Security
Oauth2
- Authentication and authorisation are based on Oauth2 workflow. Therefore almost every API call from TPP has to have scopes which was granted by PSU
SSL
- All API and user flows uses HTTPS, and no HTTP allowed.
- Every request from TPP must have client certificate which is issued by QWAC certified authorities.