NextGenPSD2 (Berlin Group) with Airlock Secure Access Hub

This document describes how to use Airlock Gateway (WAF) and IAM to protect a bank's PSD2 APIs using the NextGenPSD2 framework.

Scope of the feature

Airlock IAM only supports the "redirect approach" (also referred to as "redirect authorization protocol" in NextGENPSD2).
The feature stores information about technical clients in the IAM database. LDAP directories are not supported.
IAM provides technical features that allow to meet selected NextGenPSD2 requirements defined at the time the feature was built. It does not provide out-of-the-box configuration templates.

Outline of this documentation

The documentation is split into several sub-pages. It first explains in what way Airlock components are used to protect PSD2 APIs ("Interaction Models") and then describes how the Airlock components must be configured to do so.

Chapter content

12.6.2.1. NextGenPSD2 interaction models

12.6.2.2. Airlock Gateway (WAF) and IAM configuration for NextGenPSD2

12.6.2.3. HTTP request signature verification for NextGenPSD2

12.6.2.4. TPP authentication using client certificates for NextGenPSD2

12.6.2.5. Performance measures (scaling example) for NextGenPSD2 (Airlock IAM)