When using the Ebury PSUI as a fallback mechanism for access to the account, a two sided TLS connection must be set-up in order for us to identify you as a TPP. Below you can find a description of this process, for which we follow the existing mTLS standards as described on https://tools.ietf.org/html/rfc5246#section-7.3.
The following process applies:
Place your GET request to the Ebury mTLS endpoint https://contingency.ebury.com
The Ebury webserver sends its own SSL certificate and will request your client certificate
Perform the regular certificate checks to verify you are indeed connecting to the Ebury webserver
Once this verification is done, return your eIDAS QWAC certificate to establish the mTLS connection
The Ebury webserver will verify the validity of your eIDAS QWAC certificate
Once all relevant verifications are complete, the mTLS connection is established and a response to your original GET request will be returned
A PSUI sandbox is provided at https://ebo-sandbox.ebury.rocks, in order to test your connection and to build integrations against. Note that this does not require mTLS. For a test login to the sandbox, please contact firstname.lastname@example.org, with the subject “Request for contingency sandbox credentials”.