Security Profiles

The Open Banking Sta​ndard was updated in 2018 to cover both re-direct and decoupled flows, based on the Open ID Foundation’s Financial Grade API (FAPI) and Client Initiated Backchannel Authentication (CIBA) profiles.​

Financial Grade API (FAPI) Profile

The OIDF Financial-grade API (FAPI) is a REST API that provides JSON data representing higher risk data. These APIs are protected by the OAuth 2.0 Authorization Framework that consists of [RFC6749], [RFC6750], [RFC7636], and other specifications. This profile describes security provisions for the server and client that are appropriate for Financial-grade APIs.

    CIBA Profile

    A profile of the OpenID Connect Client Initiated Backchannel Authentication Flow CIBA, that supports decoupled interaction method.  This document profiles the CIBA specification to bring it in line with the other FAPI parts and provides security recommendations for its use with APIs that require financial-grade security.