Common API Security

All communication between FI/SP and DIC are based on a client-server model using Two-Way HTTPS for confidentiality, authentication and authorization.

security overview

The active part using the API is named the client and the API provider is named the server.

Description

  1. Authentication of client and service

    We utilize HTTP over TLS with mutual authentication between client and server. Clients autenticates the server using the server certificate and the server authenticate the client using the client certificate.

  2. Authorization of client

    The client certificate used during authentication is used to authorize the client.

  3. Confidentiality

    Confidentiality between the debt information company and financial institutions is secured by HTTP over TLS.

  4. Data integrity

    Data integrity between the debt information company and financial institutions is secured by HTTP over TLS.