By collaborating with Ibanity, your application is never directly connected to the ASPSPs. We create a developer account on the developer portal of each ASPSPs on your behalf, and we secure the communications with the ASPSPs with your own certificates (QWAC & QsealC delivered by a QTSP following your licensing process). For that purpose, we need to store the related private keys in our secure infrastructure.
To establish a secured communication channel with Ibanity (HTTPS with mutual authentication), you must use the certificate signed and delivered to you by Ibanity during the on-boarding process. For your live applications, you should also sign all your requests to Ibanity with a second certificate.
Here is an overview picture depicting the implementation of the above principles: