Server Configuration

Configuration options for the fourbics EBICS Server.

This guide covers the configuration options for the fourbics EBICS Server, describing what can be configured and how the server behaves with different settings.

Protocol Configuration

EBICS Version Support

The server can be configured to support specific EBICS protocol versions:

Version	Specification	Features
H006	EBICS V3.0.2	BTF, A006 signatures, latest security
H005	EBICS V3.0	BTF, A006 signatures
H004	EBICS V2.5	Legacy FUL/FDL, A005 signatures
H003	EBICS V2.4	Legacy, different namespace

You can configure:

Default version for new connections
Which versions are supported
Whether to allow legacy versions

Transaction Settings

Setting	Description	Typical Value
Segment Size	Maximum bytes per segment	1 MB (1,048,576)
Transaction Timeout	How long transactions remain valid	1 hour
Max Recovery Attempts	Retry limit for failed transactions	3
Concurrent Transactions	Max active transactions per subscriber	10

VEU Settings

Setting	Description	Typical Value
VEU Enabled	Whether distributed signatures are supported	Yes
Order Expiry	How long VEU orders remain valid	14 days
Max Signatures	Maximum signatures per order	10

Security Configuration

Cryptographic Settings

Setting	Description	Recommended
Minimum Key Length	Smallest RSA key accepted	2048 bits
Maximum Key Length	Largest RSA key accepted	4096 bits
Signature Algorithm	For A005/A006	RSA-SHA256
Encryption Algorithm	For E002	AES-128-CBC
Hash Algorithm	For all hashing	SHA-256

HSM Configuration

For production environments, Hardware Security Module integration is recommended:

Setting	Description
HSM Enabled	Whether to use HSM for key storage
HSM Provider	HSM vendor/type
HSM Slot	Which HSM slot to use
Library Path	Path to HSM PKCS#11 library

When HSM is enabled:

Bank keys are generated within the HSM
Private keys never leave the HSM
All signing operations are performed by the HSM

Rate Limiting

Protect against abuse with configurable rate limits:

Setting	Description	Typical Value
Requests per Minute	Per subscriber	60
Requests per Hour	Per subscriber	1000
Failed Auth Lockout	Failures before lockout	5

TLS Configuration

The server requires TLS 1.2 or higher. Recommended settings:

Setting	Recommendation
Minimum TLS Version	TLS 1.2
Cipher Suites	ECDHE with AES-GCM
Client Certificates	Optional (for additional security)

Host Configuration

Each EBICS host can be configured with:

Setting	Description
Host ID	Unique identifier for this host
Display Name	Human-readable name
URL	Public endpoint URL
Supported Versions	Which EBICS versions this host accepts
Supported Languages	For error messages (en, de, fr)
Max Order Data Size	Largest order accepted
Recovery Enabled	Whether transaction recovery is supported

Order Type Configuration

Control which order types are available:

Key Management Orders

Order Type	Description	Can Disable
HEV	Version query	No
INI	Signature key init	No
HIA	Auth/Enc key init	No
HPB	Bank key download	No
H3K	Certificate init	Yes
PUB	Signature key update	Yes
HCA	Auth/Enc key update	Yes
HCS	All keys update	Yes
SPR	Subscriber suspension	Yes

Administrative Orders

Order Type	Description	Can Disable
HTD	Subscriber info	No
HKD	Customer info	Yes
HAA	Available order types	No
HPD	Bank parameters	No
HAC	Acknowledgement	Yes

Business Orders

Order Type	Description	Can Disable
BTU	Business upload (H005/H006)	No
BTD	Business download (H005/H006)	No
FUL	File upload (legacy)	Yes
FDL	File download (legacy)	Yes

VEU Orders

Order Type	Description	Can Disable
HVU	VEU overview (unsigned)	Yes
HVZ	VEU overview (signed)	Yes
HVD	VEU order details	Yes
HVT	VEU transaction details	Yes
HVE	Add VEU signature	Yes
HVS	Cancel VEU order	Yes

BTF Configuration

For H005/H006, configure which Business Transaction Format services are supported:

Upload Services

Service	Description	Message Types
SCT	SEPA Credit Transfer	pain.001
SDD	SEPA Direct Debit	pain.008
SCI	SEPA Credit Instant	pain.001
XCT	Cross-border Transfer	pain.001

Download Services

Service	Description	Message Types
STM	Statement	camt.053, MT940
EOP	End of Period Statement	camt.053
VMK	Intraday Statement	camt.052, MT942
REP	Payment Status	pain.002

Scopes

Configure which geographic/regulatory scopes are supported:

Scope	Description
DE	Germany
AT	Austria
CH	Switzerland
FR	France
Generic	No specific scope

Audit Configuration

Logging Settings

Setting	Description	Recommendation
Log Requests	Store request XML	Yes (sanitized)
Log Responses	Store response XML	Yes (sanitized)
Retention Period	How long to keep logs	365 days minimum

What Gets Logged

All EBICS requests and responses (with sensitive data masked)
Authentication successes and failures
Key management operations
Order processing events
Administrative actions
Security-relevant events

Integration Configuration

Core Banking Integration

Configure how the server connects to core banking systems:

Setting	Description
Integration Type	REST API, SOAP, Message Queue
Endpoint URL	Core banking system URL
Authentication	API key, OAuth, certificates
Timeout	Request timeout
Retry Attempts	Retries on failure

Order Processing

Setting	Description
Async Processing	Queue orders for background processing
Processing Queue	Which queue to use
Max Processing Time	Timeout for order processing

Environment-Specific Settings

Development

All protocol versions enabled
Relaxed rate limits
Verbose logging
Test keys allowed

Production

Only required protocol versions
Strict rate limits
HSM required for bank keys
Audit logging enabled
TLS 1.2+ enforced