Built by the community
Navigation
Metrics
Program
Service DeskPricingPoliciesDocument RepositoryLive Ecosystem
Developer Docs
TPP — Open Finance StandardsLFI — Integration GuideAPI SpecsKnowledge BaseRelease Notes & Erratas
NewsGitHub
Trust Framework · Certificates

Client Encryption Certificate 2 min read

The Encryption Certificate is used to encrypt data sent to your application — such as event notifications — ensuring only your application can read it.

Purpose
Ensuring only your application can read sensitive data
Usage
Decrypting encrypted responses and event payloads
Required
Optional — required if your application subscribes to receive encrypted events

When an LFI or the platform sends an encrypted payload, it encrypts it using the public key from this certificate. Your application uses the corresponding private key to decrypt it.

Generating Your Encryption Certificate

Follow the Keys & Certificates guide to generate your private key and CSR, then upload the CSR to the Trust Framework to receive your certificate.

When selecting the certificate type during generation, choose Encryption.

Keep your encryption private key stored securely. If it is lost, you will be unable to decrypt any events received during the period the certificate was active. See Secure Management of Keys and Credentials for guidance.