Are all your communications secure and encrypted both in transit or at rest?

You'll need to implement the use of Electronic Identification Authentication and Trust Services (<a href="/glossarycollection/electronic-identification%2C-authentication-and-trust-services." style="color:#48277C;" target="_blank" title="Electronic Identification Authentication and Trust Services"><u>EIDAS</u></a>) certificates for your messaging and then it's recommended that all communications are TLS secured and that you use the FAPI Connect ID framework for your security.<br/><br/>

In addition you'll probably want to use an HSM to store your TPP access tokens.