Security Profiles The Open Banking Standard was updated in 2018 to cover both re-direct and decoupled flows, based on OpenID Foundation specifications. OpenID exists to help users control the personal information they share with websites and apps.
There are different levels of risk associated with access to financial APIs. For example, read and write access to a bank API has a higher financial risk than read-only access. As such, the security profiles of the authorisation framework protecting these APIs engender enhanced security.
Other pages in this section Get Started Specifications API Specifications Security Profiles Guidelines Customer Experience Guidelines Operational Guidelines Good Practice Reference
Getting Started – Open Banking API Security Profile The Open Banking API standard has adopted FAPI 1 as the security profile. FAPI is a highly secured OAuth profile provided by the Open ID Foundation. V3 of the Open Banking Standard used FAPI 1 Implementers Draft 2, which was the current specification available at the time of release. With the introduction of v4 of the Open Banking API Standard it was determined by a vote at the Technical Design Authority to implement the final release of the FAPI 1 Advanced specification Read more Financial Grade API – FAPI The OpenID Financial Grade API (FAPI) specification provides implementation guidelines for online financial services by developing a REST/JSON data model protected by a highly secured OAuth profile. Go to OpenID Connect Client Initiated Backchannel Authentication – CIBA A profile of the OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA), that supports decoupled interaction methods. This document aligns CIBA with the other FAPI parts, providing security recommendations for use with APIs that require financial-grade security. Go to OpenID
Getting Started – Open Banking API Security Profile The Open Banking API standard has adopted FAPI 1 as the security profile. FAPI is a highly secured OAuth profile provided by the Open ID Foundation. V3 of the Open Banking Standard used FAPI 1 Implementers Draft 2, which was the current specification available at the time of release. With the introduction of v4 of the Open Banking API Standard it was determined by a vote at the Technical Design Authority to implement the final release of the FAPI 1 Advanced specification Read more
Financial Grade API – FAPI The OpenID Financial Grade API (FAPI) specification provides implementation guidelines for online financial services by developing a REST/JSON data model protected by a highly secured OAuth profile. Go to OpenID
Connect Client Initiated Backchannel Authentication – CIBA A profile of the OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA), that supports decoupled interaction methods. This document aligns CIBA with the other FAPI parts, providing security recommendations for use with APIs that require financial-grade security. Go to OpenID
Case Studies Smart data Guide to open banking and smart data in the telecoms sector 12 Dec 2024 Read more Smart data Open banking and smart data – expert predictions 2025 21 Jan 2025 Read more JROC OBL publishes JROC report: Financial Crime within Open Banking journeys 17 Dec 2024 Read more Topical Small Business Saturday: how open banking helps to tackle late payments and SME lending 06 Dec 2024 Read more
Topical Small Business Saturday: how open banking helps to tackle late payments and SME lending 06 Dec 2024 Read more