open banking
play

OPEN BANKING TALES FROM THE FRONTIER Anca Zaharia Jason Maude - PowerPoint PPT Presentation

Apr 12, 2023 •278 likes •712 views

OPEN BANKING TALES FROM THE FRONTIER Anca Zaharia Jason Maude @ancaleuca @jasonmaude What is open banking? The legislation and associated technology that allow customers of financial institutions greater control of data that those

  1. OPEN BANKING TALES FROM THE FRONTIER Anca Zaharia Jason Maude @ancaleuca @jasonmaude

  2. What is open banking? The legislation and associated technology that allow customers of financial institutions greater control of data that those institutions hold about them.

  3. Who are Starling Bank? • Tech start-up with a banking licence • ~100% cloud-based, mobile-only • All the features that you’d expect from a current account and more • Public APIs & developer platform

  4. Public APIs • Most actions that can be performed through the mobile apps are available • Allows individuals to connect up their bank account to their own code

  5. The Starling Bank marketplace • Allows customers to securely connect to selected partners via their Starling Bank account • Providers of mortgages, pensions, savings and investments etc

  6. LESSON 1: UNDERSTAND OAUTH 2

  7. OAuth 2 overview Auth Resource User Client server server

  8. Client authentication 1. Redirect Partner Auth web app app https://oauth.starlingbank.com ● cl client_id =$client_id ● re response_type =code ● st state =$state ● re redire rect_uri ri =$redirect_uri

  9. Client authentication 1. Redirect 2. Send QR code Starling Auth web Partner app app app

  10. Client authorisation 1. Redirect 2. Send QR code Starling Auth web Partner app app app 3. Login, review permissions

  11. Client authorisation 1. Redirect 2. Send QR code Starling Auth web Partner app app app 3. Login, review permissions Starling 4. Authorise API 5. Generate auth code

  12. Client authorisation 1. Redirect 2. Send QR code Starling Auth web Partner app app app 3. Login, review 6. Poll for permissions auth code Starling 4. Authorise API 5. Generate auth code

  13. Client authorisation 1. Redirect 2. Send QR code Starling Auth web Partner app app app 7. Redirect 3. Login, review 6. Poll for permissions auth code /redirect_uri ● st state =$state ● co code =$auth_code Starling 4. Authorise API 5. Generate auth code

  14. Exchange auth code for access token Starling API Partner API POST https://api.starlingbank.com/oauth/access-token Request Response ● code =$auth_code co ● access_token ac ● cl client_id =$client_id ● refre re resh_token ● client_secr cl cret =$client_secret ● token_type=Bearer ● grant_type=authorization_code ● ex expires_ es_in ● redirect_uri=$redirect_uri ● sc scope

  15. Use access token Starling API Partner API -H "Authorization: Bearer $ ac access_token " https://api.starlingbank.com/api/v1/accounts/balance

  16. Example screens for Wealthify using 2-way OAuth flow

  17. Additional security • Highly sensitive requests (e.g., payment instructions) must be sig igned

  18. Token storage ● Don’t forget to delete expired tokens

  19. LESSON 2: YOU CAN’T ALWAYS CONNECT

  20. Things will go wrong

  21. Losing requests and responses Request Partner Starling API API Request Response

  22. DITTO architecture The system must ensure that every instruction from a user is actioned at least once and at most once

  23. Losing requests - at least once Request Partner Starling API API

  24. Losing responses - at most once Request Partner Starling API API Response

  25. LESSON 3: MAKE TESTING EASY

  27. Personal access Developer Portal account Starling Bank account

  28. Personal access $ curl -H “Authorization: Bearer <personal access token>” https://api.starlingbank.com/api/v1/tr ansactions

  29. What if I want more?

  30. Play in the sandbox

  31. LESSON 4: WORK ON YOUR PERMISSIONS MODEL

  32. Permission model v1 Tier 5 Make payments Tier 4 Create payees Tier 2 Tier 1 Tier 3 Read personal Read financial Write financial

  33. Permission model v2 Create Delete Read Edit Payees DD Mandates Address Metadata Create Read Read Create Savings Goal Transactions Balance Local Payment

  34. Displaying permissions

  35. LESSON 5: MONITOR YOUR API

  36. Monitoring and observability stack Instana Prometheus Grafana Alertmanager Elastalert Pagerduty Elasticsearch Logstash Kibana

  39. THE FUTURE

  40. Open integration platform Open Starling API Partner integration API platform

  41. Share your identity confirmation KYC Starling API Partner API

  42. Key takeaways • Lesson 1: Understand OAuth • Lesson 2: You can’t always connect • Lesson 3: Make testing easy • Lesson 4: Work on your permissions model • Lesson 5: Monitor your API

  43. Thank you! Check out the Starling Developer Podcast! https://developer.starlingbank.com @ancaleuca @jasonmaude

Recommend

EBA Open Banking Working Group Understanding the business relevance of Open APIs and Open Banking

EBA Open Banking Working Group Understanding the business relevance of Open APIs and Open Banking

EBA Open Banking Working Group Understanding the business relevance of Open APIs and Open Banking for providers of payment services Table of Contents 1 Introduction Services on top of infrastructure layer 2 Relevant API concepts Basic

380 views • 25 slides
Open Banking in the UK David Beardmore Commercial Director The Open Data Institute agenda

Open Banking in the UK David Beardmore Commercial Director The Open Data Institute agenda

Open Banking in the UK David Beardmore Commercial Director The Open Data Institute agenda about the ODI open banking in the UK: background open banking in the UK: current situation what can NZ banking learn from UK progress? what next? we

232 views • 21 slides
Open Forum on Open Banking Dublin, 20 th June 2017 ERPB Working Group on PIS - Status Thomas

Open Forum on Open Banking Dublin, 20 th June 2017 ERPB Working Group on PIS - Status Thomas

Open Forum on Open Banking Dublin, 20 th June 2017 ERPB Working Group on PIS - Status Thomas Egner Secretary General, Euro Banking Association The journey so far 3 weinars O. Operational &amp; technical matters Interface PIS-WG

435 views • 25 slides
Demonstrating the CDR: Open Banking APIs 2 What is the Consumer Data Right? Product Information

Demonstrating the CDR: Open Banking APIs 2 What is the Consumer Data Right? Product Information

1 Demonstrating the CDR: Open Banking APIs 2 What is the Consumer Data Right? Product Information Data Holders and Consent to share Australian Consumers Open Banking, Energy, Telecommunications Consent based, time and scope limited

344 views • 15 slides
The State of Open Banking What you need to know Ismail Chaib, COO Point 2018 ismail@tesobe.com

The State of Open Banking What you need to know Ismail Chaib, COO Point 2018 ismail@tesobe.com

The State of Open Banking What you need to know Ismail Chaib, COO Point 2018 ismail@tesobe.com Auckland, NZ Point 2018, NZ June 25-26 2018 Background COO, Open Bank Project 5 years in Open Banking Tweet @iChaib 2 Point 2018, NZ

628 views • 33 slides
Logical A Architecture f for O Open B Banki king, I Internet n not r required Open Banking

Logical A Architecture f for O Open B Banki king, I Internet n not r required Open Banking

Logical A Architecture f for O Open B Banki king, I Internet n not r required Open Banking TPP private Aggregator TPP TPP Bank Bank PoP Mainframe Equinix Cloud Exchange Network Functions TPP Firewall Security: Data Cache &amp;

628 views • 18 slides
The current state of banking APIs Open APIs are high priority for financial institutions What are

The current state of banking APIs Open APIs are high priority for financial institutions What are

The current state of banking APIs Open APIs are high priority for financial institutions What are banks doing about it? How important are Open APIs to banks? 2 http://www.briansolis.com/2016/12/top-10-retail-banking-trends-predictions-2017/

449 views • 20 slides
Open Data, Open Banking Where Next? 7 February #FSFEvents @TheFSForum - @this_is_bud -

Open Data, Open Banking Where Next? 7 February #FSFEvents @TheFSForum - @this_is_bud -

Kindly hosted by : Open Data, Open Banking Where Next? 7 February #FSFEvents @TheFSForum - @this_is_bud - @pensionbee - @AventusNetwork The Financial Services Forum C ORPORATE P ARTNERS : Kindly hosted by : Alan Walsh Bud #FSFEvents

738 views • 63 slides
OPEN BANKING WHAT IT CAN DO AND WHY IT MATTERS Jan Mosiewicz &amp; Sandra Parry 1 FIRST A BIT

OPEN BANKING WHAT IT CAN DO AND WHY IT MATTERS Jan Mosiewicz &amp; Sandra Parry 1 FIRST A BIT

OPEN BANKING WHAT IT CAN DO AND WHY IT MATTERS Jan Mosiewicz &amp; Sandra Parry 1 FIRST A BIT OF HISTORY Well a history of sorts - for many of you a quick whistle stop tour of how banks made us change the way in which we managed our money In

379 views • 12 slides
Slovak Banking API Standard. Rastislav Hudec, Marcel Laznia 01. Slovak Banking API Standard:

Slovak Banking API Standard. Rastislav Hudec, Marcel Laznia 01. Slovak Banking API Standard:

Slovak Banking API Standard. Rastislav Hudec, Marcel Laznia 01. Slovak Banking API Standard: Introduction 1.1 Why did SBA decide to prepare API standard? We knew that from January 13, 2018, banks in Slovakia had to open for the Third

368 views • 32 slides
How can we fix the identity problem? Asymmetric Warfare v3 Open banking and its discontents

How can we fix the identity problem? Asymmetric Warfare v3 Open banking and its discontents

How can we fix the identity problem? Asymmetric Warfare v3 Open banking and its discontents David G.W. Birch (15Mb Ltd.) The Point (Auckland, August 2018) dave@15Mb.ltd www.15Mb.ltd @dgwbirch Please copy and distribute (last updated 16

849 views • 22 slides
THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking)

THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking)

THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking) Regulations 2016 Presentation to Parliament by The Honourable Audley Shaw CD, MP. Minister of Finance and the Public Service

435 views • 6 slides
PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING

PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING

PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING SPEAKER PROFILE 1. Started in Conventional Banking Sales for OCBC Bank Retail, Business Banking and Corporate Banking, Kuala Lumpur Main Branch

830 views • 26 slides
Conference 2019 Break out 2a Open Banking Facilitator Bob Winnington (Money Advice Liaison

Conference 2019 Break out 2a Open Banking Facilitator Bob Winnington (Money Advice Liaison

Conference 2019 Break out 2a Open Banking Facilitator Bob Winnington (Money Advice Liaison Group) Speakers Sandra Parry (Digimass) and Gareth McNab (Nationwide) www.malg.org.uk/conference The Changing Face Of Debt Advice Digital - What

519 views • 27 slides
HDFC Banking &amp; PSU Debt Fund (An open ended debt scheme predominantly investing in debt

HDFC Banking &amp; PSU Debt Fund (An open ended debt scheme predominantly investing in debt

HDFC Banking &amp; PSU Debt Fund (An open ended debt scheme predominantly investing in debt instruments of banks, Public Sector Undertakings, Public Financial Institutions and Municipal Bonds) A portfolio of superior credit quality! * July 2020

519 views • 18 slides
HDFC Banking &amp; PSU Debt Fund (An open ended debt scheme predominantly investing in debt

HDFC Banking &amp; PSU Debt Fund (An open ended debt scheme predominantly investing in debt

HDFC Banking &amp; PSU Debt Fund (An open ended debt scheme predominantly investing in debt instruments of banks, Public Sector Undertakings, Public Financial Institutions and Municipal Bonds) June 2019 This product is suitable for investors who

188 views • 16 slides
Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking

Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking

Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking Evolution of ANZ &amp; NBNZ Mobile Banking Txt Banking NBNZ iBank M-Banking ANZ goMoney NBNZ Mobile Banking and M-Banking for iPhone browser for

429 views • 8 slides
Open Banking and the Consumer Data Right Patrick Dwyer Legal Director Dwyer Harris

Open Banking and the Consumer Data Right Patrick Dwyer Legal Director Dwyer Harris

Open Banking and the Consumer Data Right Patrick Dwyer Legal Director Dwyer Harris Presentation to Europe Asia Conference Venice, Italy, January 2020 Venice, the birthplace of banks The Bank of Venice was the first national bank to have

821 views • 53 slides
Banking Transformation in ASEAN and Mobile Banking in Indonesia 16 Feb 2012 Indonesia

Banking Transformation in ASEAN and Mobile Banking in Indonesia 16 Feb 2012 Indonesia

Banking Transformation in ASEAN and Mobile Banking in Indonesia 16 Feb 2012 Indonesia International Banking Convention (IIBC) Devabalan Theyventheran Head of Transformation Office and Business Process Development CIMB Group Agenda 1

439 views • 24 slides
RBC CM FINOS Open Source Strategy Forum 2019 Kim Prado Global Head - Client Insight, Banking

RBC CM FINOS Open Source Strategy Forum 2019 Kim Prado Global Head - Client Insight, Banking

RBC CM FINOS Open Source Strategy Forum 2019 Kim Prado Global Head - Client Insight, Banking &amp; Digital Channels Technology RBC Capital Markets / strategy 1 2 3 Incorporate Additional Invest in Artificial Monetize the data Data Sets

419 views • 25 slides
The Italian Banking System in the Perspective of the Banking Union Fabio Panetta Member of the

The Italian Banking System in the Perspective of the Banking Union Fabio Panetta Member of the

The Italian Banking System in the Perspective of the Banking Union Fabio Panetta Member of the Governing Board - Banca dItalia London, November 21, 2013 Outline of the Presentation 1. The Banking Union (BU) project o the Single Supervisory

321 views • 21 slides
About Deutsche Bank Strategy 2020: Digitalize DB -Targeting up to EUR 1bn of incremental

About Deutsche Bank Strategy 2020: Digitalize DB -Targeting up to EUR 1bn of incremental

eID: the business case for the banking and finance community 5th June 2015 Overview No. Topic 2 2 Context Context 3 eID Key concepts 4 Identity in Banking 5 Drivers for eID adoption Applicability in the banking world 6 Key

88 views • 8 slides
BANKING STAFFING WHAT IS IT? HOW DOES IT WORK? What is banking staffing? For schools - a

BANKING STAFFING WHAT IS IT? HOW DOES IT WORK? What is banking staffing? For schools - a

BANKING STAFFING WHAT IS IT? HOW DOES IT WORK? What is banking staffing? For schools - a system for managing staffing entitlement For MoE - a mechanism for paying teachers Boards of trustees hire and employ teachers MoE pays

504 views • 24 slides
Wholesale Banking Stockholm 2018-05-25 Martin Persson, Head of Wholesale Banking 1 Wholesale

Wholesale Banking Stockholm 2018-05-25 Martin Persson, Head of Wholesale Banking 1 Wholesale

Wholesale Banking Stockholm 2018-05-25 Martin Persson, Head of Wholesale Banking 1 Wholesale Banking contribution to Nordea group FY 2017 OPERATING INCOME OPERATING PROFIT ECONOMIC CAPITAL FTEs 12% 19% 20% 29% 71% 80% 81% 88%

452 views • 11 slides

More recommend