Connecting to bpost bank's API's is easy and secure. For security, all connections are secured by TLS Mutual Authentication 1.2. The Client Certificate that you have to use is a Qualified Website Authentication Certificate (QWAC). This certificate has to be issued by a qualified trust service provider according to the eIDAS regulation. Additionally, the content of the certificate has to be compliant with the requirements of the EBA-RTS and needs to indicate all the roles that you, as TPP, are authorized to use. During the first connection setup, you will be automatically on-boarded and registered (enrolled) in the bank database. There are no additional steps. Simple! bpost bank want to be sure it's really you who is connecting: therefore you need to present the QWAC certificate at each request that you make to use our API.