-Which Security profile have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned) | - OB Security Profile (Legacy)
- FAPI (ID2)
- FAPI 1 Advanced
- Other (Please define)
| On or after the 05th November 2024, HSBC will upgrade its FAPI-defined endpoints (/token, /authorize) to the OIDF FAPI 1.0 – Advanced specification. HSBC will maintain a period of backwards compatibility with FAPI 1.0 Implementers Draft 2 for these endpoints. This means that HSBC will start validating fields specified in FAPI 1.0 – Advanced, if they are provided by TPPs (for example the ‘nbf’ claim), but will not reject requests where they are not provided. To ensure no disruption to service, TPPs must check they support the default character encoding of UTF-8 for API responses, as is already specified in the Read / Write standard. HSBC will no longer return the default encoding in its API response headers. These changes will apply to both the v3.1.11 and v4.0 (once deployed) implementations. FAPI endpoints will be updated on our sandbox, on or after 06th December 2024. The sandbox will not provide backwards compatibility. IMPORTANT: Backwards compatibility for FAPI 1.0 Implementers Draft 2 will cease on or after 05th February 2025 across both v3.1.11 and v4.0 implementations. At that point, TPP alignment to FAPI 1.0 Final will become mandatory, and HSBC will enforce the provision of fields specified in FAPI 1.0 Final (such as the ‘nbf’ claim) by TPPs. |
---|