This Section applies to ASPSPs that have impletemented OB Standards
Page Propertiesinfo
icon
false
id
Standards-Production
Implement Open Data v2.2
Please note we intend to depreciate v 2.1 as of 17th January 2020 (3 month notice has been issued)
Implement Read/Write API Specification v3.1
Implement Customer Experience Guidelines v1.1
Sandbox full consent journey doesn’t form part of RTS scope. Prodn - deployments staggered weekly from 1st March to end of April.
Implement App-to-App Redirection
Live in Production
Implement OB Security Profile Implementer's Draft v1.1.2
Implement FAPI Profile Implementers Draft 2
TBC - Currently undertaking a infrastructure migration and as such our provisional target is to be FAPI compliant in our new Sandbox towards the end of 2020 / early 2021.
Implement CIBA Profile Implementers Draft 1
N/A
Implement Dynamic Client Registration v1.1
N/A
Implement Dynamic Client Registration v3.1
TBC
Have you Implemented OB Standards?
Yes
No
Open Data - Which version have you Implemented?
None
V2.2
V2.3
V2.4
Read/Write API Specification Implemented or planning to implement
(Lowest version = Current, Highest version = Planned)
V3.0
V3.1
V3.1.1
V3.1.2
V3.1.3
V3.1.4
V3.1.5
V3.1.6
V3.1.7
V3.1.8
Read/Write API - Which date are you planning to implement your latest version?
Dynamic Client Registration - Which version have you Implemented or planning to implement?
(Lowest version = Current, Highest version = Planned)
None
V3.1
V3.2
V3.3
Dynamic registration implementation is in progress. Date TBC
Decommission Read/Write API Specification v1.x/2.x
TBC
Decommission date for v1 AIS Production (v1 not supported in sandbox) will be triggered when less than 5% usage. Currently 7.5%
Decommission OB Security Profile Implementer's Draft v1.x
TBC
Need to understand security profiles - Eidas/Fapi & CIBA - dates not currently known
Panel
DCR - Which date are you planning to implement your latest version?
Have you implemented Trusted beneficiaries, if not date planned to Implement?
Already Implemented
Planning to implement
Not planning to implement
Have you implemented Reverse Payments, if not date planned to Implement?
Already Implemented
Planning to implement
Not planning to implement
PISP - Single Payment Limit
£
PISP - Daily Payment Limit
£
How many months of transaction do you provide?
Panel
titleColor
Black
borderStyle
dashed
title
Method of IdentificationSecurity Profile
Page Properties
id
ID-Production
Commence support for eIDAS QWAC certificates
13th Sept 2019
PROD rollout ready to progress with TPP's - no certs yet received
Commence support for eIDAS QSEAL certificates
Not supported
We do not plan on supporting QSEALs.
Commence support for OBIE QWAC-like certificates
Live
Currently already supporting these certificates
Commence support for OBIE QSEAL-like certificates
Live
Currently already supporting these certificates
Cease support for OBIE non eIDAS-like certificates for transport
30th June 2021
Cease support for OBIE non eIDAS-like certificates for signing
30th June 2021
Support for MTLS token endpoint authentication
Already Live
Support for private_key_jwt token endpoint authentication
N/A
Which Security profile have you Implemented or planning to implement?
(Lowest version = Current, Highest version = Planned)
OB Security Profile (Legacy)
FAPI
Other (Please define)
Security Profile - Next Planned Version Implementation Date
CIBA Profile - Implemented or planning to implement
(Lowest version = Current, Highest version = Planned)
None
CIBA
CIBA FAPI Profile
CIBA Profile - Next Planned Version Implementation Date
Security Profile Certification date?
Token Endpoint Authentication Methods Supported
client_secret_post
client_secret_basic
client_secret_jwt
tls_client_auth
Private_key_jwt
Planned date to Cease support for client id and client secret token endpoint authentication
TBC
Following discussion with OBIE, agreed not to stop supporting Client Secret for all certificate types pending stabilisation of eIDAS. Date TBC.
Panel
titleColor
White
titleBGColor
#6180c3
borderStyle
dashed
title
Post Brexit Certificate Implementation
Page Properties
id
Standards-Production
PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)
eIDAS QWAC
eIDAS QSealC
OB legacy (obtransport, obsigning)
OBWAC
OBSeal
Other (Please define)
POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)
eIDAS QWAC
eIDAS QSealC
OB legacy (obtransport, obsigning)
OBWAC
OBSeal
Other (Please define)
POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
eIDAS QWAC
eIDAS QSealC
OB legacy (obtransport, obsigning)
OBWAC
OBSeal
Other (Please define)
Only change is to remove support of OB legacy certificates.
Planned Implementation Date to Satisfy FCA's Post Transition
We are continuing to allow Customer non present access to these data endpoints as long as a valid consent token exists.
Major Milestones
Credit Card Accounts (AIS): 14 Aug 2019
App-to-app: 27 Aug 2019
Corporate Customers >6.5m 12 Sept 2019
Savings Accounts: 13 Sept 2019
Cahoot Accounts: 13 Sept 2019
CHAPS Payments 13 Sept 2019
Dynamic Registration: TBC
CBPII Endpoints 14 Sept 2019
International Payments 14 Sept 2019
Credit Card Accounts (PIS): 29 Oct 2019
HCCR Update- In order to display balance amount in accordance with the HCCR regulation Santander will add the Balance Including Pending and Overdraft Remaining elements in the JSON response for all balance requests for applicable Retail and Business accounts.Deployment date 10th December 2019
3.1.5 AIS is scheduled for launch30/08/20.
Corporate functionality for Batch and BACS is due for end of July & Multi-Authorisation for end of September. If you or your Corporate customers want to access these services beforehand please contact openbankingAPI@santander.co.uk and we will discuss our contingency mechanism with you.
(Inc Other Products, API Updates, API Deprecations, etc)
The customer balance including the overdraft will be sent in the JSON file as type 'InterimAvailable'.The remaining overdraft will be returned to TPPs in the JSON file as a creditline item and mapped as follows:
OBCreditLine1
OBReadBalance1/Data/Balance/CreditLine/Included - this item will be set to "false".
OBReadBalance1/Data/Balance/CreditLine/Type - set to "Available"
OBReadBalance1/Data/Balance/CreditLine/Amount/Amount - set to the amount of the Overdraft Remaining
OBReadBalance1/Data/Balance/CreditLine/Amount/Currency - set to the currency code of the account balance
The creditline items forPre-Agreedwill remain as is but the itemOBReadBalance1/Data/Balance/CreditLine/Includedwill be set to "false"
Brand(s
)
Security Profile?
OB Standards Security Profile compliant
Progressing to be compliant with the FAPI Profile supplied by the OpenID Foundation.
Security Profile Certification?
Yes (for OB Standards
)
CIBA
No
Using Open Banking as your eIDAS Trust Framework?
Yes
Are you caching the Directory?
Yes
Transaction IDs
Option 1 Supported
ALL Accounts (except Credit Cards) - Live
Credit Card Accounts - Live
ASPSPs provide a Unique, Immutable TransactionID from their core system
Panel
borderStyle
dashed
title
Customer Journey
Page Properties
id
TC-CJ
Implementing Customer Experience Guidelines?
Yes
Santander designs are looking to adhere to CEG but are also accounting for other regulatory commitments that fit outside of the CEG
Current CEG Version?
Next CEG Version?
v3.1.5
Next Version Implementation Date
December 2020
Implementing Bespoke User Journeys?
No
Implementing App to App?
Yes
App to App Implementation Date?
Options on 90 day re-authentication?
90 day re-authentication
Support Embedded Flow?
No
Panel
titleColor
Black
borderStyle
dashed
title
PSD2ASPSP Dev Portal and Contact Details
Page Properties
id
TC-PSD2
Dispute Management System?
Yes
FCA Adjustment Period - Maintaining Screen Scraping?
Yes
Adjustment period now closed. Screen-scraping is no longer available.
Seeking Fallback Exemption?
Yes
Granted exemption for Retail May 2020. Temporary solution for Corporate pending the delivery of payment types (see Major Milestones for more information).
Adjusted or Fallback Interface?
No
Granted exemption for Retail May 2020. Temporary solution for Corporate pending the delivery of payment types (see Major Milestones for more information).
Screen scraping access remained until Q1 2020 for those TPP's who had not yet launched API Open Banking services - as per SCA deferment guidance from the FCA. For Contingency Measure please see Major Milestones section above.
Article 10 - Maximum time period after authentication?
The customer balance including the overdraft will be sent in the JSON file as type 'InterimAvailable'.The remaining overdraft will be returned to TPPs in the JSON file as a creditline item and mapped as follows:
OBCreditLine1
OBReadBalance1/Data/Balance/CreditLine/Included - this item will be set to "false".
OBReadBalance1/Data/Balance/CreditLine/Type - set to "Available"
OBReadBalance1/Data/Balance/CreditLine/Amount/Amount - set to the amount of the Overdraft Remaining
OBReadBalance1/Data/Balance/CreditLine/Amount/Currency - set to the currency code of the account balance
The creditline items for Pre-Agreed will remain as is but the item OBReadBalance1/Data/Balance/CreditLine/Included will be set to "false"
View file
name
Santander - HCC.xlsx
height
250
Page Properties
id
TC-W7
After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header
Option 1 -
Post the W007 expiry we will reinstate the signature validation. This means that if a TPP comes in with a B64 in the “crit” or as its own header “b64” it will need to be set to "false" otherwise it will error and fail the validation. We also plan to accept not sending the b64 claim also as description in Option 2).
This has been changed due to not meeting the v3.1.4 PIS specifications in time for June 16th. Once we are ready with v3.1.4 PIS we will announce the change to Option 2 (if a TPP comes in with a b64 in the “crit” or as its own header “b64” we will error and fail the validation.)