What makes an Open-Banking-compliant Fintech application

Description of Open Banking requirements that a Fintech app needs to meet

Purpose

This article can be of a particular interest for developers who create Fintech applications for aggregating financial data from different banks and want them to be Open-Banking-compliant. The developers can find here not only information on how the Fintech application works in the Open Banking (OB) ecosystem but also hints on how to build such as app in accordance with OB standards.

Fintech application for Open Banking

The Fintech application, or Account Information Services (AIS) as per the Open Banking UK standard, is a piece of software designed to support financial services and processes. There are a number of fintech app types, for example financial aggregators - for collecting and organizing your financial information - or payment apps, which enable you to carry out various transactions.

For a Fintech app to be a legit part of the Open Banking ecosystem, the Fintech application needs to Open Banking standards defined in OB specifications. Again, there are plenty of those with the Open Banking Read-Write API specification as perhaps the most vital in the context of developing Fintech apps.

If you check the spec, you can get a feeling that creating your application according to Open Banking standards might be not that easy. Indeed, it can be tedious and challenging for an individual developer to design and build the application that conforms to all the relevant rules and guidelines defined in the OB specs. Fortunately, there are tools and solutions that makes it easy for you.

ACP makes the Fintech app development process simple and clear by

  • Enabling the intuitive configuration environment for your app

  • Providing mock Financial apps that you can play with, inspect, and imitate while creating yours

  • Provisioning the easily-integrable sandbox with diverse Open-Banking scenarios involving Fintech apps

  • And more (see Fintech app with ACP and Fintech-dev essentials).

Fintech app with ACP

ACP offers a number of features that can help you develop and configure an Open-Banking-compliant Fintech application.

Simplify your app configuration

ACP offers a dedicated Open Banking workspace with multiple features enabling a quick and intuitive configuration of Fintech applications. Settings in the Open Banking workspace are preconfigured to support Open Banking standards, for example the use of mTLS as an authentication method is enabled by default. The Open Banking workspace simplifies the way to register and configure your application in ACP so that it authenticates properly and send requests as needed.

Explore and follow example apps

You can see see how the Fintech application is built and how it actually works in the Open Banking environment. Visiting the ACP Open Banking sandbox.

In the sandbox, you can try TPP SAMPLE APP (Fintech application) at https://localhost:8090/, which can give you a good idea of how TPP works and looks like. If you run the TPP-SAMPLE-APP scenario in the sandbox, you are guided through all its steps with technical descriptions of backend operations executed during particular steps.

Note

For details on how to set up the sandbox environment and run a sample Fintech app, see Get the sandbox and Check the backend in Open Banking flow of actions powered by ACP.

Fintech-dev essentials

Register the intent

TPP needs to make a client credentials call to register a new intent. TPP gets authorized to ACP API using a FAPI-compliant method.

Note

  • ACP sample Fintech apps in the Open Banking sandbox use the client credentials flow with mTLS.

  • For the mTLS authorization, you need keys to be generated. Depending on your country, there are different organizations handling that.

As an alternative to configuring the application for TPP in ACP (OAuth client), you can use Dynamic Client Registration.

Learn more

For information on how to use DCR in the Open Banking environment, see Using Dynamic Client Registration for Open Banking.

Authenticate

After the intent registration, the Fintech app needs to commence the authorization code grant flow and include claim openbanking_intent_id. The authorization code grant flow requires the PKCE extension and mTLS for the token exchange.

Example

See SAMPLE TTP in the sandbox to see how the authorization flow looks like.