What makes an Open-Banking-compliant Fintech application
Description of Open Banking requirements that a Fintech app needs to meet
This article can be of a particular interest for developers who create Fintech applications for aggregating financial data from different banks and want them to be Open-Banking-compliant. The developers can find here not only information on how the Fintech application works in the Open Banking (OB) ecosystem but also hints on how to build such as app in accordance with OB standards.
Fintech application for Open Banking
The Fintech application, or Account Information Services (AIS) as per the Open Banking UK standard, is a piece of software designed to support financial services and processes. There are a number of fintech app types, for example financial aggregators - for collecting and organizing your financial information - or payment apps, which enable you to carry out various transactions.
For a Fintech app to be a legit part of the Open Banking ecosystem, the Fintech application needs to Open Banking standards defined in OB specifications. Again, there are plenty of those with the Open Banking Read-Write API specification as perhaps the most vital in the context of developing Fintech apps.
If you check the spec, you can get a feeling that creating your application according to Open Banking standards might be not that easy. Indeed, it can be tedious and challenging for an individual developer to design and build the application that conforms to all the relevant rules and guidelines defined in the OB specs. Fortunately, there are tools and solutions that makes it easy for you.
ACP makes the Fintech app development process simple and clear by
Enabling the intuitive configuration environment for your app
Providing mock Financial apps that you can play with, inspect, and imitate while creating yours
Provisioning the easily-integrable sandbox with diverse Open-Banking scenarios involving Fintech apps
Fintech app with ACP
ACP offers a number of features that can help you develop and configure an Open-Banking-compliant Fintech application.
Simplify your app configuration
ACP offers a dedicated Open Banking workspace with multiple features enabling a quick and intuitive configuration of Fintech applications. Settings in the Open Banking workspace are preconfigured to support Open Banking standards, for example the use of mTLS as an authentication method is enabled by default. The Open Banking workspace simplifies the way to register and configure your application in ACP so that it authenticates properly and send requests as needed.
Explore and follow example apps
You can see see how the Fintech application is built and how it actually works in the Open Banking environment. Visiting the ACP Open Banking sandbox.
In the sandbox, you can try TPP SAMPLE APP (Fintech application) at
can give you a good idea of how TPP works and looks like. If you run the TPP-SAMPLE-APP scenario in
the sandbox, you are guided through all its steps with technical descriptions of
backend operations executed during particular steps.
For details on how to set up the sandbox environment and run a sample Fintech app, see Get the sandbox and Check the backend in Open Banking flow of actions powered by ACP.
Register the intent
TPP needs to make a client credentials call to register a new intent. TPP gets authorized to ACP API using a FAPI-compliant method.
ACP sample Fintech apps in the Open Banking sandbox use the client credentials flow with mTLS.
For the mTLS authorization, you need keys to be generated. Depending on your country, there are different organizations handling that.
As an alternative to configuring the application for TPP in ACP (OAuth client), you can use Dynamic Client Registration.
For information on how to use DCR in the Open Banking environment, see Using Dynamic Client Registration for Open Banking.
After the intent registration, the Fintech app needs to
commence the authorization code grant flow and include claim
authorization code grant flow requires the PKCE extension and mTLS for the token exchange.
See SAMPLE TTP in the sandbox to see how the authorization flow looks like.