Overview[1]#
Financial API (FAPI) is an Application Programming Interface (API) for Financial Institutions being developed by an OpenID Foundation Working Group and using OAuth 2.0OpenID Foundation Financial API Working Group aims to rectify the situation by developing a REST/JSON model protected by OAuth 2.0. Specifically, the FAPI WG aims to provide JSON data schemas, security and privacy recommendations and protocols to:
- enable applications to utilize the data stored in the Financial Account,
- enable applications to interact with the Financial Account, and
- enable users to control the security and privacy settings.
The United Kingdom Competition and Markets Authority (CMA) is mandating that the Financial API (FAPI) be utilized.
Financial API consists of the following parts:#
- OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA)
- FAPI Read Only API Security Profile FAPI1: https://openid.net/specs/openid-financial-api-part-1.html
- FAPI Read Write API Security Profile FAPI2: https://openid.net/specs/openid-financial-api-part-2.html
- FAPI Pushed Request Object https://bitbucket.org/openid/fapi/src/master/Financial_API_Pushed_Request_Object.md
- JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
- OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA)
More Information#
There might be more information for this subject on one of the following:- FAPI
- FAPI Pushed Request Object
- FAPI Read Only API Security Profile
- FAPI Read Write API Security Profile
- Financial API
- Open Banking
- Open Banking Implementation Entity
- Open Banking OBIE
- Open Banking Security Profile
- OpenID Connect Client Initiated Backchannel Authentication Flow
- [#1] - Financial API (FAPI) WG
- based on information obtained 2017-06-23