Software Statement Assertions (SSA) and Access Tokens
Open Banking Issued Certificates
There are three different types of certificates issued by the Open Banking directory:
To access the NewDay Open Banking APIs, you will need to make sure you have set up your transport certificate accordingly. The NewDay Open Banking APIs endpoints use certificates issued by the Open Banking Certificate authority which will need to be trusted by your application. It is strongly recommended not to implement Certificate pinning against these certificates unless you have a mechanism to automatically update the pinned certificates as the certificates expire every 12 months and will be replaced without notice.
The Sandbox API endpoints do not enforce Mutual Authentication TLS (MATLS), neither do the OAuth Server Authorisation URLs. The OAuth endpoint used to issue access tokens is protected by MATLS. You must use the transport certificate issued to you by the Open Banking Directory to exchange an authorisation code for an access token. NewDay will also ensure the TLS certificate being used matches that of the Software Statement used to onboard the authenticating OAuth client.