Insights on Open Banking, Open Data, OAuth, FAPI, and financial API architecture - straight from the people who helped shape the specs.
TLS Certificate Expiry is Changing: Why You Must Automate Now In less than four years, public TLS certificates will only last 47 days. Manual renewals are dead. Automation is no longer optional. Here's what's changing and how to stay ahead. 🔐 The Timeline: Shorter and Shorter Certs The CA/Browser Forum has formally agreed to reduce certificate lifespans incrementally.
DPoP, PKCE, and mTLS: Modern OAuth Defences Demystified 2 June 2025 • by Opendata Consult Ltd Introduction OAuth 2.0 has long been the backbone of secure API access. But as threats evolved, so did the defences. Whether you're a fintech developer, an identity architect, or just someone who's been burned by a bad token design, understanding how to bind, constrain, and protect tokens is key.
The Rise of Federation in Open Banking: Beyond DCR and Into the Future Federation is gaining traction in Open Banking ecosystems that are looking to scale securely. In this article, we unpack what Federation is, how it differs from Dynamic Client Registration (DCR), who's adopting it, and how fintechs can get ahead of the curve.
Understanding Optional SSAs in FDX: DCR with and without Software Statements In the world of Dynamic Client Registration (DCR), one acronym tends to trip up even experienced implementers: SSA. While Open Banking specs like the UK's and Brazil's mandate Software Statement Assertions, the FDX spec takes a different approach-SSAs are optional.
Dynamic Client Registration in Open Banking: UK, Brasil, and FDX Compared Dynamic Client Registration (DCR) is a key component of Open Banking infrastructure, allowing fintechs and banks to onboard securely and automatically. But not all implementations are created equal. Here's how the UK, Brazil, and FDX differ.
The End of the Implicit Flow: Why OAuth 2.1 Matters for Modern Apps 28 March 2025 • by Opendata Consult Ltd In the world of web security, it's not often that deprecating a feature is cause for celebration. But with OAuth 2.1, that's exactly what's happening. The removal of the implicit flow is one of the most significant and welcome changes in the evolution of OAuth - especially for those building modern, secure fintech apps.
What's New in FAPI 2.0: The Future of Open Banking Security 27 March 2025 • by Opendata Consult Ltd With the ratification of FAPI 2.0 in early 2025, the OpenID Foundation has delivered a major update to the standards underpinning secure financial APIs.
Why FAPI is the Backbone of Secure Open Banking 26 March 2025 • by Opendata Consult Ltd Open Banking has reshaped how consumers and institutions interact with financial data. At the heart of this transformation lies the need for secure, interoperable APIs that can handle sensitive information without compromise.
OAuth has come a long way since its early days. In this article, we explore its evolution from OAuth 1.0 to OAuth 2.0, the rise of FAPI, and what fintech developers need to know about securing APIs in the age of Open Banking and decentralised identity.
👋 Enjoyed the article?
Book a Call with Us