Open Banking Compliance: API security, OAuth, and Customer Consent
To comply with Open Banking requirements, financial institutions need to:
-
Expose Data APIs to enable fintechs with customer data sharing with access restricted to registered ecosystem participants who have obtained customer consent. For example, a bank needs to provide third-party applications with APIs to obtain customer account information.
-
Fulfill Consent Profile Requirements by providing Consent APIs, consent screen, consent data model, and consent acquisition flow that supports regional standards for a data holder in every ecosystem.
-
Fulfill Security Profile Requirements to control to access to customer’s data shared over Data APIs. The access control must fulfill regional requirements, meet regional standards, as well as support advanced profiles of open standards required by the ecosystem like advanced OAuth profiles, Financial grade API, mTLS for OAuth, or Strong Customer Authentication.
-
Support Customer Journeys defined in each ecosystem. Initially, basic read-only journeys are required but financial institutions must support more advanced journeys over time. These journeys involve various strategies for obtaining customer consent and may include browser-initiated transactions, bank mobile apps, and SCA-enhanced fintech apps.
If you need to learn more about Open Banking/Open Finance initiatives around the world, see the Learn Fundamentals of Open Finance Ecosystems article.
Instantly Comply With Any Open Banking Initiative
-
Enable secure data sharing with Advanced Access Control and OAuth Capabilities including FAPI-compliant authorization servers, support of various authorization flows, and client authentication methods.
-
Build consent screens, consent self-service portals, and consent administrator portals utilizing ready to use Consent APIs And Consent Models.
-
Satisfy Customer Journey Open Banking Requirements including flows like CIBA or app-to-app scenarios. Read more!
-
Get familiar with all Open Finance flows possible and test them yourself using Cloudentity Open Finance Sandbox.
Authorization, Security, and Consent for Open Finance Platforms
We’ve got you covered! Cloudentity delivers consent and payment initiation APIs, authorization, and more also for Open Banking and Data Access Platforms. The solutions are the same. Contact us to partner!
Security Profile Compliance
Cloudentity comes with instantly applicable, jurisdiction-specific, preconfigured Open Banking profiles that will make your solution instantly compliant in the area of security profile. The key elements that a profile encloses are:
-
We deliver fine-grained authorization (consent) capabilities which means that customers have direct control over the data they share. For example, consent can be limited to one of many customer’s accounts.
-
Cloudentity provides FAPI compliant authorization servers which can be set to a profile compliant with a specific Open Banking directive where your developers, fintech companies, and partners can register their applications, issue tokens for service consumption, and more.
-
Cloudentity authorization servers support various OAuth and OIDC authorization grant types and client authentication methods.
-
We can leverage the authentication factors your financial institution uses to fulfill the requirement of Strong Customer Authentication (that some of the directives require).
-
Cloudentity comes with a built-in policy engine responsible for enforcing authorization policies on application and request levels.
-
You get two authorization policies types: Cloudentity policies with a built-in UI editor and OPA policies written in REGO language.
-
You can integrate major API gateways and Service Meshes to discover your APIs within the Cloudentity platform using our Authorizers and enforce all access control measures for your APIs.
-
Use Cloudentity multi-tenancy model to spin up multiple authorization servers. If your bank has branches in multiple countries and needs to follow different directives, this is a way to go! Additionally, you can have different tenants for development, testing, and production environments.
-
We provide a developer portal functionality that allows the developers to register and manage their client applications. Additionally, applications can be dynamically registered with the use of Cloudentity APIs compliant with various OB reforms.
Consent Profile Compliance
Out-of-the-box, Cloudentity delivers consent APIs and consent models that support all customer consent flows (journeys) including payment initiation.
-
You do not need to develop APIs like getting consents, accepting or rejecting consents, revoking consents, and more. They are ready at hand and you can start building consent pages right away.
-
We support various strategies for acquiring consent including redirect flows, decoupled flow, CIBA, and app to app method.
-
We deliver a fine-grained consent application that you can easily integrate with. For example, you can fetch customers accounts that are displayed on the user’s screen. You can brand the consent application or adjust it in any way with ease - it’s Open Sourced!
Support for All Open Finance Customer Journeys
-
We implement our solutions for customer journeys according to the Customer Experience Guidelines and Principles of a given directive.
-
Journeys we support include data sharing with redirect flows, decoupled flows like CIBA, or embedded strategies that leverage Strong Customer Authentication.
Open Finance Sandbox
Cloudentity delivers Open Sourced Open Banking Quickstart GitHub project that you can use when creating your applications for a better understanding of how the Open Banking data sharing flow works and how you can integrate with Cloudentity platform.
The Open Banking Quickstart project simulates an Open Banking ecosystem that consists of data recipient’s fintech application (Financroo) and financial institution (Go Bank). Go Bank exposes OB Data APIs and utilizes Cloudentity for user consent and authorization to enable access to APIs to fintech applications. The quickstart lets emulate read and read-write Open Banking scenarios that show how Cloudentity supports these flows. In particular, it lets understand the concept of sample consent application that renders custom fine-grained consent page that becomes part of the OAuth flow.
Sounds interesting? Spin up a Docker container with your own sandbox: Open Banking Quickstart
Why Cloudentity and Not Any Different CIAM Platform
The solution and capabilities offered by Cloudentity platform are very different compared to other platforms or authorization servers and it is important to understand the difference in approaches that we undertake to ensure a robust specification-compliant solution for your consumption.
Ecosystem-specific profiles offered by Cloudentity include numerous distinct configurations of internal OAuth authorization server and other components that assure our customers about up-to-date compliance in area of security and consent. API security providers and authorization servers in general do not come with such profiles and treat consent APIs as part of the solution that is out of their scope which often requires extra plugins or other code and is not treated as a main stream features. Cloudentity is tailored to each and every profile and we make sure to keep up the standards and treat them as primary features.
Use of Open Banking profiles saves hours of engineering work required for configuration, testing, and development of consent APIs in case of building the solution with use of a general purpose API security provider or authorization server.
Open Banking Integration Guides
If you are looking for Open Banking Integration guides, see the following How-Tos sections:
-
For UK and Brazil Open Banking, see the Open Banking section.
-
For information about CDR (including Open Banking, Open Energy, and Open Telko), see the Consumer Data Right section or the dedicated OAuth, Consent, and API Security for Consumer Data Right (CDR) solution guide.
-
For information about FDX, see the Financial Data Exchange section or the dedicated OAuth, Consent, and API Security for Financial Data Exchange (FDX) solution guide.
Jumpstart Open Banking Journey
Ready to get started? Do not wait and check out our Get OAuth, Consents, and API Security for Open Finance quickstart article!