Web Services

What’s new with Web Services.

SHA256 certificate to be adopted

 

OP Financial Group will no longer support the SHA1 certificate and digital signature. They will be replaced with the SHA256 certificate to ensure increasingly safe services to our customers.

If you use the Web Services channel, contact your software provider to check whether your software is up to date, and whether it needs to be updated.

The old SHA1 service will be closed down on 31 August 2025, after which customers must use the SHA256 algorithm. Content will not be transmitted through the Web Services channel from 1 September 2025 if the bank connection software uses the old certificate/TLS encryption protocol.

Make the required changes to your software application requests (ApplicationRequest) and SOAP requests (SOAPRequest) to enable the SHA256 algorithm.

  • SignatureMethod Algorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
  • DigestMethod Algorithm=http://www.w3.org/2001/04/xmlenc#sha256

Correspondingly, response messages are signed using the SHA256 certificate and algorithm.

These changes will not affect the certificate algorithms. The change will not affect the content or terms of corporate payment services or payments in the op.fi service for corporate customers. 

More information about the deployment of SHA256 certificates can be found in the Web Services channel user guide.

Web Services channel user guide >

 

Web Services channel

Web Services is the main channel for sending companies' invoice and payment data and for receiving reconciliation data on incoming payments, as well as bank statements.  

Size of data

In OP Financial Group, the maximum size of data in the Web Services protocol is 100 megabytes without compression. However, OP Financial Group requires the data to be compressed before it is transmitted to the bank. The compression algorithm is GZIP, as specified in RFC 1952. The maximum size of data is 10 megabytes per one transmitted data batch.

Identification

The up-to-date certificates for the Web Services channel are always available on the Certificate service page.

Testing

We recommend that you test new data formats and software versions before their deployment. OP has a customer test environment, which is offered free of charge until further notice. The test environment can be used, provided that the customer's or software provider's banking software supports testable data and the related responses.

To use the customer test environment, the customer must have agreements with the bank on the services that the customer intends to test, such as C2B payment and submission of e-invoices. The party that sends data to the bank via the banking connection must have a Web Services agreement.

To use the customer test environment, the customer must have a separate test certificate for the Web Services channel. The production certificate cannot be used in the customer test environment. The customer can request the transfer keys for the test environment when making the agreement for the Web Services channel or, if required, separately from the account holding branch or phone service for Corporate and Payment Services. The certificate for the test environment can be downloaded with the transfer key as instructed in the Web Services channel user guide. Customers can begin submitting data to the test environment a day after downloading the certificate. An agreement-based customer code, payment identifier and payment accounts will be used in the data submitted to the test environment.

Info functionality ​

The Web Services (WS) channel includes a content type called INFO, which we use to notify exceptional times of receipt of payment data in the WS channel and any service breaks and interruptions, for example. The content is a UTF-8 encoded string – that is, text. The information can be targeted at all WS channel users or at specific bank connection software or specific software versions. The INFO content can be displayed with getFileList, similar to any other content retrieved.