Community
Search Options
Search Options
Sign In
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Integration
Topic groups
API Connect
App Connect
Aspera
Cloud Pak for Integration
DataPower
Expertise Connect(EC) Group
Global Integration
IBM Event Streams and IBM Event Automation
MQ
User groups
Events
TechXchange Day
IBM TechXchange Conference
Upcoming Integration Events
IBM TechXchange Webinars
All IBM TechXchange Community Events
Participate
Gamification Program
Getting Started
Community Manager's Welcome
Post to Forum
Share a Resource
Share Your Expertise
Blogging on the Community
Connect with Integration Users
All IBM TechXchange Community Users
Resources
IBM TechXchange Group
IBM Champions
IBM Cloud Support
IBM Documentation
IBM Support
IBM Support 101
IBM Technology Zone
IBM Training
Maximize MQ
TechXchange Day
Marketplace
Marketplace
IBM Integration Community
Come for answers, stay for best practices. All we're missing is you.
Ask a question
Join us for IBM TechXchange Day: AI and Automation
Skip main navigation (Press Enter).
Toggle navigation
Search Options
API Connect
View Only
Group Home
Discussion
3K
Library
137
Blogs
363
Events
1
Members
3K
Share
API Connect delivers Open Banking API support for PSD2 requirements
By
Ozair Sheikh
posted
Fri July 14, 2017 05:05 PM
0
Like
Data is the new oil for the digital economy and APIs are the approach to exposing that data to customers & business partners.
Financial service providers (ie banks) are evolving from the traditional retail experience and investing in their digital presence, where APIs and developer engagement is integral to its success.
Industry regulators and technology consortiums want to drive API adoption across the industry. The
OpenBanking working group
has published the API specifications for banks to expose their account and payments APIs to third-party providers. These specifications will also address the European Union’s Payment Services Directive (PSD2) requirements. This initiative is a big deal across Europe and even banks outside of Europe are paying close attention on the potential industry disruption as it enables banks, fintech or any third-party company to build payment-based solutions.
Financial service providers cannot do this alone. They need to engage with the right technology partners to deliver the best digital platform. IBM is well positioned to help meet your API, OpenBanking and PSD2 requirements. More over, IBM API
Connect delivers a comprehensive API platform to secure and manage business assets
and is the API platform trusted by many of the largest financial service providers in the world. It delivers key capabilities for securing and managing business assets:
API Security
: Highly secure and robust API security capabilities to protect access to critical payment and account assets
Developer onboarding
: self-service developer portal to onboard developers /third-party providers (TPP) and register for banking APIs
Analytics
: gain insight into TPP usage of banking APIs across any API version
API Management
: manage access to different versions of API, including the ability to lifecycle manage (deprecate, retire, new versions, etc)
As they say, the devils in the details, and we are committed to delivering the right set of capabilities to meet the Open Banking / PSD2 requirements. Our product strategy is to deliver support for technology standards like OAuth & OpenID Connect and provide extensibility within the framework to integrate with existing banking identity systems and Systems of Records. As we reviewed the specifications, it calls out three key flows:
TPP onboarding for registering and obtaining API credentials
Execute payments using a two-step approach (registering intent and payment submission)
R
etriev
ing
the status of a payment
s
ubmission.
These flows are heavily dependent upon OAuth and OpenID connect specifications. API Connect has first-class support for these specifications. This
tutorial
describes how to configure an OAuth provider to support OpenID Connect. This article will be updated continuously with more content as the OpenBanking specifications evolve.
In summary, IBM API connect provides the following key capabilities that are needed to support OpenBanking / PSD2 requirements. We have future roadmap plans to evolve the product capabilities to meet the optional components and deliver an enhanced user experience.
Category
Features
General
REST/JSON
Signed and Encrypted JWT Tokens
Validate JWT tokens
Policy assembly editor
OAuth
Grant Types
: code, application, resource owner, implicit
Integrate with existing Identity Applications
Refresh Tokens
Token metadata customization
Advance Scope checking
Revocation
Introspection
OpenID Connect
OpenID Connect
Validate id token (JWT)
Generate id token (JWT)
JSON request object
Discovery (/userinfo)
Developer Portal
GUI-based onboarding with OpenID Connect
Customize onboarding process
Customize client_id
We look forward to working with you to help address your OpenBanking / PSD2 requirements!
Reference
OpenBanking
IBM API Connect
API Connect & OpenID Connect
#APIEconomy
#APImanagement
#BusinessStrategy
#oauth
#openbanking
#openidconnect
#psd2
5 comments
21 views
Permalink
Comments
Ozair Sheikh
Wed July 24, 2019 02:13 AM
For more details, see https://www.slideshare.net/ibmdatapower/open-banking-via-api-connect-datapower
Ozair Sheikh
Wed February 14, 2018 05:44 PM
IBM has plans on becoming OIDC certified in the near-term. We are currently in the process of understanding the steps needed to formerly test our implementation and obtain the approvals from the Open ID Foundation.
Archive User
Wed February 07, 2018 01:02 PM
Hi,
I noticed that a lot of references is made to "support" for OIDC but no mention of certification such that Third Parties can be sure that there are no interoperability issues with vendors.
Can you confirm when IBM plans on becoming OIDC certified with its attestation published on the Open ID Foundations website? It will be great to see IBM demonstrate its commitment to the interoperability standards of the OIDF and ODIC.
Kind Regards,
Ozair Sheikh
Wed August 02, 2017 08:17 PM
We do have future plans to add OIDC relying party support. With that being said, we have a mechanism today to 'redirect' the application to an external authentication system to perform authentication / authorization and then callback into APIc with the results.
The link here provides details: https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.toolkit.doc/task_apionprem_redirect_form_.html
Since its implicit grant, its not that difficult to write a microservice to make an openid call and parse out the access token from the URL.
Tomas Rosa
Wed August 02, 2017 03:45 PM
Hello Ozair Sheikh,
thank you for your effort on APIC in relation to PSD2. Unfortunatelly we need to integrate to external authentication server through OpenID Connect (Implicit grant at ideal) and currently APIC works only in OpenID Connect provider. Yes I know that multuprotocol gateway supports social login but integration to APIC environment is not so easy.
Do you plan to support OpenID Connect from client side? I mean that DataPower Gateway is in client role in OpenID connect to external authentication server.
Best regards
Tomas Rosa
IBM Community Home
Browse
Discussions
Resources
Groups
Events
IBM TechXchange Conference 2023
IBM Community Webinars
All IBM Community Events
Participate
Gamification Program
Community Manager's Welcome
Post to Forum
Share a Resource
Blogging on the Community
All IBM Community Users
Resources
Community Front Porch
IBM Champions
IBM Cloud Support
IBM Documentation
IBM Support
IBM Technology Zone
IBM Training
Marketplace
Marketplace
Integration
Topic groups
API Connect
App Connect
Aspera
Cloud Pak for Integration
DataPower
Expertise Connect(EC) Group
Global Integration
IBM Event Streams and IBM Event Automation
MQ
User groups
Events
TechXchange Day
IBM TechXchange Conference
Upcoming Integration Events
IBM TechXchange Webinars
All IBM TechXchange Community Events
Participate
Gamification Program
Getting Started
Community Manager's Welcome
Post to Forum
Share a Resource
Share Your Expertise
Blogging on the Community
Connect with Integration Users
All IBM TechXchange Community Users
Resources
IBM TechXchange Group
IBM Champions
IBM Cloud Support
IBM Documentation
IBM Support
IBM Support 101
IBM Technology Zone
IBM Training
Maximize MQ
TechXchange Day
Marketplace
Marketplace
Powered by Higher Logic