The API Response ⬅️
Minimal. Structured. Actionable.
We return one of the smallest, most meaningful JSON responses in fintech — designed for speed, auditability, and seamless integration.
JSON Response Body
Field | Description |
|---|---|
organizationIdentifier | The NCA-assigned organization identifier for the TPP, typically formatted as |
serialNumber | The unique serial number of the eIDAS certificate. |
timestamp | Service Traceability Timestamp: The Unix timestamp (in milliseconds) indicating when this validation request was processed. |
HTTP Status Codes
Status | Meaning |
|---|---|
200 OK | Certificate successfully validated and regulatory compliance confirmed across all requested jurisdictions. |
422 Unprocessable Entity | Validation failed — certificate is syntactically valid but semantically rejected (e.g., expired, revoked, not registered, missing passporting). |
Response Headers
All responses include standardized, machine-readable headers for automation and compliance logging.
On Success (200 OK)
Header | Description |
|---|---|
x-tpp-cert | TPP role(s) from certificate (e.g., PSP_AS, PSP_PI, PSP_AI) |
x-tpp-entity | Legal entity type per EBA (e.g., CRD_CRE_INS = Credit Institution, PSD_PI = Payments Institution) |
x-tpp-identifier | Unique TPP identifier for traceability requests to Audit API |
x-tpp-latest | Latest certificate validation and update from NCA/EBA register |
x-tpp-notafter | Certificate expiry (notAfter) in ISO 8601 |
x-tpp-passports | Confirmed passporting rights per jurisdiction FR=PSP_AI,PSP_PI;IT=PSP_AI,PSP_PI |
Note on
x-tpp-passports: This header is formatted as a semi-colon-separated list ofJurisdiction=Role1,Role2pairs.
On Failure (422 Unprocessable Entity)
Header | Description |
|---|---|
x-tpp-reason | One or more comma-separated rejection codes Examples: certificateExpired, revoked, withdrawn (date), missingPassporting |
Example: Full Success Response
.see also