When using the Ebury PSUI as a fallback mechanism for access to the account, a two sided TLS connection must be set-up in order for us to identify you as a TPP. Below you can find a description of this process, for which we follow the existing mTLS standards as described on https://tools.ietf.org/html/rfc5246#section-7.3

The following process applies:

  • Place your GET request to the Ebury mTLS endpoint https://contingency.ebury.com 
  • The Ebury webserver sends its own SSL certificate and will request your client certificate
  • Perform the regular certificate checks to verify you are indeed connecting to the Ebury webserver 
  • Once this verification is done, return your eIDAS QWAC certificate to establish the mTLS connection
  • The Ebury webserver will verify the validity of your eIDAS QWAC certificate
  • Once all relevant verifications are complete, the mTLS connection is established and a response to your original GET request will be returned

A PSUI sandbox is provided at https://ebo-sandbox.ebury.rocks, in order to test your connection and to build integrations against. Note that this does not require mTLS. For a test login to the sandbox, please contact api@ebury.com, with the subject “Request for contingency sandbox credentials”.

Did this answer your question?