Global customer access controls
From 1st January 2021, we made changes to which third-parties are able to access Revolut customer data across the globe. This depends on the type of certificate held, the regulator of the third-party and the type of endpoints used.
For those that are in possession of both OBIE and eIDAS certificates, please read the below carefully before deciding which certificate to use for your integration.
For Revolut Partners, all functionality is available. Please reach out for further details.
| Regions | Revolut Entity | Certificate Type | Scopes |
|---|---|---|---|
| UK, CH | Revolut LTD | OBIE, eIDAS* | Accounts, Payments |
| EEA | Revolut Bank UAB (EEA customers) | eIDAS | |
| Revolut Bank UAB (Irish Branch) | |||
| Revolut France Succursale De Revolut Bank UAB (French Branch) | |||
| Revolut Bank UAB Sucursal En España (Spanish Branch) | |||
| Revolut Bank UAB (Netherlands Branch) | |||
| Other | Revolut Technologies Singapore Pte Ltd | OBIE, eIDAS | Accounts |
| Revolut Technologies Inc. US |
*Third-party providers who possess the eIDAS certificate under the authorisation of the FCA are granted access to customer data originating from the UK.
Certificate types
Depending on the provider of your certificates, you will be issued two types of signing and transport certificates:
| Certificate type | Certificate Authority (CA) | Transport certificate | Signing certificate |
|---|---|---|---|
| OBIE | Open Banking Limited (OBIE) | OBWAC | OBSeal |
| eIDAS | EU QTSPs | QWAC | QSeal |
OBIE certificates
When using Open Banking Limited as your certificate issuer, you must obtain an OBWAC (transport) certificate and an OBSeal (signing) certificate. Note that legacy OBTransport and OBSigning certificates are no longer supported.
eIDAS certificates
If your certificate issuer is a Qualified Trust Service Provider (QTSP) from the EU, you must obtain a QWAC (transport) certificate and a QSeal (signing) certificate. Please check that the following criteria are met by your certificates to ensure they are accepted by our certificate validation process:
- The certificate issuer of your transport and signing certificates is listed in the EU/EEA Trusted List as a QTSP for
QWAC(Qualified Website Authentication Certificate) andQCert for ESeal(Qualified Certificate for Electronic Seal) respectively. - Your roles (AISP and/or PISP) are correctly stated in the
qcStatementsection of your certificate. - Every certificate in the certificate chain contains either CRL or OCSP values to allow for automated certificate revocation checks in compliance with paragraphs 4.3.11 and 4.4.1 of the ETSI EN 319 412-2.
- The signing algorithm used in every certificate within the certificate chain is SHA256 or higher.
You can check for potential issues with your eIDAS certificates using the EU certificate validator tool.