TPP

OBSEAL Register

The API allows the TPP to request the Salt Edge PSD2 Compliance Solution to register a new client. The TPP submits a JWS payload that describes the characteristics of the client to be created. If client creation is successful, the ASPSP responds with a JSON payload that describes the client that was created.

CURL

curl -i \ -d 'eyJhbGciOiJQUzI1NiIsImtpZCI6InRlc3QifQ.eyJyZXF1ZXN0X29iamVjdF9zaWduaW5nX2FsZyI6IlBTMjU2IiwiaXNzIjoiYmVLdXhDMVJuaVZzVGVMWXdmcGdOUCIsImlhdCI6MTYwNjI5Nzg1MywiZXhwIjoxNjA2Mjk4MTY5LCJhdWQiOiIwZHcyM2RzYTEzMTIzIiwidG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2QiOiJjbGllbnRfc2VjcmV0X2Jhc2ljIiwidG9rZW5fZW5kcG9pbnRfYXV0aF9zaWduaW5nX2FsZyI6IlBTMjU2IiwiZ3JhbnRfdHlwZXMiOlsiY2xpZW50X2NyZWRlbnRpYWxzIiwiYXV0aG9yaXphdGlvbl9jb2RlIiwicmVmcmVzaF90b2tlbiJdLCJyZXNwb25zZV90eXBlcyI6WyJjb2RlIGlkX3Rva2VuIl0sInNvZnR3YXJlX3N0YXRlbWVudCI6ImV5SmhiR2NpT2lKSVV6STFOaUlzSW10cFpDSTZJa0ZDUTBReE1qTTBJbjAuZXlKcGMzTWlPaUpQY0dWdVFtRnVhMmx1WnlCTWRHUWlMQ0pwWVhRaU9qRTBPVEkzTlRZek16RXNJbXAwYVNJNkltbGtNVEl6TkRVMk9EVTBNemswT0RjMk56Z2lMQ0p6YjJaMGQyRnlaVjlsYm5acGNtOXViV1Z1ZENJNkluQnliMlIxWTNScGIyNGlMQ0p6YjJaMGQyRnlaVjl0YjJSbElqb2liR2wyWlNJc0luTnZablIzWVhKbFgybGtJam9pTmpWa01XWXlOMk10TkdGbFlTMDBOVFE1TFRsak1qRXROakJsTkRrMVlUZGhPRFptSWl3aWMyOW1kSGRoY21WZlkyeHBaVzUwWDJsa0lqb2lUM0JsYmtKaGJtdHBibWNnVkZCUUlFTnNhV1Z1ZENCVmJtbHhkV1VnU1VRaUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZmJtRnRaU0k2SWtGdFlYcHZiaUJRY21sdFpTQk5iM1pwWlhNaUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZlpHVnpZM0pwY0hScGIyNGlPaUpCYldGNmIyNGdVSEpwYldVZ1RXOTJhV1Z6SUdseklHRWdiVzkyYVc1bklITjBjbVZoYldsdVp5QnpaWEoyYVdObElpd2ljMjltZEhkaGNtVmZkbVZ5YzJsdmJpSTZJakl1TWlJc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5MWNta2lPaUpvZEhSd2N6b3ZMM0J5YVcxbExtRnRZWHB2Ymk1amIyMGlMQ0p6YjJaMGQyRnlaVjl5WldScGNtVmpkRjkxY21seklqcGJJbWgwZEhCek9pOHZjSEpwYldVdVlXMWhlbTl1TG1OdmJTOWpZaUlzSW1oMGRIQnpPaTh2Y0hKcGJXVXVZVzFoZW05dUxtTnZMblZyTDJOaUlsMHNJbk52Wm5SM1lYSmxYM0p2YkdWeklqcGJJbEJKVTFBaUxDSkJTVk5RSWwwc0ltOXlaMkZ1YVhOaGRHbHZibDlqYjIxd1pYUmxiblJmWVhWMGFHOXlhWFI1WDJOc1lXbHRjeUk2VzNzaVlYVjBhRzl5YVhSNVgybGtJam9pUmsxQklpd2ljbVZuYVhOMGNtRjBhVzl1WDJsa0lqb2lNVEV4TVRFeElpd2ljM1JoZEhWeklqb2lRV04wYVhabElpd2lZWFYwYUc5eWFYTmhkR2x2Ym5NaU9sdDdJbTFsYldKbGNsOXpkR0YwWlNJNklrZENVaUlzSW5KdmJHVnpJanBiSWxCSlUxQWlMQ0pCU1ZOUUlsMTlMSHNpYldWdFltVnlYM04wWVhSbElqb2lVazlKSWl3aWNtOXNaWE1pT2xzaVVFbFRVQ0pkZlYxOVhTd2ljMjltZEhkaGNtVmZiRzluYjE5MWNta2lPaUpvZEhSd2N6b3ZMM0J5YVcxbExtRnRZWHB2Ymk1amIyMHZiRzluYnk1d2JtY2lMQ0p2Y21kZmMzUmhkSFZ6SWpvaVFXTjBhWFpsSWl3aWIzSm5YMmxrSWpvaVFXMWhlbTl1SUZSUVVFbEVJaXdpYjNKblgyNWhiV1VpT2lKUGNHVnVRbUZ1YTJsdVp5QlVVRkFnVW1WbmFYTjBaWEpsWkNCT1lXMWxJaXdpYjNKblgyTnZiblJoWTNSeklqcGJleUp1WVcxbElqb2lZMjl1ZEdGamRDQnVZVzFsSWl3aVpXMWhhV3dpT2lKamIyNTBZV04wUUdOdmJuUmhZM1F1WTI5dElpd2ljR2h2Ym1VaU9pSXJORFEzT0Rrd01UTXdOVFU0SWl3aWRIbHdaU0k2SW1KMWMybHVaWE56SW4wc2V5SnVZVzFsSWpvaVkyOXVkR0ZqZENCdVlXMWxJaXdpWlcxaGFXd2lPaUpqYjI1MFlXTjBRR052Ym5SaFkzUXVZMjl0SWl3aWNHaHZibVVpT2lJck5EUTNPRGt3TVRNd05UVTRJaXdpZEhsd1pTSTZJblJsWTJodWFXTmhiQ0o5WFN3aWIzSm5YMnAzYTNOZlpXNWtjRzlwYm5RaU9pSm9kSFJ3Y3pvdkwycDNhM011YjNCbGJtSmhibXRwYm1jdWIzSm5MblZyTDI5eVoxOXBaQzl2Y21kZmFXUXVhbXQzY3lJc0ltOXlaMTlxZDJ0elgzSmxkbTlyWldSZlpXNWtjRzlwYm5RaU9pSm9kSFJ3Y3pvdkwycDNhM011YjNCbGJtSmhibXRwYm1jdWIzSm5MblZyTDI5eVoxOXBaQzl5WlhadmEyVmtMMjl5WjE5cFpDNXFhM2R6SWl3aWMyOW1kSGRoY21WZmFuZHJjMTlsYm1Sd2IybHVkQ0k2SW1oMGRIQnpPaTh2YW5kcmN5NXZjR1Z1WW1GdWEybHVaeTV2Y21jdWRXc3ZiM0puWDJsa0wzTnZablIzWVhKbFgybGtMbXByZDNNaUxDSnpiMlowZDJGeVpWOXFkMnR6WDNKbGRtOXJaV1JmWlc1a2NHOXBiblFpT2lKb2RIUndjem92TDJwM2EzTXViM0JsYm1KaGJtdHBibWN1YjNKbkxuVnJMMjl5WjE5cFpDOXlaWFp2YTJWa0wzTnZablIzWVhKbFgybGtMbXByZDNNaUxDSnpiMlowZDJGeVpWOXdiMnhwWTNsZmRYSnBJam9pYUhSMGNITTZMeTkwY0hBdVkyOXRMM0J2YkdsamVTNW9kRzFzSWl3aWMyOW1kSGRoY21WZmRHOXpYM1Z5YVNJNkltaDBkSEJ6T2k4dmRIQndMbU52YlM5MGIzTXVhSFJ0YkNJc0luTnZablIzWVhKbFgyOXVYMkpsYUdGc1psOXZabDl2Y21jaU9pSm9kSFJ3Y3pvdkwyRndhUzV2Y0dWdVltRnVhMmx1Wnk1dmNtY3VkV3N2YzJOcGJUSXZUMEpVY25WemRHVmtVR0Y1YldWdWRGQmhjblI1THpFeU16UTFOamMzT0RraUxDSnZZbDl5WldkcGMzUnllVjkwYjNNaU9pSm9kSFJ3Y3pvdkwzSmxaMmx6ZEhKNUxtOXdaVzVpWVc1cmFXNW5MbTl5Wnk1MWF5OTBiM011YUhSdGJDSjkub0hscTdOeEVvajB2ZFhlVFI1Y1V6N29JcTdWdDlkQjM0cGJ3eHREaFdUcyIsInNvZnR3YXJlX2lkIjoiYmVLdXhDMVJuaVZzVGVMWXdmcGdOUCIsInJlZGlyZWN0X3VyaXMiOlsiaHR0cHM6Ly9yZWRpcmVjdC5oZXJlIiwiaHR0cDovL2FuZC5oZXJlIl0sInNjb3BlIjoibWFrZXBheW1lbnQiLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwiaWRfdG9rZW5fc2lnbmVkX3Jlc3BvbnNlX2FsZyI6IlBTMjU2In0.vIdQRLEbAgLrTaW00pyj_4dLXdch7kYvdg_QTSjg3i-2EOS45bXqPcD0Js4REwbZ2OyuOqM810GRcjE-ZgyVQKs13KzX6TWWaOR9wl_G0hluD_yo2xle_SvgdXDqMs6S6ACMt9bcdXNG_d2MgEv31is92TtPbiNzPnGRjpjV4iu-JcMh3e-mfeabqA5i6xccffdqg6SQrol3exeE3e3iu-yiKCKREMsQWl0LXDFQWloQ3CSyWlZqhpZ5nfulJFXGu8RcTrFTDEGI8S7tpUh4FtX0cC7RCmsYqe1n0SD5nKmHB1upHJEGCKpMbKqm-3vVQmNI0PVeUpvXiyuJnLWtcA' \ -X POST "/api/open-banking/v3.1/tpp/register"

curl -i  \ 
 -d 'eyJhbGciOiJQUzI1NiIsImtpZCI6InRlc3QifQ.eyJyZXF1ZXN0X29iamVjdF9zaWduaW5nX2FsZyI6IlBTMjU2IiwiaXNzIjoiYmVLdXhDMVJuaVZzVGVMWXdmcGdOUCIsImlhdCI6MTYwNjI5Nzg1MywiZXhwIjoxNjA2Mjk4MTY5LCJhdWQiOiIwZHcyM2RzYTEzMTIzIiwidG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2QiOiJjbGllbnRfc2VjcmV0X2Jhc2ljIiwidG9rZW5fZW5kcG9pbnRfYXV0aF9zaWduaW5nX2FsZyI6IlBTMjU2IiwiZ3JhbnRfdHlwZXMiOlsiY2xpZW50X2NyZWRlbnRpYWxzIiwiYXV0aG9yaXphdGlvbl9jb2RlIiwicmVmcmVzaF90b2tlbiJdLCJyZXNwb25zZV90eXBlcyI6WyJjb2RlIGlkX3Rva2VuIl0sInNvZnR3YXJlX3N0YXRlbWVudCI6ImV5SmhiR2NpT2lKSVV6STFOaUlzSW10cFpDSTZJa0ZDUTBReE1qTTBJbjAuZXlKcGMzTWlPaUpQY0dWdVFtRnVhMmx1WnlCTWRHUWlMQ0pwWVhRaU9qRTBPVEkzTlRZek16RXNJbXAwYVNJNkltbGtNVEl6TkRVMk9EVTBNemswT0RjMk56Z2lMQ0p6YjJaMGQyRnlaVjlsYm5acGNtOXViV1Z1ZENJNkluQnliMlIxWTNScGIyNGlMQ0p6YjJaMGQyRnlaVjl0YjJSbElqb2liR2wyWlNJc0luTnZablIzWVhKbFgybGtJam9pTmpWa01XWXlOMk10TkdGbFlTMDBOVFE1TFRsak1qRXROakJsTkRrMVlUZGhPRFptSWl3aWMyOW1kSGRoY21WZlkyeHBaVzUwWDJsa0lqb2lUM0JsYmtKaGJtdHBibWNnVkZCUUlFTnNhV1Z1ZENCVmJtbHhkV1VnU1VRaUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZmJtRnRaU0k2SWtGdFlYcHZiaUJRY21sdFpTQk5iM1pwWlhNaUxDSnpiMlowZDJGeVpWOWpiR2xsYm5SZlpHVnpZM0pwY0hScGIyNGlPaUpCYldGNmIyNGdVSEpwYldVZ1RXOTJhV1Z6SUdseklHRWdiVzkyYVc1bklITjBjbVZoYldsdVp5QnpaWEoyYVdObElpd2ljMjltZEhkaGNtVmZkbVZ5YzJsdmJpSTZJakl1TWlJc0luTnZablIzWVhKbFgyTnNhV1Z1ZEY5MWNta2lPaUpvZEhSd2N6b3ZMM0J5YVcxbExtRnRZWHB2Ymk1amIyMGlMQ0p6YjJaMGQyRnlaVjl5WldScGNtVmpkRjkxY21seklqcGJJbWgwZEhCek9pOHZjSEpwYldVdVlXMWhlbTl1TG1OdmJTOWpZaUlzSW1oMGRIQnpPaTh2Y0hKcGJXVXVZVzFoZW05dUxtTnZMblZyTDJOaUlsMHNJbk52Wm5SM1lYSmxYM0p2YkdWeklqcGJJbEJKVTFBaUxDSkJTVk5RSWwwc0ltOXlaMkZ1YVhOaGRHbHZibDlqYjIxd1pYUmxiblJmWVhWMGFHOXlhWFI1WDJOc1lXbHRjeUk2VzNzaVlYVjBhRzl5YVhSNVgybGtJam9pUmsxQklpd2ljbVZuYVhOMGNtRjBhVzl1WDJsa0lqb2lNVEV4TVRFeElpd2ljM1JoZEhWeklqb2lRV04wYVhabElpd2lZWFYwYUc5eWFYTmhkR2x2Ym5NaU9sdDdJbTFsYldKbGNsOXpkR0YwWlNJNklrZENVaUlzSW5KdmJHVnpJanBiSWxCSlUxQWlMQ0pCU1ZOUUlsMTlMSHNpYldWdFltVnlYM04wWVhSbElqb2lVazlKSWl3aWNtOXNaWE1pT2xzaVVFbFRVQ0pkZlYxOVhTd2ljMjltZEhkaGNtVmZiRzluYjE5MWNta2lPaUpvZEhSd2N6b3ZMM0J5YVcxbExtRnRZWHB2Ymk1amIyMHZiRzluYnk1d2JtY2lMQ0p2Y21kZmMzUmhkSFZ6SWpvaVFXTjBhWFpsSWl3aWIzSm5YMmxrSWpvaVFXMWhlbTl1SUZSUVVFbEVJaXdpYjNKblgyNWhiV1VpT2lKUGNHVnVRbUZ1YTJsdVp5QlVVRkFnVW1WbmFYTjBaWEpsWkNCT1lXMWxJaXdpYjNKblgyTnZiblJoWTNSeklqcGJleUp1WVcxbElqb2lZMjl1ZEdGamRDQnVZVzFsSWl3aVpXMWhhV3dpT2lKamIyNTBZV04wUUdOdmJuUmhZM1F1WTI5dElpd2ljR2h2Ym1VaU9pSXJORFEzT0Rrd01UTXdOVFU0SWl3aWRIbHdaU0k2SW1KMWMybHVaWE56SW4wc2V5SnVZVzFsSWpvaVkyOXVkR0ZqZENCdVlXMWxJaXdpWlcxaGFXd2lPaUpqYjI1MFlXTjBRR052Ym5SaFkzUXVZMjl0SWl3aWNHaHZibVVpT2lJck5EUTNPRGt3TVRNd05UVTRJaXdpZEhsd1pTSTZJblJsWTJodWFXTmhiQ0o5WFN3aWIzSm5YMnAzYTNOZlpXNWtjRzlwYm5RaU9pSm9kSFJ3Y3pvdkwycDNhM011YjNCbGJtSmhibXRwYm1jdWIzSm5MblZyTDI5eVoxOXBaQzl2Y21kZmFXUXVhbXQzY3lJc0ltOXlaMTlxZDJ0elgzSmxkbTlyWldSZlpXNWtjRzlwYm5RaU9pSm9kSFJ3Y3pvdkwycDNhM011YjNCbGJtSmhibXRwYm1jdWIzSm5MblZyTDI5eVoxOXBaQzl5WlhadmEyVmtMMjl5WjE5cFpDNXFhM2R6SWl3aWMyOW1kSGRoY21WZmFuZHJjMTlsYm1Sd2IybHVkQ0k2SW1oMGRIQnpPaTh2YW5kcmN5NXZjR1Z1WW1GdWEybHVaeTV2Y21jdWRXc3ZiM0puWDJsa0wzTnZablIzWVhKbFgybGtMbXByZDNNaUxDSnpiMlowZDJGeVpWOXFkMnR6WDNKbGRtOXJaV1JmWlc1a2NHOXBiblFpT2lKb2RIUndjem92TDJwM2EzTXViM0JsYm1KaGJtdHBibWN1YjNKbkxuVnJMMjl5WjE5cFpDOXlaWFp2YTJWa0wzTnZablIzWVhKbFgybGtMbXByZDNNaUxDSnpiMlowZDJGeVpWOXdiMnhwWTNsZmRYSnBJam9pYUhSMGNITTZMeTkwY0hBdVkyOXRMM0J2YkdsamVTNW9kRzFzSWl3aWMyOW1kSGRoY21WZmRHOXpYM1Z5YVNJNkltaDBkSEJ6T2k4dmRIQndMbU52YlM5MGIzTXVhSFJ0YkNJc0luTnZablIzWVhKbFgyOXVYMkpsYUdGc1psOXZabDl2Y21jaU9pSm9kSFJ3Y3pvdkwyRndhUzV2Y0dWdVltRnVhMmx1Wnk1dmNtY3VkV3N2YzJOcGJUSXZUMEpVY25WemRHVmtVR0Y1YldWdWRGQmhjblI1THpFeU16UTFOamMzT0RraUxDSnZZbDl5WldkcGMzUnllVjkwYjNNaU9pSm9kSFJ3Y3pvdkwzSmxaMmx6ZEhKNUxtOXdaVzVpWVc1cmFXNW5MbTl5Wnk1MWF5OTBiM011YUhSdGJDSjkub0hscTdOeEVvajB2ZFhlVFI1Y1V6N29JcTdWdDlkQjM0cGJ3eHREaFdUcyIsInNvZnR3YXJlX2lkIjoiYmVLdXhDMVJuaVZzVGVMWXdmcGdOUCIsInJlZGlyZWN0X3VyaXMiOlsiaHR0cHM6Ly9yZWRpcmVjdC5oZXJlIiwiaHR0cDovL2FuZC5oZXJlIl0sInNjb3BlIjoibWFrZXBheW1lbnQiLCJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwiaWRfdG9rZW5fc2lnbmVkX3Jlc3BvbnNlX2FsZyI6IlBTMjU2In0.vIdQRLEbAgLrTaW00pyj_4dLXdch7kYvdg_QTSjg3i-2EOS45bXqPcD0Js4REwbZ2OyuOqM810GRcjE-ZgyVQKs13KzX6TWWaOR9wl_G0hluD_yo2xle_SvgdXDqMs6S6ACMt9bcdXNG_d2MgEv31is92TtPbiNzPnGRjpjV4iu-JcMh3e-mfeabqA5i6xccffdqg6SQrol3exeE3e3iu-yiKCKREMsQWl0LXDFQWloQ3CSyWlZqhpZ5nfulJFXGu8RcTrFTDEGI8S7tpUh4FtX0cC7RCmsYqe1n0SD5nKmHB1upHJEGCKpMbKqm-3vVQmNI0PVeUpvXiyuJnLWtcA' \ 
-X POST "/api/open-banking/v3.1/tpp/register"

Example of parameters

{"request_object_signing_alg":"PS256","iss":"beKuxC1RniVsTeLYwfpgNP","iat":1606297853,"exp":1606298169,"aud":"0dw23dsa13123","token_endpoint_auth_method":"client_secret_basic","token_endpoint_auth_signing_alg":"PS256","grant_types":["client_credentials","authorization_code","refresh_token"],"response_types":["code id_token"],"software_statement":"eyJhbGciOiJIUzI1NiIsImtpZCI6IkFCQ0QxMjM0In0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE0OTI3NTYzMzEsImp0aSI6ImlkMTIzNDU2ODU0Mzk0ODc2NzgiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJzb2Z0d2FyZV9tb2RlIjoibGl2ZSIsInNvZnR3YXJlX2lkIjoiNjVkMWYyN2MtNGFlYS00NTQ5LTljMjEtNjBlNDk1YTdhODZmIiwic29mdHdhcmVfY2xpZW50X2lkIjoiT3BlbkJhbmtpbmcgVFBQIENsaWVudCBVbmlxdWUgSUQiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IkFtYXpvbiBQcmltZSBNb3ZpZXMiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJBbWF6b24gUHJpbWUgTW92aWVzIGlzIGEgbW92aW5nIHN0cmVhbWluZyBzZXJ2aWNlIiwic29mdHdhcmVfdmVyc2lvbiI6IjIuMiIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvbS9jYiIsImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvLnVrL2NiIl0sInNvZnR3YXJlX3JvbGVzIjpbIlBJU1AiLCJBSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6W3siYXV0aG9yaXR5X2lkIjoiRk1BIiwicmVnaXN0cmF0aW9uX2lkIjoiMTExMTExIiwic3RhdHVzIjoiQWN0aXZlIiwiYXV0aG9yaXNhdGlvbnMiOlt7Im1lbWJlcl9zdGF0ZSI6IkdCUiIsInJvbGVzIjpbIlBJU1AiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiUk9JIiwicm9sZXMiOlsiUElTUCJdfV19XSwic29mdHdhcmVfbG9nb191cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20vbG9nby5wbmciLCJvcmdfc3RhdHVzIjoiQWN0aXZlIiwib3JnX2lkIjoiQW1hem9uIFRQUElEIiwib3JnX25hbWUiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBOYW1lIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6ImJ1c2luZXNzIn0seyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6InRlY2huaWNhbCJ9XSwib3JnX2p3a3NfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9vcmdfaWQuamt3cyIsIm9yZ19qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL29yZ19pZC5qa3dzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8vandrcy5vcGVuYmFua2luZy5vcmcudWsvb3JnX2lkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6Ly90cHAuY29tL3BvbGljeS5odG1sIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vdHBwLmNvbS90b3MuaHRtbCIsInNvZnR3YXJlX29uX2JlaGFsZl9vZl9vcmciOiJodHRwczovL2FwaS5vcGVuYmFua2luZy5vcmcudWsvc2NpbTIvT0JUcnVzdGVkUGF5bWVudFBhcnR5LzEyMzQ1Njc3ODkiLCJvYl9yZWdpc3RyeV90b3MiOiJodHRwczovL3JlZ2lzdHJ5Lm9wZW5iYW5raW5nLm9yZy51ay90b3MuaHRtbCJ9.oHlq7NxEoj0vdXeTR5cUz7oIq7Vt9dB34pbwxtDhWTs","software_id":"beKuxC1RniVsTeLYwfpgNP","redirect_uris":["https://redirect.here","http://and.here"],"scope":"makepayment","application_type":"web","id_token_signed_response_alg":"PS256"}

{"request_object_signing_alg":"PS256","iss":"beKuxC1RniVsTeLYwfpgNP","iat":1606297853,"exp":1606298169,"aud":"0dw23dsa13123","token_endpoint_auth_method":"client_secret_basic","token_endpoint_auth_signing_alg":"PS256","grant_types":["client_credentials","authorization_code","refresh_token"],"response_types":["code id_token"],"software_statement":"eyJhbGciOiJIUzI1NiIsImtpZCI6IkFCQ0QxMjM0In0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE0OTI3NTYzMzEsImp0aSI6ImlkMTIzNDU2ODU0Mzk0ODc2NzgiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJzb2Z0d2FyZV9tb2RlIjoibGl2ZSIsInNvZnR3YXJlX2lkIjoiNjVkMWYyN2MtNGFlYS00NTQ5LTljMjEtNjBlNDk1YTdhODZmIiwic29mdHdhcmVfY2xpZW50X2lkIjoiT3BlbkJhbmtpbmcgVFBQIENsaWVudCBVbmlxdWUgSUQiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IkFtYXpvbiBQcmltZSBNb3ZpZXMiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJBbWF6b24gUHJpbWUgTW92aWVzIGlzIGEgbW92aW5nIHN0cmVhbWluZyBzZXJ2aWNlIiwic29mdHdhcmVfdmVyc2lvbiI6IjIuMiIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvbS9jYiIsImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvLnVrL2NiIl0sInNvZnR3YXJlX3JvbGVzIjpbIlBJU1AiLCJBSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6W3siYXV0aG9yaXR5X2lkIjoiRk1BIiwicmVnaXN0cmF0aW9uX2lkIjoiMTExMTExIiwic3RhdHVzIjoiQWN0aXZlIiwiYXV0aG9yaXNhdGlvbnMiOlt7Im1lbWJlcl9zdGF0ZSI6IkdCUiIsInJvbGVzIjpbIlBJU1AiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiUk9JIiwicm9sZXMiOlsiUElTUCJdfV19XSwic29mdHdhcmVfbG9nb191cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20vbG9nby5wbmciLCJvcmdfc3RhdHVzIjoiQWN0aXZlIiwib3JnX2lkIjoiQW1hem9uIFRQUElEIiwib3JnX25hbWUiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBOYW1lIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6ImJ1c2luZXNzIn0seyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6InRlY2huaWNhbCJ9XSwib3JnX2p3a3NfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9vcmdfaWQuamt3cyIsIm9yZ19qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL29yZ19pZC5qa3dzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8vandrcy5vcGVuYmFua2luZy5vcmcudWsvb3JnX2lkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6Ly90cHAuY29tL3BvbGljeS5odG1sIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vdHBwLmNvbS90b3MuaHRtbCIsInNvZnR3YXJlX29uX2JlaGFsZl9vZl9vcmciOiJodHRwczovL2FwaS5vcGVuYmFua2luZy5vcmcudWsvc2NpbTIvT0JUcnVzdGVkUGF5bWVudFBhcnR5LzEyMzQ1Njc3ODkiLCJvYl9yZWdpc3RyeV90b3MiOiJodHRwczovL3JlZ2lzdHJ5Lm9wZW5iYW5raW5nLm9yZy51ay90b3MuaHRtbCJ9.oHlq7NxEoj0vdXeTR5cUz7oIq7Vt9dB34pbwxtDhWTs","software_id":"beKuxC1RniVsTeLYwfpgNP","redirect_uris":["https://redirect.here","http://and.here"],"scope":"makepayment","application_type":"web","id_token_signed_response_alg":"PS256"}

Example of response

{"tls_client_auth_subject_dn":"N/A","client_id":"ABCD1234","client_secret":"N/A","client_id_issued_at":1606297853,"client_secret_expires_at":0,"redirect_uris":["https://redirect.here","http://and.here"],"token_endpoint_auth_method":"client_secret_basic","token_endpoint_auth_signing_alg":"PS256","grant_types":["client_credentials","authorization_code","refresh_token"],"response_types":["code id_token"],"software_id":"beKuxC1RniVsTeLYwfpgNP","scope":"makepayment","application_type":"web","id_token_signed_response_alg":"PS256","request_object_signing_alg":"PS256"}

Request

POST /api/open-banking/v3.1/tpp/register

Unpacked Authorization

iss

string, required

TPP identifier: software_id from SSA. Can raise: ActionNotAllowed

iat

integer, required

The time at which the request was issued by the TPP expressed as "seconds since the epoch"

exp

integer, required

The time at which the request expires expressed as seconds since the epoch. Values greater than: 1614284495

aud

string, required

The audience for the request. This should be the unique identifier for the ASPSP issued by the issuer of the software statement.

token_endpoint_auth_method

string, optional

Specifies which Token endpoint authentication method the TPP wants to use. It should be noted that only tls_client_auth and client_secret_basic are FAPI compliant. Default value: client_secret_basic Allowed values: client_secret_basic

token_endpoint_auth_signing_alg

string, optional

Algorithm which the TPP uses to authenticate with the token endpoint. Default value: PS256 Allowed values: RS256, PS256

grant_types

array, required

A JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token. Allowed values: client_credentials, authorization_code, refresh_token

response_types

array, optional

A JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint. Default value: ["code id_token"] Allowed values: code, id_token, code id_token

software_statement

string, required

Software statement assertion issued by the issuer. The data model for the software statements issued by the Open Banking directory are documented as part of the Directory Specification. Can raise: NotFound, Invalid

software_id

string, optional

If specified, the software_id in the request MUST match the software_id specified in the SSA.

redirect_uris

array, required

Registered URIs the TPP will use to interact with the ASPSP AS. If the software statement defines a master set of redirect URIs, this must match or be a subset of the redirect URIs in the SSA.

scope

string, optional

Scopes the client is asking for (if not specified, default scopes are assigned by the AS). This consists of a list scopes separated by spaces. Allowed values: openid, accounts

application_type

string, optional

Please specify whether TPP software is a mobile or a web app. Allowed values: web, mobile

id_token_signed_response_alg

string, optional

Algorithm which the TPP expects to sign the id_token, if an id_token is returned. Allowed values: RS256, PS256

request_object_signing_alg

string, optional

Algorithm which the TPP expects to sign the request object if a request object will be part of the authorization request sent to the ASPSP. Allowed values: RS256, PS256

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.

client_id

string, required

Client application identifier.

client_secret

string, optional

A shared secret that goes in pair with client_id. Currently not supported.

client_id_issued_at

integer, required

Time at which the client identifier was issued expressed as "seconds since the epoch".

client_secret_expires_at

integer, optional

Time at which the client secret will expire expressed as "seconds since the epoch". The value must be populated if a client_secret is returned. Default value: 0

redirect_uris

array, required

Registered URIs the TPP will use to interact with the ASPSP AS. If the software statement defines a master set of redirect URIs, this must match or be a subset of the redirect URIs in the SSA.

token_endpoint_auth_method

string, required

token_endpoint_auth_signing_alg

string, optional

Algorithm which the TPP uses to authenticate with the token endpoint. Default value: PS256 Allowed values: RS256, PS256

grant_types

array, required

A JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token. Allowed values: client_credentials, authorization_code, refresh_token

response_types

array, optional

A JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint. Default value: ["code id_token"] Allowed values: code, id_token, code id_token

software_id

string, optional

If specified, the software_id in the request MUST match the software_id specified in the SSA.

scope

string, required

Scopes the client is asking for (if not specified, default scopes are assigned by the AS). This consists of a list scopes separated by spaces. Allowed values: openid, accounts

application_type

string, required

Please specify whether TPP software is a mobile or a web app. Allowed values: web, mobile

id_token_signed_response_alg

string, optional

Algorithm which the TPP expects to sign the id_token, if an id_token is returned. Allowed values: RS256, PS256

request_object_signing_alg

string, optional

Algorithm which the TPP expects to sign the request object if a request object will be part of the authorization request sent to the ASPSP. Allowed values: RS256, PS256

tls_client_auth_subject_dn

string, optional

The tls_client_auth_subject_dn claim MUST contain the DN of the certificate that the TPP will present to the ASPSP token endpoint. Currently not supported.

Related Errors

Class	Code	Description
NotFound	404	A resource could not be found. More in `error_message`.
ActionNotAllowed	406	You're not allowed to perform this action. This might be a configuration problem or parameters incompatibility.
Invalid	406	Given data is invalid. More in `error_message`.

Add OBSEAL Certificate

Used for adding an OBSEAL certificate. On successful response (200 status code), the UK TPPs’ existing eIDAS certificate will be switched with the OBSEAL certificate obtained from the OpenBanking Directory. The body of the request has to contain the JWT built from the parameters below and signed with the OBSEAL Certificate.

CURL

curl -i \ -H "Content-Type: application/jwt" \ -H "X-Request-ID: 9b45fa6c-ff61-4e73-aec8-5e805388ce7f" \ -H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \ -H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \ -H "TPP-Signature-Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVBakNDQXVvQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd1d6RVhNQlVHQTFVRVlRd09WSEJ3VTJGc2RGUmwKYzNRd01EQXhJREFlQmdOVkJBTU1GMk5sY25SVFNVZE9VMEZNVkZSRlUxUWdWMlZpSUVOQk1SRXdEd1lEVlFRSwpEQWhUWVd4MFZHVnpkREVMTUFrR0ExVUVCaE1DVWs4d0hoY05NVGt4TWpFNE1URXlOVFU1V2hjTk1qRXhNakUzCk1URXlOVFU1V2pDQmpURVdNQlFHQTFVRUF3d05jMkZzZEMxMFpYTjBMbU52YlRFUk1BOEdBMVVFQ2d3SVUyRnMKZEZSbGMzUXhDekFKQmdOVkJBWVRBbEpQTVJJd0VBWURWUVFJREFsQ2RXTjFjbVZ6ZEdreEVqQVFCZ05WQkFjTQpDVUoxWTNWeVpYTjBhVEVXTUJRR0ExVUVDUXdOUVd4aVlTQkpkV3hwWVNBM05URVRNQkVHQTFVRVlRd0thV1JsCmJuUnBabWxsY2pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2dXNEo5K0hGY0wKUVVwTEk0c1pCSm5RaGdRYUpYRGxwVDI4NWxlOGVEcTdUalpnYXpLcU05RkJydzRBRURxUmxYR3Znd2luSkY2Mgowd3VJcSs3cGpPWFBQdytZOVhRQnBTa2p1cmJ5aEpPZjhiNlVqTFBMQnVBd09rRk52N0prbHdLeXFmazRHRzROCmdrOGRVYTFjS05MY1gzNzdwdno0Q0hZalBraGlLY0xqQVJ4TFRJYkdtejlZQVQvQWszbDdCRkRkV2owQnJrR2oKV2RGelJWV3FjdHA0NjVvWEZXZTZ3QmlybEplK1JEZ2hnQWRUQWlQR1J3WHV4dmRiSW5SOHZ2b0RJNTJHRXVzaApGWUNZd28zdWFVSVR5Z3hOZEJyWjVOaVpLaCtybjVVNW4zM0pETm9OV2hCVUUwMUwvaFYzUHlleHBKVHltaURQCjZTUFJKM0ZMR3RrQ0F3RUFBYU9Cb2pDQm56QU1CZ05WSFJNRUJUQURBUUgvTUE0R0ExVWREd0VCL3dRRUF3SUIKQmpBZEJnTlZIUTRFRmdRVUtwUGZ5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dId1lEVlIwakJCZ3dGb0FVS3BQZgp5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dQd1lJS3dZQkJRVUhBUU1FTXd3eGRHVnpkRkJUVUY5QlNTNHVMbUZsCk9EVTBNalE1TFdaaVpEQXROREV4WmkxaU0ySXdMV0poWkRFNE5Ea3hNelptWmpBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFacHEvdmF5T3ZSS3dKd1dPQnpTMzhoUHA4TjVnRTlqd2J6dkxCTUhvZERXZk11ZTA5SzFweUI3KwpQdU1rZjNOT0tVSERMWDhob0xiZ0dWVlY0S1lqRndGa203cWY0OTZNTWE0VnZBRWNPeUJkM0pGVWcyeGIxVlN4Cjk0OWVCaVdGcGtaSVNZZUNxNXJ4UWFNeHJJVm9OZjhaSjVOT2V3aU1DM0ZYM3duVGw2VG9yUW1lQUU5MnhuMEQKdnZ6ZUJ4YlFqdTdjQlh3SDFPaGdUamx0YTM1WE1ESjhXbGo4TWZRR0YvZThIZFIrS014WWU5SWNROHN1UjdBVQpGRGkyaUJsMlVQc3dCa0FqMHJRVlY2U2psNWdVSm95K0FJaGZBYXE2cUxSQnJ1NGJTbE44TnVpY2RTRkZ3eHZ1ClEwOVl1U3U3djQ2a1R3ZUxpNnZJZGQxaUxUc05Ndz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" \ -H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \ -d '{ "requestObjectSigningAlg": "PS256", "iss": "beKuxC1RniVsTeLYwfpgNP", "iat": 1606297853, "exp": 1606298169, "aud": "0dw23dsa13123", "tokenEndpointAuthMethod": "client_secret_basic", "tokenEndpointAuthSigningAlg": "PS256", "grantTypes": [ "client_credentials", "authorization_code", "refresh_token" ], "responseTypes": [ "code id_token" ], "softwareStatement": "eyJhbGciOiJIUzI1NiIsImtpZCI6IkFCQ0QxMjM0In0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE0OTI3NTYzMzEsImp0aSI6ImlkMTIzNDU2ODU0Mzk0ODc2NzgiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJzb2Z0d2FyZV9tb2RlIjoibGl2ZSIsInNvZnR3YXJlX2lkIjoiNjVkMWYyN2MtNGFlYS00NTQ5LTljMjEtNjBlNDk1YTdhODZmIiwic29mdHdhcmVfY2xpZW50X2lkIjoiT3BlbkJhbmtpbmcgVFBQIENsaWVudCBVbmlxdWUgSUQiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IkFtYXpvbiBQcmltZSBNb3ZpZXMiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJBbWF6b24gUHJpbWUgTW92aWVzIGlzIGEgbW92aW5nIHN0cmVhbWluZyBzZXJ2aWNlIiwic29mdHdhcmVfdmVyc2lvbiI6IjIuMiIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvbS9jYiIsImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvLnVrL2NiIl0sInNvZnR3YXJlX3JvbGVzIjpbIlBJU1AiLCJBSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6W3siYXV0aG9yaXR5X2lkIjoiRk1BIiwicmVnaXN0cmF0aW9uX2lkIjoiMTExMTExIiwic3RhdHVzIjoiQWN0aXZlIiwiYXV0aG9yaXNhdGlvbnMiOlt7Im1lbWJlcl9zdGF0ZSI6IkdCUiIsInJvbGVzIjpbIlBJU1AiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiUk9JIiwicm9sZXMiOlsiUElTUCJdfV19XSwic29mdHdhcmVfbG9nb191cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20vbG9nby5wbmciLCJvcmdfc3RhdHVzIjoiQWN0aXZlIiwib3JnX2lkIjoiQW1hem9uIFRQUElEIiwib3JnX25hbWUiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBOYW1lIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6ImJ1c2luZXNzIn0seyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6InRlY2huaWNhbCJ9XSwib3JnX2p3a3NfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9vcmdfaWQuamt3cyIsIm9yZ19qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL29yZ19pZC5qa3dzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8vandrcy5vcGVuYmFua2luZy5vcmcudWsvb3JnX2lkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6Ly90cHAuY29tL3BvbGljeS5odG1sIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vdHBwLmNvbS90b3MuaHRtbCIsInNvZnR3YXJlX29uX2JlaGFsZl9vZl9vcmciOiJodHRwczovL2FwaS5vcGVuYmFua2luZy5vcmcudWsvc2NpbTIvT0JUcnVzdGVkUGF5bWVudFBhcnR5LzEyMzQ1Njc3ODkiLCJvYl9yZWdpc3RyeV90b3MiOiJodHRwczovL3JlZ2lzdHJ5Lm9wZW5iYW5raW5nLm9yZy51ay90b3MuaHRtbCJ9.oHlq7NxEoj0vdXeTR5cUz7oIq7Vt9dB34pbwxtDhWTs", "softwareId": "beKuxC1RniVsTeLYwfpgNP", "redirectUris": [ "https://redirect.here", "http://and.here" ], "scope": "makepayment", "applicationType": "web", "idTokenSignedResponseAlg": "PS256" }' \ -X POST "/api/berlingroup/v1/tpp/certificates"

curl -i  \ 
 -H "Content-Type: application/jwt" \ 
 -H "X-Request-ID: 9b45fa6c-ff61-4e73-aec8-5e805388ce7f" \ 
 -H "Digest: SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" \ 
 -H "Date: Wed, 18 Dec 2019 11:25:59 GMT" \ 
 -H "TPP-Signature-Certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVBakNDQXVvQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd1d6RVhNQlVHQTFVRVlRd09WSEJ3VTJGc2RGUmwKYzNRd01EQXhJREFlQmdOVkJBTU1GMk5sY25SVFNVZE9VMEZNVkZSRlUxUWdWMlZpSUVOQk1SRXdEd1lEVlFRSwpEQWhUWVd4MFZHVnpkREVMTUFrR0ExVUVCaE1DVWs4d0hoY05NVGt4TWpFNE1URXlOVFU1V2hjTk1qRXhNakUzCk1URXlOVFU1V2pDQmpURVdNQlFHQTFVRUF3d05jMkZzZEMxMFpYTjBMbU52YlRFUk1BOEdBMVVFQ2d3SVUyRnMKZEZSbGMzUXhDekFKQmdOVkJBWVRBbEpQTVJJd0VBWURWUVFJREFsQ2RXTjFjbVZ6ZEdreEVqQVFCZ05WQkFjTQpDVUoxWTNWeVpYTjBhVEVXTUJRR0ExVUVDUXdOUVd4aVlTQkpkV3hwWVNBM05URVRNQkVHQTFVRVlRd0thV1JsCmJuUnBabWxsY2pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2dXNEo5K0hGY0wKUVVwTEk0c1pCSm5RaGdRYUpYRGxwVDI4NWxlOGVEcTdUalpnYXpLcU05RkJydzRBRURxUmxYR3Znd2luSkY2Mgowd3VJcSs3cGpPWFBQdytZOVhRQnBTa2p1cmJ5aEpPZjhiNlVqTFBMQnVBd09rRk52N0prbHdLeXFmazRHRzROCmdrOGRVYTFjS05MY1gzNzdwdno0Q0hZalBraGlLY0xqQVJ4TFRJYkdtejlZQVQvQWszbDdCRkRkV2owQnJrR2oKV2RGelJWV3FjdHA0NjVvWEZXZTZ3QmlybEplK1JEZ2hnQWRUQWlQR1J3WHV4dmRiSW5SOHZ2b0RJNTJHRXVzaApGWUNZd28zdWFVSVR5Z3hOZEJyWjVOaVpLaCtybjVVNW4zM0pETm9OV2hCVUUwMUwvaFYzUHlleHBKVHltaURQCjZTUFJKM0ZMR3RrQ0F3RUFBYU9Cb2pDQm56QU1CZ05WSFJNRUJUQURBUUgvTUE0R0ExVWREd0VCL3dRRUF3SUIKQmpBZEJnTlZIUTRFRmdRVUtwUGZ5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dId1lEVlIwakJCZ3dGb0FVS3BQZgp5MTlSQUJQS3J2YnNNUnRXM3lHSU1mb3dQd1lJS3dZQkJRVUhBUU1FTXd3eGRHVnpkRkJUVUY5QlNTNHVMbUZsCk9EVTBNalE1TFdaaVpEQXROREV4WmkxaU0ySXdMV0poWkRFNE5Ea3hNelptWmpBTkJna3Foa2lHOXcwQkFRc0YKQUFPQ0FRRUFacHEvdmF5T3ZSS3dKd1dPQnpTMzhoUHA4TjVnRTlqd2J6dkxCTUhvZERXZk11ZTA5SzFweUI3KwpQdU1rZjNOT0tVSERMWDhob0xiZ0dWVlY0S1lqRndGa203cWY0OTZNTWE0VnZBRWNPeUJkM0pGVWcyeGIxVlN4Cjk0OWVCaVdGcGtaSVNZZUNxNXJ4UWFNeHJJVm9OZjhaSjVOT2V3aU1DM0ZYM3duVGw2VG9yUW1lQUU5MnhuMEQKdnZ6ZUJ4YlFqdTdjQlh3SDFPaGdUamx0YTM1WE1ESjhXbGo4TWZRR0YvZThIZFIrS014WWU5SWNROHN1UjdBVQpGRGkyaUJsMlVQc3dCa0FqMHJRVlY2U2psNWdVSm95K0FJaGZBYXE2cUxSQnJ1NGJTbE44TnVpY2RTRkZ3eHZ1ClEwOVl1U3U3djQ2a1R3ZUxpNnZJZGQxaUxUc05Ndz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" \ 
 -H "Signature: Signature keyId="SN=0,DN=/organizationIdentifier=TppSaltTest000/CN=certSIGNSALTTEST Web CA/O=SaltTest/C=RO",algorithm="rsa-sha256",headers="digest date x-request-id",signature="Fys106OY/uMk1Tnh4MEvHsUKdJIOX9fw+am3NrqrxFOLIl1BGlcu1+UJhDBHlc3/rkRn0++5AAbkXzqUL8kqm1RVILoRzSg+tr75PUTM5RlIgCli8QtHZrpZtfzb7tEoHqa8zo1SmiopI/bQchQrjdhWu9xIC0TUuMfiD8f6TdH2QpbkXi25uXTQl8wB4qt2dAb4k76lkDM4x29JVmoZkWq28R/kVkPWGJrU7mS2viUUhgofdNzL2vaSd2g7FPrr/E03U/KYU0k047ucCbv1Z4ozdaSJljuyzj0Iq4O04Ztj6oaV8yhnr3LY8aKj1JO9tRy1gpSidxCAqDz90iE9LQ=="" \ 
 -d '{
  "requestObjectSigningAlg": "PS256",
  "iss": "beKuxC1RniVsTeLYwfpgNP",
  "iat": 1606297853,
  "exp": 1606298169,
  "aud": "0dw23dsa13123",
  "tokenEndpointAuthMethod": "client_secret_basic",
  "tokenEndpointAuthSigningAlg": "PS256",
  "grantTypes": [
    "client_credentials",
    "authorization_code",
    "refresh_token"
  ],
  "responseTypes": [
    "code id_token"
  ],
  "softwareStatement": "eyJhbGciOiJIUzI1NiIsImtpZCI6IkFCQ0QxMjM0In0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE0OTI3NTYzMzEsImp0aSI6ImlkMTIzNDU2ODU0Mzk0ODc2NzgiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJzb2Z0d2FyZV9tb2RlIjoibGl2ZSIsInNvZnR3YXJlX2lkIjoiNjVkMWYyN2MtNGFlYS00NTQ5LTljMjEtNjBlNDk1YTdhODZmIiwic29mdHdhcmVfY2xpZW50X2lkIjoiT3BlbkJhbmtpbmcgVFBQIENsaWVudCBVbmlxdWUgSUQiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IkFtYXpvbiBQcmltZSBNb3ZpZXMiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJBbWF6b24gUHJpbWUgTW92aWVzIGlzIGEgbW92aW5nIHN0cmVhbWluZyBzZXJ2aWNlIiwic29mdHdhcmVfdmVyc2lvbiI6IjIuMiIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvbS9jYiIsImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvLnVrL2NiIl0sInNvZnR3YXJlX3JvbGVzIjpbIlBJU1AiLCJBSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6W3siYXV0aG9yaXR5X2lkIjoiRk1BIiwicmVnaXN0cmF0aW9uX2lkIjoiMTExMTExIiwic3RhdHVzIjoiQWN0aXZlIiwiYXV0aG9yaXNhdGlvbnMiOlt7Im1lbWJlcl9zdGF0ZSI6IkdCUiIsInJvbGVzIjpbIlBJU1AiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiUk9JIiwicm9sZXMiOlsiUElTUCJdfV19XSwic29mdHdhcmVfbG9nb191cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20vbG9nby5wbmciLCJvcmdfc3RhdHVzIjoiQWN0aXZlIiwib3JnX2lkIjoiQW1hem9uIFRQUElEIiwib3JnX25hbWUiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBOYW1lIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6ImJ1c2luZXNzIn0seyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6InRlY2huaWNhbCJ9XSwib3JnX2p3a3NfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9vcmdfaWQuamt3cyIsIm9yZ19qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL29yZ19pZC5qa3dzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8vandrcy5vcGVuYmFua2luZy5vcmcudWsvb3JnX2lkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6Ly90cHAuY29tL3BvbGljeS5odG1sIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vdHBwLmNvbS90b3MuaHRtbCIsInNvZnR3YXJlX29uX2JlaGFsZl9vZl9vcmciOiJodHRwczovL2FwaS5vcGVuYmFua2luZy5vcmcudWsvc2NpbTIvT0JUcnVzdGVkUGF5bWVudFBhcnR5LzEyMzQ1Njc3ODkiLCJvYl9yZWdpc3RyeV90b3MiOiJodHRwczovL3JlZ2lzdHJ5Lm9wZW5iYW5raW5nLm9yZy51ay90b3MuaHRtbCJ9.oHlq7NxEoj0vdXeTR5cUz7oIq7Vt9dB34pbwxtDhWTs",
  "softwareId": "beKuxC1RniVsTeLYwfpgNP",
  "redirectUris": [
    "https://redirect.here",
    "http://and.here"
  ],
  "scope": "makepayment",
  "applicationType": "web",
  "idTokenSignedResponseAlg": "PS256"
}' \ 
-X POST "/api/berlingroup/v1/tpp/certificates"

Example of parameters

{"requestObjectSigningAlg":"PS256","iss":"beKuxC1RniVsTeLYwfpgNP","iat":1606297853,"exp":1606298169,"aud":"0dw23dsa13123","tokenEndpointAuthMethod":"client_secret_basic","tokenEndpointAuthSigningAlg":"PS256","grantTypes":["client_credentials","authorization_code","refresh_token"],"responseTypes":["code id_token"],"softwareStatement":"eyJhbGciOiJIUzI1NiIsImtpZCI6IkFCQ0QxMjM0In0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE0OTI3NTYzMzEsImp0aSI6ImlkMTIzNDU2ODU0Mzk0ODc2NzgiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJzb2Z0d2FyZV9tb2RlIjoibGl2ZSIsInNvZnR3YXJlX2lkIjoiNjVkMWYyN2MtNGFlYS00NTQ5LTljMjEtNjBlNDk1YTdhODZmIiwic29mdHdhcmVfY2xpZW50X2lkIjoiT3BlbkJhbmtpbmcgVFBQIENsaWVudCBVbmlxdWUgSUQiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IkFtYXpvbiBQcmltZSBNb3ZpZXMiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJBbWF6b24gUHJpbWUgTW92aWVzIGlzIGEgbW92aW5nIHN0cmVhbWluZyBzZXJ2aWNlIiwic29mdHdhcmVfdmVyc2lvbiI6IjIuMiIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvbS9jYiIsImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvLnVrL2NiIl0sInNvZnR3YXJlX3JvbGVzIjpbIlBJU1AiLCJBSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6W3siYXV0aG9yaXR5X2lkIjoiRk1BIiwicmVnaXN0cmF0aW9uX2lkIjoiMTExMTExIiwic3RhdHVzIjoiQWN0aXZlIiwiYXV0aG9yaXNhdGlvbnMiOlt7Im1lbWJlcl9zdGF0ZSI6IkdCUiIsInJvbGVzIjpbIlBJU1AiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiUk9JIiwicm9sZXMiOlsiUElTUCJdfV19XSwic29mdHdhcmVfbG9nb191cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20vbG9nby5wbmciLCJvcmdfc3RhdHVzIjoiQWN0aXZlIiwib3JnX2lkIjoiQW1hem9uIFRQUElEIiwib3JnX25hbWUiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBOYW1lIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6ImJ1c2luZXNzIn0seyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6InRlY2huaWNhbCJ9XSwib3JnX2p3a3NfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9vcmdfaWQuamt3cyIsIm9yZ19qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL29yZ19pZC5qa3dzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8vandrcy5vcGVuYmFua2luZy5vcmcudWsvb3JnX2lkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6Ly90cHAuY29tL3BvbGljeS5odG1sIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vdHBwLmNvbS90b3MuaHRtbCIsInNvZnR3YXJlX29uX2JlaGFsZl9vZl9vcmciOiJodHRwczovL2FwaS5vcGVuYmFua2luZy5vcmcudWsvc2NpbTIvT0JUcnVzdGVkUGF5bWVudFBhcnR5LzEyMzQ1Njc3ODkiLCJvYl9yZWdpc3RyeV90b3MiOiJodHRwczovL3JlZ2lzdHJ5Lm9wZW5iYW5raW5nLm9yZy51ay90b3MuaHRtbCJ9.oHlq7NxEoj0vdXeTR5cUz7oIq7Vt9dB34pbwxtDhWTs","softwareId":"beKuxC1RniVsTeLYwfpgNP","redirectUris":["https://redirect.here","http://and.here"],"scope":"makepayment","applicationType":"web","idTokenSignedResponseAlg":"PS256"}

{"requestObjectSigningAlg":"PS256","iss":"beKuxC1RniVsTeLYwfpgNP","iat":1606297853,"exp":1606298169,"aud":"0dw23dsa13123","tokenEndpointAuthMethod":"client_secret_basic","tokenEndpointAuthSigningAlg":"PS256","grantTypes":["client_credentials","authorization_code","refresh_token"],"responseTypes":["code id_token"],"softwareStatement":"eyJhbGciOiJIUzI1NiIsImtpZCI6IkFCQ0QxMjM0In0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE0OTI3NTYzMzEsImp0aSI6ImlkMTIzNDU2ODU0Mzk0ODc2NzgiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InByb2R1Y3Rpb24iLCJzb2Z0d2FyZV9tb2RlIjoibGl2ZSIsInNvZnR3YXJlX2lkIjoiNjVkMWYyN2MtNGFlYS00NTQ5LTljMjEtNjBlNDk1YTdhODZmIiwic29mdHdhcmVfY2xpZW50X2lkIjoiT3BlbkJhbmtpbmcgVFBQIENsaWVudCBVbmlxdWUgSUQiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IkFtYXpvbiBQcmltZSBNb3ZpZXMiLCJzb2Z0d2FyZV9jbGllbnRfZGVzY3JpcHRpb24iOiJBbWF6b24gUHJpbWUgTW92aWVzIGlzIGEgbW92aW5nIHN0cmVhbWluZyBzZXJ2aWNlIiwic29mdHdhcmVfdmVyc2lvbiI6IjIuMiIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvbS9jYiIsImh0dHBzOi8vcHJpbWUuYW1hem9uLmNvLnVrL2NiIl0sInNvZnR3YXJlX3JvbGVzIjpbIlBJU1AiLCJBSVNQIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6W3siYXV0aG9yaXR5X2lkIjoiRk1BIiwicmVnaXN0cmF0aW9uX2lkIjoiMTExMTExIiwic3RhdHVzIjoiQWN0aXZlIiwiYXV0aG9yaXNhdGlvbnMiOlt7Im1lbWJlcl9zdGF0ZSI6IkdCUiIsInJvbGVzIjpbIlBJU1AiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiUk9JIiwicm9sZXMiOlsiUElTUCJdfV19XSwic29mdHdhcmVfbG9nb191cmkiOiJodHRwczovL3ByaW1lLmFtYXpvbi5jb20vbG9nby5wbmciLCJvcmdfc3RhdHVzIjoiQWN0aXZlIiwib3JnX2lkIjoiQW1hem9uIFRQUElEIiwib3JnX25hbWUiOiJPcGVuQmFua2luZyBUUFAgUmVnaXN0ZXJlZCBOYW1lIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6ImJ1c2luZXNzIn0seyJuYW1lIjoiY29udGFjdCBuYW1lIiwiZW1haWwiOiJjb250YWN0QGNvbnRhY3QuY29tIiwicGhvbmUiOiIrNDQ3ODkwMTMwNTU4IiwidHlwZSI6InRlY2huaWNhbCJ9XSwib3JnX2p3a3NfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9vcmdfaWQuamt3cyIsIm9yZ19qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL29yZ19pZC5qa3dzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8vandrcy5vcGVuYmFua2luZy5vcmcudWsvb3JnX2lkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9qd2tzX3Jldm9rZWRfZW5kcG9pbnQiOiJodHRwczovL2p3a3Mub3BlbmJhbmtpbmcub3JnLnVrL29yZ19pZC9yZXZva2VkL3NvZnR3YXJlX2lkLmprd3MiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6Ly90cHAuY29tL3BvbGljeS5odG1sIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vdHBwLmNvbS90b3MuaHRtbCIsInNvZnR3YXJlX29uX2JlaGFsZl9vZl9vcmciOiJodHRwczovL2FwaS5vcGVuYmFua2luZy5vcmcudWsvc2NpbTIvT0JUcnVzdGVkUGF5bWVudFBhcnR5LzEyMzQ1Njc3ODkiLCJvYl9yZWdpc3RyeV90b3MiOiJodHRwczovL3JlZ2lzdHJ5Lm9wZW5iYW5raW5nLm9yZy51ay90b3MuaHRtbCJ9.oHlq7NxEoj0vdXeTR5cUz7oIq7Vt9dB34pbwxtDhWTs","softwareId":"beKuxC1RniVsTeLYwfpgNP","redirectUris":["https://redirect.here","http://and.here"],"scope":"makepayment","applicationType":"web","idTokenSignedResponseAlg":"PS256"}

Example of response

{"tlsClientAuthSubjectDn":"N/A","clientId":"ABCD1234","clientSecret":"N/A","clientIdIssuedAt":1606297853,"clientSecretExpiresAt":0,"redirectUris":["https://redirect.here","http://and.here"],"tokenEndpointAuthMethod":"client_secret_basic","tokenEndpointAuthSigningAlg":"PS256","grantTypes":["client_credentials","authorization_code","refresh_token"],"responseTypes":["code id_token"],"softwareId":"beKuxC1RniVsTeLYwfpgNP","scope":"makepayment","applicationType":"web","idTokenSignedResponseAlg":"PS256","requestObjectSigningAlg":"PS256"}

Request

POST /api/berlingroup/v1/tpp/certificates

Headers

Header	Type	Description
`X-Request-ID`	string, required	ID of the request, unique to the call, as determined by the initiating party.
`Digest`	string, required	Contains a Hash of the message body, if the message does not contain a body, the "Digest" header must contain the hash of an empty string - "". Can raise: CertificateMissing, CertificateInvalid, SignatureInvalid, SignatureMissing, SignatureMalformed
`Date`	datetime, required	Endpoint request execution date.
`TPP-Signature-Certificate`	string, required	The certificate used for signing the request, in base64 encoding that should comply with RFC 4648 (No line feeds). Can raise: CertificateMissing, CertificateInvalid
`Signature`	string, required	A signature of the request by the TPP on application level. This might be mandated by ASPSP. Can raise: CertificateMissing, CertificateInvalid, SignatureMissing, SignatureInvalid, SignatureMalformed
`Content-Type`	string, required	The media type of the body of the request. Allowed values: application/jwt, text/plain

Parameters

iss

string, required

TPP identifier: software_id from SSA. Can raise: ActionNotAllowed

iat

integer, required

The time at which the request was issued by the TPP expressed as "seconds since the epoch"

exp

integer, required

The time at which the request expires expressed as seconds since the epoch. Values greater than: 1614284495

aud

string, required

The audience for the request. This should be the unique identifier for the ASPSP issued by the issuer of the software statement.

tokenEndpointAuthMethod

string, optional

tokenEndpointAuthSigningAlg

string, optional

Algorithm which the TPP uses to authenticate with the token endpoint. Default value: PS256 Allowed values: PS256

grantTypes

array, required

A JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token. Allowed values: client_credentials, authorization_code, refresh_token

responseTypes

array, optional

A JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint. Default value: ["code id_token"] Allowed values: code, code id_token

softwareStatement

string, required

softwareId

string, optional

If specified, the software_id in the request MUST match the software_id specified in the SSA.

redirectUris

array, required

Registered URIs the TPP will use to interact with the ASPSP AS. If the software statement defines a master set of redirect URIs, this must match or be a subset of the redirect URIs in the SSA.

scope

string, optional

Scopes the client is asking for (if not specified, default scopes are assigned by the AS). This consists of a list scopes separated by spaces. Allowed values: openid, makepayment, accounts, payments

applicationType

string, optional

Please specify whether TPP software is a mobile or a web app. Allowed values: web, mobile

idTokenSignedResponseAlg

string, optional

Algorithm which the TPP expects to sign the id_token, if an id_token is returned. Allowed values: PS256

requestObjectSigningAlg

string, optional

Algorithm which the TPP expects to sign the request object if a request object will be part of the authorization request sent to the ASPSP. Allowed values: PS256

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other posibilities.

clientId

string, required

Returned after successful registration client identifier. Will be used afterwards for TPP identification.

clientSecret

string, optional

A shared secret that goes in pair with client_id. Currently not supported.

clientIdIssuedAt

integer, required

Time at which the client identifier was issued expressed as "seconds since the epoch".

clientSecretExpiresAt

integer, optional

Time at which the client secret will expire expressed as "seconds since the epoch". The value must be populated if a client_secret is returned. Default value: 0

redirectUris

array, required

Registered URIs the TPP will use to interact with the ASPSP AS. If the software statement defines a master set of redirect URIs, this must match or be a subset of the redirect URIs in the SSA.

tokenEndpointAuthMethod

string, required

tokenEndpointAuthSigningAlg

string, optional

Algorithm which the TPP uses to authenticate with the token endpoint. Default value: PS256 Allowed values: PS256

grantTypes

array, required

A JSON array specifying what the TPP can request to be supplied to the token endpoint as exchange for an access token. Allowed values: client_credentials, authorization_code, refresh_token

responseTypes

array, optional

A JSON array specifying what the TPP can request to be returned from the ASPSP authorisation endpoint. Default value: ["code id_token"] Allowed values: code, code id_token

softwareId

string, optional

If specified, the software_id in the request MUST match the software_id specified in the SSA.

scope

string, required

Scopes the client is asking for (if not specified, default scopes are assigned by the AS). This consists of a list scopes separated by spaces. Allowed values: openid, makepayment, accounts, payments

applicationType

string, required

Please specify whether TPP software is a mobile or a web app. Allowed values: web, mobile

idTokenSignedResponseAlg

string, optional

Algorithm which the TPP expects to sign the id_token, if an id_token is returned. Allowed values: PS256

requestObjectSigningAlg

string, optional

Algorithm which the TPP expects to sign the request object if a request object will be part of the authorization request sent to the ASPSP. Allowed values: PS256

tlsClientAuthSubjectDn

string, optional

The tls_client_auth_subject_dn claim MUST contain the DN of the certificate that the TPP will present to the ASPSP token endpoint. Currently not supported.

Related Errors

Class	Code	Description
CertificateMissing	401	This request cannot be performed without `Certificate` header.
CertificateInvalid	401	Given certificate is invalid.
SignatureInvalid	401	Given signature is invalid.
SignatureMissing	401	This request cannot be performed without `Signature` header.
SignatureMalformed	401	Given signature is malformed.
Forbidden	403	Action is forbidden. More details in `error_message`.
ActionNotAllowed	406	You're not allowed to perform this action. This might be a rate limit, configuration problem or parameters incompatibility.