Mutual TLS Authentication

Mutual TLS Authentication on  RBBG Sandbox

Kindly be informed that starting from 1st of Aug 2019 our Accounts and Payments API in our Developer portal (Sandbox) will be protected by mutual TLS authentication, with a Qualified Website Authentication Certificate (QWAC) issued to the TPP by a QTSP.

Due to this, we separated the Accounts API from OAuth API, as OAuth API can’t be secured by mTLS. Thus, those will be seen as separate API Products in our developer portal. API subscriptions will be migrated only for the Accounts API and OAuth API will be accessible without subscriptions.

Regarding Payments API products, we separated single payments from the periodic payments. Both APIs products will be accessible without subscriptions.

For more information regarding Subscription plans, please refer to section Subscriptions - IMPORTANT in our Developer Portal

In addition, please, take into account that we will not be able to support test certificates from all the QTSPs within EU, which means that before start using our SB APIs, you should send on our public email address: rbbg.psd2@raiffeisen.bg  a root test certificate issued by the respective QTSP. Based on your email we will implement the root certificate into our Sandbox, send you a confirmation and after this, you will be able to access our Sandbox with the already implemented certificate. In case that you do not have any test certificate, please send us an email and we will support you.

For your information, on the EU website are provided only production certificates (not test certificates):

https://webgate.ec.europa.eu/tl-browser/#/search/type/1