Security Profiles The Open Banking Standard was updated in 2018 to cover both re-direct and decoupled flows, based on OpenID Foundation specifications. OpenID exists to help users control the personal information they share with websites and apps.
There are different levels of risk associated with access to financial APIs. For example, read and write access to a bank API has a higher financial risk than read-only access. As such, the security profiles of the authorisation framework protecting these APIs engender enhanced security.
Other pages in this section Get Started Specifications API Specifications Security Profiles Guidelines Customer Experience Guidelines Operational Guidelines Good Practice Reference
Getting Started – Open Banking API Security Profile The Open Banking API standard has adopted FAPI 1 as the security profile. FAPI is a highly secured OAuth profile provided by the Open ID Foundation. V3 of the Open Banking Standard used FAPI 1 Implementers Draft 2, which was the current specification available at the time of release. With the introduction of v4 of the Open Banking API Standard it was determined by a vote at the Technical Design Authority to implement the final release of the FAPI 1 Advanced specification Read more Financial Grade API – FAPI The OpenID Financial Grade API (FAPI) specification provides implementation guidelines for online financial services by developing a REST/JSON data model protected by a highly secured OAuth profile. Go to OpenID Connect Client Initiated Backchannel Authentication – CIBA A profile of the OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA), that supports decoupled interaction methods. This document aligns CIBA with the other FAPI parts, providing security recommendations for use with APIs that require financial-grade security. Go to OpenID
Getting Started – Open Banking API Security Profile The Open Banking API standard has adopted FAPI 1 as the security profile. FAPI is a highly secured OAuth profile provided by the Open ID Foundation. V3 of the Open Banking Standard used FAPI 1 Implementers Draft 2, which was the current specification available at the time of release. With the introduction of v4 of the Open Banking API Standard it was determined by a vote at the Technical Design Authority to implement the final release of the FAPI 1 Advanced specification Read more
Financial Grade API – FAPI The OpenID Financial Grade API (FAPI) specification provides implementation guidelines for online financial services by developing a REST/JSON data model protected by a highly secured OAuth profile. Go to OpenID
Connect Client Initiated Backchannel Authentication – CIBA A profile of the OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA), that supports decoupled interaction methods. This document aligns CIBA with the other FAPI parts, providing security recommendations for use with APIs that require financial-grade security. Go to OpenID
Case Studies Report Guide to open banking and smart data in the energy and utilities sector 30 Jul 2024 Read more Events “The success of open banking will drive the data economy” – OBL at Conservative Party Conference 2024 04 Oct 2024 Read more Events OBL meets Scottish fintech leaders and firms to discuss open banking and smart data 02 Oct 2024 Read more Events OBL at Labour Party Conference 2024: event round-up 27 Sep 2024 Read more
Events “The success of open banking will drive the data economy” – OBL at Conservative Party Conference 2024 04 Oct 2024 Read more
Events OBL meets Scottish fintech leaders and firms to discuss open banking and smart data 02 Oct 2024 Read more