- Created by Adam Pretlove , last modified on Jun 15, 2020
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 52 Next »
| Implement Open Data v2.2 | COMPLETE | |
|---|---|---|
| Implement Read/Write API Specification v3.1 | COMPLETE | |
| Implement Customer Experience Guidelines v1.1 | COMPLETE | |
| Implement App-to-App Redirection | COMPLETE | |
| Implement OB Security Profile Implementer's Draft v1.1.2 | COMPLETE | |
| Implement FAPI Profile Implementers Draft 2 | Phased migration to FAPI 2 by Q1 2020 | Update 22/05 - TPPs are reminded that notifications were sent in December 2019 / March 2020 that Barclays would enforce FAPI rules from 31st March 2020. This was delayed due to COVID however there are still some TPPs that have not migrated and so we request that this is completed as soon as possible. If there are issues / blockers then please reach out to the team. |
| Implement CIBA Profile Implementers Draft 1 | TBC | Plans to be confirmed |
| Implement Dynamic Client Registration v1.1 | Not Delivered | |
| Implement Dynamic Client Registration v3.1 | TBC | Plans to be confirmed |
| Decommission Read/Write API Specification v1.x/2.x | Plans to decommission AIS v1 / v2 in May - however this has been delayed due to COVID | |
| Decommission OB Security Profile Implementer's Draft v1.x | TBC - No Plans |
| Commence support for eIDAS QWAC certificates | From Q1 2020 | |
|---|---|---|
| Commence support for eIDAS QSEAL certificates | From Q1 2020 | |
Commence support for OBIE QWAC-like certificates | From 14th September | |
| Commence support for OBIE QSEAL-like certificates | From 14th September | |
| Cease support for OBIE non eIDAS-like certificates for transport | No Plans | |
| Cease support for OBIE non eIDAS-like certificates for signing | No Plans | |
| Support for MTLS token endpoint authentication | No Plans | |
| Support for private_key_jwt token endpoint authentication | June 2019 | |
| Cease support for client id and client secret token endpoint authentication | No Plans | Barclays suggests TPPs to use Private Key JWT but won’t stop the support for client id and secret |
Directory? | Open Banking | ||
|---|---|---|---|
Location of Well Known Endpoints? | OB Technical Directory | ||
API Standard Implemented? | Open Banking | ||
Name of Account Holder Implementation Date? | Completed - September 2019 | ||
| Date of Current eIDAS Implementation? | September 2019 | ||
| Current Certificates used for Identification? | OB Transport + ClientID + Secret OBWAC | ||
| Current Certificates used for Transport? | OB Transport / OBWAC | ||
| Current Certificates used for Signing? | OB Signing / OBSEAL | ||
| Date of Future eIDAS Implementation? | March 2020 | As of the 14th of March, TPP’s will be able to onboard via two routes with Barclays inclusive of, uploading QWAC and QSEAL certificates directly to the OB directory, and will be required to use existing manual / BDN APP to onboarding using the SSA generated on OB directory. The second route is to directly onboard to Barclays by invoking the Barclays Dynamic Client Registration APIs using eIDAS certificates. Please refer to Barclays Developer Network for further information on Barclays implementation of DCR. | |
| Future Certificates used for Identification? | OBWAC / QWAC | ||
| Future Certificates used for Transport? | OBWAC / QWAC | ||
| Future Certificates used for Signing? | OBSEAL / QSEAL | ||
Major Milestones | v3.1 – v3.1.1 – Implementation of all AIS / PIS / CoF end points COMPLETE AIS / PIS / CoF journeys supported for following payment account types: Current Accounts (Personal and Business) Current Accounts (Corporate) Savings Accounts (Personal and Business) Personal Credit Cards (Barclaycard) Corporate Credit Cards Currency Accounts (Personal and Business) Currency Accounts (Corporate) Pingit E-Wallets
Future Delivery Dates P2 2WR / Event Notification API – NOW LIVE since P7 Refunds (Payments v3.1.4) – P9 Payment Status – Phased changes to Payment Statuses from - in some instances, TPPs will need to call the Payment Status endpoint to ensure they have the latest view Waiver 007 (Payment Signing, v3.1.4) – - No changes are needed before this date. Once this is completed, it’s important to note validation will be completed against all v3 payment requests, to avoid payment failures you’ll need to make your changes from our implementation date | See https://developer.barclays.com/ for additional information relating to end point coverage Note that Account Holder Name for PCA / BCA / Pingit customers is available through PARTIES end point and through ACCOUNTS end point for Barclaycard UK, Barclaycard Commercial Payment and Barclays Corporate customers IMPORTANT INFORMATION In order to complete Open Banking journeys, you will need to establish the Identity Provider (IDP) authentication method for your implementation. An IDP is a system to authenticate and gain permission from an end user - such as a customer, to access their resources e.g. their account data. For Open Banking, this is used to authenticate the customer providing the consent to the Third Party. Examples of an IDP in Open Banking includes Barclays app (Personal and Business Banking customers) and iPortal (Barclays Corporate clients), but we have a number of methods depending on the customer type and digital channel that they use. This needs to be considered in your development. The latest OpenID configuration (OIDC) URLs available are shown below TPPs are reminded that latest URLS MUST be used and where a legacy URL is still being used then TPP MUST migrate to URLs below
Note - some Business Banking clients will require the Corporate Banking IDP as they use Corporate Banking services to fulfil their business requirements and some Corporate clients will require the Business Banking IDP as they use Business Banking services to fulfil their business requirements | |
| Brand(s) | |||
| Security Profile? | Currently Open Banking Security Profile Phased migration to FAPI 2 by Q1 2020 | Update 22/05 - TPPs are reminded that notifications were sent in December 2019 / March 2020 that Barclays would enforce FAPI rules from 31st March 2020. This was delayed due to COVID however there are still some TPPs that have not migrated and so we request that this is completed as soon as possible. If there are issues / blockers then please reach out to the team. | |
| Security Profile Certification? | Yes | ||
CIBA | TBC - No plans | ||
| Using Open Banking as your eIDAS Trust Framework? | TBC | ||
| Are you caching the Directory? | |||
| Transaction IDs | March 2019 - Option 3 Supported | 3 (longer term commitment to option 1) |
Implementing Customer Experience Guidelines? | Yes | |
|---|---|---|
| Current CEG Version? | v3.1.2 | |
| Next CEG Version? | v3.1.5 | |
| Next Version Implementation Date | September 2020 | |
Implementing Bespoke User Journeys? | No | |
Implementing App to App? | Yes | |
| App to App Implementation Date? | Live | |
Options on 90 day re-authentication? | 90 day re-authentication required across all Open Banking flows | |
Support Embedded Flow? | No |
Dispute Management System? | Yes | |
|---|---|---|
| FCA Adjustment Period - Maintaining Screen Scraping? | Yes | |
Seeking Fallback Exemption? | Yes | |
Adjusted or Fallback Interface? | No | |
| Adjusted or Fallback URL? | N/A | |
| Contact Email or Phone Number? | BarclaysAPISupport@barclayscorp.com | |
| Dev Portal URLs | https://developer.barclays.com/open-banking | |
Test Facility Implementation Date? | ||
| Production Interface Implementation Date? | ||
| Contingency Measures | Barclays are aligned to FCA adjustment period and supporting the phased migration of Screen Scraping by TPPs | |
| Article 10 - Maximum time period after authentication? | No restrictions applied other than SCA at Auth and Re-Auth | |
| Article 10 - Endpoints exempt of SCA | None | |
Authentication Method - Open Banking Channel (Browser)? | SCA compliant digital channel logon | |
Authentication Method - Open Banking Channel (APP)? | SCA compliant digital channel logon | |
Authentication Method - Private Channel (Browser)? | SCA compliant digital channel logon | |
Authentication Method - Private Channel (APP)? | SCA compliant digital channel logon | |
Authentication Method Implementation Date (Open Banking Channel)? | Live | |
Authentication Method Implementation Date (Private Channel)? | Live | |
SCA Implementation Date? | Live Note - Barclays are aligned to FCA adjustment period and supporting the phased migration of Screen Scraping by TPPs | |
SCA Scope? (will it inhibit non PSD2 accounts) | No | Scope of Open Banking flows limited to PSD2 accounts only |
High Cost Credit | Barclays - HCC.xlsx |
|---|
After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header | Option 2 under Waiver 007 (Payment Signing, v3.1.4) implementation – No changes are needed before this date. Once this is completed, it’s important to note validation will be completed against all v3 payment requests, to avoid payment failures you’ll need to make your changes from our implementation date |
|---|
- No labels