Service Provider Onboarding
The onboarding process for each service available on bLink varies depending on the applicant's legal status and role in the process. Service Provider are complex organizations with multiple systems. Therefore, they require closer assistance during the onboarding process and may be supported by an integrator through the testing and integration phases.
The onboarding process for a Service Provider consists of the following steps:
- The process starts with a SP registering for a specific service offered on bLink, such as OpenWealth. The SP is required to provide the directory information and all data necessary to check their conformity to the admission criteria.
- SIX contacts the Service Provider, sets up a negotiation and drives the establishment of a subsequent contract.
- Once the contract has been signed, the SP may be assigned to a SIX integrator and connected to the SIX test environment.
- Prior to a production release, the interested parties must successfully complete a series of acceptance tests. The acceptance tests allow SIX to check if the implementation on the SP side fulfills the specified requirements and whether the integration with SIX is working appropriately. The interested parties must present evidence confirming that the acceptance tests were successfully executed.
- Service Providers must be capable of receiving, processing, and responding to all service calls specified and implemented by SIX. All formats (e.g. JSON, XML) have to be supported by the Service Provider.
- SIX provides a testing environment for the integration tests. Interested parties must provide information about certificates, host addresses and endpoints to connect to the test environment. The subsections below list the details on information that interested parties must provide.
The following sections outline the information a Service Provider must provide to register with bLink, as well as the necessary information to connect to the various system environments. The required information comprises general information (e.g., company name, marketing description, contact information) and technical information (e.g., authentication, base urls, IP addresses).
General Information
Company Information | Details |
---|---|
IID | Primary IID of the Service Provider (used as identification) |
Service Provider ID Test Environment | Unique identification of the SP's test environment assigned by SIX |
Service Provider ID Prod Environment | Unique identification of the SP's production environment assigned by SIX |
Company Name | Company name of the Service Provider |
Company Name Abbreviation | Abbreviation of company name for mobile applications |
Company URL | Website URL of the Service Provider |
Short Description Company* | Short description of the company |
Marketing Description Company* | Marketing description of no more than five bullet points describing the company's claim |
Product Name | Name of the product |
Product Info URL | Website URL of the product |
Short Description Product* | Short description of the product |
Marketing Description Product* | Marketing description of no more than five bullet points describing the product |
Business Contact | Email address and optional phone number for business inquiries |
Technical Contact | Email address and optional phone number for technical inquiries |
Support Contact | Email address and optional phone number for support inquiries |
Company Logo | SVG image of company logo |
Icon | SVG image of company or product icon |
Use cases supported by the SP | List of use cases that the SP supports |
Consent Flows | Type of consent flow supported with corresponding authorization URL of authorization server |
API information for each use case | Details |
API URL Account Information Service (AIS v3) | Specific endpoint for this specific API (following base path) |
API URL Payment Submission Service (PSS v3) | Specific endpoint for this specific API (following base path) |
API URL OpenWealth Custody Services (v2) | Specific endpoint for this specific API (following base path) |
API URL OpenWealth Customer Management (v1) | Specific endpoint for this specific API (following base path) |
API URL OpenWealth Order Placement (v2) | Specific endpoint for this specific API (following base path) |
* These information are deprecated and will be removed with Platform Module V3!
The values are limited to certain amount of characters, which can be look up in the specification of the platform module.
Requirements Logo and Icon
- Format: SVG
- Position: Centered
- Max. Size: 100 KB
Icon specific requirements:
- Shape: Square
- Spacing: Include an additional radius or frame equivalent to 50% of the icon's size to facilitate adaptability to various shapes.
- Background: Ensure the background is white; the surrounding space should either be white or transparent.
Example Icon:
Connectivity information for the SIX test environment
SIX's source IP addresses
SIX's source IP addresses for connecting to SP are identical for test and production environments. These IPs are presented in the table below.
Internet | P2P / Leased Line | SSFN | Data Center | |
---|---|---|---|---|
SIX's Source IP addresses | 153.46.244.84 | 153.46.225.34 | 153.46.41.185 | ZH |
193.247.180.4 | 153.46.229.34 | 153.46.169.185 | LP |
Authentication
Certificate authentication is used for connections from SIX to SP. The following table shows the required certificates that must be used for authentication in the test environment.
Certificate Issuer | O=SwissSign AG, CN= SwissSign Gold CA - G2 |
---|---|
Certificate DN | CN = SwissSign RSA TLS OV ICA 2021 - 1, O = SwissSign AG, C = CH |
Certificate | Supplied in PEM or CRT format |
Information about the SIX test environment
SIX has to provide SP with the information listed in the following table regarding the test environment.
Test Environment - SIX | Internet | P2P / Leased Line | SSFN |
---|---|---|---|
Host Name | api-qa.np.six-group.com | api-qa.np.p2p.six-group.com | api-qa.np.six.ssfn.ch |
API Base URLs | ||
---|---|---|
Service | Base URL for Consent 2.0 | Base URL for Consent 2.0 with CaaS |
Consent - V2 | /api/bankingservices/xe/b-link-consent-2/consent-flow/v2 | /api/bankingservices/xe/b-link/consent-flow/v2 |
Platform - V2 | /api/bankingservices/xe/b-link-consent-2/platform/v2 | /api/bankingservices/xe/b-link/platform/v2 |
Account Information Service - V3 | /api/bankingservices/xe/b-link-consent-2/account-information-service/v3 | /api/bankingservices/xe/b-link/account-information-service/v3 |
Payments Submission Service - V3 | /api/bankingservices/xe/b-link-consent-2/payments-submission-service/v3 | /api/bankingservices/xe/b-link/payments-submission-service/v3 |
Custody Services - V2 | /api/bankingservices/xe/b-link-consent-2/custody-services/v2 | /api/bankingservices/xe/b-link/custody-services/v2 |
Customer Management - V1 | /api/bankingservices/xe/b-link-consent-2/customer-management/v1 | /api/bankingservices/xe/b-link/customer-management/v1 |
Order Placement - V2 | /api/bankingservices/xe/b-link-consent-2/order-placement/v2 | /api/bankingservices/xe/b-link/order-placement/v2 |
Connectivity information for the SP test environment
Authentication
Certificate authentication is also used for connections from SP to SIX. The following table shows the required certificates that must be used for the authentication process in the test environment.
Certificate Issuer | CN of issuer / type of certificate authority used for test environment |
---|---|
Certificates (CA and client cert) | Certificates to be supplied in PEM or CRT format |
Certificate | Check the requirements on the TLS/Certificates page in the Security section |
Information about the SP test environment
SP have to provide SIX with the information listed in the following table regarding the test environment. Please only fill the relevant column based on the network used (Internet, P2P / Leased Line, or SSFN).
Test Environment 1 - SP | ||||
---|---|---|---|---|
Service | Example | Internet | P2P / Leased Line | SSFN |
Target IP-Adress(es) SP | xxx.xxx.xxx.xxx | |||
Target Host name SP | api-test.example.com | |||
API base path | /api/example/api | |||
Auth Server URL | https://api.example.com/oauth/authorize | |||
Token URL | https://api.example.com/oauth/token | |||
UsernameValidation URL | https://api.example.com/oauth/username | |||
Token Revocation URL | https://api.example.com/oauth/revoke | |||
Test Environment 2 - SP | ||||
Service | Example | Internet | P2P / Leased Line | SSFN |
Target IP-Adress(es) SP | xxx.xxx.xxx.xxx | |||
Target Host name SP | api-test.example.com | |||
API base path | /api/example/api | |||
Auth Server URL | https://api.example.com/oauth/authorize | |||
Token URL | https://api.example.com/oauth/token | |||
UsernameValidation URL | https://api.example.com/oauth/username | |||
Token Revocation URL | https://api.example.com/oauth/revoke |
Connectivity information for the SIX production environment
SIX's source IP addresses
SIX's source IP addresses for connecting to SP are identical for test and production environments. These IPs are presented in the table below.
Internet | P2P / Leased Line | SSFN | Data Center | |
---|---|---|---|---|
SIX's Source IP Addresses | 153.46.244.84 | 153.46.225.34 | 153.46.41.185 | ZH |
193.247.180.4 | 153.46.229.34 | 153.46.169.185 | LP |
Authentication
Certificate authentication is used for connections from SIX to SP. The following table shows the required certificates that must be used for authentication in the production environment.
Certificate Issuer | O=SwissSign AG, CN= SwissSign Gold CA - G2 |
---|---|
Certificate DN | CN = SwissSign RSA TLS OV ICA 2021 - 1, O = SwissSign AG, C = CH |
Certificate | Supplied in PEM and CRT format |
Information about the SIX production environment
SIX has to provide SP with the information listed in the following table regarding the test environment.
Production Environment | Internet | P2P / Leased Line | SSFN |
---|---|---|---|
Host Name | api-cert.six-group.com | api-cert.p2p.six-group.com | api.six.ssfn.ch |
API Base URLs | ||
---|---|---|
Service | Base URL for Consent 2.0 | Base URL for Consent 2.0 with CaaS |
Consent - V2 | /api/bankingservices/b-link-consent-2/consent-flow/v2 | /api/bankingservices/b-link/consent-flow/v2 |
Platform - V2 | /api/bankingservices/b-link-consent-2/platform/v2 | /api/bankingservices/b-link/platform/v2 |
Account Information Service - V3 | /api/bankingservices/b-link-consent-2/account-information-service/v3 | /api/bankingservices/b-link/account-information-service/v3 |
Payments Submission Service - V3 | /api/bankingservices/b-link-consent-2/payments-submission-service/v3 | /api/bankingservices/b-link/payments-submission-service/v3 |
Custody Services - V2 | /api/bankingservices/b-link-consent-2/custody-services/v2 | /api/bankingservices/b-link/custody-services/v2 |
Customer Management - V1 | /api/bankingservices/b-link-consent-2/customer-management/v1 | /api/bankingservices/b-link/customer-management/v1 |
Order Placement - V2 | /api/bankingservices/b-link-consent-2/order-placement/v2 | /api/bankingservices/b-link/order-placement/v2 |
Connectivity information for the production environment required from SP to SIX
Authentication
Certificate authentication is also used for connections from SP to SIX. The following table shows the required certificates that must be used for the authentication process in the production environment.
Certificate Issuer | CN of issuer / type of certificate authority used for test environment |
---|---|
Certificates (CA and client cert) | Certificates to be supplied in PEM or CRT format |
Certificate | Check the requirements on the TLS/Certificates page in the Security section |
Information about the SP production environment
SP have to provide SIX with the information listed in the following table regarding the production environment. Please only fill the relevant column based on the network used (Internet, P2P / Leased Line, or SSFN).
Production Environment - SP | ||||
---|---|---|---|---|
Service | Example | Internet | P2P / Leased Line | SSFN |
Target IP-Adress(es) SP | xxx.xxx.xxx.xxx | |||
Target Host name SP | api-test.example.com | |||
API base path | /api/example/api | |||
Auth Server URL | https://api.example.com/oauth/authorize | |||
Token URL | https://api.example.com/oauth/token | |||
UsernameValidation URL | https://api.example.com/oauth/username | |||
Token Revocation URL | https://api.example.com/oauth/revoke |