From the EPC point of view, you only need one certificate, which is for production. However, when it comes to testing VOP, there are different scenarios depending on your choice to work with an RVM or not.
- If you plan to process VOP via an RVM, you will organise the testing with the RVM.
- If you do not intend to use an RVM, you’ll need to organise the tests yourself.
There are 2 types of tests:
- Voluntary end-to-end tests between friendly competitor VOP participants. This is outside the scope of the EPC. It’s up to the participants to decide how to test and on what environments.
- If you use an RVM, the RVM will typically manage this. They will decide (with the other party) which certificates will be used.
- If you don’t use an RVM, it’s up to you to agree with a friendly competitor how you will test: using a real QWAC or using a self-signed mimicked QWAC.
- Self-certification against the EPC ART (API Reference Toolbox): this is a test platform offered by the EPC where you can validate your VOP API against a set of standard test cases.
- If you use an RVM, then this does not apply to you. The EPC made it mandatory for RVMs to certify their VOP solution on ART. You as a client of the RVM do not need to do that again.
- If you don’t use an RVM, then the EPC invites you to test against ART on a voluntary basis; it is not mandatory. The EPC does however recommend testing your VOP API against ART to mitigate interoperability risks. To connect to ART as VOP Requester, there are 4 options:
- ART can generate a mimicked QWAC test certificate that you can use (recommended)
- You can use your own mimicked QWAC test certificate.
- You can use your production QWAC
- You can use a dedicated test QWAC.