Glossary
This is a glossary of frequently used terms and abbreviations found throughout this site.
| Term / Abbreviation | Description |
|---|---|
| API | Application Programming Interface. |
| CSR | Certificate Singing Request. |
| DCR | Dynamic Client Registration. |
| Encipherment Certificate | A certificate issued by HK POST used for signing API's request data, also known as a Signing Certificate. |
| JWKS | JSON Web Key Set is a set of key which contain the public keys used to verify any JSON Web Token (JWT) issued by the authorization server and signed. |
| MTLS | Mutual Transport Layer Security (MTLS). |
| Organisational Certificate | A certificate issued by HK POST used by the API Client for mTLS authentication, also known as a Transport Certificate. |
| SSA | Software Statement Assertion's (SSA) are part of the OAuth 2.0 Dynamic Client Registration (DCR) protocol. Allowing OAuth clients to be registered and created automatically upon receiving an item of proof (SSA). |
| Third Party Developer | Refers to the entity that is consuming the API and represents the generic term used to refer to TSPs accessing Hang Seng APIs. |
| TLS | Transport Layer Security. |
| Transport Certificate | Used by the API Client for mTLS authentication. Organisational certificates is an example of signing certificates. |
| TPP | Third Party Provider. |
| TSP | Third Party Service Provider. |
| Signing Certificate | Used for signing APIs request data. Encipherment certificates is an example of signing certificates. |