Commonly used acronyms


PSD2The European Payment Service Directive
PSPPayment Service Provider.
ASPSPAccount Servicing Payment Service Provider.

When using Triodos APIs, Triodos is the ASPSP.
TPPThird Party Provider.

If you are building an application that uses Triodos APIs, you are the TPP.
QTSPQualified Trust Service Providers can issue QWAC and QSEALC certificates
PSUPayment Service User, i.e. The Triodos account holder.
TenantRefer Modules.
RTSThe PSD2 Regulatory Technical Standard.
SCAStrong Customer Authentication. SCA is defined by the RTS as ‘an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent’ and that ‘protect[s] the confidentiality of the authentication data’.
TLSTransport Layer Security is a cryptographic protocol designed to provide communications security over a computer network.
Mutual TLSMutual TLS authentication refers to two
parties authenticating each other through verifying the provided digital certificate so that both parties are assured of the others' identity.
Qualified Certificate (QC)A QC helps to facilitate secure transactions by providing a legal basis for non-repudiation and authentication of electronic signatures
eIDASA set of standards for electronic identification and trust services for electronic transactions in the European Single Market
QWACA qualified website authentication certificate (QWAC) is a qualified digital certificate under the trust services defined in the eIDAS Regulation.

A QWAC makes it possible to establish a TLS channel with the owner of the certificate, which guarantees confidentiality, integrity and authenticity of all data transferred through the channel.
QSEALA qualified Electronic Seal Certificate is a qualified digital certificate under the trust services defined in the eIDAS Regulation.

A QSEAL certificate makes it possible for the owner of the certificate to create electronic seals on any data. The digital signature technology guarantees the integrity and authenticity of the signed/sealed data.
OAuthRefer References
OpenID ConnectRefer References
NextGenPSD2Refer References
Redirect URIThis is the Authorization Code Flow Redirection URI to which the response will be sent. This URI MUST exactly match one of the Client's pre-registered Redirection URI values.
Sandbox EnvironmentThis is a test environment provided by Triodos that TPPs can use to build and test applications that use our Open Banking API.

QSEALC and QWAC certificates are not required in the Sandbox Environment.
API Test ClientThis is a Test Client which we provide to demonstrate usage of our Open Banking APIs in the Sandbox Environment.
Authorization or Authorisation?Authorization refers to authorization in the context of the OpenID Connect Authorization Code Flow.

Authorisation refers to the authorisation sub-resources of the NextGenPSD2 Xs2a Framework.