LogoLogo
Connect
Connect
  • 🏡Welcome to LHV Connect API
  • 📺News and Updates
    • 📈Performance and Stats
    • 🔔Notice of Change
  • 🧭Quick Start Guide
  • 🎥Connect Fundamentals
    • Authentication and Certificates
    • Environments
    • Messaging Pattern
    • Service Provider model
    • Technical limitations
    • Encoding and Languages
    • Response Compression
    • Dates and Time Zones
    • Response Codes and Error handling
    • Onboarding
    • Live Proving
    • LHV UK and Estonia integrations
    • FAQ and Tips
  • 📖Service Catalogue
    • 💚Heartbeat
      • Heartbeat - GET
      • Heartbeat Advanced - GET
    • 📩Messages Services
      • Get next message
      • Get list of messages
      • Get list of messages V2
      • Get message by response ID
      • Count number of messages
      • Mark message as processed
      • Mark batch of messages as processed
      • Mark batch of messages as processed V2
      • Messages Metadata
      • Get compressed message for testing
    • 💰Account Information Services
      • Account Balance
      • Account Statement
      • Transaction Notification
        • Incoming Bacs Credit Notification
    • 💸Payment Initiation Services
      • Pain.001.001.09
      • Pain.002.001.10
      • Samples
      • Authentication methods
      • Payment Scheme Selection
      • Payment Return Initiation
      • Payments Service Idempotency
      • Payments Originating Overseas
      • Legacy documents
        • pain.001.001.03 format
    • ✅Confirmation of Payee Services
      • Confirmation of Payee - Requester
      • Confirmation of Payee - Responder
    • 😶‍🌫️VIBAN Services
      • VIBAN Open
      • VIBAN Bulk Open
      • VIBAN Modify
      • VIBAN Info
      • VIBAN Close
      • VIBAN Notification
    • 🔗Indirect Scheme Access
      • Agency Account Synchronization
      • RTF - Routing Table Files message
      • 🧾Payment Collection Services
        • 💷Bacs Direct Debit
          • Bacs Direct Debit Mandate Initiation Request
          • Bacs Direct Debit Mandate Initiation Response
          • Bacs Direct Debit Mandate Initiation Response Confirmation
          • Bacs Direct Debit Mandate Cancellation Request
          • Bacs Direct Debit Mandate Cancellation Response
          • Direct Debit Incoming Collection Notification Request
          • Direct Debit Collection Notification Response
          • Direct Debit Collection Notification Response Confirmation
          • Direct Debit Reversal Notification Request
          • Examples
    • 📨Webhooks
      • Webhook Format and Processing
      • Managing Webhook Configurations
      • Webhook Security
      • Webhook Metadata
      • Full Bodied Webhooks
  • 🗓️Reference
    • Glossary
    • Code Reference Tables
      • Balance Type Codes
      • Credit and Debit Transaction Codes
      • Payment Scheme Codes
      • Direct Debit Scheme Codes
      • Payment Reject Codes
      • Payment Return Codes
      • Bacs Direct Debit Mandate Reject Codes
      • Bacs Direct Debit Reject Codes
      • Bacs Direct Debit Reversal Reason
      • Bank Transaction Codes
      • Transaction Purpose Codes
      • Category Purpose Codes
      • Private Person Identification Codes
      • Organisation Identification Type Codes
      • Payment Priority Codes
      • Charges Bearer Codes
  • ☎️Support
    • Contact
Powered by GitBook
On this page
  • Introduction
  • Private Connection Certificate
  • New LHV UK issued Certificates and Certificate Authority
  • Public Root Certificate for connect.lhv.com

Was this helpful?

  1. Connect Fundamentals

Authentication and Certificates

Introduction

Authentication with the LHV Connect API is done through mutual TLS (mTLS), which has the following prerequisites in our case:

  • A valid customer agreement with LHV

  • A signed additional Connect agreement

  • A private connection certificate

  • Our LHV Connect certificate

The following certificates are required for authentication with the LHV Connect API.

Private Connection Certificate

The Private Connection Certificate is a certificate for the TLS protocol and it is formed as a PEM -encoded Certificate file with an associated PEM-encoded key. An example is below.

Example PEM-Encoded Certificate

example_cert.pem
-----BEGIN CERTIFICATE-----
MIIDWTCCAkGgAwIBAgIJAK5bIhXvU8pkMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAlVTMREwDwYDVQQIDAhWaXJnaW5pYTEQMA4GA1UEBwwHV2VzdGVybjETMBEG
A1UECgwKQ29tcHV0ZXIgT0MxFTATBgNVBAMMDCoudGVzdC5jb20wHhcNMjAwMzIw
MDkxNjEwWhcNMjEwMzIwMDkxNjEwWjBFMQswCQYDVQQGEwJVUzERMA8GA1UECAwI
VmlyZ2luaWExEDAOBgNVBAcMB1dlc3Rlcm4xEzARBgNVBAoMCkNvbXB1dGVyIE9D
MRUwEwYDVQQDDAxqLnRlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAx0CphuGL6BZFOaFR6vmm0UBF0LcfY3ovAu9GAL75ly4G+PZyjjK99Ab
e1jqLm4BQFGZFmrJ+/qniZeXKnksHNi8TSQpw6NZ0pmPnqg+fCCNXCU15Cfb+dxV
zkvHSPMH23N/BJomJxJNfOfkHSw0GjOM

Example PEM-Encoded Key

example_key.pem
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDHQKmG4YvoFkU5
oVHq+adFARdC3H2N6LwLvRgC++ZcuBvj2co4yvfQG3tY6i5uAUBRmRZqyfv6p4mX
lyp5LBzYvE0kKcOjWdKZj56oPnwgjVwlNeQn2/ncVc5Lx0jzB9tzfwSaJicSTXzn
5B0sNBozjFj/ZPm+BkLQH06TQd6E7qgRr5kKOTvZK9Y14OplI7Y46mLQyA39Yi2p
mf5kX9C1rgdFio2LX18h5WZpUlbEvxIjxQIDAQABAoIBAASvxJ3nL2l/CIFGq3t
Pl0K1kl9T3xkKkQl5+sh2p5JyVOig9FKuGncFbH5jCE0YHmgWf2b8sLvhHN0L8B9
GJz97Lr90ySMqQaWdjC0HdR5P93k8w0zQCRDz9Y6r9FDL+Q0eIGBf2VnfDPUO35S
aJ+hZCS0jp92CUooy7lz2yq3mxtNmKfJqTfTgJ/kiDTkzWugH2T7Vbl3GYm0HesY
+jE3z+9QAdyV66C/Uu64efG89xH53cF66+n7D0aQZJ9XsHAErqoVS0G7UawYzpeQ
9T40A36uLOgkHl61lUxscV3zPwGg+9uyUy1fUDIe/Q28mbkKf0OzJXxUq+5NojhR
E1BVAECgYEA8/Koq3NMr6cERfvU6kMqQpX23YtGB1AjLzd3bcNv2LdI7bBvZpGdF
jv+mPzJc+oQQ3cY+Fr4xxzPlK02O98aKcVPIzUPxu0jP+gCrmtrEadNle9fZQ4Ef
L2sRKE9cOy2W5uQRPubmYAcJftd6QAmUg/kSPBnAVxRhkGgJcVh+FdUCgYEAz4k8
oD0JrJ6A0Lv+uyPCpKo0oQ1m2WnqFsTbJ1Kw2BC71Yb3YcT4P3CmcPH9jxP0RfJj
h5L8A9lE/SbRIG1Vd1yXXrUqCp7S2ys/h2D3H/j6D7uH5nZw3i+oKjBw6FOnuOwK
s9hRT2y4iQVuZ69ZACt+M1oCgYBWTvZsHAEs5wVVurIiZKf2fXXj9cYv1zJXZu2z
r6xTjCsbDcj9LsCljR+g4FeU4fyVunKVY+p3ZgrvMfuKRpuHcW3/w2A9bV2Fc8YJ
I9djV4Cfb+eehCQSLPPqWUOJ30soP6oSZaOX2e7V5ET0Ne+GwHPGYZ57c3fsH9iS
gOqe4QKBgQCc6m1t+KBRXgG7uO2vD/1o+nN7RjVl6dVXs/ovxk51o+iE8wZvGqWZ
eCVsO3TrVEiMIuaFUVbR1T9//hXUq6c2c/brVMyvP7U7QypShCgq1tXpazg20XDC
JF94DVo0kHbbP6YnRZCz/69s4fRY5vPd8jYUCnEQDPhoBHoXcCJW7A==
-----END PRIVATE KEY-----

Purpose

The connection certificate identifies and confirms on the transport layer that messages were sent by a known customer's integration.

Creation

  1. LHV sends the customer necessary instructions for generating the certificate request file (request.csr) and certificate key. Only the customer itself is the owner of the key and responsible for storing it securely.

  2. Customer sends the request file to Connect support team at connect@lhv.com

  3. Our support team sends back the actual certificate. \

New LHV UK issued Certificates and Certificate Authority

We are currently moving to a new LHV UKowned Certificate Authority, the root certificates for which can be found below. Customers will be instructed on when the below root certificates should be used.

LHV Connect Prelive Root Certificate

LHV Connect Production Root Certificate

Public Root Certificate for connect.lhv.com

The Public Root Certificate gives the customer the security that they are communicating with the correct service. We use DigiCert as the root CA.

Our current Connect host root certificate is DigiCert Global Root G2:

PreviousConnect FundamentalsNextEnvironments

Last updated 6 months ago

Was this helpful?

🎥
https://www.digicert.com/kb/digicert-root-certificates.htm
https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem
1KB
connect_prelive.pem
Use this certificate to validate your client certificate for use with Connect Prelive.
1KB
connect.pem
Use this certificate to validate your client certificate for use with Connect Production.