Please also refer to the information in the plugins and properties in the ConfigEditor by clicking on the 
symbol.
According to the STET specification, all TPP requests must be signed. You must therefore enforce the HTTP request signature verification.
To disable HTTP request signature verification (e.g. for step-wise integration or troubleshooting), just configure the "Certificate Token Credential Extractor" instead of the plugin described in this document.