Webhook Support in FAPI

Issue #306 new
Anoop Saxena created an issue

Opportunity :

  • Many fintech companies have a need for real-time data updates needs from banks so they can provide customers (consumer and small business) features in their product.  The fintech companies poll data often to check if there is any updated data for customer accounts.
  • The polling creates a lot of burden on Data providers to scale infrastructure to support the volume of requests. In most cases, the data does not change due to no activity on the account. 
  • Fintech companies poll the data often in 24hrs and some do once in 24hrs. 

Proposal:

  1. Webhook subscription via FAPI Grant API.
[ 
  { 
    "type":"payment_initiation",
    "locations":[ 
      "https://api.example_aspsp.com/payments"
    ],
    "instructedAmount":{ 
      "currency":"GBP",
      "amount":"31.94"
    },
    "creditorName":"Merchant",
    "creditorAccount":{ 
      "no":"98765432"
    },
    "remittanceInformationUnstructured":"MERCHANT LTD"
  },
  {
    "type":"webhook_subscription",
    "location":https://api.example_aspsp.com/webhoook,
    “jwt” (or jwe or HMAC): “Aspsp User + account token”. (Base64 & encrypted  sent in webhook call to ASPSP in HMAC header??)???
  }
]

2. Webhook Endpoint – ASPSP implementation

  1. Two Options – Indicating a change

    1. Data provider sends a notification with jwt & event id (valid for X hrs?? do we need this …undue burden on the cache in Data providers). Then data receiver initiate pull request to query accounts data of customer & account in JWT. [Recommended}
    2. Data provider sends a notification with data set (same entities as pull method).
  2. MTLS

  3. HMAC header with jwt token.
  4. Body Same data as pull method (OpenBanking or FDX or CDS).