Get more detailed insights using our V3 API for seamless integration with virtually any modern API Gateway. It is designed to support Article 34 of the RTS (EU) 2018/389, enabling you to establish a fully customizable, PSD2 & OBIE-compliant API gatekeeping framework in minutes.
How It Works
An elegant solution to demanding regulations.
Effortless Deployment. Finally, achieve a completely automatic TPP Validation & Confirmation process. Set it up within minutes in any* API Gateway environment. Zero hassle, no extras needed.
Configure once
Simply define your operational regions to start using our service for automatic and real-time TPP Validation & Regulatory confirmation with built-in QTSP verification.
QUERY PARAMETERS
SE, DK, FI, NO
Intercept, Fire & Forget
Use custom filters to intercept incoming requests and pipe incoming TPP Certificates to our endpoint for real-time validation & confirmation of regulatory approvals.
QWAC PEM
QWAC PEM
POST https://api.tppvalidation.com/v3
PSP_PI
PSP_AI
PSP_PI
DK=PSP_AI;
FI=PSP_AI
REVOKED
PSP_PI
SE=PSP_AI,PSP_PI
GOOD
Achieve autonomous PSD2 & OBIE API Gatekeeping
With our refined response system, you can automate acceptances or rejections for entire sessions based on HTTP codes and the new header data introduced in version 3. You’re free to customize and define your own compliance rules—all within the custom API Gateway component, giving you 100% control.
Apply any Compliance Framework with Ease.
Flexible Application of Rules. Implement PSD2 & OBIE regulations in harmony with your current operational workflows. Our system allows for a seamless integration with your compliance department's directives, ensuring that adherence to regulations enhances rather than hinders your processes.
Craft a compliance process that's as unique as your business. With Version 3, it's not just about meeting standards; it's about setting them.
Following First Principles, Less Is Truly More.
Empower Your Gateway, Control Your Compliance. We do the rest.
Streamlined HTTP API
Simple, standardized API Request submitting any Certficiate via a single POST operation per initiated session.
EU Standardized eIDAS validation processing
Issuance - Certificates must be issued by a Qualified Trust Service Provider under eIDAS regulations. The QTSP is responsible for authenticating the certificate requestor's identity to meet eIDAS requirements.
Validation The service automatically checks the certificate's validity, revocation status, and chain of trust to a recognized root certificate.
Compliance - Extensive checks with eIDAS and relevant ETSI standards, ensuring security and legal recognition across the EU.
Live Regulatory Approvals
Instantly access data from 30+ EU regulatory bodies. Our system refreshes in real-time to ensure your compliance framework operates with the latest regulatory approvals.
Low Latency Responses
Experience minimal delay with our high-performance infrastructure. We guarantee quick turnaround on all requests, keeping your operations smooth and efficient.
All in your hands, in your API Gateway.
No need for any dedicated servers or advanced setups. Utilizing the API Gateway you will have total control for whom to let in or reject - all data at hand for very straight forward rejection policies to be added.
// Tyk plugin for validating TPP headers and certificates
function PreInsertHeaderRequest(request, session, config) {
// Extract `header.signature` from the incoming request
const signature = request.headers["signature"];
if (!signature) {
console.log("Signature header missing");
return TykJsResponseFromError(400, "Signature header is required");
}
// Set up the API endpoint and country codes for the POST request
const apiEndpoint = "https://api.tppvalidation.com/v3?cc=SE,DK"; // adjust cc parameter as needed
// Prepare the options for the POST request
const postOptions = {
method: "POST",
headers: {
"Content-Type": "text/plain"
},
body: signature
};
// Execute the POST request and wait for the response
const apiResponse = TykMakeHttpRequest(apiEndpoint, postOptions);
// Check if the response status is 200 OK
if (apiResponse.status !== 200) {
console.log(`Received non-200 status: ${apiResponse.status}`);
return TykJsResponseFromError(apiResponse.status, "TPP Validation failed");
}
// Extract the `x-tpp-entity` and `x-tpp-passports` headers from the response
const xTppEntity = apiResponse.headers["x-tpp-entity"];
const xTppPassports = apiResponse.headers["x-tpp-passports"];
if (!xTppEntity || !xTppPassports) {
console.log("Missing required x-tpp- headers in the response");
return TykJsResponseFromError(400, "Invalid TPP Validation response");
}
// Validate that `x-tpp-entity` is listed in `x-tpp-passports` and matches country codes
const countryCodes = ["SE", "DK"]; // Update as per the original request `cc` parameter
const passportEntries = xTppPassports.split(";");
let validationPassed = true;
countryCodes.forEach((cc) => {
const expectedEntry = `${cc}=${xTppEntity}`;
if (!passportEntries.includes(expectedEntry)) {
validationPassed = false;
console.log(`Mismatch for country code ${cc}: expected ${expectedEntry}`);
}
});
// If validation fails, return a 403 response
if (!validationPassed) {
return TykJsResponseFromError(403, "TPP Entity and Passport validation failed");
}
// Proceed with the request if validation passes
return request;
}
// Export the function for Tyk to use
module.exports = {
PreInsertHeaderRequest
};
Access detailed logs with traceability records, using our Audit API endpoint.
Each response generated by our service is underpinned by our built-in traceability to authoritative regulatory sources, ensuring compliance and accountability.
Review, analyze, and verify with ease. Every transaction, every update, captured for any future needs.