6. API
•
•
•
6
• Open Banking UK
• Berlin Group
NextGenPSD2
• Polish Bank Association
• Slovak Banking
Association
• (France Stet)
7. Open Banking UK
• FAPI Part 2
• Client Credentials Grant Type (OAuth 2.0) / OIDC Hybrid
Flow
• Request Object
• Mutual TLS
7
Source: Open Banking Security Profile - Implementer's Draft v1.1.2
https://openbanking.atlassian.net/wiki/spaces/DZ/pages/83919096/Open+Banking+Security+Profile+-+Implementer+s+Draft+v1.1.2
8. Open Banking UK
1. PSU (Payment Service User) AISP (Account
Information Service Provider)
2. AISP ASPSP (Account Servicing Payment Service
Provider) POST /account-resource
(Mutual TLS, Client Credentials Grant Type)
3. ASPSP PISP “AccountRequestId”
4. AISP AccountRequestId Request Object
ASPSP
OIDC Hybrid Flow
5. ASPSP PSU
6. ASPSP AISP
7. AISP ASPSP
Mutual TLS
8. AISP GET /accounts
Mutual TLS
8
Source: Account and Transaction API - v2.0.0
https://openbanking.atlassian.net/wiki/spaces/DZ/pages/127009546/Account+and+
Transaction+API+Specification+-+v2.0.0
9. Open Banking UK
1. PSU PISP (Payment Initiation Service Provider)
2. PISP ASPSP POST /payments
(Mutual TLS, Client Credentials Grant Type)
3. ASPSP PISP ”PaymentId”
4. PISP PaymentId Request Object ASPSP
OIDC Hybrid Flow
5. ASPSP PSU
6. ASPSP PISP
7. PISP ASPSP
Mutual TLS
8. PISP POST /payment-submissions
Mutual TLS
9. Optionally retrieve the status of a payment setup or
submission
9
Source: Payment Initiation API - v1.1.0
https://openbanking.atlassian.net/wiki/spaces/DZ/pages/5786479/Payment+Initiation+API+Specification+-+v1.1.0
10. OIDC Hybrid Flow (1)
• Slovak Banking API Standard
– OB UK PISP ID (orderId) ASPSP Request Object
10
Source: Slovak Banking API Standard Version 1.1 http://www.sbaonline.sk/files/subory/projekty/sbas/sbas_ver1.1-final.pdf
11. OIDC Hybrid Flow (2)
• MKB
– Open Banking UK Security
Profile
– OB UK PISP
ID (openbanking_intent_id)
ASPSP
Request Object
11
Source: Account and Transaction API Specification
https://portal.sandbox.mkb.hu/api-documentation/account-info