a defined term is indicated with a capital letter.

...