API Connect

  • Private Group

API Connect delivers Open Banking API support for PSD2 requirements

By Ozair Sheikh posted Fri July 14, 2017 05:05 PM

  
Mark as Inappropriate


Data is the new oil for the digital economy and APIs are the approach to exposing that data to customers &  business partners. Financial service providers (ie banks) are evolving from the traditional retail experience and investing in their digital presence, where APIs and developer engagement is integral to its success.

Industry regulators and technology consortiums want to drive API adoption across the industry. The OpenBanking working group has published the API specifications for banks to expose their account and payments APIs to third-party providers. These specifications will also address the European Union’s Payment Services Directive (PSD2) requirements. This initiative is a big deal across Europe and even banks outside of Europe are paying close attention on the potential industry disruption as it enables banks, fintech or any third-party company to build payment-based solutions.

Financial service providers cannot do this alone. They need to engage with the right technology partners to deliver the best digital platform. IBM is well positioned to help meet your API, OpenBanking and PSD2 requirements. More over, IBM API Connect delivers a comprehensive API platform to secure and manage business assets and is the API platform trusted by many of the largest financial service providers in the world. It delivers key capabilities for securing and managing business assets:



  • API Security: Highly secure and robust API security capabilities to protect access to critical payment and account assets

  • Developer onboarding: self-service developer portal to onboard developers /third-party providers (TPP) and register for banking APIs

  • Analytics: gain insight into TPP usage of banking APIs across any API version

  • API Management: manage access to different versions of API, including the ability to lifecycle manage (deprecate, retire, new versions, etc)





As they say, the devils in the details, and we are committed to delivering the right set of capabilities to meet the Open Banking / PSD2 requirements. Our product strategy is to deliver support for technology standards like OAuth & OpenID Connect and provide extensibility within the framework to integrate with existing banking identity systems and Systems of Records. As we reviewed the specifications, it calls out three key flows:

  1. TPP onboarding for registering and obtaining API credentials

  2. Execute payments using a two-step approach (registering intent and payment submission)

  3. Retrieving the status of a payment submission.


These flows are heavily dependent upon OAuth and OpenID connect specifications. API Connect has first-class support for these specifications. This tutorial describes how to configure an OAuth provider to support OpenID Connect. This article will be updated continuously with more content as the OpenBanking specifications evolve.



In summary, IBM API connect provides the following key capabilities that are needed to support OpenBanking / PSD2 requirements. We have future roadmap plans to evolve the product capabilities to meet the optional components and deliver an enhanced user experience.





























CategoryFeatures
General

OAuth

OpenID Connect

Developer Portal



 

We look forward to working with you to help address your OpenBanking / PSD2 requirements!


Reference





#BusinessStrategy
#oauth
#APIEconomy
#psd2
#APIManagement
#openidconnect
#openbanking
5 comments
1 view

Permalink

Comments

Ozair Sheikh
Wed July 24, 2019 02:13 AM

For more details, see https://www.slideshare.net/ibmdatapower/open-banking-via-api-connect-datapower

Ozair Sheikh
Wed February 14, 2018 05:44 PM

IBM has plans on becoming OIDC certified in the near-term. We are currently in the process of understanding the steps needed to formerly test our implementation and obtain the approvals from the Open ID Foundation.

Archive User
Wed February 07, 2018 01:02 PM

Hi,

I noticed that a lot of references is made to "support" for OIDC but no mention of certification such that Third Parties can be sure that there are no interoperability issues with vendors.

Can you confirm when IBM plans on becoming OIDC certified with its attestation published on the Open ID Foundations website? It will be great to see IBM demonstrate its commitment to the interoperability standards of the OIDF and ODIC.

Kind Regards,

Ozair Sheikh
Wed August 02, 2017 08:17 PM

We do have future plans to add OIDC relying party support. With that being said, we have a mechanism today to 'redirect' the application to an external authentication system to perform authentication / authorization and then callback into APIc with the results.

The link here provides details: https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.toolkit.doc/task_apionprem_redirect_form_.html

Since its implicit grant, its not that difficult to write a microservice to make an openid call and parse out the access token from the URL.

Tomas Rosa
Wed August 02, 2017 03:45 PM

Hello Ozair Sheikh,

thank you for your effort on APIC in relation to PSD2. Unfortunatelly we need to integrate to external authentication server through OpenID Connect (Implicit grant at ideal) and currently APIC works only in OpenID Connect provider. Yes I know that multuprotocol gateway supports social login but integration to APIC environment is not so easy.

Do you plan to support OpenID Connect from client side? I mean that DataPower Gateway is in client role in OpenID connect to external authentication server.

Best regards

Tomas Rosa