Ctrl+K

Onboarding#

TPPs must provide their eIDAS QSEAL client certificate during the onboarding process before starting to integrate with our API.

POST /api/v2/onboarding/signup/#

Creates a new user to start the TPP onboarding process.

Example request:

POST /api/v2/onboarding/signup/ HTTP/1.1
Accept: application/json

{
    "email": "john@example.com",
    "first_name": "John",
    "last_name": "Doe",
    "password": "a-highly-secure-password"
}

Example response:

HTTP/1.1 201 CREATED
Vary: Accept
Content-Type: application/json

{
    "id": "d83da416-2f23-4f74-b366-c2682494f3f5",
    "email": "john@example.com",
    "first_name": "John",
    "last_name": "Doe"
}

cURL command:

curl \
  -H "Content-Type: application/json" \
  -d '{"email":"john@example.com","first_name":"John","last_name":"Doe","password":"a-highly-secure-password"}' \
  https://psd2.holvi.com/api/v2/onboarding/signup/

Status Codes:

  • 201: TPP user successfully created

  • 400: Invalid input

  • 400: User already exists

POST /api/v2/onboarding/login/#

Logs in a TPP user and returns a JWT token to be used for future requests.

Example request:

POST /api/v2/onboarding/login/ HTTP/1.1
Accept: application/json

{
    "email": "john@example.com",
    "password": "a-highly-secure-password"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json

{
    "token_type": "Bearer",
    "id_token": "...",
    "expires_in": 300
}

cURL command:

curl \
  -H "Content-Type: application/json" \
  -d '{"email":"john@example.com","password":"a-highly-secure-password"}' \
  https://psd2.holvi.com/api/v2/onboarding/login/

Response Fields:

  • id_token: JWT token to be used for authentication

  • expires_in: Expiration interval in seconds

Status Codes:

  • 200: TPP user successfully logged in

  • 400: Invalid input

POST /api/v2/onboarding/applications/#

Creates a new TPP application.

Example request:

POST /api/v2/onboarding/applications/ HTTP/1.1
Accept: application/json
Content-Type: multipart/form-data

--boundary
Content-Disposition: form-data; name="client_certificate"; filename="client-certificate.pem"
Content-Type: application/x-pem-file

[contents of client-certificate.pem]
--boundary
Content-Disposition: form-data; name="organisation_name"

Example Organization v2
--boundary
Content-Disposition: form-data; name="organisation_url"

https://www.example.com/
--boundary
Content-Disposition: form-data; name="allowed_redirect_uris"

["https://example.com/callback", "example://callback"]
--boundary--

Example response:

HTTP/1.1 201 CREATED
Vary: Accept
Content-Type: application/json

{
    "id": "6656d2df-8297-4802-847b-e1174395ccc9",
    "organisation_name": "Example Organization v2",
    "organisation_url": "https://www.example.com/",
    "is_approved": false,
    "tpp_client_id": "d83da416-2f23-4f74-b366-c2682494f3f5",
    "tpp_client_secret": "..."
}

cURL command:

curl \
  -H "Content-Type: multipart/form-data" \
  -H "Authorization: Bearer testJWTAccessToken" \
  -F "client_certificate=@path-to-your-client-certificate.pem" \
  -F "organisation_name=Example Organization" \
  -F "organisation_url=https://www.example.com/" \
  https://psd2.holvi.com/api/v2/onboarding/applications/

Parameters:

  • client_certificate: Certificate used for TPP authentication

  • organisation_name: Name of the organisation, used for reviewing purposes

  • organisation_url: URL of the organisation, used for reviewing purposes

  • allowed_redirect_uris: URIs allowed for user authentication redirect

Request Headers:

  • Authorization: JWT token to authenticate

Status Codes:

  • 201: Application successfully created

  • 400: Certificate is already registered

  • 401: Unsuccessful authentication

GET /api/v2/onboarding/applications/#

Lists all TPP applications submitted by the owner of the token.

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json

[
    {
        "id": "0d1fbc44-621b-4ff8-8fc7-a968d0a8b65b",
        "organisation_name": "Example Organization",
        "organisation_url": "https://www.example.com/",
        "is_approved": true,
        "tpp_client_id": "4bae5812c969c0ea5c2453b60c2ee3fa",
        "tpp_client_secret": "..."
    }
]

cURL command:

curl \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer testJWTAccessToken" \
  https://psd2.holvi.com/api/v2/onboarding/applications/

Request Headers:

  • Authorization: JWT token to authenticate

Status Codes:

  • 200: No error

  • 401: Unsuccessful authentication

GET /api/v2/onboarding/applications/(string:application_uuid)/#

Retrieves a TPP application specified by application_uuid.

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json

{
    "id": "0d1fbc44-621b-4ff8-8fc7-a968d0a8b65b",
    "organisation_name": "Example Organization",
    "organisation_url": "https://www.example.com/",
    "is_approved": true,
    "tpp_client_id": "4bae5812c969c0ea5c2453b60c2ee3fa",
    "tpp_client_secret": "..."
}

cURL command:

curl \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer testJWTAccessToken" \
  https://psd2.holvi.com/api/v2/onboarding/applications/0d1fbc44-621b-4ff8-8fc7-a968d0a8b65b/

Parameters:

  • application_uuid: UUID of the TPP application that can be fetched from GET applications

Request Headers:

  • Authorization: JWT token to authenticate

Status Codes:

  • 200: No error

  • 401: Unsuccessful authentication

  • 404: TPP application with the given application_uuid cannot be found

On this page