Security

Oauth2

• Authentication and authorisation are based on Oauth2 workflow. Therefore almost every API call from TPP has to have scopes which was granted by PSU

SSL

• All API and user flows uses HTTPS, and no HTTP allowed.
• Every request from TPP must have client certificate which is issued by QWAC certified authorities.