Glossary

This is a glossary of frequently used terms and abbreviations found throughout this site.

Term / Abbreviation Description
API Application Programming Interface.
CSR Certificate Singing Request.
DCR Dynamic Client Registration.
Encipherment Certificate A certificate issued by HK POST used for signing API's request data, also known as a Signing Certificate.
JWKS JSON Web Key Set is a set of key which contain the public keys used to verify any JSON Web Token (JWT) issued by the authorization server and signed.
MTLS Mutual Transport Layer Security (MTLS).
Organisational Certificate A certificate issued by HK POST used by the API Client for mTLS authentication, also known as a Transport Certificate.
QSEAL Used for signing APIs request data, also known as a Signing Certificate.
QWAC Used by the API Client for mTLS authentication, also known as a Transport Certificate.
SSA Software Statement Assertion's (SSA) are part of the OAuth 2.0 Dynamic Client Registration (DCR) protocol. Allowing OAuth clients to be registered and created automatically upon receiving an item of proof (SSA).
Third Party Developer Refers to the entity that is consuming the API and represents the generic term used to refer to TSPs TPPs, Partners or Customers accessing HSBC's APIs.
TLS Transport Layer Security.
Transport Certificate Used by the API Client for mTLS authentication. QWAC and Organisational certificates are examples of signing certificates.
TPP Third Party Provider.
TSP Third Party Service Provider.
Signing Certificate Used for signing APIs request data. QSEAL and Encipherment certificates are examples of signing certificates.