Everything You Need to Succeed
Comprehensive documentation, technical specifications, compliance guides, and developer resources for the Roksnet Framework ecosystem
Technical documentation • Compliance guides • Developer tools
X-Road Resources
Official X-Road documentation, community resources, and global ecosystem information
Official Documentation
X-Road Global Homepage
Technical Documentation
Architecture Documentation
User Manuals
Developer Resources
RIA X-Road Information
Estonian X-Road Catalog
RIA Homepage
Estonian Data Registries
Security Server Resources
Core Component
Essential documentation, software, and guides for X-Road Security Server installation, configuration, and operation
What is Security Server?
The Security Server is the core technical component that enables organisations to connect to the X-Road data exchange layer. It handles encryption, digital signatures, timestamping, and secure message routing between information systems.
- Free open-source software
- Built-in security by design
- Deploy on your infrastructure
- Production-proven globally
Quick Links
- Download from GitHub
- Security Server Sidecar
- Contact Roksnet Support
Installation
Installation Guides
Software Releases
Sidecar Deployment
System Requirements
Docker Installation
Additional Technical Documentation
Service Resources
Essential documentation, software, and guides for X-Road Security Server installation, configuration, and operation
Member Directory Services
Trust Services
Roksnet Portal
Monitoring Services
Expert Support
Framework Documentation
General guidelines, rules, and procedures for the Roksnet Framework ecosystem
Getting Started
Onboarding Guide
Identity Verification Process
First Steps Checklist
Environment Setup Guide
Self-Service Platform
Platform User Guide
Service Ordering Instructions
Billing & Invoicing
Account Management
Payment Methods
SWIFT/SEPA Transfer Guide
Bank Payment Instructions
Invoice Payment Terms
Subscription Management
Technical Standards
Security Requirements
API Best Practices
Data Format Standards
Integration Guidelines
Frequently Asked Questions
Everything you need to know about the Roksnet Framework, X-Road technology, and our services
X-Road Technology
X-Road is a free and open-source (FOSS) data exchange layer that enables secure, automated, and legally valid data exchange between organisations' information systems. Originally developed in Estonia in 2001, X-Road creates a standardised technical and organizational environment for secure data exchange.
Key characteristics:
- •Distributed architecture: No central database - organisations retain control of their data
- •Peer-to-peer: Direct encrypted connections between Security Servers
- •Security by design: Every transaction is encrypted, signed, and timestamped
- •Technology agnostic: Works with any existing information system
- •Once-only principle: Data collected once can be reused by authorised parties
X-Road is used by 25+ countries worldwide and has proven scalability from national to international implementations:
Full NIIS Members (complete nationwide implementations):
- •Estonia: 100% of state services digital, 2.2B+ transactions, 3,000+ services, 52,000+ organisations connected since 2001
- •Finland: Federated with Estonia for cross-border data exchange since 2018
- •Iceland: Nationwide implementation serving entire population
Partners & Adopters: Ukraine, Japan, Faroe Islands, Namibia, Azerbaijan, Rwanda, Palau, Argentina, Ecuador, and 15+ other nations at various implementation stages.
Traditional API Integration: Point-to-point connections where each organisation builds separate integrations to every partner. As partners increase, complexity grows exponentially (N×(N-1)/2 connections needed).
X-Road Integration: "Integrate once, connect with all" model. Each organisation connects to one Security Server, instantly gaining access to all ecosystem services. Linear complexity (N connections for N participants).
Key differences:
- •Security: X-Road provides built-in encryption, digital signatures, and timestamping. Traditional APIs require custom security per integration.
- •Legal validity: X-Road transactions have built-in non-repudiation and legal proof. Traditional APIs need separate verification layers.
- •Service discovery: X-Road includes automatic service catalog. Traditional APIs require manual partner discovery.
- •Auditability: Complete transaction logging and proof chain included. Traditional APIs need custom audit implementations.
- •Scalability: Linear growth vs exponential complexity as ecosystem expands.
No. X-Road operates on a distributed architecture with no central database. Your data never leaves your control:
- •Data stays with you: All organisational data remains in your own databases and information systems
- •Real-time queries: When authorised parties request data, X-Road routes the query to your system and returns the response directly - no intermediate storage
- •You control access: You decide which data services to expose, who can access them, and under what conditions
- •Peer-to-peer transfer: Data flows directly between Security Servers without intermediate copying
- •Log-only storage: Only transaction metadata (who requested what, when, and whether it succeeded) is logged locally on your Security Server for audit purposes
This architecture ensures digital sovereignty - organisations and nations retain complete control over their data assets while enabling secure interoperability.
Getting Started
Step 1: Understand your role
- •Service Consumer: Want to access data from other organisations (e.g., verify citizen data, check business registry)
- •Service Provider: Want to share your data with authorised organisations (e.g., provide registry data, API access)
- •Both: Most organisations do both - consume and provide services
Step 2: Explore resources
- • Read the X-Road page to understand the technology
- • Review Services page to see what's available
- • Check Pricing to understand costs
- • Watch introductory videos in Self-Service Platform
Step 3: Contact us
Schedule a free consultation call. We'll assess your needs, explain the onboarding process, and provide a customized roadmap. No technical knowledge required for initial discussion.
Yes, but the process is straightforward and designed to ensure ecosystem trust:
What's required:
- •Legal entity verification: Confirm you're a registered organisation (via SWIFT/SEPA payment or EU qualified eSeal)
- •Authorised representative: Person legally authorised to bind the organisation
- •Registration documents: Organisation registration certificate copy
Who gets approved:
- • Government agencies and public sector organisations
- • Private companies (all sizes from startups to enterprises)
- • NGOs and non-profit organisations
- • Research institutions and universities
- • Healthcare providers and financial institutions
Approval timeline: Typically 3-5 business days after submission of complete documentation.
Note: Individual persons cannot join as Members - organisation membership only. Individuals can access X-Road services through organisation portals.
Yes, absolutely. Roksnet Framework includes a free Development environment for every Production service you subscribe to.
Development Environment includes:
- •Free equivalent services: Every Production Member Directory service (Organisation, Security Server, Subsystem) has free Dev equivalent
- •Free Dev certificates: AUTH and SIGN certificates for testing (no Production validity)
- •Isolated environment: Completely separate from Production, no risk to live systems
- •Full functionality: Test all features, integrations, and data flows
Common testing workflow:
- Deploy Security Server in Dev environment
- Connect test information systems
- Develop and test APIs with mock data
- Validate integration with consumer applications
- Perform security and performance testing
- Only then activate Production services
Best practice: Maintain both Dev and Production environments permanently. Use Dev for testing updates, new services, and changes before Production deployment.
Member Directory
Member Directory Services are the registry and catalog that make your organisation, Security Servers, Subsystems, and data services visible and discoverable to other Members in the Roksnet Framework ecosystem.
Think of it as the "phone book" of the ecosystem:
- •Organisation Registration (Membership): Your official identity in the ecosystem (€50/month)
- •Security Server Registration: Your gateway for data exchange (€75/month per server)
- •Subsystem Registration: Connect your information systems (€100/month per subsystem)
Why you need it: Without Member Directory registration, other organisations cannot discover your services or connect with you. Registration enables discoverability, verified trust, centralized service management, and unlimited transactions at no extra cost.
Bonus: Each paid Production service includes a free equivalent in Development environment for testing.
Organisation (Member)
Your legal entity's identity in the ecosystem. Example: "Ministry of Education", "Regional Hospital", "TechCorp Inc."
Enables: Official ecosystem presence, verification of identity, access to dev/prod environments
Security Server
The technical gateway (software component) that handles all secure data exchange for your organisation. Installed on your infrastructure or hosted by a service provider.
Handles: Encryption, authentication, digital signatures, timestamping, logging, message routing
Typical setup: Large organisations may have multiple Security Servers (e.g., one per data center or region). Small organisations typically start with one.
Subsystem
A logical grouping of data services connected to your Security Server. Each subsystem represents an information system, database, or API.
Examples: "PatientRegistry", "VehicleDatabase", "TaxFilingAPI", "CitizenPortal"
Role: Subsystems can provide services (data you share), consume services (data you request), or both simultaneously.
Step 1: Identity Verification
Choose one method:
- •SWIFT/SEPA transfer (€50 fee): Simple bank transfer that proves organisational identity
- •EU qualified eSeal (free): Digital certificate-based verification
Step 2: Application Submission
Submit application with:
- • Authorised representative documentation
- • Organisation registration certificate copy
Step 3: Activate Membership
Once approved, order Organisation Membership (€50/month) through Self-Service Platform. Your organisation becomes visible in the ecosystem.
Step 4: Setup Technical Infrastructure
- • Choose Trust Service Provider and order certificates
- • Install Security Server (on-premises or hosted)
- • Register Security Server in Member Directory
- • Register Subsystems and connect your information systems
Timeline: Identity verification and application approval typically takes 3-5 business days. Technical setup time varies by organisation complexity (1-4 weeks typical).
Trust & Security
Trust Services provide the PKI-based cryptographic infrastructure that makes X-Road transactions secure and legally valid. Every data exchange is encrypted, authenticated, signed, and timestamped using these services.
Required certificates:
AUTH Certificate (Authentication)
Required for each Security Server. Establishes secure TLS connections between Security Servers.
From €100 (1-year) or €13/month
SIGN Certificate (Digital Signature / eSeal)
Organisation-based digital signature. At least one required per organisation. Signs all outgoing messages for legal proof and non-repudiation.
From €175 (1-year) or €22/month
Included free services:
- •OCSP Service: Real-time certificate validity checking (up to 2,232 responses/month per certificate)
- •Timestamp Service: Legal proof of transaction time (up to 44,640 timestamps/month per server)
Bonus: Each paid Production certificate includes a free equivalent for Development environment.
Yes. While Roksnet offers integrated Trust Services that can be ordered directly through the Self-Service Platform, Members can also use Trust Services from other Roksnet-approved providers.
Requirements for alternative providers:
- •Must be approved by Roksnet as compatible with the Framework
- •Must meet X-Road technical specifications for certificate formats
- •Must provide OCSP and timestamp services compatible with X-Road requirements
If you are a Trust Service Provider interested in becoming an approved Roksnet partner, please contact us through the Partnership inquiry form.
Certificates have defined validity periods (1, 2, or 3 years). Before expiration, you must renew or replace certificates to maintain uninterrupted service.
Certificate lifecycle:
- •60 days before expiry: Roksnet sends first renewal reminder via Self-Service Platform
- •30 days before expiry: Second reminder with urgent flag
- •14 days before expiry: Final warning with service interruption notice
- •On expiry date: Certificate becomes invalid. Data exchange is blocked until renewal.
Renewal process: Order new certificate through Self-Service Platform before expiry. Install new certificate on Security Server alongside expiring one. After new certificate activation, old certificate can be removed. No downtime required with proper planning.
Important: If certificates expire without renewal, your organisation cannot send or receive X-Road data until new certificates are installed. Plan renewals well in advance to avoid service disruption.
Portal
Roksnet Portal is ready-to-use web-based software (based on MISP2) that enables end users to discover, access, and consume X-Road data services through an intuitive interface - without building your own frontend application.
Who needs it:
- •Service consumers: Organisations that want to access X-Road services but don't want to develop custom frontends
- •Government agencies: Provide citizen/business portals for accessing public services
- •Testing environments: Perfect for development and testing new data services before building production UI
- •Internal tools: Employee-facing interfaces for accessing cross-organisational data
Key benefits: Fast time-to-market (deploy in days not months), no development required, production-ready, supports multiple authentication methods (ID card, Mobile-ID, Smart-ID, eIDAS, username/password), customizable branding.
Note: Portal is for consuming services. To provide services, you develop APIs and connect them to your Security Server via Subsystems.
Step 1: Become a Member
Complete identity verification and subscribe to Member Directory Services (Organisation + Security Server + Subsystem for the Portal).
Step 2: Download Software
Access download link and installation guide through Self-Service Platform. Available as Docker container or installable package.
Step 3: Deploy Infrastructure
Install Portal on your infrastructure (on-premises servers, private cloud, or public cloud). Minimum requirements: 2 CPU cores, 4GB RAM, 20GB storage.
Step 4: Connect to Security Server
Configure Portal to communicate with your Security Server. Register Portal as a Subsystem in Member Directory.
Step 5: Configure Authentication & Services
- • Set up authentication methods for your users
- • Configure which X-Road services are accessible
- • Customize branding, language, and UI elements
- • Define user roles and permissions
Deployment time: Technical setup typically takes 1-3 days. Additional time needed for authentication integration and service configuration depending on complexity.
Pricing & Billing
All Roksnet Framework services use subscription-based pricing with unlimited data transactions:
Organisation Membership: €50/month
- • Official ecosystem presence and verified identity
- • Access to Self-Service Platform
- • Development environment access (free)
- • Unlimited data transactions
- • Basic support
Security Server: €75/month per server
- • Registration in Member Directory
- • Development environment equivalent (free)
- • Unlimited encrypted data exchange
- • Automatic service discovery
Subsystem: €100/month per subsystem
- • Registration in Member Directory
- • Development environment equivalent (free)
- • Can provide OR consume services (or both)
- • No per-transaction costs
Trust Services (Certificates)
Choose payment model:
- • Monthly: AUTH €13/month, SIGN €22/month (ongoing subscription)
- • One-time: AUTH from €100, SIGN from €175 (1-3 year validity, lower total cost)
- • Includes OCSP + Timestamp services (free)
- • Development certificates included (free)
No hidden fees: No setup fees, no per-transaction fees, no data volume charges. The monthly subscription covers unlimited usage within the ecosystem.
The absolute minimum to start exchanging data on X-Road:
Minimum Monthly Cost: €260/month
- • Organisation Membership: €50
- • 1 Security Server: €75
- • 1 Subsystem: €100
- • Trust Services: €35 (€13 AUTH + €22 SIGN)
Total: €260/month + €50 one-time identity verification fee
What this gives you:
- •Official Member status in Roksnet Framework ecosystem
- •One Security Server for secure data exchange
- •One Subsystem to provide OR consume services
- •Required security certificates with legal validity
- •Unlimited data transactions with all ecosystem Members
- •Complete Development environment (free equivalent of all Production services)
Note: This doesn't include infrastructure costs (servers to host Security Server software) or development costs (building APIs if providing services). Many organisations start with consuming services only, which requires minimal technical resources.
Yes. All services are fully scalable on-demand through the Self-Service Platform:
Adding services:
- •Instant activation: New Security Servers and Subsystems can be ordered and activated within minutes through Self-Service
- •Prorated billing: Monthly fees are prorated to the day of activation
- •No limits: Add as many Security Servers and Subsystems as your organisation needs
Removing services:
- •Deactivation: Can be done through Self-Service Platform at any time
- •Billing: Charged until end of current billing month, no early termination fees
- •Data retention: Historical transaction logs remain accessible for 30 days after deactivation
Typical scaling patterns:
- • Start with 1 Security Server + 1 Subsystem, add more Subsystems as you expand service offerings
- • Add regional Security Servers for geographic distribution and redundancy
- • Scale Subsystems independently (e.g., add consumer subsystem while keeping provider subsystems unchanged)
Technical
Technical requirements vary based on your role:
For Service Consumers (using Roksnet Portal)
Minimal technical skills needed:
- • IT administrator to install and configure Portal software (basic Linux/Docker knowledge)
- • Understanding of authentication methods if integrating with existing identity systems
- • No programming required - Portal provides ready-to-use interface
For Service Consumers (custom integration)
Moderate development skills:
- • Backend developer familiar with REST/SOAP APIs
- • Understanding of HTTP, JSON/XML
- • Experience with API integration in your chosen tech stack
- • Security Server handles encryption/signing automatically
For Service Providers
Full development capability:
- • Backend developers to build RESTful or SOAP APIs
- • Database architects for data modeling and access patterns
- • Security understanding (authentication, authorization, data classification)
- • DevOps for Security Server deployment and monitoring
- • API documentation skills (OpenAPI/WSDL)
Roksnet Support: Technical support team assists throughout implementation, providing architecture guidance, code examples, troubleshooting, and best practices. You don't need to be an X-Road expert - we help you become one.
Security Server is free open-source software that you deploy on infrastructure of your choice:
Option 1: On-Premises (Self-Hosted)
Install on your own servers/data center.
Pros: Maximum control, data stays in your infrastructure, no cloud costs
Cons: Requires server hardware, IT team for maintenance, your responsibility for uptime
Min requirements: 4 CPU cores, 8GB RAM, 100GB storage, Linux OS
Option 2: Public Cloud (AWS, Azure, GCP)
Deploy on cloud virtual machines.
Pros: Scalable, no hardware investment, geographic flexibility, easy redundancy
Cons: Ongoing cloud costs, data may transit public cloud (encrypted)
Option 3: Managed Hosting
Use Security Server hosting service from Roksnet-approved providers.
Pros: Fully managed (updates, monitoring, backups), predictable monthly cost, expert support
Cons: Additional monthly fee beyond Roksnet subscriptions
Option 4: Hybrid
Multiple Security Servers: production on-premises, development/testing in cloud.
Common pattern: Balances control with flexibility
Important: Regardless of hosting location, Security Server software is free. You only pay for Roksnet Member Directory registration (€75/month per server) and your chosen infrastructure costs.
Implementation timeline varies by scope and organisational readiness:
Fast Track: Service Consumer with Portal (2-4 weeks)
- • Week 1: Identity verification + Member Directory activation
- • Week 2: Order certificates, deploy Security Server + Portal
- • Week 3-4: Configure authentication, test services, train users
Ready to consume services: Can start using X-Road services within 2-4 weeks
Standard: Service Provider with APIs (1-3 months)
- • Week 1-2: Registration, certificates, Security Server deployment
- • Week 3-8: API development, Security Server integration, testing
- • Week 9-12: Pilot deployment, validation, documentation, production launch
Ready to provide services: First services typically live in 1-3 months depending on API complexity
Enterprise: Multiple Services + Integrations (3-6 months)
- • Month 1: Foundation setup (registrations, infrastructure, certificates)
- • Month 2-4: Development of multiple services, system integrations
- • Month 5-6: Testing, security audits, pilot programs, phased production rollout
Enterprise-wide deployment: Complex implementations with multiple services across departments
Key factors affecting timeline: Organisational decision-making processes, IT resource availability, API complexity, integration with legacy systems, security review requirements, and number of services being developed simultaneously.
If your Security Server becomes unavailable:
Immediate Impact
- • Services you provide: Unavailable to consumers until restoration
- • Services you consume: Your applications cannot access X-Road data
- • Other Members: Completely unaffected - distributed architecture means no cascade failures
High Availability Options
- • Load-balanced cluster: Deploy 2+ Security Servers behind load balancer for automatic failover
- • Geographic redundancy: Security Servers in different data centers/regions
- • Hot standby: Secondary server with synchronized configuration ready for manual activation
Recovery & Continuity
- • Configuration backup: Security Server config can be backed up and restored to new hardware
- • Certificates remain valid: Hardware failure doesn't invalidate certificates
- • Transaction logs: Preserved for audit trail even during outages
- • Roksnet support: Emergency support available for critical outages
Best practice: Mission-critical services should implement redundancy. Development/testing environments can operate with single Security Server. Roksnet provides architecture guidance for high-availability designs.
Support
Basic Support (included with all memberships):
- • Self-Service Platform: Knowledge base, documentation, video tutorials, configuration guides
- • Email support: Technical questions answered within 2 business days
- • Community forum: Connect with other Members, share solutions
- • Service status monitoring: Real-time ecosystem health dashboard
Premium Support Plans (optional, additional fee):
Standard Plan
- • Phone + email support, business hours
- • 4-hour initial response time
- • Architecture review and optimization guidance
- • Quarterly check-ins
Enterprise Plan
- • 24/7 emergency support with 1-hour response
- • Dedicated technical account manager
- • Proactive monitoring and alerting
- • On-site visits for critical issues
- • Custom SLA agreements
Comprehensive resources available through multiple channels:
Roksnet Resources
- • Self-Service Platform: Integrated documentation, step-by-step guides, FAQs
- • Knowledge Base: Troubleshooting articles, best practices, configuration examples
- • Video Tutorials: Visual walkthroughs for common tasks and setup procedures
- • API Examples: Code samples in multiple languages (Python, Java, JavaScript, C#)
Official X-Road Resources
- • x-road.global: Global X-Road community portal with case studies and adoption guides
- • NIIS Documentation: Technical specifications, architecture guides, security protocols
- • GitHub Repositories: Open-source Security Server code, installation scripts, utilities
Training & Certification
- • Onboarding sessions: Free introductory webinars for new Members
- • Technical workshops: Hands-on training for developers and architects
- • Administrator courses: Security Server operation and maintenance
- • Custom training: On-site or remote training tailored to your organisation
Need Help Getting Started?
Our team is ready to help you navigate the documentation and answer your questions about Roksnet Framework services.