UK Open Banking Conformance Profile
The UK Open Banking conformance profile is available on CONTRACT tier accounts only. This profile requires the uk_open_banking_conformance entitlement. Contact your account manager to enable it. See plan availability and pricing.
The UK Open Banking conformance profile verifies that your API meets the UK Open Banking Security Profile, which is based on Financial-Grade API (FAPI) standards and required for PSD2-compliant Open Banking implementations.
What it checks
| Check | Description |
|---|---|
| MTLS or private_key_jwt | The client authenticates using Mutual TLS or private_key_jwt (not client_secret_basic) |
| PKCE + state parameter | Authorization Code flows use PKCE with a state parameter |
x-fapi-interaction-id header | Responses echo the x-fapi-interaction-id request header |
x-fapi-auth-date / x-fapi-customer-ip-address | Required headers are present in TPP-originated requests |
| Consent IDs in responses | Account and payment APIs return consent resource IDs |
| TLS 1.2+ | All connections use TLS 1.2 or higher |
| JARM (JWT Secured Authorization Response Mode) | Where required by the profile level |
Enabling the profile
- Go to Project Settings → Conformance.
- Under Security Profiles, select UK Open Banking.
- Configure the profile level (v3.1.x point release).
- Save changes.
Relationship to FAPI
The UK Open Banking Security Profile is built on top of FAPI-RW-ID2. If you are implementing a broader FAPI profile, see FAPI-RW-ID2.
Interpreting results
Conformance results appear in INVESTIGATE → Conformance. Each check maps to a specific section of the Open Banking specification, which is linked in the result detail view.
See also
- Conformance overview
- FAPI-RW-ID2 profile
- FHIR Conformance — related profile for healthcare APIs