Accounts

All

Returns all accounts belonging to a PSU and all relevant information about them. This endpoint should be called after refreshing PSU data on Salt Edge side.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InBlcl9wYWdlIjo1MCwiZnJvbV9pZCI6NjY1fSwiZXhwIjoxNzM1MzUwNTI5LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.FzCayvvlzb4KJkD4iLO56X25GdDad7EizKJz0UpQN17X07KPNAHgudyLVtqhmUfJ8jStKx6109wEvwGTuf4ouBJuBWgywmMxjqoOSnXByQ0DjsWcQMI1vyVInRAA90Guimpji--4f1NtplkH2GEHDsqsOQtMlvzJeGsXC31Ab4UyLLUoIbVojfUC-BBd32zVEYK-PNEaZvfwxdW5xpeIGmOMDRgbAkNlWMjfOK8Flv8B-Wdu3qt4oAX_3hVl0K1jwcyCypsZamj2963ZNOPL8eic7urqHEjPMHLMzgG3psv8tcJtNqkJKm49tsTuvlcgl3oNbZPSj8BQ6___j-sr4A" \ -H "App-Id: hdxOnJzz7tUdwso5TeGIOQ" \ -H "App-Secret: mQdTa13N7SoBsmnoHok0mQ" \ -H "Access-Token: 0bd6a34ce608515b9ce2c2afae5d52fa047aaa07c10563b9e7ef4e786faf935f29d255858fac37d314bef7d24651ddebe60cb4342d98e0feaee5ca010c500c04" \ -H "Client-Request-Id: 34" \ -X GET "/api/v2/accounts/all"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InBlcl9wYWdlIjo1MCwiZnJvbV9pZCI6NjY1fSwiZXhwIjoxNzM1MzUwNTI5LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.FzCayvvlzb4KJkD4iLO56X25GdDad7EizKJz0UpQN17X07KPNAHgudyLVtqhmUfJ8jStKx6109wEvwGTuf4ouBJuBWgywmMxjqoOSnXByQ0DjsWcQMI1vyVInRAA90Guimpji--4f1NtplkH2GEHDsqsOQtMlvzJeGsXC31Ab4UyLLUoIbVojfUC-BBd32zVEYK-PNEaZvfwxdW5xpeIGmOMDRgbAkNlWMjfOK8Flv8B-Wdu3qt4oAX_3hVl0K1jwcyCypsZamj2963ZNOPL8eic7urqHEjPMHLMzgG3psv8tcJtNqkJKm49tsTuvlcgl3oNbZPSj8BQ6___j-sr4A" \ 
 -H "App-Id: hdxOnJzz7tUdwso5TeGIOQ" \ 
 -H "App-Secret: mQdTa13N7SoBsmnoHok0mQ" \ 
 -H "Access-Token: 0bd6a34ce608515b9ce2c2afae5d52fa047aaa07c10563b9e7ef4e786faf935f29d255858fac37d314bef7d24651ddebe60cb4342d98e0feaee5ca010c500c04" \ 
 -H "Client-Request-Id: 34" \ 
 -X GET "/api/v2/accounts/all"

Example of request parameters

{"data":{"per_page":50,"from_id":665},"exp":1574093211}

Example of response

{"meta":{"time":"2019-11-18T16:04:51.182Z","next_id":865},"data":[{"id":"864","name":"Visa","nature":"credit_card","iban":"FK54RAND61068428516174","number":"450746508","sort_code":"16-26-63","swift_code":"qALtN","currency_code":"GBP","balance":37,"available_amount":30.5,"provider_account_id":"229","extra":{},"payment_account":true,"created_at":"2019-11-18T16:04:51.182Z","updated_at":"2019-11-18T16:04:51.182Z"}]}

Request

GET /api/v2/accounts/all

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`. Can raise: AuthorizationMissing
`App-Id`	string, required	Application’s `app_id` from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
`App-Secret`	string, required	Application’s `app_secret` from connection details tab.
`Access-Token`	string, required	Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
`Client-Request-Id`	string, optional	Request identifier. If present, it will be returned within `meta` field in response.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

per_page

integer, optional

Number of accounts that should be returned per request. Values in range between: 1 and 1000 Default value: 20

from_id

integer, optional

Return all accounts starting with a specific id. Values greater than: 0

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

data

array, required

Wrapper for the data.

string, required

Account identifier on Salt Edge PSD2 Compliance Solution.

name

string, required

Human readable account name.

nature

string, required

Account nature. Allowed values: account, card, debit_card, credit_card, checking, savings, investment, bonus, loan, credit, insurance, ewallet, mortgage

iban

string, optional

International Bank Account Number.

number

string, optional

Account number identifier within Bank.

sort_code

string, optional

Used to identify bank accounts in United Kingdom and Ireland.

swift_code

string, optional

Business Identifier Code.

currency_code

string, required

Account currency code in ISO 4217.

balance

float, optional

Account balance.

available_amount

float, optional

Physically available funds.

status

string, required

Conveys current status of the operation. Allowed values: active, inactive

provider_account_id

string, required

ID that uniquely identifies this account in provider’s system.

extra

hash, optional

Any extra information related to an account. Default value: {}

payment_account

boolean, required

Specifies whether account can be used to initiate payments. Allowed values: true, false

created_at

datetime, required

Datetime of account creation on Salt Edge PSD2 Compliance side.

updated_at

datetime, required

Datetime of last account update on Salt Edge PSD2 Compliance side.

Related Errors

Class	Code	Description
TokenMissing	400	This request cannot be performed without `Access_Token` header.
AuthorizationMissing	401	Authorization header is missing.
TokenNotFound	401	Token specified in request does not exist or cannot be retrieved.
TokenRevoked	401	Token specified in request is revoked and cannot be used anymore.
TokenExpired	401	Token specified in request is expired and cannot be used.
OauthAppNotFound	404	OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound	404	Certificate has no permissions.

Holder

Returns holder information that belongs to a PSU. This endpoint should be called after refreshing PSU data on Salt Edge side.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNzM1MzUwNTI5LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.ASUNvio0luMak6hTwWLFNtIesDxVU4YAb9brK6h5TgLdBWGZxSuU3axbQV5GOq_ibB_66IaC58vFRNHSWDLndAQqUve92Rq_7pHM38qrf36G8TZrEIdFup9kjGUtXRNdBVEzWn9hOWC1R0rd28RkbaUQKKsiQF0x-7z8_HVexLzWx2fWL-YFQ_fwZDxMyLNwT2LFcnV1aDdS5RGxDQY-NwzUP_eCc-kYwabfWx2D0xggFHLuj0ijYNV4F9rApKv85OVPOfbxbZJaBXwzxunx7xUjTfAS-XifOhFhLNXKFOUbcdw0J-zLtWI88GO65EszxDuo-L5L1hBRvY3TfHUjcA" \ -H "App-Id: HyR-HnEk7_WMUJv8BD6LkA" \ -H "App-Secret: yqQW_-qL3l1YnoJyzDvX-g" \ -H "Access-Token: 20442d11db40783035aa521337d264760fe46e0b241389fdc2081dae37a9952f6b5f58a7341a990c46a38b6b38c03770a4ecbd4d495c4030e323ad1b292d428f" \ -H "Client-Request-Id: 17" \ -X GET "/api/v2/accounts/holder"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7fSwiZXhwIjoxNzM1MzUwNTI5LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.ASUNvio0luMak6hTwWLFNtIesDxVU4YAb9brK6h5TgLdBWGZxSuU3axbQV5GOq_ibB_66IaC58vFRNHSWDLndAQqUve92Rq_7pHM38qrf36G8TZrEIdFup9kjGUtXRNdBVEzWn9hOWC1R0rd28RkbaUQKKsiQF0x-7z8_HVexLzWx2fWL-YFQ_fwZDxMyLNwT2LFcnV1aDdS5RGxDQY-NwzUP_eCc-kYwabfWx2D0xggFHLuj0ijYNV4F9rApKv85OVPOfbxbZJaBXwzxunx7xUjTfAS-XifOhFhLNXKFOUbcdw0J-zLtWI88GO65EszxDuo-L5L1hBRvY3TfHUjcA" \ 
 -H "App-Id: HyR-HnEk7_WMUJv8BD6LkA" \ 
 -H "App-Secret: yqQW_-qL3l1YnoJyzDvX-g" \ 
 -H "Access-Token: 20442d11db40783035aa521337d264760fe46e0b241389fdc2081dae37a9952f6b5f58a7341a990c46a38b6b38c03770a4ecbd4d495c4030e323ad1b292d428f" \ 
 -H "Client-Request-Id: 17" \ 
 -X GET "/api/v2/accounts/holder"

Example of request parameters

{"data":{},"exp":1574093211}

Example of response

{"data":{"name":"John Smith"}}

Request

GET /api/v2/accounts/holder

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`. Can raise: AuthorizationMissing
`App-Id`	string, required	Application’s `app_id` from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
`App-Secret`	string, required	Application’s `app_secret` from connection details tab.
`Access-Token`	string, required	Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
`Client-Request-Id`	string, optional	Request identifier. If present, it will be returned within `meta` field in response.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

data

hash, required

Wrapper for the data.

name

string, optional

PSU name.

Related Errors

Class	Code	Description
TokenMissing	400	This request cannot be performed without `Access_Token` header.
AuthorizationMissing	401	Authorization header is missing.
TokenNotFound	401	Token specified in request does not exist or cannot be retrieved.
TokenRevoked	401	Token specified in request is revoked and cannot be used anymore.
TokenExpired	401	Token specified in request is expired and cannot be used.
OauthAppNotFound	404	OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound	404	Certificate has no permissions.

Refresh

Initiates the process of refreshing PSU data (accounts, transactions, holder info) on Salt Edge PSD2 Compliance side from the ASPSP which issued the access token.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImZyb21fZGF0ZSI6IjIwMTktMDgtMTgiLCJ0b19kYXRlIjoiMjAxOS0xMS0xOCIsImluaXRpYXRlZF9ieV9jdXN0b21lciI6ZmFsc2UsInJlZGlyZWN0X3VybCI6Imh0dHBzOi8vdXNlci53aWxsLmJlL3JlZGlyZWN0ZWQvaGVyZSJ9LCJleHAiOjE3MzUzNTA1MjksImlzcyI6InByaW9yYS5zYWx0ZWRnZS5jb20ifQ.c6i9i6Emp4kUNGA2pKGAm_sHlAPc58FmEomYenMu69TgIIB8EGAwu1Fk0EG4ciCWHNODQDKmbO5znifasNWMAnUXoBtUHhVzJMee9HVrdZhPzD40yp43IaPOP9j9X3u7ApJBDTWRfnL7P7qyjtPklnCG7BOfHLl7fVqKTqHJy8EJx4MxJN69enNhHAbi15IblVrZ1wXRsE_gacHecStVOpDq2_-NQQB3JyM4HOQFY4rysD_BrECqnD3JcS8BDZiMHx-d5xAD0IBvJc3MaY3cksC5HVvUsirp8-r5j86ui53_yYik2pzNu6rqERhOc68hRgkwhGBswTWT4wOZknCLkA" \ -H "App-Id: UJbEee74CaUNMzrvzfAtUQ" \ -H "App-Secret: B_oeBL7GIK9jPxzQSrmlLQ" \ -H "Access-Token: b2e3f5f24b69dad11a89e9fdada9dd695a1e8f965a3f33248ea41ae6ca46c0d3a2ea38233fe9b6cedeaa9067ee89bb87981d0988bd688e8b8056640c86350b6f" \ -H "Client-Request-Id: 17" \ -X PUT "/api/v2/accounts"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7ImZyb21fZGF0ZSI6IjIwMTktMDgtMTgiLCJ0b19kYXRlIjoiMjAxOS0xMS0xOCIsImluaXRpYXRlZF9ieV9jdXN0b21lciI6ZmFsc2UsInJlZGlyZWN0X3VybCI6Imh0dHBzOi8vdXNlci53aWxsLmJlL3JlZGlyZWN0ZWQvaGVyZSJ9LCJleHAiOjE3MzUzNTA1MjksImlzcyI6InByaW9yYS5zYWx0ZWRnZS5jb20ifQ.c6i9i6Emp4kUNGA2pKGAm_sHlAPc58FmEomYenMu69TgIIB8EGAwu1Fk0EG4ciCWHNODQDKmbO5znifasNWMAnUXoBtUHhVzJMee9HVrdZhPzD40yp43IaPOP9j9X3u7ApJBDTWRfnL7P7qyjtPklnCG7BOfHLl7fVqKTqHJy8EJx4MxJN69enNhHAbi15IblVrZ1wXRsE_gacHecStVOpDq2_-NQQB3JyM4HOQFY4rysD_BrECqnD3JcS8BDZiMHx-d5xAD0IBvJc3MaY3cksC5HVvUsirp8-r5j86ui53_yYik2pzNu6rqERhOc68hRgkwhGBswTWT4wOZknCLkA" \ 
 -H "App-Id: UJbEee74CaUNMzrvzfAtUQ" \ 
 -H "App-Secret: B_oeBL7GIK9jPxzQSrmlLQ" \ 
 -H "Access-Token: b2e3f5f24b69dad11a89e9fdada9dd695a1e8f965a3f33248ea41ae6ca46c0d3a2ea38233fe9b6cedeaa9067ee89bb87981d0988bd688e8b8056640c86350b6f" \ 
 -H "Client-Request-Id: 17" \ 
 -X PUT "/api/v2/accounts"

Example of request parameters

{"data":{"from_date":"2019-08-18","to_date":"2019-11-18","initiated_by_customer":false,"redirect_url":"https://user.will.be/redirected/here"},"exp":1574093211}

Example of response

{"data":{"session_secret":"fssZuhgv1LNyG_TaHmgv"}}

Request

PUT /api/v2/accounts

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`. Can raise: AuthorizationMissing
`App-Id`	string, required	Application’s `app_id` from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
`App-Secret`	string, required	Application’s `app_secret` from connection details tab.
`Access-Token`	string, required	Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
`Client-Request-Id`	string, optional	Request identifier. If present, it will be returned within `meta` field in response.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

from_date

datetime, optional

Specifies the starting date in ISO 8601: “yyyy-mm-dd” format, from which account data should be fetched. This value will be set to 90 days ago by default. Default value: 90 days ago.

to_date

datetime, optional

Specifies the ending date in ISO 8601: “yyyy-mm-dd” format, to which account data should be fetched. This value will always be the today’s date by default. Default value: Today.

initiated_by_customer

boolean, optional

Defines whether request was initiated by PSU or automatically. Default value: false Can raise: ActionNotAllowed, AccessExceeded, AccessExceeded

redirect_url

url, optional

The URL on which PSU should be redirected by TPP in order to perform authentication.

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

data

hash, required

Wrapper for the data.

session_secret

string, required

Session identifier in Salt Edge PSD2 Compliance.

Related Errors

Class	Code	Description
TokenMissing	400	This request cannot be performed without `Access_Token` header.
AuthorizationMissing	401	Authorization header is missing.
TokenNotFound	401	Token specified in request does not exist or cannot be retrieved.
TokenRevoked	401	Token specified in request is revoked and cannot be used anymore.
TokenExpired	401	Token specified in request is expired and cannot be used.
OauthAppNotFound	404	OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound	404	Certificate has no permissions.
ActionNotAllowed	406	You're not allowed to perform this action. This might be a configuration problem or parameters incompatibility.
AccessExceeded	429	Exceeded the number of automatic requests for this action.
AccessExceeded	429	Exceeded the number of automatic requests for this action.

Transactions

Returns transactions for a specific account. This endpoint should be called after refreshing PSU data on Salt Edge side.

CURL

curl -i \ -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InBlcl9wYWdlIjo1MCwiZnJvbV9pZCI6MTY1fSwiZXhwIjoxNzM1MzUwNTI5LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.f1Huh_yWSesOCXHm-88dxu6GgCnSb2GU3JxaOqWWq7q-pNLzT0ShKQF2r59DcSL987YQwmu8DWrzipKvu7AJFpTV0o6-TxoQ017Qqb2J7izLR4TgJQN2yFPRhuNjcnUEoABchJxbJvyoHmze6ZWP9q0DekbP7sZXxgkeW_l9aDaPwTpXYfMoq1rRTNNQO3h-UysobLV1AuCpyLdj91_UOeY452GMWMdFslSbg2rokoj6cMRcKzp1CxjynvBrftlX58YUzxZZXSN8ohUPWvwNPCnFLzLHdzdtu_NbtyyhyHAONOVLicw4BaHMnYbGCBeWFYXRL5Zz07jAadnzZXTJFw" \ -H "App-Id: 1aeKgOrMn24XdsU8K5vgNw" \ -H "App-Secret: YTYP2gAUWcXW3l9wvtMT6w" \ -H "Access-Token: cf3f53fd0422519c4259cbbad9cdd556a5e6e03618a474431823e394b6f1204c98a46609f0606e8920a153665175739cc0174f721b263aeb0838f1a1afef8d3e" \ -H "Client-Request-Id: 17" \ -X GET "/api/v2/accounts/:account_id/transactions"

curl -i  \ 
 -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjp7InBlcl9wYWdlIjo1MCwiZnJvbV9pZCI6MTY1fSwiZXhwIjoxNzM1MzUwNTI5LCJpc3MiOiJwcmlvcmEuc2FsdGVkZ2UuY29tIn0.f1Huh_yWSesOCXHm-88dxu6GgCnSb2GU3JxaOqWWq7q-pNLzT0ShKQF2r59DcSL987YQwmu8DWrzipKvu7AJFpTV0o6-TxoQ017Qqb2J7izLR4TgJQN2yFPRhuNjcnUEoABchJxbJvyoHmze6ZWP9q0DekbP7sZXxgkeW_l9aDaPwTpXYfMoq1rRTNNQO3h-UysobLV1AuCpyLdj91_UOeY452GMWMdFslSbg2rokoj6cMRcKzp1CxjynvBrftlX58YUzxZZXSN8ohUPWvwNPCnFLzLHdzdtu_NbtyyhyHAONOVLicw4BaHMnYbGCBeWFYXRL5Zz07jAadnzZXTJFw" \ 
 -H "App-Id: 1aeKgOrMn24XdsU8K5vgNw" \ 
 -H "App-Secret: YTYP2gAUWcXW3l9wvtMT6w" \ 
 -H "Access-Token: cf3f53fd0422519c4259cbbad9cdd556a5e6e03618a474431823e394b6f1204c98a46609f0606e8920a153665175739cc0174f721b263aeb0838f1a1afef8d3e" \ 
 -H "Client-Request-Id: 17" \ 
 -X GET "/api/v2/accounts/:account_id/transactions"

Example of request parameters

{"data":{"per_page":50,"from_id":165},"exp":1574093211}

Example of response

{"meta":{"time":"2019-11-18T16:04:51.253Z","next_id":1055},"data":[{"id":1054,"account_id":711,"currency_code":"EUR","amount":16.54,"fees":[{}],"description":"Internal transfer.","extra":{},"provider_transaction_id":"614","made_on":"2019-11-18T16:04:51.252Z","status":"posted","category":"transfer","created_at":"2019-11-18T16:04:51.253Z","updated_at":"2019-11-18T16:04:51.253Z"}]}

Request

GET /api/v2/accounts/:account_id/transactions

Headers

Header	Type	Description
`Authorization`	string, required	JSON Web Token containing payload, signed using RSA256 and `application.private_key`. Can raise: AuthorizationMissing
`App-Id`	string, required	Application’s `app_id` from connection details tab. Can raise: OauthAppNotFound, CertificateNotFound
`App-Secret`	string, required	Application’s `app_secret` from connection details tab.
`Access-Token`	string, required	Token for which we are requesting info. Can raise: TokenMissing, TokenNotFound, TokenRevoked, TokenExpired
`Client-Request-Id`	string, optional	Request identifier. If present, it will be returned within `meta` field in response.

Unpacked Request Authorization

data

hash, required

Wrapper for the data.

per_page

integer, optional

Number of transactions that should be returned per request. Values in range between: 1 and 1000 Default value: 20

from_id

integer, optional

Return transactions starting with a specific id. Values greater than: 0

exp

integer, required

The lifetime of the request in timestamp UTC format. Values greater than: Current time.

account_id (path)

integer, required

Account identifier on Salt Edge PSD2 Compliance Solution. Can raise: AccountNotFound

Response

Upon successful request, 200 status code will be returned. See ‘Related Errors’ table for other possibilities.

data

array, required

Wrapper for the data.

integer, required

Transaction identifier on Salt Edge PSD2 Compliance Solution.

account_id

integer, required

Account identifier on Salt Edge PSD2 Compliance Solution.

currency_code

string, required

Transaction currency code in ISO 4217.

amount

float, required

Transaction amount. Negative amounts must be signed by minus.

fees

array, required

List of all fees applied to the given transation.

description

string, required

Transaction description.

extra

hash, optional

Any data relevant to the transaction. Default value: {}

provider_transaction_id

string, required

Transaction identifier on ASPSP side.

made_on

datetime, required

Date on which transaction was processed.

status

string, required

Transaction status. Allowed values: posted, pending

Related Errors

Class	Code	Description
TokenMissing	400	This request cannot be performed without `Access_Token` header.
AuthorizationMissing	401	Authorization header is missing.
TokenNotFound	401	Token specified in request does not exist or cannot be retrieved.
TokenRevoked	401	Token specified in request is revoked and cannot be used anymore.
TokenExpired	401	Token specified in request is expired and cannot be used.
AccountNotFound	404	Account specified in request does not exist or cannot be retrieved.
OauthAppNotFound	404	OAuth Application specified in request does not exist or cannot be retrieved.
CertificateNotFound	404	Certificate has no permissions.