Holvi PSD2 API
Holvi offers a PSD2-compliant interface for third parties wishing to access Holvi customer accounts. This can only happen if the Third Party Provider (TPP) possess a valid certificate or registration from FINFSA to act as a Payment Service Provider and our customer provides consent. You can find documentation on our interface here.
Please take into consideration that as the customer interface is developed and changed, it will also affect our documentation.
It is required by law to have a valid certificate or to register with FINFSA to use PSD2 interfaces.
In order to make use of the Holvi PSD2 API, the TPP must possess valid eIDAS certificates. Two types of certificates are required:
- QWAC (MTLS cert/key): Transport Layer Security, mutually authenticated TLS
- QSEALC (Signing cert/key): Digital Signatures, i.e. signing JWTs
Holvi does not issue the above certificates. They can be purchased from Qualified Trust Dervice Providers (QTSPs). The European Union maintains a list of Trust Services. Search the list by Type of Service and select "Qualified certificate for electronic seal" and "Qualified certificate for website authentication", and select the countries you are interested in, for example Finland.
More information on certificates at e.g. Open Banking Europe's FAQ.