[Openid-specs-fapi] Email to openbanking re x-fapi headers

Dave Tonge dave.tonge at momentumft.co.uk
Wed Sep 13 15:03:07 UTC 2017

Hi all,

As discussed on today's FAPI call, I plan to send the below email to the UK
OpenBanking team.

Please get back to me if you would like me to change or add anything.




Dear UK OpenBanking Team

*Intention to remove `x-` prefix from headers*

We have had various discussions
<https://bitbucket.org/openid/fapi/issues/102/query-re-x-fapi-headers> in
the Financial API Working Group at the OpenID Foundation about the current
usage of the `x-` prefix for headers in the FAPI profile.

The usage of this prefix is deprecated according to RFC6648
<https://tools.ietf.org/html/rfc6648> and given the intention for the FAPI
spec to be a long-lasting international standard we are planning to change
all `x-fap-*` headers to simply be `fapi-*`. For example
`x-fapi-interaction-id` would become `fapi-interaction-id`.

We understand that the UK OpenBanking specs have many references to these
headers as they are being used to provide information for fraud decisions
and to detect whether a customer is present. Therefore we wanted to inform
you of our intention as we understand that it will require a normative
change to your specs.

We strongly suggest that such a change is made now while implementations
are still in development rather than being added to a "version 2".

We will discuss this issue again in our meeting on the 27th September and
would appreciate any feedback prior to that date.


Dave Tonge
UK Implementation Entity Liason Officer
Financial API Working Group, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20170913/dcd15766/attachment.html>

More information about the Openid-specs-fapi mailing list