SaltEdge PSD2 Compliance Logo

OBSEAL Register

The API allows the TPP to request the Salt Edge PSD2 Compliance Solution to register a new client. The TPP submits a JWS payload that describes the characteristics of the client to be created. If client creation is successful, the ASPSP responds with a JSON payload that describes the client that was created.

CURL

curl -i  \ 
 -d 'eyJhbGciOiJQUzI1NiIsImtpZCI6InRlc3QifQ.eyJyZXF1ZXN0X29iamVjdF9zaWduaW5nX2FsZyI6IlBTMjU2IiwiaXNzIjoiYmVLdXhDMVJuaVZzVGVMWXdmcGdOUCIsImlhdCI6MTYwNjI5Nzg1MywiZXhwIjoxNjA2Mjk4MTY5LCJhdWQiOiIwZHcyM2RzYTEzMTIzIiwidG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2QiOiJjbGllbnRfc2VjcmV0X2Jhc2ljIiwidG9rZW5fZW5kcG9pbnRfYXV0aF9zaWduaW5nX2FsZyI6IlBTMjU2IiwiZ3JhbnRfdHlwZXMiOlsiY2xpZW50X2NyZWRlbnRpYWxzIiwiYXV0aG9yaXphdGlvbl9jb2RlIiwicmVmcmVzaF90b2tlbiJdLCJyZXNwb25zZV90eXBlcyI6WyJjb2RlIGlkX3Rva2VuIl0sInNvZnR3YXJlX3N0YXRlbWVudCI6ImV5SmhiR2NpT2lKSVV6STFOaUlzSW10cFpDSTZJa0ZDUTBReE1qTTBJbjAuZXlKcGMzTWlPaUpQY0dWdVFtRnVhMmx1WnlCTWRHUWlMQ0pwWVhRaU9qRTBPVEkzTlRZek16RXNJbXAwYVNJNkltbGtNVEl6TkRVMk9EVTBNemswT0RjMk56Z2lMQ0p6YjJaMGQyRnlaVjlsYm5acGNtOXViV1Z1ZENJNkluQnliMlIxWTNScGIyNGlMQ0p6YjJaMGQyRnlaVjl0YjJSbElqb2liR2wyWlNJc0luTnZablIzWVhKbFgybGtJam9pTmpWa01XWXlOMk10TkdGbFlTMDBOVFE1TFRsak1qRXROakJsTkRrMVlUZGhPRFptSWl3aWMyOW1kSGRoY21WZlkyeHBaVzUwWDJsa0lqb2lUM0JsYmtKaGJtdHBibWNnVkZCUUlFTnNhV1Z1ZENCVmJtbHhkV1VnU1VRaUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZmJtRnRaU0k2SWtGdFlYcHZiaUJRY21sdFpTQk5iM1pwWlhNaUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZlpHVnpZM0pwY0hScGIyNGlPaUpCYldGNmIyNGdVSEpwYldVZ1RXOTJhV1Z6SUdseklHRWdiVzkyYVc1bklITjBjbVZoYldsdVp5QnpaWEoyYVdObElpd2ljMjltZEhkaGNtVmZkbVZ5YzJsdmJpSTZJakl1TWlJc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5MWNta2lPaUpvZEhSd2N6b3ZMM0J5YVcxbExtRnRZWHB2Ymk1amIyMGlMQ0p6YjJaMGQyRnlaVjl5WldScGNtVmpkRjkxY21seklqcGJJbWgwZEhCek9pOHZjSEpwYldVdVlXMWhlbTl1TG1OdmJTOWpZaUlzSW1oMGRIQnpPaTh2Y0hKcGJXVXVZVzFoZW05dUxtTnZMblZyTDJOaUlsMHNJbk52Wm5SM1lYSmxYM0p2YkdWeklqcGJJbEJKVTFBaUxDSkJTVk5RSWwwc0ltOXlaMkZ1YVhOaGRHbHZibDlqYjIxd1pYUmxiblJmWVhWMGFHOXlhWFI1WDJOc1lXbHRjeUk2VzNzaVlYVjBhRzl5YVhSNVgybGtJam9pUmsxQklpd2ljbVZuYVhOMGNtRjBhVzl1WDJsa0lqb2lNVEV4TVRFeElpd2ljM1JoZEhWeklqb2lRV04wYVhabElpd2lZWFYwYUc5eWFYTmhkR2x2Ym5NaU9sdDdJbTFsYldKbGNsOXpkR0YwWlNJNklrZENVaUlzSW5KdmJHVnpJanBiSWxCSlUxQWlMQ0pCU1ZOUUlsMTlMSHNpYldWdFltVnlYM04wWVhSbElqb2lVazlKSWl3aWNtOXNaWE1pT2xzaVVFbFRVQ0pkZlYxOVhTd2ljMjltZEhkaGNtVmZiRzluYjE5MWNta2lPaUpvZEhSd2N6b3ZMM0J5YVcxbExtRnRZWHB2Ymk1amIyMHZiRzluYnk1d2JtY2lMQ0p2Y21kZmMzUmhkSFZ6SWpvaVFXTjBhWFpsSWl3aWIzSm5YMmxrSWpvaVFXMWhlbTl1SUZSUVVFbEVJaXdpYjNKblgyNWhiV1VpT2lKUGNHVnVRbUZ1YTJsdVp5QlVVRkFnVW1WbmFYTjBaWEpsWkNCT1lXMWxJaXdpYjNKblgyTnZiblJoWTNSeklqcGJleUp1WVcxbElqb2lZMjl1ZEdGamRDQnVZVzFsSWl3aVpXMWhhV3dpT2lKamIyNTBZV04wUUdOdmJuUmhZM1F1WTI5dElpd2ljR2h2Ym1VaU9pSXJORFEzT0Rrd01UTXdOVFU0SWl3aWRIbHdaU0k2SW1KMWMybHVaWE56SW4wc2V5SnVZVzFsSWpvaVkyOXVkR0ZqZENCdVlXMWxJaXdpWlcxaGFXd2lPaUpqYjI1MFlXTjBRR052Ym5SaFkzUXVZMjl0SWl3aWNHaHZibVVpT2lJck5EUTNPRGt3TVRNd05UVTRJaXdpZEhsd1pTSTZJblJsWTJodWFXTmhiQ0o5WFN3aWIzSm5YMnAzYTNOZlpXNWtjRzlwYm5RaU9pSm9kSFJ3Y3pvdkwycDNhM011YjNCbGJtSmhibXRwYm1jdWIzSm5MblZyTDI5eVoxOXBaQzl2Y21kZmFXUXVhbXQzY3lJc0ltOXlaMTlxZDJ0elgzSmxkbTlyWldSZlpXNWtjRzlwYm5RaU9pSm9kSFJ3Y3pvdkwycDNhM011YjNCbGJtSmhibXRwYm1jdWIzSm5MblZyTDI5eVoxOXBaQzl5WlhadmEyVmtMMjl5WjE5cFpDNXFhM2R6SWl3aWMyOW1kSGRoY21WZmFuZHJjMTlsYm1Sd2IybHVkQ0k2SW1oMGRIQnpPaTh2YW5kcmN5NXZjR1Z1WW1GdWEybHVaeTV2Y21jdWRXc3ZiM0puWDJsa0wzTnZablIzWVhKbFgybGtMbXByZDNNaUxDSnpiMlowZDJGeVpWOXFkMnR6WDNKbGRtOXJaV1JmWlc1a2NHOXBiblFpT2lKb2RIUndjem92TDJwM2EzTXViM0JsYm1KaGJtdHBibWN1YjNKbkxuVnJMMjl5WjE5cFpDOXlaWFp2YTJWa0wzTnZablIzWVhKbFgybGtMbXByZDNNaUxDSnpiMlowZDJGeVpWOXdiMnhwWTNsZmRYSnBJam9pYUhSMGNITTZMeTkwY0hBdVkyOXRMM0J2YkdsamVTNW9kRzFzSWl3aWMyOW1kSGRoY21WZmRHOXpYM1Z5YVNJNkltaDBkSEJ6T2k4dmRIQndMbU52YlM5MGIzTXVhSFJ0YkNJc0luTnZablIzWVhKbFgyOXVYMkpsYUdGc1psOXZabDl2Y21jaU9pSm9kSFJ3Y3pvdkwyRndhUzV2Y0dWdVltRnVhMmx1Wnk1dmNtY3VkV3N2YzJOcGJUSXZUMEpVY25WemRHVmtVR0Y1YldWdWRGQmhjblI1THpFeU16UTFOamMzT0RraUxDSnZZbDl5WldkcGMzUnllVjkwYjNNaU9pSm9kSFJ3Y3pvdkwzSmxaMmx6ZEhKNUxtOXdaVzVpWVc1cmFXNW5MbTl5Wnk1MWF5OTBiM011YUhSdGJDSjkub0hscTdOeEVvajB2ZFhlVFI1Y1V6N29JcTdWdDlkQjM0cGJ3eHREaFdUcyIsInNvZnR3YXJlX2lkIjoiYmVLdXhDMVJuaVZzVGVMWXdmcGdOUCIsInJlZGlyZWN0X3VyaXMiOlsiaHR0cHM6Ly9yZWRpcmVjdC5oZXJlIiwiaHR0cDovL2FuZC5oZXJlIl0sInNjb3BlIjoibWFrZXBheW1lbnQiLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwiaWRfdG9rZW5fc2lnbmVkX3Jlc3BvbnNlX2FsZyI6IlBTMjU2In0.vIdQRLEbAgLrTaW00pyj_4dLXdch7kYvdg_QTSjg3i-2EOS45bXqPcD0Js4REwbZ2OyuOqM810GRcjE-ZgyVQKs13KzX6TWWaOR9wl_G0hluD_yo2xle_SvgdXDqMs6S6ACMt9bcdXNG_d2MgEv31is92TtPbiNzPnGRjpjV4iu-JcMh3e-mfeabqA5i6xccffdqg6SQrol3exeE3e3iu-yiKCKREMsQWl0LXDFQWloQ3CSyWlZqhpZ5nfulJFXGu8RcTrFTDEGI8S7tpUh4FtX0cC7RCmsYqe1n0SD5nKmHB1upHJEGCKpMbKqm-3vVQmNI0PVeUpvXiyuJnLWtcA' \ 
-X POST "/api/open-banking/v3.1/tpp/register"

Example of parameters

{"request_object_signing_alg":"PS256","iss":"beKuxC1RniVsTeLYwfpgNP","iat":1606297853,"exp":1606298169,"aud":"0dw23dsa13123","token_endpoint_auth_method":"client_secret_basic","token_endpoint_auth_signing_alg":"PS256","grant_types":["client_credentials","authorization_code","refresh_token"],"response_types":["code id_token"],"software_statement":"eyJhbGciOiJIUzI1NiIsImtpZCI6IkFCQ0QxMjM0In0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE0OTI3NTYzMzEsImp0aSI6ImlkMTIzNDU2ODU0Mzk0ODc2NzgiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJzb2Z0d2FyZV9tb2RlIjoibGl2ZSIsInNvZnR3YXJlX2lkIjoiNjVkMWYyN2MtNGFlYS00NTQ5LTljMjEtNjBlNDk1YTdhODZmIiwic29mdHdhcmVfY2xpZW50X2lkIjoiT3BlbkJhbmtpbmcgVFBQIENsaWVudCBVbmlxdWUgSUQiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IkFtYXpvbiBQcmltZSBNb3ZpZXMiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJBbWF6b24gUHJpbWUgTW92aWVzIGlzIGEgbW92aW5nIHN0cmVhbWluZyBzZXJ2aWNlIiwic29mdHdhcmVfdmVyc2lvbiI6IjIuMiIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvbS9jYiIsImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvLnVrL2NiIl0sInNvZnR3YXJlX3JvbGVzIjpbIlBJU1AiLCJBSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6W3siYXV0aG9yaXR5X2lkIjoiRk1BIiwicmVnaXN0cmF0aW9uX2lkIjoiMTExMTExIiwic3RhdHVzIjoiQWN0aXZlIiwiYXV0aG9yaXNhdGlvbnMiOlt7Im1lbWJlcl9zdGF0ZSI6IkdCUiIsInJvbGVzIjpbIlBJU1AiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiUk9JIiwicm9sZXMiOlsiUElTUCJdfV19XSwic29mdHdhcmVfbG9nb191cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20vbG9nby5wbmciLCJvcmdfc3RhdHVzIjoiQWN0aXZlIiwib3JnX2lkIjoiQW1hem9uIFRQUElEIiwib3JnX25hbWUiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBOYW1lIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6ImJ1c2luZXNzIn0seyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6InRlY2huaWNhbCJ9XSwib3JnX2p3a3NfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9vcmdfaWQuamt3cyIsIm9yZ19qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL29yZ19pZC5qa3dzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8vandrcy5vcGVuYmFua2luZy5vcmcudWsvb3JnX2lkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6Ly90cHAuY29tL3BvbGljeS5odG1sIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vdHBwLmNvbS90b3MuaHRtbCIsInNvZnR3YXJlX29uX2JlaGFsZl9vZl9vcmciOiJodHRwczovL2FwaS5vcGVuYmFua2luZy5vcmcudWsvc2NpbTIvT0JUcnVzdGVkUGF5bWVudFBhcnR5LzEyMzQ1Njc3ODkiLCJvYl9yZWdpc3RyeV90b3MiOiJodHRwczovL3JlZ2lzdHJ5Lm9wZW5iYW5raW5nLm9yZy51ay90b3MuaHRtbCJ9.oHlq7NxEoj0vdXeTR5cUz7oIq7Vt9dB34pbwxtDhWTs","software_id":"beKuxC1RniVsTeLYwfpgNP","redirect_uris":["https://redirect.here","http://and.here"],"scope":"makepayment","application_type":"web","id_token_signed_response_alg":"PS256"}

Example of response

{"tls_client_auth_subject_dn":"N/A","client_id":"ABCD1234","client_secret":"N/A","client_id_issued_at":1606297853,"client_secret_expires_at":0,"redirect_uris":["https://redirect.here","http://and.here"],"token_endpoint_auth_method":"client_secret_basic","token_endpoint_auth_signing_alg":"PS256","grant_types":["client_credentials","authorization_code","refresh_token"],"response_types":["code id_token"],"software_id":"beKuxC1RniVsTeLYwfpgNP","scope":"makepayment","application_type":"web","id_token_signed_response_alg":"PS256","request_object_signing_alg":"PS256"}
Request

POST /api/open-banking/v3.1/tpp/register

Unpacked Authorization
iss
string, required
TPP identifier: software_id from SSA. Can raise: ActionNotAllowed
iat
integer, required
The time at which the request was issued by the TPP expressed as "seconds since the epoch"
exp
integer, required
The time at which the request expires expressed as seconds since the epoch. Values greater than: 1614284495
aud
string, required
The audience for the request. This should be the unique identifier for the ASPSP issued by the issuer of the software statement.
token_endpoint_auth_method
string, optional
Specifies which Token endpoint authentication method the TPP wants to use. It should be noted that only tls_client_auth and client_secret_basic are FAPI compliant. Default value: client_secret_basic Allowed values: client_secret_basic
token_endpoint_auth_signing_alg
string, optional
Algorithm which the TPP uses to authenticate with the token endpoint. Default value: PS256 Allowed values: RS256, PS256
grant_types
array, required
A JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token. Allowed values: client_credentials, authorization_code, refresh_token
response_types
array, optional
A JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint. Default value: ["code id_token"] Allowed values: code, id_token, code id_token
software_statement
string, required
Software statement assertion issued by the issuer. The data model for the software statements issued by the Open Banking directory are documented as part of the Directory Specification. Can raise: NotFound, Invalid
software_id
string, optional
If specified, the software_id in the request MUST match the software_id specified in the SSA.
redirect_uris
array, required
Registered URIs the TPP will use to interact with the ASPSP AS. If the software statement defines a master set of redirect URIs, this must match or be a subset of the redirect URIs in the SSA.
scope
string, optional
Scopes the client is asking for (if not specified, default scopes are assigned by the AS). This consists of a list scopes separated by spaces. Allowed values: openid, accounts
application_type
string, optional
Please specify whether TPP software is a mobile or a web app. Allowed values: web, mobile
id_token_signed_response_alg
string, optional
Algorithm which the TPP expects to sign the id_token, if an id_token is returned. Allowed values: RS256, PS256
request_object_signing_alg
string, optional
Algorithm which the TPP expects to sign the request object if a request object will be part of the authorization request sent to the ASPSP. Allowed values: RS256, PS256
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


client_id
string, required
Client application identifier.
client_secret
string, optional
A shared secret that goes in pair with client_id. Currently not supported.
client_id_issued_at
integer, required
Time at which the client identifier was issued expressed as "seconds since the epoch".
client_secret_expires_at
integer, optional
Time at which the client secret will expire expressed as "seconds since the epoch". The value must be populated if a client_secret is returned. Default value: 0
redirect_uris
array, required
Registered URIs the TPP will use to interact with the ASPSP AS. If the software statement defines a master set of redirect URIs, this must match or be a subset of the redirect URIs in the SSA.
token_endpoint_auth_method
string, required
Specifies which Token endpoint authentication method the TPP wants to use. It should be noted that only tls_client_auth and client_secret_basic are FAPI compliant. Default value: client_secret_basic Allowed values: client_secret_basic
token_endpoint_auth_signing_alg
string, optional
Algorithm which the TPP uses to authenticate with the token endpoint. Default value: PS256 Allowed values: RS256, PS256
grant_types
array, required
A JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token. Allowed values: client_credentials, authorization_code, refresh_token
response_types
array, optional
A JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint. Default value: ["code id_token"] Allowed values: code, id_token, code id_token
software_id
string, optional
If specified, the software_id in the request MUST match the software_id specified in the SSA.
scope
string, required
Scopes the client is asking for (if not specified, default scopes are assigned by the AS). This consists of a list scopes separated by spaces. Allowed values: openid, accounts
application_type
string, required
Please specify whether TPP software is a mobile or a web app. Allowed values: web, mobile
id_token_signed_response_alg
string, optional
Algorithm which the TPP expects to sign the id_token, if an id_token is returned. Allowed values: RS256, PS256
request_object_signing_alg
string, optional
Algorithm which the TPP expects to sign the request object if a request object will be part of the authorization request sent to the ASPSP. Allowed values: RS256, PS256
tls_client_auth_subject_dn
string, optional
The tls_client_auth_subject_dn claim MUST contain the DN of the certificate that the TPP will present to the ASPSP token endpoint. Currently not supported.
Related Errors
Class Code Description
NotFound 404 A resource could not be found. More in error_message.
ActionNotAllowed 406 You're not allowed to perform this action. This might be a configuration problem or parameters incompatibility.
Invalid 406 Given data is invalid. More in error_message.

QWAC or QSEAL Register

Used for registration in Salt Edge PSD2 Compliance Dashboard. After registration, you will receive a letter of confirmation on your representative email.

CURL

curl -i  \ 
 -H "X-Request-ID: 9b45fa6c-ff61-4e73-aec8-5e805388ce7f" \ 
 -H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \ 
 -H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \ 
 -H "TPP-Signature-Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVBakNDQXVvQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd1d6RVhNQlVHQTFVRVlRd09WSEJ3VTJGc2RGUmwKYzNRd01EQXhJREFlQmdOVkJBTU1GMk5sY25SVFNVZE9VMEZNVkZSRlUxUWdWMlZpSUVOQk1SRXdEd1lEVlFRSwpEQWhUWVd4MFZHVnpkREVMTUFrR0ExVUVCaE1DVWs4d0hoY05NVGt4TWpFNE1URXlOVFU1V2hjTk1qRXhNakUzCk1URXlOVFU1V2pDQmpURVdNQlFHQTFVRUF3d05jMkZzZEMxMFpYTjBMbU52YlRFUk1BOEdBMVVFQ2d3SVUyRnMKZEZSbGMzUXhDekFKQmdOVkJBWVRBbEpQTVJJd0VBWURWUVFJREFsQ2RXTjFjbVZ6ZEdreEVqQVFCZ05WQkFjTQpDVUoxWTNWeVpYTjBhVEVXTUJRR0ExVUVDUXdOUVd4aVlTQkpkV3hwWVNBM05URVRNQkVHQTFVRVlRd0thV1JsCmJuUnBabWxsY2pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2dXNEo5K0hGY0wKUVVwTEk0c1pCSm5RaGdRYUpYRGxwVDI4NWxlOGVEcTdUalpnYXpLcU05RkJydzRBRURxUmxYR3Znd2luSkY2Mgowd3VJcSs3cGpPWFBQdytZOVhRQnBTa2p1cmJ5aEpPZjhiNlVqTFBMQnVBd09rRk52N0prbHdLeXFmazRHRzROCmdrOGRVYTFjS05MY1gzNzdwdno0Q0hZalBraGlLY0xqQVJ4TFRJYkdtejlZQVQvQWszbDdCRkRkV2owQnJrR2oKV2RGelJWV3FjdHA0NjVvWEZXZTZ3QmlybEplK1JEZ2hnQWRUQWlQR1J3WHV4dmRiSW5SOHZ2b0RJNTJHRXVzaApGWUNZd28zdWFVSVR5Z3hOZEJyWjVOaVpLaCtybjVVNW4zM0pETm9OV2hCVUUwMUwvaFYzUHlleHBKVHltaURQCjZTUFJKM0ZMR3RrQ0F3RUFBYU9Cb2pDQm56QU1CZ05WSFJNRUJUQURBUUgvTUE0R0ExVWREd0VCL3dRRUF3SUIKQmpBZEJnTlZIUTRFRmdRVUtwUGZ5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dId1lEVlIwakJCZ3dGb0FVS3BQZgp5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dQd1lJS3dZQkJRVUhBUU1FTXd3eGRHVnpkRkJUVUY5QlNTNHVMbUZsCk9EVTBNalE1TFdaaVpEQXROREV4WmkxaU0ySXdMV0poWkRFNE5Ea3hNelptWmpBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFacHEvdmF5T3ZSS3dKd1dPQnpTMzhoUHA4TjVnRTlqd2J6dkxCTUhvZERXZk11ZTA5SzFweUI3KwpQdU1rZjNOT0tVSERMWDhob0xiZ0dWVlY0S1lqRndGa203cWY0OTZNTWE0VnZBRWNPeUJkM0pGVWcyeGIxVlN4Cjk0OWVCaVdGcGtaSVNZZUNxNXJ4UWFNeHJJVm9OZjhaSjVOT2V3aU1DM0ZYM3duVGw2VG9yUW1lQUU5MnhuMEQKdnZ6ZUJ4YlFqdTdjQlh3SDFPaGdUamx0YTM1WE1ESjhXbGo4TWZRR0YvZThIZFIrS014WWU5SWNROHN1UjdBVQpGRGkyaUJsMlVQc3dCa0FqMHJRVlY2U2psNWdVSm95K0FJaGZBYXE2cUxSQnJ1NGJTbE44TnVpY2RTRkZ3eHZ1ClEwOVl1U3U3djQ2a1R3ZUxpNnZJZGQxaUxUc05Ndz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" \ 
 -H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \ 
 -H "Content-Type: application/json" \ 
 -d '{
  "company": {
    "address": "Example address",
    "email": "company_email@example.com",
    "name": "Company name",
    "phone_number": "0123456789",
    "zip_code": "GB",
    "city": "Example city"
  },
  "representative": {
    "email": "email@example.com",
    "name": "Example Name"
  },
  "certificate": {
    "name": "Example name",
    "type": "qwac"
  }
}' \ 
-X POST "/api/berlingroup/v1/tpp/register"

Example of parameters

{"company":{"address":"Example address","email":"company_email@example.com","name":"Company name","phone_number":"0123456789","zip_code":"GB","city":"Example city"},"representative":{"email":"email@example.com","name":"Example Name"},"certificate":{"name":"Example name","type":"qwac"}}

Example of response

Request

POST /api/berlingroup/v1/tpp/register

Headers
Header Type Description
X-Request-ID string, required ID of the request, unique to the call, as determined by the initiating party.
Digest string, required Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing, SignatureMalformed
Date datetime, required Endpoint request execution date.
TPP-Signature-Certificate string, required The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid
Signature string, required A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid, SignatureMalformed
Content-Type string, required The media type of the body of the request. Allowed values: application/json
Parameters
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


Related Errors
Class Code Description
WrongRequiredFields 401 Specified required fields were not provided. More info in error_message
AccessDenied 401 Action you want to perform is not allowed. More in error_message
CertificateMissing 401 This request cannot be performed without Certificate header.
CertificateInvalid 401 Given certificate is invalid.
SignatureInvalid 401 Given signature is invalid.
SignatureMissing 401 This request cannot be performed without Signature header.
SignatureMalformed 401 Given signature is malformed.

Add OBSEAL Certificate

Used for adding an OBSEAL certificate. On successful response (200 status code), the UK TPPs’ existing eIDAS certificate will be switched with the OBSEAL certificate obtained from the OpenBanking Directory. The body of the request has to contain the JWT built from the parameters below and signed with the OBSEAL Certificate.

CURL

curl -i  \ 
 -H "Content-Type: application/jwt" \ 
 -H "X-Request-ID: 9b45fa6c-ff61-4e73-aec8-5e805388ce7f" \ 
 -H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \ 
 -H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \ 
 -H "TPP-Signature-Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVBakNDQXVvQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd1d6RVhNQlVHQTFVRVlRd09WSEJ3VTJGc2RGUmwKYzNRd01EQXhJREFlQmdOVkJBTU1GMk5sY25SVFNVZE9VMEZNVkZSRlUxUWdWMlZpSUVOQk1SRXdEd1lEVlFRSwpEQWhUWVd4MFZHVnpkREVMTUFrR0ExVUVCaE1DVWs4d0hoY05NVGt4TWpFNE1URXlOVFU1V2hjTk1qRXhNakUzCk1URXlOVFU1V2pDQmpURVdNQlFHQTFVRUF3d05jMkZzZEMxMFpYTjBMbU52YlRFUk1BOEdBMVVFQ2d3SVUyRnMKZEZSbGMzUXhDekFKQmdOVkJBWVRBbEpQTVJJd0VBWURWUVFJREFsQ2RXTjFjbVZ6ZEdreEVqQVFCZ05WQkFjTQpDVUoxWTNWeVpYTjBhVEVXTUJRR0ExVUVDUXdOUVd4aVlTQkpkV3hwWVNBM05URVRNQkVHQTFVRVlRd0thV1JsCmJuUnBabWxsY2pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2dXNEo5K0hGY0wKUVVwTEk0c1pCSm5RaGdRYUpYRGxwVDI4NWxlOGVEcTdUalpnYXpLcU05RkJydzRBRURxUmxYR3Znd2luSkY2Mgowd3VJcSs3cGpPWFBQdytZOVhRQnBTa2p1cmJ5aEpPZjhiNlVqTFBMQnVBd09rRk52N0prbHdLeXFmazRHRzROCmdrOGRVYTFjS05MY1gzNzdwdno0Q0hZalBraGlLY0xqQVJ4TFRJYkdtejlZQVQvQWszbDdCRkRkV2owQnJrR2oKV2RGelJWV3FjdHA0NjVvWEZXZTZ3QmlybEplK1JEZ2hnQWRUQWlQR1J3WHV4dmRiSW5SOHZ2b0RJNTJHRXVzaApGWUNZd28zdWFVSVR5Z3hOZEJyWjVOaVpLaCtybjVVNW4zM0pETm9OV2hCVUUwMUwvaFYzUHlleHBKVHltaURQCjZTUFJKM0ZMR3RrQ0F3RUFBYU9Cb2pDQm56QU1CZ05WSFJNRUJUQURBUUgvTUE0R0ExVWREd0VCL3dRRUF3SUIKQmpBZEJnTlZIUTRFRmdRVUtwUGZ5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dId1lEVlIwakJCZ3dGb0FVS3BQZgp5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dQd1lJS3dZQkJRVUhBUU1FTXd3eGRHVnpkRkJUVUY5QlNTNHVMbUZsCk9EVTBNalE1TFdaaVpEQXROREV4WmkxaU0ySXdMV0poWkRFNE5Ea3hNelptWmpBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFacHEvdmF5T3ZSS3dKd1dPQnpTMzhoUHA4TjVnRTlqd2J6dkxCTUhvZERXZk11ZTA5SzFweUI3KwpQdU1rZjNOT0tVSERMWDhob0xiZ0dWVlY0S1lqRndGa203cWY0OTZNTWE0VnZBRWNPeUJkM0pGVWcyeGIxVlN4Cjk0OWVCaVdGcGtaSVNZZUNxNXJ4UWFNeHJJVm9OZjhaSjVOT2V3aU1DM0ZYM3duVGw2VG9yUW1lQUU5MnhuMEQKdnZ6ZUJ4YlFqdTdjQlh3SDFPaGdUamx0YTM1WE1ESjhXbGo4TWZRR0YvZThIZFIrS014WWU5SWNROHN1UjdBVQpGRGkyaUJsMlVQc3dCa0FqMHJRVlY2U2psNWdVSm95K0FJaGZBYXE2cUxSQnJ1NGJTbE44TnVpY2RTRkZ3eHZ1ClEwOVl1U3U3djQ2a1R3ZUxpNnZJZGQxaUxUc05Ndz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" \ 
 -H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \ 
 -d '{
  "requestObjectSigningAlg": "PS256",
  "iss": "beKuxC1RniVsTeLYwfpgNP",
  "iat": 1606297853,
  "exp": 1606298169,
  "aud": "0dw23dsa13123",
  "tokenEndpointAuthMethod": "client_secret_basic",
  "tokenEndpointAuthSigningAlg": "PS256",
  "grantTypes": [
    "client_credentials",
    "authorization_code",
    "refresh_token"
  ],
  "responseTypes": [
    "code id_token"
  ],
  "softwareStatement": "eyJhbGciOiJIUzI1NiIsImtpZCI6IkFCQ0QxMjM0In0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE0OTI3NTYzMzEsImp0aSI6ImlkMTIzNDU2ODU0Mzk0ODc2NzgiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJzb2Z0d2FyZV9tb2RlIjoibGl2ZSIsInNvZnR3YXJlX2lkIjoiNjVkMWYyN2MtNGFlYS00NTQ5LTljMjEtNjBlNDk1YTdhODZmIiwic29mdHdhcmVfY2xpZW50X2lkIjoiT3BlbkJhbmtpbmcgVFBQIENsaWVudCBVbmlxdWUgSUQiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IkFtYXpvbiBQcmltZSBNb3ZpZXMiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJBbWF6b24gUHJpbWUgTW92aWVzIGlzIGEgbW92aW5nIHN0cmVhbWluZyBzZXJ2aWNlIiwic29mdHdhcmVfdmVyc2lvbiI6IjIuMiIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvbS9jYiIsImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvLnVrL2NiIl0sInNvZnR3YXJlX3JvbGVzIjpbIlBJU1AiLCJBSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6W3siYXV0aG9yaXR5X2lkIjoiRk1BIiwicmVnaXN0cmF0aW9uX2lkIjoiMTExMTExIiwic3RhdHVzIjoiQWN0aXZlIiwiYXV0aG9yaXNhdGlvbnMiOlt7Im1lbWJlcl9zdGF0ZSI6IkdCUiIsInJvbGVzIjpbIlBJU1AiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiUk9JIiwicm9sZXMiOlsiUElTUCJdfV19XSwic29mdHdhcmVfbG9nb191cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20vbG9nby5wbmciLCJvcmdfc3RhdHVzIjoiQWN0aXZlIiwib3JnX2lkIjoiQW1hem9uIFRQUElEIiwib3JnX25hbWUiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBOYW1lIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6ImJ1c2luZXNzIn0seyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6InRlY2huaWNhbCJ9XSwib3JnX2p3a3NfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9vcmdfaWQuamt3cyIsIm9yZ19qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL29yZ19pZC5qa3dzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8vandrcy5vcGVuYmFua2luZy5vcmcudWsvb3JnX2lkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6Ly90cHAuY29tL3BvbGljeS5odG1sIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vdHBwLmNvbS90b3MuaHRtbCIsInNvZnR3YXJlX29uX2JlaGFsZl9vZl9vcmciOiJodHRwczovL2FwaS5vcGVuYmFua2luZy5vcmcudWsvc2NpbTIvT0JUcnVzdGVkUGF5bWVudFBhcnR5LzEyMzQ1Njc3ODkiLCJvYl9yZWdpc3RyeV90b3MiOiJodHRwczovL3JlZ2lzdHJ5Lm9wZW5iYW5raW5nLm9yZy51ay90b3MuaHRtbCJ9.oHlq7NxEoj0vdXeTR5cUz7oIq7Vt9dB34pbwxtDhWTs",
  "softwareId": "beKuxC1RniVsTeLYwfpgNP",
  "redirectUris": [
    "https://redirect.here",
    "http://and.here"
  ],
  "scope": "makepayment",
  "applicationType": "web",
  "idTokenSignedResponseAlg": "PS256"
}' \ 
-X POST "/api/berlingroup/v1/tpp/certificates"

Example of parameters

{"requestObjectSigningAlg":"PS256","iss":"beKuxC1RniVsTeLYwfpgNP","iat":1606297853,"exp":1606298169,"aud":"0dw23dsa13123","tokenEndpointAuthMethod":"client_secret_basic","tokenEndpointAuthSigningAlg":"PS256","grantTypes":["client_credentials","authorization_code","refresh_token"],"responseTypes":["code id_token"],"softwareStatement":"eyJhbGciOiJIUzI1NiIsImtpZCI6IkFCQ0QxMjM0In0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE0OTI3NTYzMzEsImp0aSI6ImlkMTIzNDU2ODU0Mzk0ODc2NzgiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJzb2Z0d2FyZV9tb2RlIjoibGl2ZSIsInNvZnR3YXJlX2lkIjoiNjVkMWYyN2MtNGFlYS00NTQ5LTljMjEtNjBlNDk1YTdhODZmIiwic29mdHdhcmVfY2xpZW50X2lkIjoiT3BlbkJhbmtpbmcgVFBQIENsaWVudCBVbmlxdWUgSUQiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IkFtYXpvbiBQcmltZSBNb3ZpZXMiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJBbWF6b24gUHJpbWUgTW92aWVzIGlzIGEgbW92aW5nIHN0cmVhbWluZyBzZXJ2aWNlIiwic29mdHdhcmVfdmVyc2lvbiI6IjIuMiIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvbS9jYiIsImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvLnVrL2NiIl0sInNvZnR3YXJlX3JvbGVzIjpbIlBJU1AiLCJBSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6W3siYXV0aG9yaXR5X2lkIjoiRk1BIiwicmVnaXN0cmF0aW9uX2lkIjoiMTExMTExIiwic3RhdHVzIjoiQWN0aXZlIiwiYXV0aG9yaXNhdGlvbnMiOlt7Im1lbWJlcl9zdGF0ZSI6IkdCUiIsInJvbGVzIjpbIlBJU1AiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiUk9JIiwicm9sZXMiOlsiUElTUCJdfV19XSwic29mdHdhcmVfbG9nb191cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20vbG9nby5wbmciLCJvcmdfc3RhdHVzIjoiQWN0aXZlIiwib3JnX2lkIjoiQW1hem9uIFRQUElEIiwib3JnX25hbWUiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBOYW1lIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6ImJ1c2luZXNzIn0seyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6InRlY2huaWNhbCJ9XSwib3JnX2p3a3NfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9vcmdfaWQuamt3cyIsIm9yZ19qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL29yZ19pZC5qa3dzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8vandrcy5vcGVuYmFua2luZy5vcmcudWsvb3JnX2lkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6Ly90cHAuY29tL3BvbGljeS5odG1sIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vdHBwLmNvbS90b3MuaHRtbCIsInNvZnR3YXJlX29uX2JlaGFsZl9vZl9vcmciOiJodHRwczovL2FwaS5vcGVuYmFua2luZy5vcmcudWsvc2NpbTIvT0JUcnVzdGVkUGF5bWVudFBhcnR5LzEyMzQ1Njc3ODkiLCJvYl9yZWdpc3RyeV90b3MiOiJodHRwczovL3JlZ2lzdHJ5Lm9wZW5iYW5raW5nLm9yZy51ay90b3MuaHRtbCJ9.oHlq7NxEoj0vdXeTR5cUz7oIq7Vt9dB34pbwxtDhWTs","softwareId":"beKuxC1RniVsTeLYwfpgNP","redirectUris":["https://redirect.here","http://and.here"],"scope":"makepayment","applicationType":"web","idTokenSignedResponseAlg":"PS256"}

Example of response

{"tlsClientAuthSubjectDn":"N/A","clientId":"ABCD1234","clientSecret":"N/A","clientIdIssuedAt":1606297853,"clientSecretExpiresAt":0,"redirectUris":["https://redirect.here","http://and.here"],"tokenEndpointAuthMethod":"client_secret_basic","tokenEndpointAuthSigningAlg":"PS256","grantTypes":["client_credentials","authorization_code","refresh_token"],"responseTypes":["code id_token"],"softwareId":"beKuxC1RniVsTeLYwfpgNP","scope":"makepayment","applicationType":"web","idTokenSignedResponseAlg":"PS256","requestObjectSigningAlg":"PS256"}
Request

POST /api/berlingroup/v1/tpp/certificates

Headers
Header Type Description
X-Request-ID string, required ID of the request, unique to the call, as determined by the initiating party.
Digest string, required Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing, SignatureMalformed
Date datetime, required Endpoint request execution date.
TPP-Signature-Certificate string, required The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid
Signature string, required A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid, SignatureMalformed
Content-Type string, required The media type of the body of the request. Allowed values: application/jwt, text/plain
Parameters
iss
string, required
TPP identifier: software_id from SSA. Can raise: ActionNotAllowed
iat
integer, required
The time at which the request was issued by the TPP expressed as "seconds since the epoch"
exp
integer, required
The time at which the request expires expressed as seconds since the epoch. Values greater than: 1614284495
aud
string, required
The audience for the request. This should be the unique identifier for the ASPSP issued by the issuer of the software statement.
tokenEndpointAuthMethod
string, optional
Specifies which Token endpoint authentication method the TPP wants to use. It should be noted that only tls_client_auth and client_secret_basic are FAPI compliant. Default value: client_secret_basic Allowed values: client_secret_basic
tokenEndpointAuthSigningAlg
string, optional
Algorithm which the TPP uses to authenticate with the token endpoint. Default value: PS256 Allowed values: PS256
grantTypes
array, required
A JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token. Allowed values: client_credentials, authorization_code, refresh_token
responseTypes
array, optional
A JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint. Default value: ["code id_token"] Allowed values: code, code id_token
softwareStatement
string, required
Software statement assertion issued by the issuer. The data model for the software statements issued by the Open Banking directory are documented as part of the Directory Specification. Can raise: Forbidden
softwareId
string, optional
If specified, the software_id in the request MUST match the software_id specified in the SSA.
redirectUris
array, required
Registered URIs the TPP will use to interact with the ASPSP AS. If the software statement defines a master set of redirect URIs, this must match or be a subset of the redirect URIs in the SSA.
scope
string, optional
Scopes the client is asking for (if not specified, default scopes are assigned by the AS). This consists of a list scopes separated by spaces. Allowed values: openid, makepayment, accounts, payments
applicationType
string, optional
Please specify whether TPP software is a mobile or a web app. Allowed values: web, mobile
idTokenSignedResponseAlg
string, optional
Algorithm which the TPP expects to sign the id_token, if an id_token is returned. Allowed values: PS256
requestObjectSigningAlg
string, optional
Algorithm which the TPP expects to sign the request object if a request object will be part of the authorization request sent to the ASPSP. Allowed values: PS256
Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.


clientId
string, required
Returned after successful registration client identifier. Will be used afterwards for TPP identification.
clientSecret
string, optional
A shared secret that goes in pair with client_id. Currently not supported.
clientIdIssuedAt
integer, required
Time at which the client identifier was issued expressed as "seconds since the epoch".
clientSecretExpiresAt
integer, optional
Time at which the client secret will expire expressed as "seconds since the epoch". The value must be populated if a client_secret is returned. Default value: 0
redirectUris
array, required
Registered URIs the TPP will use to interact with the ASPSP AS. If the software statement defines a master set of redirect URIs, this must match or be a subset of the redirect URIs in the SSA.
tokenEndpointAuthMethod
string, required
Specifies which Token endpoint authentication method the TPP wants to use. It should be noted that only tls_client_auth and client_secret_basic are FAPI compliant. Default value: client_secret_basic Allowed values: client_secret_basic
tokenEndpointAuthSigningAlg
string, optional
Algorithm which the TPP uses to authenticate with the token endpoint. Default value: PS256 Allowed values: PS256
grantTypes
array, required
A JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token. Allowed values: client_credentials, authorization_code, refresh_token
responseTypes
array, optional
A JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint. Default value: ["code id_token"] Allowed values: code, code id_token
softwareId
string, optional
If specified, the software_id in the request MUST match the software_id specified in the SSA.
scope
string, required
Scopes the client is asking for (if not specified, default scopes are assigned by the AS). This consists of a list scopes separated by spaces. Allowed values: openid, makepayment, accounts, payments
applicationType
string, required
Please specify whether TPP software is a mobile or a web app. Allowed values: web, mobile
idTokenSignedResponseAlg
string, optional
Algorithm which the TPP expects to sign the id_token, if an id_token is returned. Allowed values: PS256
requestObjectSigningAlg
string, optional
Algorithm which the TPP expects to sign the request object if a request object will be part of the authorization request sent to the ASPSP. Allowed values: PS256
tlsClientAuthSubjectDn
string, optional
The tls_client_auth_subject_dn claim MUST contain the DN of the certificate that the TPP will present to the ASPSP token endpoint. Currently not supported.
Related Errors
Class Code Description
CertificateMissing 401 This request cannot be performed without Certificate header.
CertificateInvalid 401 Given certificate is invalid.
SignatureInvalid 401 Given signature is invalid.
SignatureMissing 401 This request cannot be performed without Signature header.
SignatureMalformed 401 Given signature is malformed.
Forbidden 403 Action is forbidden. More details in error_message.
ActionNotAllowed 406 You're not allowed to perform this action. This might be a rate limit, configuration problem or parameters incompatibility.