I want to publish the APIs to TSPs in compliance with Taiwan's open banking regulations. Does digiRunner adhere to the regulations?
Yes, digiRunner supports the OAuth 2.0 authorization framework and allows configuration of expiration period and validity times for access token & refresh token, which fully complies with the open banking regulations in Taiwan.
2. API security: Token Encryption
The Token encryption mechanism is regulated in stages according to the phase-in of open banking regulations in Taiwan. Can I configure it accordingly on digiRunner?
You can manage JWT settings for your APIs simply through the Admin Console of digiRunner. Configurations such as JWS for requests and JWE encryption for responses can all be done through the Admin Console with ease.
3. Third-Party Service Provider (TSP): Self-Service Account Request to Access API Resources
I have several collaborative third-party partners and it would take much effort to set up accounts one by one. Does digiRunner allow TSPs to request an account on their own and view the available APIs?
Yes, digiRunner provides API Portal (as shown in the figure below), which is your exclusive API Store. Your internal/external API users can request an account and API authorization through the digiRunner API Portal. You can review and approve the requests through the Admin Console.
4. Resource Owner (Bank Customer)
How will open banking change the lives of users? Can ordinary consumers (resource owners) access more diverse and convenient services through a single platform?
The core of open banking is to share data to third-parties (Third-Party Service Providers, TSPs) with consent of bank customers (consumers) through an open application programming interface (OpenAPI).
Data openness will accelerate innovative application and development of financial technology, create better user experience, expand business scenarios and ecosystems, and further provide customers with more convenient and diversified services.