--- swagger: "2.0" info: description: "API for completing enrollment/onboarding to PSD2 APIs to Member and Service Banks under BEC umbrella. The onboarding step serves to\n1) Verify the identity of the TPP\n2) Establish and verify the TPP's roles with respect to PSD2 (AISP, PISP, CBPII)\n\nThe enrollment API uses the same general format and mechanisms as specified in the Berlin Group XS2A specification. Hence the TPP will need to present a qualified QWAC certificate (which when registered allows the TPP to setup two-way TLS when conecting to the BG XS2A APIs) as well as a QSEAL (which is use by TPP to sign API requests and which gives access to the APIs corresponding to TPP's role (AISP, PISP, CBPII). During enrollment, the certificate are verified against the issuer and the TPP's roles are verified against the live register at PRETA. After successfull enrollment, the TPP will have access to the BG XS2A APIs using the same QWAC and QSEAL.\n\nBy accessing the API, you confirm that you already have status as an authorized TPP - or that your application has been submitted to a local NCA and is pending approval. Only TPPs who can document their authorization status are elegible for support.\n\nPrior to calling the enrollment API, the TPP must\n\n 1) Aquire the required local NCA license to operate as a PISP, AISP or CBPII in Denmark. The license must either be issued by the Danish NCA - or if issued by another NCA, it must be passported to Denmark.\n \n 2) Acquire valid QSEAL and QWAC certificates, which must reflect the TPPs actual roles at the time of enrollment.\n \n 3) Acquire all relevant root and intermediate certificates needed for verifying the certification chain towards the issuer of the QSEAL and QWAC certificates.\n \nAfter these steps, the enrollment API will finalize the TPP onboarding.\n\n**Note about this version of the API** \n\n * **Enrollment API is now available in both sandbox and production**.\n \n * CBPII/PIISP role is currently not supported and is ignored at enrollment time. A TPP with CBPII/PIISP role may be required to repeat enrollment step in order to access Fund Confirmation Services (FCS) API, once it becomes available in production.\n \ \n * The roles specified in the enrollment API call must _exactly_ match the roles listed in the certificate.\n\n**Access to API endpoints**\nSeparate API URL/host endpoints are required for each bank under the BEC Umbrella. Consult the [Environments section](https://apiportal.prod.bec.dk/openbanking/sandbox/environments) for information on URL schemas in production and sandbox environments.\n\nSee list of included ASPSPs and their corresponding urls by following [this link](https://apiportal.prod.bec.dk/openbanking/sandbox/included-aspsps). The X-IBM-Client-Id attribute is not used on production API\n" version: 0.1.1 title: TPP Enrollment API contact: name: BEC PSD2 Support url: https://apiportal.prod.bec.dk/openbanking/sandbox/ email: psd2.support@bec.dk license: name: The API is made available to TPPs who have been authorized for the relevant roles by a NCA - or to TPPs applying to be authorized at a NCA with approval pending. x-ibm-name: tpp-enrollment-api host: psd2apiXX.prod.bec.dk basePath: /eidas/1.0/v1 tags: - name: enrollment description: "" schemes: - https paths: /enrollment: post: tags: - enrollment summary: Perform an enrollment description: "" operationId: addTpp consumes: - application/json produces: - application/json parameters: - in: header name: X-Request-ID type: string required: true format: UUID description: Information about the TPP required to enroll - in: header name: Digest type: string required: true description: Digest of the request body created using either SHA-256 or SHA-512 - in: header name: Signature type: string required: true description: Signature as described under [Description of security flow](https://apiportal.prod.bec.dk/openbanking/sandbox/security-model-and-flows) - in: header name: TPP-Signature-Certificate type: string required: true description: The TPP certificate used for signing the request, in base64 encoding. - in: body name: body description: Information about the TPP required to enroll required: true schema: $ref: '#/definitions/TPP' responses: 201: description: Created 400: description: Bad Request - Please contact support with your request id 500: description: Internal Server Error definitions: QWAC-Certificate: type: object properties: certificate: type: string example: Base64 encoded QWAC certificate string without newlines and -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. This applies for all certificates. cacert: type: string example: Base64 encoded CA certificate string chaincerts: type: array items: type: string example: - cert: Base64 encoded CHAIN certificate string - cert: Base64 encoded CHAIN certificate string QSEAL-Certificate: type: object properties: certificate: type: string example: Base64 encoded QSEAL certificate string cacert: type: string example: Base64 encoded CA certificate string chaincerts: type: array items: type: string example: - cert: Base64 encoded CHAIN certificate string - cert: Base64 encoded CHAIN certificate string TPP: type: object properties: tppid: type: string example: DK-FSA001-63882 commercialname: type: string example: Amazing FinTech roles: type: string example: - PSP_AI - PSP_PI qwaccert: $ref: '#/definitions/QWAC-Certificate' qsealcert: $ref: '#/definitions/QSEAL-Certificate' x-ibm-configuration: testable: false enforced: true phase: realized x-ibm-endpoints: - endpointUrl: https://api.sandbox.openbanking.bec.dk type: - development ...