Financial-grade API (FAPI) WG



What is the Financial-grade API (FAPI) WG?

Overview

In many cases, Fintech services such as aggregation services use screen scraping and stores user passwords. This model is both brittle and insecure. To cope with the brittleness, it should utilize an API model with structured data and to cope with insecurity, it should utilize a token model such as OAuth [RFC6749, RFC6750].

This working group aims to rectify the situation by developing a REST/JSON model protected by OAuth. Specifically, the FAPI WG aims to provide JSON data schemas, security and privacy recommendations and protocols to:

  • enable applications to utilize the data stored in the financial account,
  • enable applications to interact with the financial account, and
  • enable users to control security and privacy settings.

Both commercial and investment banking account as well as insurance, and credit card accounts are to be considered.

Working Group Chairs

  • Nat Sakimura (NAT Consulting), Anoop Saxena (Intuit), Anthony Nadalin, Dave Tonge (Moneyhub)

The chairs can be reached at <openid-specs-fapi-owner@lists.openid.net>.

List of Specifications and Status

Final Specifications

Implementer’s Drafts

Active Drafts

  • FAPI 2.0: Advanced – The advanced profile is an extension of the baseline profile and provides non-repudiation for all exchanges including responses from resource servers
  • FAPI 1.0 — Lodging Intent ===> Now OAuth PAR + OAuth RAR

The most current FAPI Working Group updates can be found on the Workshops page: https://openid.net/workshops/ 

Whitepapers

“Open Banking, Open Data, and the Financial Grade API,” March 2022
A primer for markets looking at enabling Open Banking and Open Data, covering the origins of “user-consent” based data sharing, global adoption, key standards, implementation considerations, and application across industry verticals.

“Open Banking and Open Data: Ready to Cross Borders?”, July 2022, working draft
The whitepaper offers an overview of the global open data landscape and makes a hypothesis that the next stage of open data development will be focused on global interoperability.

“Financial-grade API (FAPI) Profiles”, July 2022
This paper provides a comparison of available FAPI profiles and recommendations for new markets looking to implement FAPI as their security profile.

Participation

The easiest way to participate is to join the mailing list at http://lists.openid.net/mailman/listinfo/openid-specs-fapi.

Please note that while anyone can join the mailing list as a read-only recipient, posting to the mailing list or actively contributing to the specification itself requires the submission of an IPR Agreement. More information is available at http://openid.net/intellectual-property. Make sure to specify the working group as FAPI WG.

Meeting Venue and Schedule

  • Regular Meetings
  • GoToMeeting software is available on Mac, PC, iPhone, and Android Phone.
  • Using VoIP option of GoToMeeting is preferred. If you have to absolutely use a plain old telephone for some reason, here is the phone number:
    United States: +1 (224) 501-3316 United Kingdom: +44 (0) 20 3713 5011
  • Meeting minutes are available at: https://bitbucket.org/openid/fapi/wiki/browse/