Provides RESTful API, tools, adapters, and connectors for transparent access to open banking API's (for banks that support PSD2 and XS2A as well as HBCI/FinTS)
As xs2a-adapter supports (should support from version 0.0.8) real request signing for Sandbox API, we need to make:
mock-qwac-certificate of Sandbox is complete security bypass, we should drop it.
Sandbox should not use mock-qwac-certificate and profile. It should work with our 'OPBA mocked generated certificate' (requests done from us must be signed and Sandbox should validate the signature)
We need to supply 'OPBA mocked generated certificate' to xs2a-adapter so all requests from us to Sandbox must be signed.
So we generate some certificate, make Sandbox aware of it (to trust it) and sign all requests with it. Unsigned requests must fail.
gatiskalnins
commented
3 years ago
As xs2a-adapter supports (should support from version 0.0.8) real request signing for Sandbox API, we need to make:
So we generate some certificate, make Sandbox aware of it (to trust it) and sign all requests with it. Unsigned requests must fail.