Standard

Getting Started with Open Banking Nigeria future forward APIs.

Security Profiles

Security has been designed into the system from
grounds up. There is a strong consideration to use FAPI.

Should be secure, simple, and adaptable.

Privacy is sacrosanct.

Expand
Learn More

Operational Guidelines

Banks to determine who should connect.

Banks would determine what they would charge.

Stakeholders are required to implement metrics that can be interrogated.

Learn More

Customer Experience

Should be easy for customers to understand.

Customers would know exactly what each access to their accounts or information can do.

Seamless enough to be invisible to end-users.

Learn More

Open Banking API Standard is brought to you by the Open Technology Foundation, an NGO backed by a group of industry experts across banking, fintech, risk management, and more.
Together, we are building a common standard for Open Banking APIs in Nigeria.

Join our newsletter

About

Standard

Documentation

Insights

Directory

Contact

Facebook-square Linkedin Twitter

© 2021 | TermsPrivacyCookies

API Specifications

  • Implement oAuth2 with a combination of other 2FA variants
  • Logging of digital footprint of customers / applications

Encryption and other Security Measures

  • API connections and data in transit should be encrypted using TLS 1.2 at the minimum
  • Use Cipher Suites w/ Perfect Forward Secrecy! e.g. ECDHE_RSA_WITH_AES_256_GCM_SHA256
  • Use Extended Validation (EV) Certificates

Encryption and other Security Measures

  • Use HMAC signature-based authentication model for API key exchange
  • Use RESTful APIs instead of SOAP APIs
  • Use of JSON Web Tokens (JWT) as the format for security tokens
  • Whitelist and allow only valid entities
  • Use Security headers
  • Avoid Sensitive information in HTTP requests

General Secure Development Principles

  • Develop using secure coding principles

Parameter Validation

  • Validate content types
  • Validate lengths, structures and schemas
  • Perform input validation to sanitize all inputs

Threat Detection

  • Apply threat detection using WAF
Facebook-square Instagram Twitter

[email protected]

About

Standard

Documentation

Insights

Directory

Close Bitnami banner
Bitnami