# Knowledge Base source: https://developer.mastercard.com/open-banking-connect/documentation/tutorials/index.md ## Tutorials {#tutorials}
[AIS Consent Management and Retrieving Account Information and Balances Tutorial](https://developer.mastercard.com/open-banking-connect/tutorial/consent-ais/index.md) [Installing the Insomnia Rest Application](https://github.com/Mastercard/insomnia-plugin-mastercard-auth/blob/master/README.md) [Using OAuth 1.0a to Access Mastercard APIs and Signing Libraries in OAuth 1.0a](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) [Generating and Configuring a Mastercard API Client](https://mstr.cd/2Xqo9o7) ## Certificate management overview {#certificate-management-overview} TPPs must be in a possession of an Open Banking certificate in order to access Open Banking data. This can either be in the form of an electronic identification, authentication and trust services (eIDAS) or Open Banking Implementation Entity (OBIE) certificate. The Open Banking certificate is presented to ASPSPs as part of any instruction/API call, covering initial access to account, through to individual APIs such as payment initiation. Through the certificate, the TPP is in a position to engage with the ASPSP for the requests it is seeking. #### eIDAS certification {#eidas-certification} The chosen method of certification by banks in Europe is eIDAS. Outlined below are some of the critical components that make up eIDAS and how it is used in the context of Mastercard Open Banking Connect. ##### Certificate actors and components {#certificate-actors-and-components} For certificate exchange, there is an existing technology framework in place to enable the use of certificates for website authentication and identity verification and enable secure Access to Account (XS2A) services under the PSD2. The eIDAS certificate is made up of two key parts: * Qualified Web Application Certificate (QWAC) -- Used for authentication between the client (TPP) and the ASPSP. This certificate sets up the mutual authenticated TLS connection * Qualified Seal (QSEAL) -- Used for transaction and data integrity. This certificate is used for message signatures and provides highly secure levels of message security #### OBIE certificates (UK) {#obie-certificates-uk} In the UK market a number of ASPSPs choose to use OBIE, a UK equivalent of eIDAS. OBIE is making OBWAC and OBSEAL certificates available, which are accepted by a number of UK banks. At this time, the list of supporting banks is evolving, but is available on request to the Mastercard Open Banking Support team. #### Certificate issuance and signing {#certificate-issuance-and-signing} Certificates are issued and signed by a Qualified Trusted Service Provider (QTSP), who as part of the issuing process verifies the TPP's identity using various security and onboarding activities. TPPs need to independently approach and liaise with a QTSP directly, prior to engaging with Mastercard. Information on when this needs to be performed will be provided as part of your initial discussions with Mastercard. ## Certificate renewal {#certificate-renewal} TPPS are responsible for the renewal of the certificates and must ensure that any renewals of certificates are completed to ensure no interruption to the service. This should be completed 60-90 days prior to the expiration of the original certificate. The processes shown explain how the process is completed and which activities each party complete. #### UK OBWAC/OBSEAL certificate renewal {#uk-obwacobseal-certificate-renewal} Click on the image to display in full size. ![UK cert renewal](https://static.developer.mastercard.com/content/open-banking-connect/img/certificate-renewal-c.png) #### EU QWAC/QSEAL certificate renewal {#eu-qwacqseal-certificate-renewal} Click on the image to display in full size. ![EU cert renewal](https://static.developer.mastercard.com/content/open-banking-connect/img/certificate-renewal-d.png)