Webhook Support in FAPI

Issue #306 open
Anoop Saxena created an issue

Opportunity :

  • Many fintech companies have a need for real-time data updates needs from banks so they can provide customers (consumer and small business) features in their product.  The fintech companies poll data often to check if there is any updated data for customer accounts.
  • The polling creates a lot of burden on Data providers to scale infrastructure to support the volume of requests. In most cases, the data does not change due to no activity on the account. 
  • Fintech companies poll the data often in 24hrs and some do once in 24hrs. 


  1. Webhook subscription via FAPI Grant API.
    "remittanceInformationUnstructured":"MERCHANT LTD"
    “jwt” (or jwe or HMAC): “Aspsp User + account token”. (Base64 & encrypted  sent in webhook call to ASPSP in HMAC header??)???

2. Webhook Endpoint – ASPSP implementation

  1. Two Options – Indicating a change

    1. Data provider sends a notification with jwt & event id (valid for X hrs?? do we need this …undue burden on the cache in Data providers). Then data receiver initiate pull request to query accounts data of customer & account in JWT. [Recommended}
    2. Data provider sends a notification with data set (same entities as pull method).
  2. MTLS

  3. HMAC header with jwt token.
  4. Body Same data as pull method (OpenBanking or FDX or CDS).

Comments (6)

  1. Nat Sakimura
    • changed status to open

    To be added to the implementation guidance as an example of how to do it. If there is going to be more demands on it, we may turn it into a spec then.

  2. Log in to comment