Here is the procedure to generate the certificates used for mutual TLS between your organization and Qombo.

<aside> ⚠️

If you use the mTLS, please note that the right URIs are: Staging: api-mtls.staging.qombo.tech Production: api-mtls.qombo.tech

</aside>

Receive calls from Qombo

• [ ] Qombo send a CSR.

• [ ] Your organization send back a client certificate signed by your private CA. This certificate will be used to perform calls to your /account-holder endpoint.

• Schema - which certificates are needed?

<aside> ℹ️

How to test

Verify a bank account you own (with the API or the platform). → You should get a response and your account-holder endpoint should have been called.

</aside>

Send calls to Qombo

• [ ] Your organization send a CSR to Qombo.
• [ ] Qombo send back a client certificate signed by our private CA. You must use this certificate to perform calls to Qombo’s endpoints.

<aside> ⚠️

Qombo will check the serial of the certificate on each call to ensure only this one is accepted.

</aside>

• Schema - which certificates are needed?

<aside> ℹ️

How to test

Send a call to /verify with the API to any bank account (do not use the manual form on the platform as the mTLS is bypassed here.) → You should get a response.

</aside>

Share secrets