News, Culture & Society

Understanding Open banking API specification

At the very epicenter of open banking is API technology. Without it, the entire ecosystem would crumble as it enables the whole data sharing to happen, which is the core functionality of the whole open concept.

Open Banking API is a financial term that means Open banking application programming interfaces. This tool enables third parties to securely access a customer’s data directly, providing a simple way to build innovative services without the need for any kind of prior user authentication.

In this article, we’ll shine a light on open banking API specification and which rules and regulations apply to this concept.

What are the basic specifications (rules) of open banking APIs?

The Open Banking API specification has been designed to simplify and standardize the way third-party developers can access banking data and offer their services. This is all done by using a well-established Open API Specification, approved by legislators.

Open APIs are an agreement between business and third-party app developers that strictly states how, when, and why specific services will be made available to them.

As Open banking gives access to banks’ data, it can be used by third-party developers with clear agreements between them and the financial institution on how and what data is being collected, used, etc.

Open Banking API specification is all about leveraging Open Data and Open Source so that banks can be more consumer-centric.

The Open Banking Standard in Europe: PSD2

In the European Union, Open banking was first introduced with the new Payment Services Directive (PSD2). This law sets strict requirements for third-party services where you can send, receive and store money (and not only).

Open banking in this field is regulated by the European Union’s legislators who issued its guidelines for Open Banking API specification.

To meet all of these requirements, third-party developers must register with each bank where they want to access data. The Open Banking Standard comprises 6 main rules:

  • Data access is available only with user consent
  • Personal data must be protected
  • Open Banking platform must be secure and reliable
  • Open Banking API specification must follow Open Data principles
  • Organizations are responsible for their Open Banking APIs quality
  • Open Banking Standard should promote innovation in financial services

There are more than 9,000 financial institutions in the EU, and until now each followed its own Open API guidelines.

Open Banking Standard has been designed to make things simpler by only allowing registered third-party developers access to Open Banking APIs with user consent (instead of asking for permission every single time).

Open Banking Standard applies to all third-party Open APIs that offer payment initiation, account information, or other financial services.

Should consumers trust PSD2 and open banking?

PSD2 was issued with a goal to improve the security of Open Banking APIs and Open Data access. And while this may have been a noble move on behalf of legislators, not all EU countries seem really interested in it.

In fact, Open banking is becoming quite popular due to the convenience it offers to all involved parties, but some citizens might not be too comfortable about sharing their Open banking data with third-party Open APIs.

Some of them have been skeptical from the start because Open Banking Open API specification leaves a lot to interpretation and so far there has been no clear answer as to how consumer personal data is being protected.

As Open banking API specification is continuously being developed and many countries and banks are slowly but surely moving towards adopting it, it’s not that easy to say if open banking open API specification will meet the level of security required by regulators.

But as of right now, there’re simply no reasons to not trust open banking.


Find local lawyers and law firms at