Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


titleOB versus FAPI profile

On 23 August 2018, OBIE's Technical Design Authority (TDA) agreed a decision to switch from the Open Banking Security Profile to the Financial Grade API (FAPI) Profile. Due  

Due to the tight timelines of the CMA Order and PSD2/RTS, several ASPSPs were unable to support this switch prior to 14 September 2019. As such OBIE agreed to continue continued support for both the Open Banking Security Profile and the related Conformance Tool for a period of time to allow ASPSPs to migrate to the FAPI Profile, and for these ASPSPs to allow TPPs to also make this migration. As such, OBIE will continue OBIE also continued to support the Open Banking Security Profile and the related Conformance Tool until 14 September 2019, and will continue continued to issue and publish related Conformance Certificates until this time. After

Since 14 September 2019, OBIE will mark has marked the Open Banking Security Profile and the Conformance Tool as 'archived' and will no longer accept accepts requests for related Conformance Certificates.

OBIE encourages all ASPSPs to make the switch to FAPI as soon as possible and to apply for a related Conformance Certificate direct from the Open ID Foundation.

An OBIE Security Profile Conformance Certificate allows an Implementer to demonstrate that they have successfully implemented either of the following security profiles:


to the Financial Grade API (FAPI) Profile and Client Initiated Backchannel Authentication (CIBA) Profile



For Open Banking Security Profile Conformance Certificates:

  • Although the Implementer may download and run tests locally, Conformance Certificates will only be issued when the tests have been run and evidence supplied using the hosted version of the Open Banking Security Profile Conformance Tool .
  • The Implementer must have implemented the Open Banking Security Profile and use the Conformance Tool to test their implementation.
  • The Implementer must use the latest or most recent previously published version of the Conformance Tool
  • The Implementer must ensure that all sensitive information (e.g. private keys and authorisation headers) are redacted or removed prior to submission to OBIE.
  • OBIE will not normally publish new versions of the tool more frequently than every two weeks.
  • The tool will which generate a file which includes:
    • List of all tests run.
    • For each test run, a description, pass/fail flag, and link to the relevant specification reference.
  • The Implementer must also complete a signed attestation form to confirm that all evidence submitted is accurate and has not been altered in any way.

Number of Conformance Certificates needed

It is up to each Implementer as to how many Conformance Certificates they apply for.

For ASPSPs, each Conformance Certificate covers one base URL (e.g. This URL may include multiple brands and/or products, based on the same Security Profile. It is up to the Implementer to ensure they have run and submitted sufficient tests which cover all relevant brands/products as part of their Conformance Certification Request.

An ASPSP may have other brands/products on separate base URLs which have the exact same functionality, and may decide to declare that these bands/products are also covered by a single Conformance Certificate. However OBIE will only publish the Conformance Certificate based on the single base URL submitted by the Implementer.

Open Banking Conformance Certificates

Page Properties Report
firstcolumnOrg Name
headingsBrand(s), Org Type, Profile Version, Conformance Tool Version, Date Submitted, Status, No. of Failures, Planned Fix Date, Date Passed
cqllabel = "current" and space = "CER" and parent = "993394852"

as soon as possible and to apply for a related Conformance Certificate direct from the OpenID Foundation

FAPI Conformance Certificates



Previous/Expired Certificates

Please see previous/expired certificates here Open Banking Security Profile Conformance