[Openid-specs-fapi] Issue #306: Webhook Support in FAPI (openid/fapi)

Anoop Saxena issues-reply at bitbucket.org
Tue Aug 18 19:05:06 UTC 2020


New issue 306: Webhook Support in FAPI
https://bitbucket.org/openid/fapi/issues/306/webhook-support-in-fapi

Anoop Saxena:

**Opportunity :**

* Many fintech companies have a need for real-time data updates needs from banks so they can provide customers \(consumer and small business\) features in their product.  The fintech companies poll data often to check if there is any updated data for customer accounts.
* The polling creates a lot of burden on Data providers to scale infrastructure to support the volume of requests. In most cases, the data does not change due to no activity on the account. 
* Fintech companies poll the data often in 24hrs and some do once in 24hrs. 

 

**Proposal:**

1. Webhook subscription via FAPI Grant API.

 

\[ 

   \{ 

      **"type"**:"payment\_initiation",

      **"locations"**:\[ 

         "https://api.example\_aspsp.com/payments"

      \],

      **"instructedAmount"**:\{ 

         **"currency"**:"GBP",

         **"amount"**:"31.94"

      \},

      **"creditorName"**:"Merchant",

      **"creditorAccount"**:\{ 

         **"no"**:"98765432"

      \},

      **"remittanceInformationUnstructured"**:"MERCHANT LTD"

   \},

   \{

**"type"**:"webhook\_subscription",

**"location"**:[https://api.example\_aspsp.com/webhoook](https://api.example_aspsp.com/webhoook),

**“jwt” \(or jwe or HMAC\): “Aspsp User \+ account token”. \(Base64 & encrypted – sent in webhook call to ASPSP in HMAC header??\)**???

   \}

\]

2\. Webhook Endpoint – ASPSP implementation

1. Two Options – Indicating a change

    1. Data provider sends a notification with jwt & event id \(valid for X hrs?? do we need this …undue burden on the cache in Data providers\). Then data receiver initiate pull request to query accounts data of customer & account in JWT. \[Recommended\}
    2. Data provider sends a notification with data set \(same entities as pull method\).
    
2. MTLS
3. HMAC header with jwt token.
4. Body Same data as pull method \(OpenBanking or FDX or CDS\).

Responsible: Anoop Saxena


More information about the Openid-specs-fapi mailing list