When using the Ebury PSUI as a fallback mechanism for access to the account, a two sided TLS connection must be set-up in order for us to identify you as a TPP. Below you can find a description of this process, for which we follow the existing mTLS standards as described on https://tools.ietf.org/html/rfc5246#section-7.3.
The following process applies:
- Place your GET request to the Ebury mTLS endpoint https://contingency.ebury.com
- The Ebury webserver sends its own SSL certificate and will request your client certificate
- Perform the regular certificate checks to verify you are indeed connecting to the Ebury webserver
- Once this verification is done, return your eIDAS QWAC certificate to establish the mTLS connection
- The Ebury webserver will verify the validity of your eIDAS QWAC certificate
- Once all relevant verifications are complete, the mTLS connection is established and a response to your original GET request will be returned
A PSUI sandbox is provided at https://ebo-sandbox.ebury.rocks, in order to test your connection and to build integrations against. Note that this does not require mTLS. For a test login to the sandbox, please contact firstname.lastname@example.org, with the subject “Request for contingency sandbox credentials”.