FDX released version 5.0 of the FDX API last month. This major update of our common API standard enhances consent, user control and greater global interoperability. And today, we are highlighting a key Authentication aspect of the updated FDX Specifications.
FDX shopped the planet for best practices and standards. Accordingly, FDX’s Financial-Grade API Security Specification v3.4 (companion to FDX API v5) references, supports, and recommends the FAPI 1.0 Advanced and CIBA protocols for securing traffic to APIs and for authentication of end users. These were developed by the OpenID Foundation’s Financial-Grade API working group, who maintains a close relationship with FDX and both organizations benefit from many joint members.
FAPI 1.0 Advanced is codification of protocols and practices for securing the consumer-directed sharing of financial and other sensitive data. It is built on extensions to the OAuth 2 framework and is in widespread use in many jurisdictions around the globe (e.g., the United Kingdom, Australia and Brazil) as they adopt open banking on their way to open finance. CIBA is used for sessions where the client is not directly in session with a bank or fintech, like a retail kiosk, for example.
The FDX community will benefit from implementing these mature standards to enable the secure exchange and interoperability of sensitive data, while leaving the option open for international interoperability. The FAPI 1.0 Advanced and CIBA standards are currently the recommended standards supported by FDX to secure traffic to APIs and authenticate end users.
To get free access to the FDX API 5.0 Specifications – register here.
Better yet – to join FDX – click here.
About FDX
Financial Data Exchange, LLC is a non-profit organization dedicated to unifying the financial industry around a common, interoperable, royalty-free standard for secure and convenient consumer and business access to their financial data. FDX empowers consumers through its commitment to the development, growth and industry-wide adoption of the FDX API, according to the principles of control, access, transparency, traceability and security. Membership is open to financial institutions, fintech companies, consumer advocacy groups, and other industry participants. FDX is an independent subsidiary of FS-ISAC. For more information and to join, visit www.financialdataexchange.org.