Access restricted endpoints

To be able to access the restricted.api.shine.fr, you must possess a Qualified Website Authentication Certificate (QWAC) and a Qualified Electronic Seal Certificates (QSEAL) certificate delivered by a Qualified Trust Service Provider as required by the PSD2.

Registration

During your registration, you will be asked to provide both your QWAC and QSEAL certificates.

Mutual TLS Authentication

All API calls done through restricted.api.shine.fr require mutual TLS authentication using your QWAC certificate.

During the TLS handshake, you will be presented with Shine's own QWAC certificate.
Our QWAC certificate has been delivered by CertEurope and the root certificate can be found here https://www.certeurope.fr/chaine-de-confiance/.

HTTP Signature

The request must be signed with your QSEAL certificate according to the draft specification https://datatracker.ietf.org/doc/draft-cavage-http-signatures/.

As of today, our responses, however, are not signed.