What is PSD2 & QSeal certificate (QSealC)?
What is PSD2 & QSeal certificate (QSealC)?
PSD2 (Payment Services Directive II)
- What is it: A European Union directive that updates the legal framework for payment services.
- Purpose:
- Liberalize the payment industry and boost competition
- Enhance the security of payment service users
- Foster innovation in the payments sector
- Clearly define the rights and obligations of payment service providers and users
- What is it: A qualified certificate defined under the EU’s eIDAS Regulation for trust services.
- Purpose:
- Enables its holder (usually a legal entity) to create electronic seals on data.
- Guarantees the integrity (data hasn’t changed) and authenticity (origin can be proven) of the sealed data.
- Allows third parties to verify who sealed the data and that it remains unchanged.
- Provides strong, long-term evidence that the data originated from the entity identified in the certificate.
- Validation: Electronic seals can be validated by anyone, at any time, to ensure authenticity and integrity.
How to send, renew and update PSD2 QSealC?
How to send, renew and update PSD2 QSealC?
Send PSD2 QSealCTo send PSD2 QSealC, please follow this step by step guide.Renew PSD2 QSealCTo renew your PSD2 QSealC, you must contact your PSD2 providerUpdate PSD2 QSealCIn order to update your QSeal certificate, you need to update the
Signature
header which needs to be sent in each API request.Check this page for more details
What are the requirements for QSealC?
What are the requirements for QSealC?
Each request sent by the TPP has to be signed using
http-signature
mechanism which is specified by the following IETF draft-paper.To implement it, please follow this guide.Will the new certificate be accepted automatically, provided that our TPP ID and PSD2 roles remain unchanged?
Will the new certificate be accepted automatically, provided that our TPP ID and PSD2 roles remain unchanged?
Once you’ll get your new QSealC, you’ll need to include it in your API requests by following those guidelines. You can make some tests with your new certificate in our Sandbox environment before deploying the changes in Production.
Will existing AIS consents remain valid after the certificate update?
Will existing AIS consents remain valid after the certificate update?
Yes, existing OAuth consents will remain valid.
Will access to the status of payments that were initiated using the previous certificate be retained?
Will access to the status of payments that were initiated using the previous certificate be retained?
Yes, you will still have access to the payments initiated with the previous license.
To initiate payments, your new license should be a PIS license; otherwise, your API requests will be rejected.
Need to report a bug, request a new feature, or didn’t find your answer? Click here.