Conceptual Guide

Understand the key concepts, architecture, and workflows of our Open Banking Solution

zz
AISP
PISP

Open Banking: Transforming Financial Ecosystems 

Introduction to Open Banking 

Open Banking is reshaping the financial services landscape by enabling secure, standardized interactions between banks and licensed third-party providers (TPPs). It fosters faster, more transparent, and user-centric financial experiences while promoting healthy competition and digital innovation across the industry.

At its core, Open Banking empowers end-users to securely share their financial data with authorized providers, unlocking services like personal finance tools, payment initiation, and real-time insights. In regions like the EU and Gulf countries, Open Banking drives:

  1.  Competition: Drive innovation by creating a level playing field for financial service providers
  2.  Transparency: Provide customers with a consolidated view of their financial products
  3.  Data Ownership: Grant users full control over their data, including authorization to share it with third parties.

The ecosystem is built on trusted technologies such as OAuth 2.0, Mutual TLS, and Financial Grade APIs (FAPI), ensuring secure and compliant data exchange.

Core Components of Open Banking Architecture 

1. Microservices Design: 

  •  Modular services allow for independent updates, scaling, and management
  •  Promotes flexibility and agility in system operations

 2. OAuth 2.0 Framework: 

  •  The cornerstone of secure communication and authorization between parties
  •  Ensures secure delegation of access to third-party applications

3. Financial Grade APIs (FAPI): 

  •  A standardized suite of APIs to ensure secure, high-quality interactions between banks and third-party providers
  • Developed in collaboration with the OpenID Foundation, designed specifically for open banking

The following diagram represents the logical structure of an open banking ecosystem. It illustrates how core components such as the API Gateway, microservices, consent manager, and orchestration layers interact to facilitate secure communication between banks, third-party providers, and end-users. This architecture ensures seamless integration while maintaining compliance and data integrity.

image

 
OAuth in Open Banking

OAuth 2.0 is the foundation of secure authorization in open banking. However, open banking builds on it with additional specifications to meet stringent financial sector requirements.

  • Account Servicing Payment Service Provider (ASPSP): The bank or financial institution acts as the authorization server and protected resource server. 
  • Third-Party Providers (TPPs): Includes Account Information Service Providers (AISPs) for data access and Payment Initiation Service Providers (PISPs) for payment processing. 
  • Payment Services User (PSU): The end-user who owns the accounts and authorizes access.

By incorporating Financial Grade APIs and mTLS (mutual Transport Layer Security), open banking ensures trust, compliance, and secure data sharing among all parties.

image 

Account Information Service Providers (AISPs)

 AISPs are services that access read-only financial data, such as account balances or transaction history, to provide value-added services like budgeting tools or account aggregators.

AISP Workflow

  1.  The AISP (client app) creates an account access consent resource at the ASPSP (authorization server). o This request requires an access token obtained using the client credentials grant. 
  2. The ASPSP responds with a consent ID. 
  3. The AISP initiates an OAuth authorization request containing the consent ID and redirects the user to the ASPSP. 
  4. The user authenticates and grants consent at the ASPSP, selecting specific accounts to share. o The user is redirected back to the AISP along with an authorization code. 
  5. The AISP exchanges the authorization code for an access token. 
  6. The AISP uses the access token to call read-only APIs (e.g., /accounts, /accounts/{ID}/transactions).

image 

Payment Initiation Service Providers (PISPs) 

PISPs are services that allow users to initiate payments directly from their bank accounts, providing a faster, more cost-effective alternative to traditional card-based payment systems. 

PISP Workflow:

  1. The PISP (client app) creates a payment order consent resource at the ASPSP. o This request requires an access token obtained using the client credentials grant. o It also includes payment details such as the amount and recipient. 
  2. The ASPSP provides a consent ID in response. 
  3. The PISP initiates an OAuth authorization request containing the consent ID and redirects the user to the ASPSP. 
  4. The user authenticates and consents at the ASPSP, selecting the account to use for payment. o The user is redirected back to the PISP with an authorization code. 
  5. The PISP exchanges the authorization code for an access token. 
  6. The PISP confirms sufficient funds at the ASPSP via the funds confirmation endpoint (for one-time payments). 
  7. The PISP creates a payment order resource at the ASPSP, initiating the payment.

 

image 

Key Features of Open Banking 

  1.  Streamlined Data Sharing: 
    •  Banks and authorized third parties share data securely through APIs. 
    •  Enables customers to access services like account aggregation and budgeting tools. 
  2.  Efficient Payment Solutions: 
    • Direct account-to-account payments reduce transaction fees and processing times. 
    • Supports innovative services like one-click payments and subscription management. 
  3.  Enhanced User Control: 
    • Transparent consent flows ensure users have complete control over their data and transactions.
    •  Real-time insights help customers make better financial decisions. 

Summary

Open banking creates a secure, transparent, and user-centric ecosystem for financial services. By leveraging microservices, OAuth 2.0, and FAPI, banks and third-party providers can deliver innovative services that meet modern financial needs. These workflows, backed by robust security measures, ensure the integrity of data sharing and payment processing while empowering customers to control their financial journey.