With over 6 million users, and 7 million payments made every month in the UK, open banking is already changing the way people pay and use their financial data. It’s led to a new generation of financial services, built by third party providers that can innovate quickly to better serve the needs of users. For consumers, open banking can simplify the way they manage their finances, give them new options for using their data, along with new ways to pay. For businesses using open banking, they can better understand their customers’ needs, onboard customers more quickly and completely transform the way they collect payments.But what actually powers open banking? What is the core technology behind it and how does it work? And how do businesses interested in using open banking gain access to this technology. The answer, in the UK and EU at least, are application programming interfaces (APIs). To fully understand open banking APIs, you first need to understand API technology in general.
What is an API?
An API is a set of rules and protocols that define how two systems can interact with each other. It essentially acts as a bridge between different systems, allowing them to share data and functionality in a structured and controlled way. One system can ‘call’ or request data from the other system using an API, and receive that data in a standard format.APIs are a common way for a business to integrate new technologies, allowing developers to add new functionality to their product without building from scratch. APIs are also typically built with security in mind, whether through practices like tokenization, encryption and authentication protocols.What is an open banking API, specifically?
Open banking APIs are the APIs built by banks and other financial institutions, which registered Third Party Providers (TPPs) use to connect to those banks in a secure and uniform way.In 2018, EU legislation called PSD2, was introduced that gave consumers and businesses the right to access their account data and payments through TPPs. At the same time, the UK Competition and Markets Authority (CMA) required the nine biggest banks in the UK to develop an open API standard. This standard provided a consistent way for TPPs to connect to banks, creating the framework that would allow open banking to flourish in the UK. These banks are known as the CMA9.So I need to connect to every bank API?
Businesses who want to benefit from open banking can make their own connections to the APIs that banks provide. However, to do this, businesses must become authorised by the financial regulator. Additionally, maintaining dozens of connections to banks is resource intensive and difficult.. To account for this, some TPPs — including TrueLayer — specialise in aggregating bank APIs and can make all banks available to businesses through a single API connection.Do open banking APIs have specific specifications?
To help standardise the open banking experience, the Open Banking Implementation Entity (OBIE), the governing body for instituting open banking in the UK, created the Open Banking Standard. This Standard includes customer experience and operational guidelines, along with good practice for data management and terminology. Most importantly, it includes a detailed set of API specifications that banks follow when building their APIs.The specifications cover the parameters of identity verification, information sharing, payment initiation, security and analytics. Specifically, the specifications cover several areas:- The Read/Write API is how third party providers must connect to banks. It enables TPPs to access bank accounts for read access (such as account balance and transaction information) and for write access (to make payments).
- The Open Data API dictates how banks must create access endpoints for TPPs, specifying the ways in which TPPs should be able to use a bank’s Read/Write API. This is designed to ensure the banks build APIs in a consistent manner.
- The Directory is the technical information describing the Open Banking Directory, which is the directory of open banking participants, from providers to banks, and provides the single point of entry to connect with other participants.
- MI reporting includes specifications for management information (MI) reporting, by banks to the OBIE. In simple terms, it is how banks should report data about the APIs back to the governing body.
- The Berlin Group NextGenPSD2: a set of API specifications that were developed by the Berlin Group, a European industry association, to support the implementation of the EU's revised Payment Services Directive (PSD2).
- The Australian Open Banking Standard: a set of API specifications developed by the Australian Competition and Consumer Commission (ACCC) as part of Australia's Customer Data Right initiative
- The Financial Data Exchange (FDX) API Standard: a set of API specifications by the Financial Data Exchange (FDX), a US-based industry group.
- The SEPA Payment Account Access (SPAA) Scheme Rulebook: a recently developed set of rules, practices and standards that will allow functionalities beyond those specified in PSD2 to be provided by banks to TPPs as a paid-for service.
