Security

As a trusted partner of the largest financial institutions around the world, we maintain a secure and trusted environment for your operations. Authentication, authorization and message integrity of requests between you and Worldline are guaranteed through three different mechanisms:

Transport Level Security (TLS), encrypts data to secure communication over networks.
Access Tokens:
- to connect to Open Banking Solution. These tokens are requested by the Initiating Party as the preliminary step before making any other API calls towards the Open Banking Service. The Open Banking service validates the Initiating Party's identity with this token. We support Access token v1 and Access token v2. The table below describes which token version can be used for which product/scope.
  
  Product (scope to be used when requesting the token)
  Access token
  Version 1
  Access token
  Version 2
  Payment (PIS)
  ✓
  
  Data (AIS)
  ✓
  
  IDEAL 2.0 (IDEAL)
  ✓
  
  Verification of Payee (VOP)
  ✓
  Wero (WERO)
  ✓
- to receive notifications from the Open Banking Solution. This notification token is set by the Initiating Party in the back office portal. This is received by the Initiating Party in the authorization header of the notification request sent by the Open Banking Service, and can be used to validate the Open Banking Service's identity.
Digital Signatures, authenticate the integrity and origin of digital messages

Product (scope to be used when requesting the token)	Access token Version 1	Access token Version 2
Payment (PIS)	✓
Data (AIS)	✓
IDEAL 2.0 (IDEAL)	✓
Verification of Payee (VOP)		✓
Wero (WERO)		✓

More details about each security mechanism can be found in the respective sections.

Testing security mechanisms

We provide 2 testing environments:

Sandbox
Sandbox environment helps to assess the functional aspects of our APIs, therefore security mechanisms are mostly by-passed. To access this environment you need to log in to the developer portal and follow the testing scenarios (quick link to payment and data testing scenarios in sandbox).
Test environment
Once you signed the contract with Worldline and started integrating Open Banking APIs, you will get access to a dedicated testing environment where the complete set of security mechanism is applicable.