Security Profiles The Open Banking Standard was updated in 2018 to cover both re-direct and decoupled flows, based on OpenID Foundation specifications. OpenID exists to help users control the personal information they share with websites and apps.
There are different levels of risk associated with access to financial APIs. For example, read and write access to a bank API has a higher financial risk than read-only access. As such, the security profiles of the authorisation framework protecting these APIs engender enhanced security.
Other pages in this section Get Started Specifications API Specifications Security Profiles Guidelines Customer Experience Guidelines Operational Guidelines Good Practice Reference
Getting Started – Open Banking API Security Profile The Open Banking API standard has adopted FAPI 1 as the security profile. FAPI is a highly secured OAuth profile provided by the Open ID Foundation. V3 of the Open Banking Standard used FAPI 1 Implementers Draft 2, which was the current specification available at the time of release. With the introduction of v4 of the Open Banking API Standard it was determined by a vote at the Technical Design Authority to implement the final release of the FAPI 1 Advanced specification Read more Financial Grade API – FAPI The OpenID Financial Grade API (FAPI) specification provides implementation guidelines for online financial services by developing a REST/JSON data model protected by a highly secured OAuth profile. Go to OpenID Connect Client Initiated Backchannel Authentication – CIBA A profile of the OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA), that supports decoupled interaction methods. This document aligns CIBA with the other FAPI parts, providing security recommendations for use with APIs that require financial-grade security. Go to OpenID
Getting Started – Open Banking API Security Profile The Open Banking API standard has adopted FAPI 1 as the security profile. FAPI is a highly secured OAuth profile provided by the Open ID Foundation. V3 of the Open Banking Standard used FAPI 1 Implementers Draft 2, which was the current specification available at the time of release. With the introduction of v4 of the Open Banking API Standard it was determined by a vote at the Technical Design Authority to implement the final release of the FAPI 1 Advanced specification Read more
Financial Grade API – FAPI The OpenID Financial Grade API (FAPI) specification provides implementation guidelines for online financial services by developing a REST/JSON data model protected by a highly secured OAuth profile. Go to OpenID
Connect Client Initiated Backchannel Authentication – CIBA A profile of the OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA), that supports decoupled interaction methods. This document aligns CIBA with the other FAPI parts, providing security recommendations for use with APIs that require financial-grade security. Go to OpenID
Case Studies Consultation OBL publishes the Commercial Model for Variable Recurring Payments – Wave 1 09 Apr 2025 Read more Case studies Simplify switching products and services with Smarter Contracts’ Pulse permissions protocol 02 Apr 2025 Read more Report The Future is Open: Navigating the Next Phase of UK Open Banking 17 Mar 2025 Read more Case studies Citizens Advice uses PayPoint and AperiData financial support tool to speed up debt assessments 18 Feb 2025 Read more
Consultation OBL publishes the Commercial Model for Variable Recurring Payments – Wave 1 09 Apr 2025 Read more
Case studies Simplify switching products and services with Smarter Contracts’ Pulse permissions protocol 02 Apr 2025 Read more
Case studies Citizens Advice uses PayPoint and AperiData financial support tool to speed up debt assessments 18 Feb 2025 Read more