Guide
To integrate into the test gate, you must follow these steps:
- Inform gate maintainers that you wish to integrate your platform to the gate
- Generate a certificate signing request and send it to gate maintainers
- Implement integration to gate API
- Implement API for gate
- Configure authentication and gate URL
- Run interoperability tests
Continue reading for more details.
Contact the Gate Maintainers
Contact the gate maintainers by email at support.efti@fintraffic.fi and tell them you wish to integrate to the gate.
You will receive the following information from the developers:
- URL to the Gate API for Platform
- A certificate signing request (CSR) template for your client certificate
- Gate’s client certificate the gate will use for mTLS authentication when calling your API
Generate and Send a CSR for Your Client Certificate
Using the CSR template you received, you may generate the CSR following this example:
openssl x509 -req -new \
-key <private key> \
-config platform-csr-template.cnf \
-out <csr file> \
-subj "/C=<country code>/ST=<state name>/L=<city name>/O=<organisation name>/OU=<organisational unit name>/CN=<platform domain name>"
Please replace the parts between and including angle brackets with appropriate values.
Send to the gate maintainers:
- URL to your Platform API for Gate
- The CSR file
- If you are using a TLS certificate that is not publicly trusted (for example, a self-signed certificate), also send the TLS certificate being used. The gate trusts CA certificates included with Java (OpenJDK).
After a while they will deliver your client certificate to you.
Implement Integration to Gate API
Your platform must be able to send consignment identifiers to the gate. The API provided by the gate is documented by the schema Gate API for Platform.
Implement API for Gate
The gate will send your platform:
- pings
- requests for consignment subsets
- followup notes for consignments.
Your platform must the implement the API as defined by the schema Platform API for Gate.
Configure Authentication and Gate URL
The integration will use Mutual TLS Authentication (mTLS) in both directions. Please configure your platform to:
- Include your client certificate in all requests sent to the gate
- Authenticate incoming requests using the gate’s client certificate
Also configure you platform to send requests to the URL provided by the gate maintainers (“GATE_URL”).
You can test the connection by sending a whoami request to the gate as described in Gate API for Platform.
Interoperability testing
Run interoperability tests to verify that your platform meets all the technical requirements for integration with the
gate.
It should be noted that the tests do not verify any other requirements of the platform, including those defined by
the eFTI regulation.
The API used to run the tests is documented in schema Platform Interoperability API for Platform.
You’ll also need a valid client certificate to start the tests. See the previous sections.
Below is a high-level overview of the interoperability testing process
Starting the tests
Make sure your platform has sent the consignment identifiers to the gate before the tests. You will need the identifier of the eFTI data set (“DATASET_ID”) to proceed with the testing. Furthermore, the same identifier can be reused across multiple test runs.
Start a test run by sending a POST request to the gate’s /v0/test-runs endpoint with the request body described
in Platform Interoperability API for Platform.
A test run consists of multiple tests that are executed sequentially, each testing the different functionalities of the
integration.
There’s no limit on how many times you can start the tests.
curl -X POST <GATE_URL>/v0/test-runs \
--cert platform.pem \
--key platform.key \
-H "Content-Type: application/xml" \
-d '<startTestRunRequest><datasetId>DATASET_ID</datasetId></startTestRunRequest>'
In the response body, you’ll receive a unique test run identifier (“testRunId”) that you can use to retrieve the test results.
Retrieving test results
After starting a test run, you can retrieve the results by sending a GET request to the gate’s
/v0/test-runs/{testRunId} endpoint as described in Platform Interoperability API for Platform.
curl <GATE_URL>/v0/test-runs/<TEST_RUN_ID> \
--cert platform.pem \
--key platform.key
Congratulations! Once all tests have passed, your platform is communicating with the gate correctly.