Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 88 Next »

OB Standards

This Section applies to ASPSPs that have implemented OB Standards

-Have you Implemented OB Standards?

  • Yes
  • No

Open Data - Which version have you Implemented?

  • None
  • V2.2
  • V2.3
  • V2.4

As per OBIE communication sent on 11th March 2021, 8th June 2021 and finally 13th August , Barclays would like to remind TPPs / Developers that the following legacy Open APIs will be decommissioned from 18th August 2021:
• Product Details v2.1
• Product Details v2.2

TPPs / Developers should ensure that they have migrated to the newer versions of Open APIs by this time – calls to these legacy Open APIs after this date will fail.

Read/Write API Specification Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  • V3.0
  • V3.1
  • V3.1.1
  • V3.1.2
  • V3.1.3
  • V3.1.4
  • V3.1.5
  • V3.1.6
  • V3.1.7
  • V3.1.8

Read/Write API - Which date are you planning to implement your latest version?

Dynamic Client Registration - Which version have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  • None
  • V3.1
  • V3.2
  • V3.3

DCR - Which date are you planning to implement your latest version?TBC

Have you implemented Trusted beneficiaries, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 

Have you implemented Reverse Payments, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 
Implemented for domestic and international payments. 

Have you implemented ECA Standard?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 
Implementation plans under assessment, timeline tbc

ECA Implementation details


N/A

Have you implemented Bulk/File Payments?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 

Have you implemented VRP – Sweeping, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 
Q1 2022
PISP - Single Payment Limit£(Account and Product dependent) Detail available in FAQ's and Barclays Developer Portal 
PISP - Daily Payment Limit£(Account and Product dependent) Detail available in FAQ's and Barclays Developer Portal 
How many months of transaction do you provide?
(Account and Product dependent) Detail available in FAQ's and Barclays Developer Portal 


Security Profile


-Which Security profile have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  • OB Security Profile (Legacy)
  • FAPI
  • Other (Please define) 

Security Profile - Next Planned Version Implementation Date

CIBA Profile - Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  • None
  • CIBA
  • CIBA FAPI Profile
Plans to be confirmed
CIBA Profile - Next Planned Version Implementation Date
 TBC

Security Profile Certification date?

October 2020


Token Endpoint Authentication Methods Supported
  • client_secret_post
  • client_secret_basic
  • client_secret_jwt
  • tls_client_auth
  • Private_key_jwt

Planned date to Cease support for client id and client secret token endpoint authentication

Client secret authentication is not supported

TPPs must align their Open Banking implementations to the following security best practices recommended under FAPI 2

  • The request object must contain an exp claim

  • You must use PS256 algorithms to create the request Object signing

  • You must use https://oauth.tiaa.barclays.com as the aud claim in the request Object

  • You must use private_key_jwt instead of client secret authentication

  • You must receive ID tokens with PS256 signing algorithms

  • You must use “response type=code id_token

  • We’ll populate the acr claim in the ID token by default

POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 
  • eIDAS QWAC and eIDAS QSealC will only be accepted for NON-UK based TPP's. 


Customer Journey

-What is your approach to Implementing OBIE Customer Experience Guidelines (CEG)?

(tick all that apply)

  • Already Implemented
  • Planning to implement or upgrade
  • Not planning to implement CEG

Which version have you implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  • V3.1.2
  • V3.1.3
  • V3.1.4
  • V3.1.5
  • V3.1.6
  • V3.1.7
  • V3.1.8

Which date are you planning to implement your latest CEG version?TBC
Redirection Model
  • App to App redirection
  • Decoupled authentication
  • Embedded Flow
  • Bespoke User Journeys

Options on 90 day re-authentication?

90 day re-authentication required across all Open Banking flows
PSD2
-Which Directory are you using as your Trust Framework?Open Banking
Are you caching the Directory?

Transaction IDs SupportedMarch 2019 - Option 3 Supported

Are you enrolled to Dispute Management System?

  • Yes
  • No

Are you Seeking Fallback Exemption?

  • Yes
  • No


Article 10 - Maximum time period after authenticationNo restrictions applied other than SCA at Auth and Re-Auth
Article 10 - Endpoints exempt of SCA

None


Major Milestones

Delivered Items:

  • P2 2WR / Event Notification API since 
  • AIS / PIS / COF v3.1.4 since 
  • P7 Phase 1 (SIP) Refunds (Payments v3.1.4) since 
  • P7 Phase 2 (Non-SIP) Refunds (Payments v3.1.4) from 
  • P9 Payment Status since  - Changes may need to be made by TPP to cater for additional statuses as per OBIE specifications - in some instances, TPPs will need to call the Payment Status endpoint to ensure they have the latest view
  • CEG v3.1.5 (Agency Arrangement) from 
  • Waiver 007 (Payment and Event Notification Signing) from 

    • Key points for TPP awareness and action;

      • All payment requests in Sandbox and Production (as appropriate) must not include the b64 claim in the header.
      • Your requests will fail if they include the b64 claim after this date.
      • Changes at TPP side to enable sending JWS signature in Payment requests (as per Waiver specs; 3.1.4 & above) can be made any time before 26th October – if the change is not made by this date then your requests will fail
      • Changes at TPP side to validate JWS signature in Barclays’ payment response can only be made after 26th October
    • AIS v3.1.6 (CASS) from 
    • AIS / PIS / COF v3.1.7 - No changes implemented

Future Delivery Items:

  • Other deliverables to be aligned with CMA roadmap for 2021


Relevant AIS / PIS / CoF journeys supported for following payment account types:

  • Current Accounts (Personal and Business)
  • Current Accounts (Corporate)
  • Savings Accounts (Personal and Business)
  • Personal Credit Cards (Barclaycard)
  • Corporate Credit Cards
  • Currency Accounts (Personal and Business)
  • Currency Accounts (Corporate)


See https://developer.barclays.com/ for additional information relating to end point coverage

Note that Account Holder Name for PCA / BCA customers is available through PARTIES end point and through ACCOUNTS end point for Barclaycard UK, Barclaycard Commercial Payment and Barclays Corporate customers


IMPORTANT INFORMATION

In order to complete Open Banking journeys, you will need to establish the Identity Provider (IDP) authentication method for your implementation.

An IDP is a system to authenticate and gain permission from an end user - such as a customer, to access their resources e.g. their account data. For Open Banking, this is used to authenticate the customer providing the consent to the Third Party.

Examples of an IDP in Open Banking includes Barclays app (Personal and Business Banking customers) and iPortal (Barclays Corporate clients), but we have a number of methods depending on the customer type and digital channel that they use. This needs to be considered in your development.

The latest OpenID configuration (OIDC) URLs available are shown below

TPPs are reminded that latest URLS MUST be used and where a legacy URL is still being used then TPP MUST migrate to URLs below

Note - some Business Banking clients will require the Corporate Banking IDP as they use Corporate Banking services to fulfil their business requirements and some Corporate clients will require the Business Banking IDP as they use Business Banking services to fulfil their business requirements


Brand(s)
  • Use of the Barclays logo is not permitted for marketing purposes
  • The Barclays logo can be used for the purposes of identifying and distinguishing, within AIS and/or PIS, Barclays as the source of our Read-only Data and Read/Write Data
  • The Barclays logo can also appear in webpages or other materials for the purpose of displaying that the service can connect to Barclays, however this should only be done in conjunction with logos of other major banks.
  • There should be no specific identification of Barclays in isolation and no suggestion that Barclays in any way endorses or is partnered with your solution.
ASPSP Dev Portal and Contact Details

Location of Well Known Endpoints



Modified Customer Interface URL (if applicable)



Dev Portal URLhttps://developer.barclays.com/open-banking
Test Facility URL

ASPSP Support Desk Email or Phone Number

BarclaysOpenBankingQueries@barclayscorp.com


Key Implementations

High Cost Credit

Barclays - HCC.xlsx

  • No labels