Docs

Integration Guide for Developers

A guide for integrating with NewDay APIs and environments using mutual Transport Layer Security protocol.

The information on this page is for authentication with all our APIs except Open Banking. For information on integrating with our Open Banking APIs, see the Open Banking Authentication Guide.

Prerequisites for integration

NewDay follows mutual Transport Layer Security (mTLS) protocol version 1.2 or above for any certificate authentication, so requests must be sent only via HTTPS channels. Each environment will require a separate certificate and will have a seperate URL (e.g., User Acceptance Testing and Production environments).
  1. 1
    For accessing our APIs, you must obtain a certificate that is issued by a publicly trusted Certificate Authority (such as Globalsign/Thawte). This certificate must include the necessary usage attributes for mTLS use (Digital Signature, Key Encipherment). For an overview of mTLS, see a general explaination from Cloudflare here.
  2. 2
    This certificate is used to uniquely identify the caller of our services and should use your domain as the subject with 'newdaytech-mtls.' as the prefix for identification (e.g., newdaytech-mtls.*domain.com*).
  3. 3
    You must provide NewDay with the public key portion of the certificate and the subject name so we can validate requests. You may also be required to provide the calling IP addresses required for allowlisting depending on your product set. All information should be provided through your Account Manager, they will be able to assist with any further questions.

Integration with User Acceptance Testing environment

Client environments are deployed and smoke tested in phases. Your Account Manager can provide information on the status of your environment and which services are available in each environment. Once you have confirmation:
  1. 1
    You include the client certificate in the request header.
  2. 2
    We authenticate the request and validate the certificate.
  3. 3
    You can access the endpoints and verify the response.

Integration with Production environment

As above, client environments are deployed and smoke tested in phases. Your Account Manager can provide information on the status of your environment and which services are available in each environment.
  1. 1
    You include the client certificate in the request header.
  2. 2
    We authenticate the request and validate the certificate.
  3. 3
    You can access the endpoints and verify the response.

NewDay supports two concurrent certificates to ensure seamless transition, avoiding any interruption of service. This provides you with an option to provide next year’s certificate in advance before the expiration of the first certificate. It is important that the Certificate is set so that Enhanced Key Usage is set to TLS Client Authentication.

Still have questions

Can't find the answer to your question? Our friendly team is more than happy to help