Keywords:
Connecting to bpost bank's API's is easy and secure.
For security, all connections are secured by TLS Mutual Authentication 1.2.
The Client Certificate that you have to use is a Qualified Website Authentication Certificate (QWAC). This certificate has to be issued by a qualified trust service provider according to the eIDAS regulation.
Additionally, the content of the certificate has to be compliant with the requirements of the EBA-RTS and needs to indicate all the roles that you, as TPP, are authorized to use.
During the first connection setup, you will be automatically on-boarded and registered (enrolled) in the bank database. There are no additional steps. Simple!
bpost bank want to be sure it's really you who is connecting: therefore you need to present the QWAC certificate at each request that you make to use our API.