FAPI

Challenge 

Open Banking APIs expose sensitive customers’, account and payment data to third-party solution providers such as payment initiators, account aggregators and other emerging fintechs. 

While opening up interfaces is aimed at making financial services easily available to customers, this leads to an environment that can be exploited by cyber criminals, if adequate security measures are not implemented.

To ensure the integrity of transactions and the safeguarding of data, a new level of market standard has recently emerged: FAPI (Financial-grade API).

Although FAPI was introduced not long ago, UK OpenBanking and Open Banking Brasil are already built on FAPI. As the role of digital identity and an open everything ecosystem evolves more and more, leveraging FAPI protocols is increasingly critical to streamline user experience and remain secure in an open banking world.

FAPI – High security for your confidential data

FAPI is an industry-led specification of JSON data schemas, security and privacy protocols. The new highly secure standard supports use cases for commercial and investment banking accounts as well as insurance and credit card accounts. Thus, individually encrypted documents, financial data, account information and other confidential data are kept safe.

FAPI is a tightened variant of the two security protocols OAuth 2.0 and OpenID Connect, and defines additional technical requirements for higher API security.

• OAuth 2 is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user, hence it’s a framework for secure API authorization 
• OpenID Connect is an extended identity layer for the OAuth 2, which makes it possible to authenticate the end user.