Our PSD2 APIs

PSD2 Client Enrollment

PSD2 Client (TPP) Enrollment api uses the Flattened JWS JSON Serialization format (RFC 7515 section 7.2.2 of IETF). A valid register client request object consists of three components, and the request must contain all required data as explained in the following example:

  • Protected (Header)
  • Payload
  • Signature

Protected Header

The protected header defines the identity of the TPP and must  contain the algorithm and the TPP certificate signed by a QTSP Certificate Authorioty. We support only RS256 algorithm. There are two parameters and their values. The alg parameter must be RS256, and the x5c parameter (RFC 7515 section 4.1.6) must contain only one valid QSeal eIDAS certificate. The certificate must be in Base64 encoded DER format (NOT URL-safe Base64).

Example openssl command to convert PEM certificates to DER format:
openssl x509 -outform der -in certificatename.pem -out certificatename.der

PROTECTED = { "alg": "RS256", "x5c": [BASE64(DER_CONTENT)] } 

Example:

{ "alg": "RS256", "x5c": ["MIIH7DCCBtSgAwIBAgIQEaCRgqygFFTeElcmtQ+cdjANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPDA6BgNVBAMTM0NPTU9ETyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xODA2MjYwMDAwMDBaFw0yMDA2MjUyMzU5NTlaMIIBDTELMAkGA1UEBhMCTkwxDzANBgNVBBETBjMwMTZCQjEVMBMGA1UECBMMWnVpZC1Ib2xsYW5kMRIwEAYDVQQHEwlSb3R0ZXJkYW0xEzARBgNVBAkTClBhcmtsYWFuIDgxKTAnBgNVBAoTIERlbWlyIEhhbGsgQmFuayAoTmVkZXJsYW5kKSBOLlYuMR8wHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MUYwRAYDVQQLEz1Jc3N1ZWQgdGhyb3VnaCBEZW1pciBIYWxrIEJhbmsgKE5lZGVybGFuZCkgTi5WLiBFLVBLSSBNYW5hZ2VyMRkwFwYDVQQLExBNdWx0aS1Eb21haW4gU1NMMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGrn8LO/1ICgwm2NaalgJYkUgO0UQy2BEV+yH/aXeGTeH0BzfVCbAQet9ZNcPX5D/b+Kndz7IV3Lb3+CPs03epkmDtaEO+4zXuX2sjtFY6pnaNa3LCp+YG1zy3xphuf6MdJ1Fa76+Now3Om2m4mWyf9sKPB66MDmRZjx9j21qiQquc9eyD7/GCbwsbA+zPt+Z1j3lIZswaava2L1GrH7MeM3Z4SSF/dkWHhX7JG07Wh96GYxtibVEOTXpPtVDFT5D4pI01OAj0qxSiczSSQfH4qll4dKeh7QXCtlwWyewS6mNBQtfYDn2jERS2pYgE2KatGun2PgncBRrJdubktq2QIDAQABo4IDujCCA7YwHwYDVR0jBBgwFoAUmvMr2s+tT7YvuypISCoStxtCwSQwHQYDVR0OBBYEFOL1qwymS0dHhjvPVzB0QDM7d4N0MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBQBgNVHSAESTBHMDsGDCsGAQQBsjEBAgEDBDArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20weQYDVR0RBHIwcIINKi5kaGJiYW5rLmNvbYIKZGhiYmFuay5iZYILZGhiYmFuay5jb22CCmRoYmJhbmsuZGWCCmRoYmJhbmsubmyCDnd3dy5kaGJiYW5rLmJlgg53d3cuZGhiYmFuay5kZYIOd3d3LmRoYmJhbmsubmwwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB1AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABZDwaa+AAAAQDAEYwRAIgcUzTz+hcgP0aLN2uhZA4fOe72bh2WDZ6pOumih/IMqcCIH0GwxXD3V8SJcE0onCZZIX5UeVUW0hn4jxRVcDTuLAYAHcAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFkPBpsKwAABAMASDBGAiEA5WIPU+VrMPY5lY03b0qLsFLDC4TQyhvP5Qgp4NnhBLQCIQCea1QYvhn9l4jW3966Ex6Viq7bTOBtZKbBYk5m831f3AB2AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZDwabGkAAAQDAEcwRQIhALjO6Wmgkj8/W7crE5IDWGjQHsJJJ4FdKXpR9OMI1jG4AiB58mWzLP5x4BjCH1rviVDAvUWb1vxdQC1CgInRzy3eUzANBgkqhkiG9w0BAQsFAAOCAQEAKOLBIETTtAQn7oR4u1ZjPXkD3vQGiJOAjtwWC0LVDUL2b8aJCvw6ILQ98N1YCreT8yVWc7hofP5rtjnVZrJV5eBKbHCnMLN14+9I0ImI/HdYwJYgpzxYqpXCGSr2Z12IWr4lwtCidJn2Q6MVvvUo+XD4G/k9oNziQCt5I4ez1AGTDeYs3Je+BBbqqLH0OVesFnWdkRZAfuk6tG0A465AHQ+bBuBIzWJZoOuaBhnvflAh43E3G0hU3ly9I7rRznzsMI1KXWVWo9XDARBJYmXtK4zhs4RIsQrbQtlxA98CRY/X7chYJXGQI0m9Ok14B9lH8OzUlujgpRkiZ0SwyEO0Mg=="] }


The Payload

The payload contains additional required information about the TPP. Those are the contact email address (contactEmail) , a secret (secret), and redirect uris (redirectUri). It is possible to send multiple redirect URIs as comma saperated values in the redirectUri field.

PAYLOAD = { "contactEmail": "YOUR_EMAIL", "secret": "YOUR_SECRET","redirectUri":"YourCommaSaperatedRedirectURLs" }

Example:

{ "contactEmail": "you@tppdomain.com", "secret": "AVerySecretValue","redirectUri":"https://myapp.tppdomain.com/return"}


The Signature

The final data that DHB enrollment api expects has two parts. A signing string and a signature. The signing string contains the protected and the payload explained above encoded in URL safe base64.


Signing string

The header and the payload elements of the signing string need to be URL-safe Base64 encoded (RFC 4648) and concatenated with a period (.) in between.

SIGNING_STRING = BASE64URL(PROTECTED) + "." + BASE64URL(PAYLOAD)

eyAiYWxnIjogIlJTMjU2IiwgIng1YyI6IFsiTUlJSDdEQ0NCdFNnQXdJQkFnSVFFYUNSZ3F5Z0ZGVGVFbGNtdFErY2RqQU5CZ2txaGtpRzl3MEJBUXNGQURDQgpsakVMTUFrR0ExVUVCaE1DUjBJeEd6QVpCZ05WQkFnVEVrZHlaV0YwWlhJZ1RXRnVZMmhsYzNSbGNqRVFNQTRHCkExVUVCeE1IVTJGc1ptOXlaREVhTUJnR0ExVUVDaE1SUTA5TlQwUlBJRU5CSUV4cGJXbDBaV1F4UERBNkJnTlYKQkFNVE0wTlBUVTlFVHlCU1UwRWdUM0puWVc1cGVtRjBhVzl1SUZaaGJHbGtZWFJwYjI0Z1UyVmpkWEpsSUZObApjblpsY2lCRFFUQWVGdzB4T0RBMk1qWXdNREF3TURCYUZ3MHlNREEyTWpVeU16VTVOVGxhTUlJQkRURUxNQWtHCkExVUVCaE1DVGt3eER6QU5CZ05WQkJFVEJqTXdNVFpDUWpFVk1CTUdBMVVFQ0JNTVduVnBaQzFJYjJ4c1lXNWsKTVJJd0VBWURWUVFIRXdsU2IzUjBaWEprWVcweEV6QVJCZ05WQkFrVENsQmhjbXRzWVdGdUlEZ3hLVEFuQmdOVgpCQW9USUVSbGJXbHlJRWhoYkdzZ1FtRnVheUFvVG1Wa1pYSnNZVzVrS1NCT0xsWXVNUjh3SFFZRFZRUUxFeFpKCmJtWnZjbTFoZEdsdmJpQlVaV05vYm05c2IyZDVNVVl3UkFZRFZRUUxFejFKYzNOMVpXUWdkR2h5YjNWbmFDQkUKWlcxcGNpQklZV3hySUVKaGJtc2dLRTVsWkdWeWJHRnVaQ2tnVGk1V0xpQkZMVkJMU1NCTllXNWhaMlZ5TVJrdwpGd1lEVlFRTEV4Qk5kV3gwYVMxRWIyMWhhVzRnVTFOTU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQXNHcm44TE8vMUlDZ3dtMk5hYWxnSllrVWdPMFVReTJCRVYreUgvYVhlR1RlSDBCemZWQ2IKQVFldDlaTmNQWDVEL2IrS25kejdJVjNMYjMrQ1BzMDNlcGttRHRhRU8rNHpYdVgyc2p0Rlk2cG5hTmEzTENwKwpZRzF6eTN4cGh1ZjZNZEoxRmE3NitOb3czT20ybTRtV3lmOXNLUEI2Nk1EbVJaang5ajIxcWlRcXVjOWV5RDcvCkdDYndzYkErelB0K1oxajNsSVpzd2FhdmEyTDFHckg3TWVNM1o0U1NGL2RrV0hoWDdKRzA3V2g5NkdZeHRpYlYKRU9UWHBQdFZERlQ1RDRwSTAxT0FqMHF4U2ljelNTUWZINHFsbDRkS2VoN1FYQ3Rsd1d5ZXdTNm1OQlF0ZllEbgoyakVSUzJwWWdFMkthdEd1bjJQZ25jQlJySmR1Ymt0cTJRSURBUUFCbzRJRHVqQ0NBN1l3SHdZRFZSMGpCQmd3CkZvQVVtdk1yMnMrdFQ3WXZ1eXBJU0NvU3R4dEN3U1F3SFFZRFZSME9CQllFRk9MMXF3eW1TMGRIaGp2UFZ6QjAKUURNN2Q0TjBNQTRHQTFVZER3RUIvd1FFQXdJRm9EQU1CZ05WSFJNQkFmOEVBakFBTUIwR0ExVWRKUVFXTUJRRwpDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakJRQmdOVkhTQUVTVEJITURzR0RDc0dBUVFCc2pFQkFnRURCREFyCk1Da0dDQ3NHQVFVRkJ3SUJGaDFvZEhSd2N6b3ZMM05sWTNWeVpTNWpiMjF2Wkc4dVkyOXRMME5RVXpBSUJnWm4KZ1F3QkFnSXdXZ1lEVlIwZkJGTXdVVEJQb0UyZ1M0WkphSFIwY0RvdkwyTnliQzVqYjIxdlpHOWpZUzVqYjIwdgpRMDlOVDBSUFVsTkJUM0puWVc1cGVtRjBhVzl1Vm1Gc2FXUmhkR2x2YmxObFkzVnlaVk5sY25abGNrTkJMbU55CmJEQ0Jpd1lJS3dZQkJRVUhBUUVFZnpCOU1GVUdDQ3NHQVFVRkJ6QUNoa2xvZEhSd09pOHZZM0owTG1OdmJXOWsKYjJOaExtTnZiUzlEVDAxUFJFOVNVMEZQY21kaGJtbDZZWFJwYjI1V1lXeHBaR0YwYVc5dVUyVmpkWEpsVTJWeQpkbVZ5UTBFdVkzSjBNQ1FHQ0NzR0FRVUZCekFCaGhob2RIUndPaTh2YjJOemNDNWpiMjF2Wkc5allTNWpiMjB3CmVRWURWUjBSQkhJd2NJSU5LaTVrYUdKaVlXNXJMbU52YllJS1pHaGlZbUZ1YXk1aVpZSUxaR2hpWW1GdWF5NWoKYjIyQ0NtUm9ZbUpoYm1zdVpHV0NDbVJvWW1KaGJtc3VibXlDRG5kM2R5NWthR0ppWVc1ckxtSmxnZzUzZDNjdQpaR2hpWW1GdWF5NWtaWUlPZDNkM0xtUm9ZbUpoYm1zdWJtd3dnZ0YrQmdvckJnRUVBZFo1QWdRQ0JJSUJiZ1NDCkFXb0JhQUIxQU81THZiZDF6bUM2NFVKcEg2dmhubWFqRDM1ZnNITFlnd0RFZTRsNnFQM0xBQUFCWkR3YWErQUEKQUFRREFFWXdSQUlnY1V6VHoraGNnUDBhTE4ydWhaQTRmT2U3MmJoMldEWjZwT3VtaWgvSU1xY0NJSDBHd3hYRAozVjhTSmNFMG9uQ1paSVg1VWVWVVcwaG40anhSVmNEVHVMQVlBSGNBWHFkeitkOVd3T2UxTmtoOTBFbmdNbnFSCm1neUVvUklTaEJoMWxvRnhSVmdBQUFGa1BCcHNLd0FBQkFNQVNEQkdBaUVBNVdJUFUrVnJNUFk1bFkwM2IwcUwKc0ZMREM0VFF5aHZQNVFncDRObmhCTFFDSVFDZWExUVl2aG45bDRqVzM5NjZFeDZWaXE3YlRPQnRaS2JCWWs1bQo4MzFmM0FCMkFGV0IxTUlXa0RZQlN1b0xtMWM4VS9EQTVEaDRjQ1VJRnkranFoMEhFOU1NQUFBQlpEd2FiR2tBCkFBUURBRWN3UlFJaEFMak82V21na2o4L1c3Y3JFNUlEV0dqUUhzSkpKNEZkS1hwUjlPTUkxakc0QWlCNThtV3oKTFA1eDRCakNIMXJ2aVZEQXZVV2IxdnhkUUMxQ2dJblJ6eTNlVXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQQpLT0xCSUVUVHRBUW43b1I0dTFaalBYa0QzdlFHaUpPQWp0d1dDMExWRFVMMmI4YUpDdnc2SUxROThOMVlDcmVUCjh5VldjN2hvZlA1cnRqblZackpWNWVCS2JIQ25NTE4xNCs5STBJbUkvSGRZd0pZZ3B6eFlxcFhDR1NyMloxMkkKV3I0bHd0Q2lkSm4yUTZNVnZ2VW8rWEQ0Ry9rOW9OemlRQ3Q1STRlejFBR1REZVlzM0plK0JCYnFxTEgwT1ZlcwpGbldka1JaQWZ1azZ0RzBBNDY1QUhRK2JCdUJJeldKWm9PdWFCaG52ZmxBaDQzRTNHMGhVM2x5OUk3clJ6bnpzCk1JMUtYV1ZXbzlYREFSQkpZbVh0SzR6aHM0UklzUXJiUXRseEE5OENSWS9YN2NoWUpYR1FJMG05T2sxNEI5bEgKOE96VWx1amdwUmtpWjBTd3lFTzBNZz09Il0gfQ.eyAiY29udGFjdEVtYWlsIjogInlvdUB0cHBkb21haW4uY29tIiwgInNlY3JldCI6ICJBVmVyeVNlY3JldFZhbHVlIiwicmVkaXJlY3RVcmkiOiJZb3VyQ29tbWFTYXBlcmF0ZWRSZWRpcmVjdFVSTHMifQ


Signing algorithm

We only support RSA with SHA256 as signing algorithm. it is required to use the QSeal eIDAS certificate and its corresponding private key to sign the signing string. An example openssl command to sign a file called signing_sting.txt that contains your SIGNING_STRING is as following:

openssl dgst -sha256 signing_sting.txt > signing_sting.hash
openssl rsautl -sign -inkey privatekeyOfYourQsealCert.pem -keyform PEM -in signing_sting.hash  > signing_sting_sha256.sign

In above example the file signing_sting_sha256.sign contains the signature.


Creating the API request body

Finally create the body of the API request by URL-safe Base64 encoding (RFC 4648) each part of the JWS:

{

    "protected": BASE64URL(PROTECTED),

    "payload":   BASE64URL(PAYLOAD),

    "signature": BASE64URL(SIGNATURE)

}

Example:

{protected:eyAiYWxnIjogIlJTMjU2IiwgIng1YyI6IFsiTUlJSDdEQ0NCdFNnQXdJQkFnSVFFYUNSZ3F5Z0ZGVGVFbGNtdFErY2RqQU5CZ2txaGtpRzl3MEJBUXNGQURDQgpsakVMTUFrR0ExVUVCaE1DUjBJeEd6QVpCZ05WQkFnVEVrZHlaV0YwWlhJZ1RXRnVZMmhsYzNSbGNqRVFNQTRHCkExVUVCeE1IVTJGc1ptOXlaREVhTUJnR0ExVUVDaE1SUTA5TlQwUlBJRU5CSUV4cGJXbDBaV1F4UERBNkJnTlYKQkFNVE0wTlBUVTlFVHlCU1UwRWdUM0puWVc1cGVtRjBhVzl1SUZaaGJHbGtZWFJwYjI0Z1UyVmpkWEpsSUZObApjblpsY2lCRFFUQWVGdzB4T0RBMk1qWXdNREF3TURCYUZ3MHlNREEyTWpVeU16VTVOVGxhTUlJQkRURUxNQWtHCkExVUVCaE1DVGt3eER6QU5CZ05WQkJFVEJqTXdNVFpDUWpFVk1CTUdBMVVFQ0JNTVduVnBaQzFJYjJ4c1lXNWsKTVJJd0VBWURWUVFIRXdsU2IzUjBaWEprWVcweEV6QVJCZ05WQkFrVENsQmhjbXRzWVdGdUlEZ3hLVEFuQmdOVgpCQW9USUVSbGJXbHlJRWhoYkdzZ1FtRnVheUFvVG1Wa1pYSnNZVzVrS1NCT0xsWXVNUjh3SFFZRFZRUUxFeFpKCmJtWnZjbTFoZEdsdmJpQlVaV05vYm05c2IyZDVNVVl3UkFZRFZRUUxFejFKYzNOMVpXUWdkR2h5YjNWbmFDQkUKWlcxcGNpQklZV3hySUVKaGJtc2dLRTVsWkdWeWJHRnVaQ2tnVGk1V0xpQkZMVkJMU1NCTllXNWhaMlZ5TVJrdwpGd1lEVlFRTEV4Qk5kV3gwYVMxRWIyMWhhVzRnVTFOTU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQXNHcm44TE8vMUlDZ3dtMk5hYWxnSllrVWdPMFVReTJCRVYreUgvYVhlR1RlSDBCemZWQ2IKQVFldDlaTmNQWDVEL2IrS25kejdJVjNMYjMrQ1BzMDNlcGttRHRhRU8rNHpYdVgyc2p0Rlk2cG5hTmEzTENwKwpZRzF6eTN4cGh1ZjZNZEoxRmE3NitOb3czT20ybTRtV3lmOXNLUEI2Nk1EbVJaang5ajIxcWlRcXVjOWV5RDcvCkdDYndzYkErelB0K1oxajNsSVpzd2FhdmEyTDFHckg3TWVNM1o0U1NGL2RrV0hoWDdKRzA3V2g5NkdZeHRpYlYKRU9UWHBQdFZERlQ1RDRwSTAxT0FqMHF4U2ljelNTUWZINHFsbDRkS2VoN1FYQ3Rsd1d5ZXdTNm1OQlF0ZllEbgoyakVSUzJwWWdFMkthdEd1bjJQZ25jQlJySmR1Ymt0cTJRSURBUUFCbzRJRHVqQ0NBN1l3SHdZRFZSMGpCQmd3CkZvQVVtdk1yMnMrdFQ3WXZ1eXBJU0NvU3R4dEN3U1F3SFFZRFZSME9CQllFRk9MMXF3eW1TMGRIaGp2UFZ6QjAKUURNN2Q0TjBNQTRHQTFVZER3RUIvd1FFQXdJRm9EQU1CZ05WSFJNQkFmOEVBakFBTUIwR0ExVWRKUVFXTUJRRwpDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakJRQmdOVkhTQUVTVEJITURzR0RDc0dBUVFCc2pFQkFnRURCREFyCk1Da0dDQ3NHQVFVRkJ3SUJGaDFvZEhSd2N6b3ZMM05sWTNWeVpTNWpiMjF2Wkc4dVkyOXRMME5RVXpBSUJnWm4KZ1F3QkFnSXdXZ1lEVlIwZkJGTXdVVEJQb0UyZ1M0WkphSFIwY0RvdkwyTnliQzVqYjIxdlpHOWpZUzVqYjIwdgpRMDlOVDBSUFVsTkJUM0puWVc1cGVtRjBhVzl1Vm1Gc2FXUmhkR2x2YmxObFkzVnlaVk5sY25abGNrTkJMbU55CmJEQ0Jpd1lJS3dZQkJRVUhBUUVFZnpCOU1GVUdDQ3NHQVFVRkJ6QUNoa2xvZEhSd09pOHZZM0owTG1OdmJXOWsKYjJOaExtTnZiUzlEVDAxUFJFOVNVMEZQY21kaGJtbDZZWFJwYjI1V1lXeHBaR0YwYVc5dVUyVmpkWEpsVTJWeQpkbVZ5UTBFdVkzSjBNQ1FHQ0NzR0FRVUZCekFCaGhob2RIUndPaTh2YjJOemNDNWpiMjF2Wkc5allTNWpiMjB3CmVRWURWUjBSQkhJd2NJSU5LaTVrYUdKaVlXNXJMbU52YllJS1pHaGlZbUZ1YXk1aVpZSUxaR2hpWW1GdWF5NWoKYjIyQ0NtUm9ZbUpoYm1zdVpHV0NDbVJvWW1KaGJtc3VibXlDRG5kM2R5NWthR0ppWVc1ckxtSmxnZzUzZDNjdQpaR2hpWW1GdWF5NWtaWUlPZDNkM0xtUm9ZbUpoYm1zdWJtd3dnZ0YrQmdvckJnRUVBZFo1QWdRQ0JJSUJiZ1NDCkFXb0JhQUIxQU81THZiZDF6bUM2NFVKcEg2dmhubWFqRDM1ZnNITFlnd0RFZTRsNnFQM0xBQUFCWkR3YWErQUEKQUFRREFFWXdSQUlnY1V6VHoraGNnUDBhTE4ydWhaQTRmT2U3MmJoMldEWjZwT3VtaWgvSU1xY0NJSDBHd3hYRAozVjhTSmNFMG9uQ1paSVg1VWVWVVcwaG40anhSVmNEVHVMQVlBSGNBWHFkeitkOVd3T2UxTmtoOTBFbmdNbnFSCm1neUVvUklTaEJoMWxvRnhSVmdBQUFGa1BCcHNLd0FBQkFNQVNEQkdBaUVBNVdJUFUrVnJNUFk1bFkwM2IwcUwKc0ZMREM0VFF5aHZQNVFncDRObmhCTFFDSVFDZWExUVl2aG45bDRqVzM5NjZFeDZWaXE3YlRPQnRaS2JCWWs1bQo4MzFmM0FCMkFGV0IxTUlXa0RZQlN1b0xtMWM4VS9EQTVEaDRjQ1VJRnkranFoMEhFOU1NQUFBQlpEd2FiR2tBCkFBUURBRWN3UlFJaEFMak82V21na2o4L1c3Y3JFNUlEV0dqUUhzSkpKNEZkS1hwUjlPTUkxakc0QWlCNThtV3oKTFA1eDRCakNIMXJ2aVZEQXZVV2IxdnhkUUMxQ2dJblJ6eTNlVXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQQpLT0xCSUVUVHRBUW43b1I0dTFaalBYa0QzdlFHaUpPQWp0d1dDMExWRFVMMmI4YUpDdnc2SUxROThOMVlDcmVUCjh5VldjN2hvZlA1cnRqblZackpWNWVCS2JIQ25NTE4xNCs5STBJbUkvSGRZd0pZZ3B6eFlxcFhDR1NyMloxMkkKV3I0bHd0Q2lkSm4yUTZNVnZ2VW8rWEQ0Ry9rOW9OemlRQ3Q1STRlejFBR1REZVlzM0plK0JCYnFxTEgwT1ZlcwpGbldka1JaQWZ1azZ0RzBBNDY1QUhRK2JCdUJJeldKWm9PdWFCaG52ZmxBaDQzRTNHMGhVM2x5OUk3clJ6bnpzCk1JMUtYV1ZXbzlYREFSQkpZbVh0SzR6aHM0UklzUXJiUXRseEE5OENSWS9YN2NoWUpYR1FJMG05T2sxNEI5bEgKOE96VWx1amdwUmtpWjBTd3lFTzBNZz09Il0gfQ,payload:eyAiY29udGFjdEVtYWlsIjogInlvdUB0cHBkb21haW4uY29tIiwgInNlY3JldCI6ICJBVmVyeVNlY3JldFZhbHVlIiwicmVkaXJlY3RVcmkiOiJZb3VyQ29tbWFTYXBlcmF0ZWRSZWRpcmVjdFVSTHMifQ,signature:w4HDkMWTw7HFksOxeMK2PXofasO+w5EnwqwBwrDCv+KAmeKAnMO84oC5wqQkM8Ohw6dmRiZ2w5x0w7vDoHlsw6kYdi08eMOnQwpuwrfDh3HDvTXDs8OIcsOIdkbCj1fDlkxmw6nFk8O1KcOhxbjCj8K0wqsUX8KoK8OPcUzigJTLhm/CtCnDsR3DjcO5HsKdw7MSXUHCtHzDssOKw7TCocKl4oCYxaEJLsOXw7Z/TsOXw6VYQX7DtcOIcsOww6LCo+KAk8K+w73igKJG4oCiIUo6f8Ofw6kCUcKoZyDDnH3Dp+KAonBwGeKAnsK4w70Oy5zDpAzDt8OhwqFKw5DDosO+IMObfMOKH8KnICIwAjzCs8KoRMOVBxPDnC3DpcW9bFTigLnDtMKnOH4MfB3DqMORw7bigJk6XWnDosK/w45sWsOR4oCYw5zDp8Knw5XFvsOdIUTDpSDDhMKhT8OLw58fWAdJw5fCrS3DhxvDol7Dk1kVdGLDl2oK4oSi4oC5LR8hRsKqJDgBw4dHcsOO4oCawrPDk2A}