Sandbox environment

Sandbox environment

Note: As of September 2019, the isolated, purely mocked sandbox environment has been replaced by a new environment with support for security solution, consents and SCA flows. The new sandbox still works on mocked data, but the infrastructure now much more resembles the production environment and it allows a TPP to test full E2E integration - including onboarding using EiDAS certificates - prior to moving to production. The old sandbox will be decommisioned. TPPs that have previoously signed up to the portal and created a sandbox subscription, will no longe be able to access the sandbox using client_id and client_secret and old sandbox API endpoint will no longer work. Instead the TPP will need to follow the normal onboarding flow to enroll and register at the sandbox.

 

Sandbox provides a test environment, which allows TPPs to test the full solution including onboarding, certificates, consents, security and SCA-flows, but working on mocked data. Sandbox contains static data for Accounts and Payments and is stateless in the sense, the API's does not persist data.

 

Sandbox implements the same security model based on eIDAS certificates as production. The security context cannot be configured or set up from the developer portal, and access to sandbox APIs does not require signup or subscription from the portal. Refer to the description of production environments for description of URL schemas. For sandbox access, replace psd2api with psd2testapi in the examples.

https://psd2testapi{bank_number}.prod.bec.dk/

Where banknumber is taken from the list of provider banks.

The schema for URL path components is:

/eidas/{api_implementation_version}/{Berlin Group Version}/{endpoint}

Note on certificates:

For licensed TPPs, the real production eIDAS certificates (QWAC + QSEALC) can be used. The production and sandbox environments are kept 100% separated, even when production certificates are used in sandbox. And additionally, within each environment the diferrent banks under the BEC umbrella are also kept 100% separated. Hence, enrollment, consents, account data etc from one environment or bank will neve be able to affect any of the other environments.

 

If its not feasible for TPP to use production certificates in sandbox, or if TPP is not yet fully licensed, but has the application pending at a national FSA, please contact us on becdirekte@bec.dk to arrange for provisioning test certificates for use in the sandbox. If you already have a set of test certificates issued by an official QTSP, also get in touch with us at above email to ensure that QTSPs CA and intermediate certificates are installed on our end.