2. 2Getting Access to Open Banking APIs January 2018
The 9 leading UK Retail Banking Groups were mandated by the Competition & Markets Authority (CMA) to build APIs to these
specifications and publish them via accessible endpoints by 13th January 2018.
The Open Data API specifications cover:-
ATM Location, Services & Facilities
Branch Location, Opening Hours, Services & Facilities
Product Informaiton (split in to 4 APIs covering personal current accounts (PCA), Business Current Accounts (BCA), Commercial Credit
Cards (CCC) and Small to Medium Enterprise Loans (SMELoans)
• The Read-Write API specifications cover:-
Account Information (balances, transactions, standing orders, direct debits, payees)
Payment Initiation (restricted to single immediate payments only for release 1)
Open Banking Open Data (Release 2) and Read-Write (Release 1) API specifications were published by Open Banking at end of August
2017.
This deck provides a side by side comparison of what is required by a third party provider (TPP) who wishes to utilise the open data apis
and/or the read-write apis in their own application.
• It’s designed for CEOs and CTOs who simply want a high level overview of the process involved. Hyperlinks are provided to the relevant
areas of the openbanking websites and wikis.
Background & Purpose
3. 3Getting Access to Open Banking APIs January 2018
Getting access to the Open Banking APIs
Get list of ASPSP Open Data API
Endpoints
Call each ASPSP Open Data API
Endpoint and store response
message in local database for use
by your app
Enrol with OB Directory
Register with FCA
Register your application with OB
Directory
Get list of “well known” ASPSP
Read-Write endpoints
Dynamically register your app with
each ASPSP
Follow secure workflow
to get a customer access token
that can be used to retrieve
Account Information or Initiate
Payments
You can register the following roles:-
• AISP (if you want to retrieve
account information)
• PISP (if you want to initiate
payments)
For ASPSPs that do not support
dynamic registration, they will provide a
dev portal to register your application
The FAPI workflow is more secure than
a standard OIDC authentication and
OAUTH2 authorisation workflow. It has
the same elements of requiring you to
authorise your app, redirect user to
provide consent, obtain auth code,
which you swap for an access token
which will allow you to then access
account info or initiate user payments
on their behalf.
Open Data APIs Read-Write APIs
You can optionally enrol as an API
Provider or API User. This will be useful
if you wish to be kept informed about
forthcoming releases
Once you’ve passed enrolment, you will
be given the link and login credentials
to the OB Directory Frontend Interface
(DFI)
4. Deytalytics Ltd
+44 (0)7941 252447
James.dey@deytalytics.com
http://www.deytalytics.com
T
E
W
About Deytalytics Ltd
Deytalytics Ltd. did the analysis and design of the re-write of the Open Data
ATM, Branch, PCA, BCA and CCC API specifications, and the analysis of the SMELoans API specification.
James Dey was the Open Data Product Owner and Technical Design Authority member when the API
Specifications were published at end of August 2017.
As a TPP, Deytalytics Ltd has developed AWS based Python Open Data API apps covering ATM Locator and
Product Comparison.
Deytalytics Ltd. has also enrolled with the OB Directory and is in the process of being registered with the FCA as
an Account Information Service Provider (AISP).