1. Prepare your Data APIs
We are aware that adjusting your core APIs is quite an effort. To get it done, it is better to start
sooner than later. We recommend that you work on your Data APIs simultaneously with integrating with
If you need API references, visit:
2. Launch Tenant
Register for free to get access to a Cloudentity tenant and start exploring our platform!
3. Set Up Open Banking Workspace
Within your tenant
add a workspace
that complies with an Open Banking directive of your choice. Full
security compliance is delivered out-of-the-box for workspaces of the Open Banking UK, Open Banking Brazil,
and CDR profiles.
Open Banking workspace profiles are preconfigured to fulfill any requirements placed on the InfoSec provider. For example, they can comply with FAPI-advanced profiles, have mTLS ready to go, allow authorization grant types, and more.
Additionally, you can create a developer portal to enable your developers and partners to register and manage their client applications.
4. Play with the Sandbox: Open Banking Quickstart
Get familiar with
Cloudentity delivers for Open Banking initiatives.
You can, for example, check out how consent flow works and use the project as a reference to build your own consent application, consents self-service portal, or consent administrator portal.
5. Add Identities
Enable your customers, administrators, partners, and developers to be authenticated using the
identity providers of your choice.
You can integrate multiple IDPs per workspace according to the Bring Your Own Identity philosophy, or you may also use Cloudentity Identity Pools to bring your user pool.
6. Discover APIs and Enforce Access Control
Cloudentity has built-in integrations with major API gateways and service meshes. We created
Cloudentity Authorizers that allow you to discover the APIs deployed behind the gateway, apply
authorization policies, and enforce access control on the service and request level. If you use an in-house
solution for deploying your APIs, do not worry, we cover that as well.
Discover your APIs and set up access control enforcement for APIs deployed behind major gateways, or use the Standalone Authorizer for your solutions built in-house.