In order to guarantee a secure connection and verify both the server and client identity, a connection to our API can be established only via mutual TLS authentication (mTLS). Therefore, send the QWAC you obtained from the QTSP as part of your digitally signed API request.
Last changes: 09-20-2019
The PSD2 directive works with two kinds of electronic signatures: Qualified Website Certificates (QWACs) and Qualified Certificates for Seals (QCSEALs). Both are issued by Qualified Trust Service Providers (QTSPs) and require the same information.
Our integration utilizes the QWAC, which authenticates the entity identity at the transport layer.
You can find your local QTSPs in the European List of Trusted Lists. Just check the QWAC, choose your country, and get the list.
Once an eIDAS certificate has been issued its contents cannot be changed. For example, if a PSP was to change roles a new eIDAS certificate would have to be issued by a QTSP.
The information you need to provide the QTSP with is the following:
- Your Authorization Number
- Your PSD2 role(s) (CBPII/AISP/PISP)
- Name of your NCA
Please contact the Volkswagen Payments S.A. support to register as a TPP. During the course of the registration process you will provide several business information and upload the eIDAS certificate via a secure channel.
In case of a successful validation of your registration, you will receive an api user in a sandbox environment.
Here, you can start to implement and test the corresponding API methods as described in the following sections.
After a due dilligence of your implementation, you will receive an api user with access to the production systems.