To be able to access the restricted.api.shine.fr, you must possess a Qualified Website Authentication Certificate (QWAC) and a Qualified Electronic Seal Certificates (QSEAL) certificate delivered by a Qualified Trust Service Provider as required by the PSD2.
During your registration, you will be asked to provide both your QWAC and QSEAL certificates.
All API calls done through restricted.api.shine.fr require mutual TLS authentication using your QWAC certificate.
During the TLS handshake, you will be presented with Shine's own QWAC certificate.
Our QWAC certificate has been delivered by CertEurope and the root certificate can be found here https://www.certeurope.fr/chaine-de-confiance/.
The request must be signed with your QSEAL certificate according to the draft specification https://datatracker.ietf.org/doc/draft-cavage-http-signatures/.
As of today, our responses, however, are not signed.
Updated about 3 years ago