- Created by Adam Pretlove, last modified by Praveen Ponnumony on Dec 02, 2020
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 64 Next »
Implement Open Data v2.2 | Please note we intend to depreciate v 2.1 as of 17th January 2020 (3 month notice has been issued) | |
---|---|---|
Implement Read/Write API Specification v3.1 | ||
Implement Customer Experience Guidelines v1.1 |
| Sandbox full consent journey doesn’t form part of RTS scope. Prodn - deployments staggered weekly from 1st March to end of April. |
Implement App-to-App Redirection | Live in Production | |
Implement OB Security Profile Implementer's Draft v1.1.2 | ||
Implement FAPI Profile Implementers Draft 2 | TBC - Currently undertaking a infrastructure migration and as such our provisional target is to be FAPI compliant in our new Sandbox towards the end of 2020 / early 2021. | |
Implement CIBA Profile Implementers Draft 1 | N/A | |
Implement Dynamic Client Registration v1.1 | N/A | |
Implement Dynamic Client Registration v3.1 | TBC | Dynamic registration implementation is in progress. Date TBC |
Decommission Read/Write API Specification v1.x/2.x | TBC | Decommission date for v1 AIS Production (v1 not supported in sandbox) will be triggered when less than 5% usage. Currently 7.5% |
Decommission OB Security Profile Implementer's Draft v1.x | TBC | Need to understand security profiles - Eidas/Fapi & CIBA - dates not currently known |
Commence support for eIDAS QWAC certificates | 13th Sept 2019 | PROD rollout ready to progress with TPP's - no certs yet received |
---|---|---|
Commence support for eIDAS QSEAL certificates | Not supported | We do not plan on supporting QSEALs. |
Commence support for OBIE QWAC-like certificates | Live | Currently already supporting these certificates |
Commence support for OBIE QSEAL-like certificates | Live | Currently already supporting these certificates |
Cease support for OBIE non eIDAS-like certificates for transport | 30th June 2021 | |
Cease support for OBIE non eIDAS-like certificates for signing | 30th June 2021 | |
Support for MTLS token endpoint authentication | Already Live | |
Support for private_key_jwt token endpoint authentication | N/A | |
Cease support for client id and client secret token endpoint authentication | TBC | Following discussion with OBIE, agreed not to stop supporting Client Secret for all certificate types pending stabilisation of eIDAS. Date TBC. |
PRE-BREXIT - Certificates Accepted (until 31st Dec 2020) |
| |
---|---|---|
POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021) |
| |
POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021) |
| Only change is to remove support of OB legacy certificates. |
Planned Implementation Date to Satisfy FCA's Post Transition | 30th June 2021 | |
TPP PSU Migration Outcomes Supported | Certificate is not bound to consent so no migration is required other than to use a compliant certificate. | If a TPP needs any support in this process please contact us at openbankingAPI@santander.co.uk. |
POST-BREXIT Certificate Implementation Status (updated by OBIE IES team) | READY |
|
Directory? | Open Banking | ||
---|---|---|---|
Location of Well Known Endpoints? | OB Technical Directory | ||
API Standard Implemented? | Open Banking | ||
Name of Account Holder Implementation Date? | Completed - | ||
Date of Current eIDAS Implementation? | |||
Current Certificates used for Identification? | OB Transport + ClientID + Secret OBWAC QWAC | ||
Current Certificates used for Transport? | OB Transport OBWAC QWAC | ||
Current Certificates used for Signing? | OB Signing OBSEAL | ||
Date of Future eIDAS Implementation? | No future update currently planned. | ||
Future Certificates used for Identification? | |||
Future Certificates used for Transport? | |||
Future Certificates used for Signing? | |||
Major Milestones | Credit Card Accounts (AIS): 14 Aug 2019 App-to-app: 27 Aug 2019 Corporate Customers >6.5m 12 Sept 2019 Savings Accounts: 13 Sept 2019 Cahoot Accounts: 13 Sept 2019 CHAPS Payments 13 Sept 2019 Dynamic Registration: TBC CBPII Endpoints 14 Sept 2019 International Payments 14 Sept 2019 Credit Card Accounts (PIS): 29 Oct 2019 HCCR Update - In order to display balance amount in accordance with the HCCR regulation Santander will add the Balance Including Pending and Overdraft Remaining elements in the JSON response for all balance requests for applicable Retail and Business accounts. Deployment date 10th December 2019 3.1.5 AIS is scheduled for launch 30/08/20. Corporate functionality for Batch and BACS is due for end of July & Multi-Authorisation for end of September. If you or your Corporate customers want to access these services beforehand please contact openbankingAPI@santander.co.uk and we will discuss our contingency mechanism with you. | (Inc Other Products, API Updates, API Deprecations, etc) The customer balance including the overdraft will be sent in the JSON file as type 'InterimAvailable'.The remaining overdraft will be returned to TPPs in the JSON file as a creditline item and mapped as follows: OBCreditLine1 OBReadBalance1/Data/Balance/CreditLine/Included - this item will be set to "false". OBReadBalance1/Data/Balance/CreditLine/Type - set to "Available" OBReadBalance1/Data/Balance/CreditLine/Amount/Amount - set to the amount of the Overdraft Remaining OBReadBalance1/Data/Balance/CreditLine/Amount/Currency - set to the currency code of the account balance The creditline items for Pre-Agreed will remain as is but the item OBReadBalance1/Data/Balance/CreditLine/Included will be set to "false" | |
Brand(s) | |||
Security Profile? | OB Standards Security Profile compliant | Progressing to be compliant with the FAPI Profile supplied by the OpenID Foundation. | |
Security Profile Certification? | Yes (for OB Standards) | ||
CIBA | No | ||
Using Open Banking as your eIDAS Trust Framework? | Yes | ||
Are you caching the Directory? | Yes | ||
Transaction IDs | Option 1 Supported ALL Accounts (except Credit Cards) - Live Credit Card Accounts - Live | ASPSPs provide a Unique, Immutable TransactionID from their core system |
Implementing Customer Experience Guidelines? | Yes | Santander designs are looking to adhere to CEG but are also accounting for other regulatory commitments that fit outside of the CEG |
---|---|---|
Current CEG Version? | ||
Next CEG Version? | v3.1.5 | |
Next Version Implementation Date | December 2020 | |
Implementing Bespoke User Journeys? | No | |
Implementing App to App? | Yes | |
App to App Implementation Date? | ||
Options on 90 day re-authentication? | 90 day re-authentication | |
Support Embedded Flow? | No |
Dispute Management System? | Yes | |
---|---|---|
FCA Adjustment Period - Maintaining Screen Scraping? | Yes | Adjustment period now closed. Screen-scraping is no longer available. |
Seeking Fallback Exemption? | Yes | Granted exemption for Retail May 2020. Temporary solution for Corporate pending the delivery of payment types (see Major Milestones for more information). |
Adjusted or Fallback Interface? | No | Granted exemption for Retail May 2020. Temporary solution for Corporate pending the delivery of payment types (see Major Milestones for more information). |
Adjusted or Fallback URL | N/A | |
Contact Email or Phone Number | Business/Technical: openbankingAPI@santander.co.uk | |
Dev Portal URL? | https://developer.santander.co.uk https://sandbox-developer.santander.co.uk/sanuk/external-sandbox/ | |
Test Facility Implementation Date? | ||
Production Interface Implementation Date? | AIS V1 DEPRECATED V2 DEPRECATED V3.1 DEPRECATED V3.1.2 13 Sept 2019 PIS V1 DEPRECATED V3.1 CoF V3.1.2 13 Sept 2019 | |
Contingency Measures | Screen scraping access remained until Q1 2020 for those TPP's who had not yet launched API Open Banking services - as per SCA deferment guidance from the FCA. For Contingency Measure please see Major Milestones section above. | |
Article 10 - Maximum time period after authentication? | 90 days | |
Article 10 - Endpoints exempt of SCA | Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements | We are continuing to allow Customer non present access to these data endpoints as long as a valid consent token exists. |
Authentication Method - Open Banking Channel (Browser)? | Retail & Business – OTP Corporate – Hard token | |
Authentication Method - Open Banking Channel (APP)? | Retail – Biometric OR Security Number, AND Device Binding | |
Authentication Method - Private Channel (Browser)? | Retail & Business – OTP Corporate – Hard Token | |
Authentication Method - Private Channel (APP)? | Retail – OTP | |
Authentication Method Implementation Date (Open Banking Channel)? | Live | |
Authentication Method Implementation Date (Private Channel)? | Live | |
SCA Implementation Date? | SCA Login for Retail - Completed 15th June SCA Login for Cahoot - To be completed end of July SCA Login for Corporate - To be completed end of July | |
SCA Scope? (will it inhibit non PSD2 accounts) | Yes - Non PSD2 accounts will not be accessible where new SCA login is launched/used | PSD2 Payment Accounts will continue to be accessible via our Open Banking API's |
High Cost Credit | Santander - HCC.xlsx | The customer balance including the overdraft will be sent in the JSON file as type 'InterimAvailable'.The remaining overdraft will be returned to TPPs in the JSON file as a creditline item and mapped as follows: OBCreditLine1 OBReadBalance1/Data/Balance/CreditLine/Included - this item will be set to "false". OBReadBalance1/Data/Balance/CreditLine/Type - set to "Available" OBReadBalance1/Data/Balance/CreditLine/Amount/Amount - set to the amount of the Overdraft Remaining OBReadBalance1/Data/Balance/CreditLine/Amount/Currency - set to the currency code of the account balance The creditline items for Pre-Agreed will remain as is but the item OBReadBalance1/Data/Balance/CreditLine/Included will be set to "false" |
---|
After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header | Option 1 - Post the W007 expiry we will reinstate the signature validation. This means that if a TPP comes in with a B64 in the “crit” or as its own header “b64” it will need to be set to "false" otherwise it will error and fail the validation. We also plan to accept not sending the b64 claim also as description in Option 2). | This has been changed due to not meeting the v3.1.4 PIS specifications in time for June 16th. Once we are ready with v3.1.4 PIS we will announce the change to Option 2 (if a TPP comes in with a b64 in the “crit” or as its own header “b64” we will error and fail the validation.) |
---|
- No labels