Registration & Connectivity

This section outlines the information required for participants to register with bLink and the details needed to connect to the various system environments.

Registration on bLink

Participants must provide both general and technical information (e.g., authentication, base urls, IP addresses) to register on bLink.

General Information

Company information	Details
Client ID / Provider ID Test Environment	Unique participant ID for the test environment, assigned by SIX
Client ID / Provider ID Prod Environment	Unique participant ID for the production environment, assigned by SIX
Company Name	Company name of the Participant
Company Name Abbreviation	Abbreviation of company name for mobile applications
Company URL	Website URL of the Participant
Product Name	Name of the Product
Product Info URL	Website URL of the Product
Business Contact	Email address and optional phone number for business inquiries
Technical Contact	Email address and optional phone number for technical inquiries
Support Contact	Email address and optional phone number for support inquiries
Logo	SVG image of the company or product logo
Icon	SVG image of the company or product icon
Use Cases	List of use cases used or supported by the participant
Consent Flows	Type of consent flows used or supported by the participant
Consent Flows	Type of consent flows used or supported by the participant

Requirements Logo and Icon

• Format: SVG
• Position: Centered
• Max. Size: 100 KB

Icon specific requirements:

• Shape: Square
• Spacing: Include an additional radius or frame equivalent to 50% of the icon's size for adaptability to various shapes.
• Background: White background; the surrounding space should either be white or transparent.

Example Icon:

Technical Information

The following technical information is required to configure the participant in their respective role on test and production environment.

Role	Type	Technical Information	Details
Service User	Connectivity	Client Certificate	Full-Chain Client Certificate in PEM or CRT format, for authentication with bLink (as per TLS Certificates requirements)
	Consent	ClientCallback Uri(s)	Redirect URI(s) for callbacks from Service Provider to Service User landing page
Service Provider	Connectivity	Network	Network used for connectivity from SIX to Service Provider (Internet, P2P/Leased Line, SSFN
		Client Certificate	Full-Chain Client Certificate in PEM or CRT format,for authentication with bLink (as per TLS Certificates requirements)
		Server Certificate	Full-Chain Server Certificate in PEM or CRT format, for mTLS connection from SIX to SP
		Target IP-Adress(es) SP	Target IP-Adress(es) for DNS entry (Only Applicable for P2P/SSFN)
		Target Hostname SP	Target Hostname with SP
	Consent	Authorization Url	Authorization Server Url/E-Banking login page to initiate consent flow (e.g. https://provider.com/oauth/authorize)
		Token Url	Token Endpoint Url for token request (e.g. https://provider.com/oauth/token)
		UsernameValidation Url (optional)	Optional URL for validating username parameter (e.g., https://provider.com/oauth/username)
		Token Revocation Url	URL to revoke tokens once consent is deleted (e.g., https://provider.com/oauth/revoke)
	Use Cases	API base path(s)	API base paths of supported use case versions (e.g., https://provider.com/api/ais/v4)

INFO

Service Users using Consent-as-a-Service (CaaS) will have the CaaS-specific clientRedirectUri configured, which appears in the bLink Directory and is used for token management. The provided CallbackUri by the Service User is used for callbacks after the consent flow is completed and is not visible in the bLink Directory.

CaaS clientRedirectUri Prod: https://webapp.api.six-group.com/redirect/bankingservices/b-link/v2/api-token

Connectivity information

Once registered with bLink, participants need to establish connectivity to interact with the platform. The following diagram illustrates the overall flow between the involved parties.

Connectivity information for Service User to the bLink test environment

Service Users connect to bLink through the SIX API Gateway. The table below outlines the base paths for the available API modules on the test environments. Service Users are authenticated using a client certificate.

Test Environment - SIX
Host Name	api-qa.np.six-group.com
API Base URLs
Service	Base URL for Consent 2.0	Base URL for Consent 2.0 with CaaS
Consent - V2	/api/bankingservices/xe/b-link-consent-2/consent-flow/v2	/api/bankingservices/xe/b-link/consent-flow/v2
Platform - V3	/api/bankingservices/xe/b-link-consent-2/platform/v3	/api/bankingservices/xe/b-link/platform/v3
Account Information Service - V4	/api/bankingservices/xe/b-link-consent-2/account-information-service/v4	/api/bankingservices/xe/b-link/account-information-service/v4
Payments Submission Service - V4	/api/bankingservices/xe/b-link-consent-2/payments-submission-service/v4	/api/bankingservices/xe/b-link/payments-submission-service/v4
Custody Services - V3	/api/bankingservices/xe/b-link-consent-2/custody-services/v3	/api/bankingservices/xe/b-link/custody-services/v3
Customer Management - V1	/api/bankingservices/xe/b-link-consent-2/customer-management/v1	/api/bankingservices/xe/b-link/customer-management/v1
Order Placement - V2	/api/bankingservices/xe/b-link-consent-2/order-placement/v2	/api/bankingservices/xe/b-link/order-placement/v2

Connectivity information for Service User to the bLink production environment

The table below outlines the base paths for the available API modules on the production environment.

Production Environment
Host Name	api-cert.six-group.com
API Base URLs
Service	Base URL for Consent 2.0	Base URL for Consent 2.0 with CaaS
Consent - V2	/api/bankingservices/b-link-consent-2/consent-flow/v2	/api/bankingservices/b-link/consent-flow/v2
Platform - V3	/api/bankingservices/b-link-consent-2/platform/v3	/api/bankingservices/b-link/platform/v3
Account Information Service - V4	/api/bankingservices/b-link-consent-2/account-information-service/v4	/api/bankingservices/b-link/account-information-service/v4
Payments Submission Service - V4	/api/bankingservices/b-link-consent-2/payments-submission-service/v4	/api/bankingservices/b-link/payments-submission-service/v4
Custody Services - V3	/api/bankingservices/b-link-consent-2/custody-services/v3	/api/bankingservices/b-link/custody-services/v3
Customer Management - V1	/api/bankingservices/b-link-consent-2/customer-management/v1	/api/bankingservices/b-link/customer-management/v1
Order Placement - V2	/api/bankingservices/b-link-consent-2/order-placement/v2	/api/bankingservices/b-link/order-placement/v2

Connectivity information for Service Provider to the bLink environments

Service Provider must establish the following connections to the bLink environment:

• bLink Inbound Connection: Retrieve directory information of participants via the "Platform" API module, according to the paths listed above for Service User.
• bLink Outbound Connection: Established from SIX/bLink to the provider. The connection can be via Internet, P2P/leased Line or SSFN.

	Internet	P2P / Leased Line	SSFN
SIX's Source IP addresses	153.46.244.84	153.46.225.34	153.46.41.185
	193.247.180.4	153.46.229.34	153.46.169.185
Host Name Test	api-qa.np.six-group.com	api-qa.np.p2p.six-group.com	api-qa.np.six.ssfn.ch
Host Name Prod	api-cert.six-group.com	api-cert.p2p.six-group.com	api.six.ssfn.ch

The connection is established via mutual TLS by exchanging and trusting client and server certificate and whitelisting the IP addresses of the counterparty.

SIX connects with the following client certificate to the SP for test and production environment.

Certificate Issuer	O=SwissSign AG, CN= SwissSign Gold CA - G2
Certificate DN	CN = SwissSign RSA TLS OV ICA 2021 - 1, O = SwissSign AG, C = CH
Certificate	Supplied in PEM or CRT format

The certificate chain can be requested by the representatives of the participant.