Remove x-fapi-financial-id

Issue #141 closed
Dave Tonge created an issue

I propose that we remove this field for the following reasons:

  • It is only required when multiple financial institutions are using the same endpoint. This should not be a recommended practice and even if it is implemented, there are better ways of handling this
  • most of the time it is just duplication that doesn't add any security benefits and often causes implementation problems. For example in the UK OpenBanking case financial id is different from the "issuer" value in most places - this just increases config requirements and chances for things to go wrong
  • It is one of the only places that ties the spec to a financial use case, whereas we want the spec to be used more widely.

Comments (6)

  1. Joseph Heenan

    The previous discussion about this is here for reference: https://bitbucket.org/openid/fapi/issues/49/x-fapi-financialid

    I'm inclined to agree with Dave. I don't see what security or technical benefits it provides.

    in the UK OpenBanking case financial id is different from the "issuer" value in most places

    I thought it was always different - the financial id is the org id on the directory (eg. "bghrOqZUMgBTV07eFcydf") where as the issuer is something like https://api.nationwide.co.uk/open-banking/v1.1

  2. Nat Sakimura

    Remove x-fapi-financial-id

    This header does not appear to have a useful function, and removing it makes the specification less specific to financial use cases.

    closes #141

    → <<cset ae9f95809ad4>>

  3. Log in to comment