Glossary
This is a glossary of frequently used terms and abbreviations found throughout this site.
| Term / Abbreviation | Description |
|---|---|
| API | Application Programming Interface. |
| CSR | Certificate Singing Request. |
| DCR | Dynamic Client Registration. |
| Encipherment Certificate | A certificate issued by HK POST used for signing API's request data, also known as a Signing Certificate. |
| JWKS | JSON Web Key Set is a set of key which contain the public keys used to verify any JSON Web Token (JWT) issued by the authorization server and signed. |
| MTLS | Mutual Transport Layer Security (MTLS). |
| Organisational Certificate | A certificate issued by HK POST used by the API Client for mTLS authentication, also known as a Transport Certificate. |
| QSEAL | Used for signing APIs request data, also known as a Signing Certificate. |
| QWAC | Used by the API Client for mTLS authentication, also known as a Transport Certificate. |
| SSA | Software Statement Assertion's (SSA) are part of the OAuth 2.0 Dynamic Client Registration (DCR) protocol. Allowing OAuth clients to be registered and created automatically upon receiving an item of proof (SSA). |
| Third Party Developer | Refers to the entity that is consuming the API and represents the generic term used to refer to TSPs TPPs, Partners or Customers accessing HSBC's APIs. |
| TLS | Transport Layer Security. |
| Transport Certificate | Used by the API Client for mTLS authentication. QWAC and Organisational certificates are examples of signing certificates. |
| TPP | Third Party Provider. |
| TSP | Third Party Service Provider. |
| Signing Certificate | Used for signing APIs request data. QSEAL and Encipherment certificates are examples of signing certificates. |