数据共享的API标准专题报告

PIstandardsfordatasharingReportsubmittedbyConsultativeGrouponInnovationandtheDigitalEconomyOctober2022BISRepresentativeOfficefortheAmericasCGIDE–APIstandardsfordata-sharing–October20222ThispublicationisavailableontheBISwebsite().©BankforInternationalSettlements2022.Allrightsreserved.Briefexcerptsmaybereproducedortranslatedprovidedthesourceisstated.ISBN978-92-9259-606-4(online)CGIDE–APIstandardsfordata-sharing–October20223eofcontentsForeword5Executivesummary6Introduction71Background71.1Definitions71.1.1Data-sharing71.1.2APIcontent81.1.3Dataserialisation81.1.4APIdimensions81.1.5APIstandards91.2Messagingdataformatsanddatamodels91.3Dataproviders91.4Dataconsumers101.5Consentarchitecture101.6Theaccountaggregator102Data-sharingimplementationprocess123Data-sharingflowmodels133.1Centralisedmodel133.2Decentralisedmodel143.3Trustecosystemmodel154Interactionanddataflow154.1AfullycentralisedmodelviaAPIs164.2Acentralisedmodelviaathird-partyconsentapp174.3Atrustmodelwithoutcentraliser185TechnologicalconsiderationsforAPIdesign195.1ServiceAPIdesignpatterns195.2APIprotocolsandstyles225.3ServiceAPIaccesslevels245.4Securityconsiderations245.4.1JSONWebToken255.4.2OAuth2.0255.4.3OpenIDConnect26CGIDE–APIstandardsfordata-sharing–October202245.4.4Financial-gradeAPI(FAPI)26OpenfinanceinBrazil27OpenfinanceinMexico296APIaggregatorimplementation(demo)306.1Preconditions306.2Softwarearchitecture306.3Implementation316.4Testing357Conclusions38AnnexA:SurveyonAPIstandardsfordata-sharing39AnnexB:Data-sharingregulatorymodels41Market-driven41Regulatory-driven41AnnexC:Lessonslearnedfromotherinitiatives42Australia42India42Korea43Raidiam43UnitedKingdom44AnnexD:MembersoftheConsultativeGrouponInnovationandtheDigitalEconomy(CGIDE)45AnnexE:MembersoftheTechnicalTaskForce(TTF)oftheCGIDE46References47CGIDE–APIstandardsfordata-sharing–October20225ThisreportisthethirdpartofatrilogyonenablingopenfinancethroughAPIsundertheauspicesoftheBISConsultativeGrouponInnovationandtheDigitalEconomy(CGIDE).TheCGIDEwaslaunchedinFebruary2020tomeetdemandfromBankforInternationalSettlements(BIS)centralbankmembersintheAmericasforgreatercooperationintechnologicalinnovationandthedigitaleconomy.Thegroupprovidesaforuminwhichseniorcentralbankofficialscooperateandithasthefollowingobjectives:(i)Analysinganddevelopingpublictechnologicalinfrastructuresgearedtowardstacklingcommonshortcomingsinallparticipatingjurisdictions.(ii)Promotinganenvironmentsuitabletoopenbanking,potentiallythroughthedevelopmentofkeyapplicationprogramminginterfaces(APIs).(iii)Analysingtheimplicationsofthesepublictechnologicalinfrastructuresintermsofmarketstructureandregulatoryimplications.ThefirstCGIDEreport,EnablingopenfinancethroughAPIswaspublishedinDecember2020andexploredtechnicalissuessurroundingthedevelopmentofanidentificationandauthenticationAPIthatcouldbeusedtoimplementprivatelyandpubliclyadministeredopenfinancesolutionswithseamlessscalability.Thesecondreport,EnablingopenfinancethroughAPIs:reportonpaymentinitiation,analysedtwoalternativeAPIarchitecturesforpaymentinitiation,bothbasedonanauthenticationappformobilephonesdevelopedandmaintainedbyacentralvalidator.Thefirstoneinvolvestheuseofastandaloneapptoauthenticatecustomersforeachtransaction,managedbythecentralvalidator.Thesecondoneinvolvesembeddedfunctionalitythatallowscustomerstousetheirthird-partyappafterthecompletionofinitialonboardingwiththecentralvalidator’sauthenticationapplication.Thisisthethirdreportofthetrilogyanddealswithdata-sharingmodels.ThereportwaspreparedbyatechnicaltaskforceofcentralbankexpertsthatparticipateintheCGIDE.Itaimstoserveasausefulgeneralreferenceforcentralbanksseekingtodeveloptheirowndata-sharinginitiativesrelatedtoaccountaggregationinthecontextofopenfinance.CommentsarewelcomeandshouldbeaddressedtoCGIDEreport@.MiltonVegaChairTechnicalTaskForceCentralReserveBankofPeruMiguelDiazChairCGIDEHeadBISInnovationHubAlexandreTombiniBISChiefRepresentativefortheAmericasCGIDE–APIstandardsfordata-sharing–October20226Applicationprogramminginterfaces(APIs)areacriticalpartofopenfinance,andtheyareparticularlyimportantforenablingthesecureexchangeofinformationbetweendifferentparties.Yettoachievethis,acertainlevelofstandardisationisnecessary,aswellasagreementsonthetechnicalmodelwhichenablesdatatobeshared.Thisreportdivesintothesetechnicalissues.Theobjectiveistoprovidecentralbankswithimportantelementsaccordingtowhichtheintroductionofdata-sharinginfrastructuresintheireconomiescanbeevaluated.Data-sharingcanbedefinedastheprovisionofdatabyadataholderordataprovidertoathirdpartyordataconsumerwiththeconsentofthedataowner.Itisoneofthemainpillarsofopenbankinginitiativesandincorporatesacollectionofpractices,technologies,architecture,culturalelementsandlegalframeworksthatrelatetotheexchangeofdigitalinformationbetweenindividualsororganisations.Introducingexplicitdata-sharingmodelshasseveralbenefits.Itcanpromotetransparency,competitionandmarketentry,andcontributetoreciprocityandcooperationinthefinancialecosystem.Itcanimprovetheperformanceandvalueofservicesbycombiningdatafromdiversesources.Finally,itcanenablebetterdecision-making,deliverbetterproductsandempowercitizendataownership.Accountaggregators(AAs)areanintermediatetechnologicalplatformresponsibleformanagingandtransferringdataflowsbetweendataprovidersanddataconsumers.AAsareanimportantmechanismfortheimplementationofdata-sharing.Oneoftheirfunctionsistodevelopinteroperabilitybetweenparticipants.ButAAsareonlyintermediariesandcannotstorethedataorredirectittounauthorisedentities.AnimportantfeatureofAAsishowtheydevelopmechanismstogainconsentfordataflowsfromandfortheendusers.Thisreportpresentsthreetypesofdata-sharingmodel:centralised,decentralisedandtrustecosystem.Inacentralisedmodel,anAAcollectsthedata.Inadecentralisedmodel,participatingmembersagreetosharetheirdatawithotherparticipantsindividually.Thetrustframeworkishybrid;itisdecentralisedfordata-sharingandcentralisedforidentitymanagement.Itintegrateswithatrustedthirdpartyinsteadofanaggregator.Thislastmodelrequiresoperatorstocorrectlyestablishtheregistrationprocessforparticipants,aswellastoensuresecurityincommunicationsandagreeonastandardfortheexchangeofinformation.APIsareimportanttoshareinformationinthedata-sharingmodels.Todevelopthem,anauthoritymustevaluatetheirfunctionalities,accesslevels,standards,protocolsandsecuritymechanisms.ThethreemainaccesslevelsforAPIsarepublic,privateandpartner.Accesslevelsdependontheregulatorystanceandonhowtheauthorityimplementsdata-sharing.PublicAPIsaregenerallyopenandaccessible.PrivateorinternalAPIsareavailableonlytospecificserviceconsumers.PartnerAPIsareavailableforexternalaccessforpre-definedserviceconsumers,usuallyfrompartnerorganisations.APIs’securitymechanismsmustberobustandmustkeepdatasafe.Thefirstprocess,authentication,identifiesiftheclientandusersarewhotheyclaimtobe.Thesecondprocessisaccesscontrol,whichlimitsAPIconsumers’actionsaftercorrectauthentication.Thethirdisencryption.Encryptedtokensstorevitalinformationsuchastheusernameandpassword.Thesetokensexpireafteracertaintime,strengtheningtheAPI’ssecurity.Finally,auditlogginginaregistrystoresactionsandcallsmadetotheAPI.SomerecommendedstandardsfortheimplementationofsecuritymechanismsforAPIsareJSON(JavaScriptObjectNotation)WebToken,OAuth2.0,OpenIDConnectandFAPI(financial-gradeAPI).Centralbankshaveacommoninterestinimplementingdata-sharing,withtheaimofincreasingefficiencyandpromotingcompetitionintheirecosystems.Themainchallengesarecoordinationamongparticipants,standardisationandtechnologicalinfrastructure.Cooperativetechnicalworkcanhelptomitigatethesechallenges.CGIDE–APIstandardsfordata-sharing–October20227Thisreport,APIstandardsfordata-sharing(accountaggregator),ispartoftheworkoftheConsultativeGrouponInnovationandtheDigitalEconomy(CGIDE)onopenfinance.TheCGIDEwaslaunchedinFebruary2020tomeetdemandfromBankforInternationalSettlements(BIS)centralbankmembersintheAmericasforgreatercooperationintheareasoftechnologicalinnovationandthedigitaleconomy.Thisworkispartofaseriesofprojectsonenablingopenfinancethroughapplicationprogramminginterfaces(APIs).Previousreportsdevelopedatechnicalflowprocess,outlinedthecharacteristicsoftheinformationtechnologyinfrastructureandproposedAPIarchitecture.Inthisreport,theCGIDETechnicalTaskForce(TTF)exploresmultipledata-sharingmodels:centralised,decentralised,hybrid,trustecosystem,regulation-drivenandmarket-driven.Otherkeypointsdevelopedinthisreportarerelatedtodataserialisation,APIcontent,metadata,APIprotocols,messagingformatsandaccesstoservices.ThisdocumentcomplementsthepreviousreportsanddiscussestechnicalissuesconcerningAPIsthatcouldcontributetoimplementingprivatelyandpubliclyadministeredopenfinanceanddata-sharingecosystems.Asinpreviousreports,theworkoftheCGIDETTFdoesnotreviewallpossiblealternativesfordata-sharingthroughAPIs.Instead,thisdocumentshouldserveasageneralreferenceforindividualcountriesseekingtodeveloptheirowndata-sharingprojects.Thereportdoesnotrecommendonesolutionoveranother.Asinitialworkforthisreport,theCGIDETTFconductedasurvey,therespondentswereeightcentralbanksintheAmericas(thoseofArgentina,Brazil,Canada,Chile,Colombia,Mexico,PeruandtheUnitedStates).TheaimwastogatherrelevantpreliminaryinformationonawarenessandconsiderationsrelatedtoAPIstandardsforsecureandeffectivesharingofcustomerdatabetweenfinancialinstitutions,fintechcompaniesandcertifiedthirdparties.Theresultsofthissurvey,presentedinAnnexA,servedasabasisfordiscussionsaboutthetechnicalrequirementsforimplementationsubsequentlyproposedbythetechnicaltaskforce.Theremainderofthisreportisorganisedasfollows:Section1definesdata-sharingbasicsandrelatedconceptssuchasAPI,dataproviders,dataconsumers,consentarchitectureandaccountaggregator.Section2describesadata-sharingimplementationprocessforcentralbankingpurposes.Sections3and4lookintoassociatedmodels,interactionsanddataflows.Section5presentstechnologicalconsiderationsforAPIimplementationssuchasdesignpatterns,protocols,technicalstandardsandademo.Finally,theconclusionsfocusonthechallengesandnextstepsfortheCGIDETTF.1BackgroundDefinitionsThisreportdefinesdata-sharingastheprovisionofdatabyadataholdertoathirdpartywiththeconsentofthedataowner.Data-sharingalsoincludesthereuseofdatabasedoncommercialandnon-commercialdata-sharingagreements.Data-sharingincorporatesacollectionofpractices,technologies,architecture,culturalelementsandlegalframeworksthatrelatetodigitaltransactionsofanykindofinformationsentbetweenindividualsororganisations.Itisworthnotingthatthedata-sharingconceptisnotonlyaboutthedatabutalsoabouttheprocessinvolvedinexchangingdata(SCDS(2022)).CGIDE–APIstandardsfordata-sharing–October20228Data-sharingisoneofthemainpillarsofopenbankinginitiativeswhichareemerginginfinancialservices.Innovationsincludetheinvolvementofthird-partyproviders,whichfacilitateaccesstobankingrecordswiththeuser’sconsent,alsoknownaspaymentserviceproviders.Data-sharingpromotestransparencyinadigitalsocietyandsupportshighlevelsofreciprocityandcooperationwithinthefinancialecosystem.Accountaggregatorsareimportantmechanismsfortheimplementationofdata-sharinginanopenbankingscheme.Inmostofthemodelsdescribedbelow,anaccountcentraliseroraggregatorisapointofconcentrationofinformationflows,suitablystandardisedandregulated.Bycontrast,inadecentralisedmodel,intermediateonboardingorauthenticationmechanismsareenough.Thereareseveralbenefitsofdata-sharingsuchaspromotingatransparentdigitalsociety,achievingreciprocityandcooperationinthefinancialecosystem,combiningdatafromdiversesourcestoimprovetheperformanceandvalueofservices,enablingbetterdecisionmaking,deliveringbetterproductsandempoweringdataownershipbycitizens.1.1.2APIcontentAnapplicationprogramminginterface(API)isasetoffunctionsusedbyasoftwareprogramtoprovideaninterfacethatallowsotherconsumerprograms(externalparties)toconnecttoandinteractwiththesoftwareprogram.AnAPImaycontain:(i)communicationprotocols;(ii)dataexchangerequirements;(iii)accessandconsumerpolicies;and(iv)integrityandconfidentialmanagement.Dataserialisationistheprocessoftranslatingonedataformattoanother.Inthisprocess,dataareserialised,butdonotchange,andthesourceanddestinationstillhaveaccesstothesamedata.Softwareprogramsthatexchangedatabutstoreorrepresentitdifferentlyrequiredataserialisation.Thismechanismispresentwithinadata-sharingecosystembasedonAPIimplementations.1.1.4APIdimensionsTheconstructionofanAPIfordata-sharingrequiresaseriesofconsiderationsorcharacteristicsassociatedwiththeimplementationoftheAPIitself.ThesequalityattributesordimensionsareimportantintermsofAPIdesignandconstruction,therebypromotingthesuccessoftheAPIinthecontextofopenbanking(Zachariadis(2020)).Relevantconsiderationsorcharacteristicsinclude:•••APIaccesibility.DescribestheopennessoftheAPI.Availablemodelchoicesarepublic,privateorpartner.Thisdimensionrequiresthedefinitionandestablishishmentofanonboardingprocess.APIfunctionality.Establishesthegranularity,categories,functionalitiesandscopeoftheservice.Thisdimensionrequiresdiscussionanddefininitionofread-onlyandtransactionalAPIs.APIusage.Evaluatesandmeasuresthebandwidth,resilience,concurrency,scalabilityandsizingoftheinfrastructurebeforeimplementingdata-sharingsolutions.CGIDE–APIstandardsfordata-sharing–October20229•OpenAPIsare“Aninterfacethatprovidesameansofaccessingdatabasedonapublicstandard.AlsoknownasexternalorpublicAPI.”1CentralbanksorfinancialauthoritiesmustdefineopenstandardsieAPIstandards,amessageformat,securitypoliciesbasedonstandardsandothers.•AlternativeAPIs.Financialinsitutionsdonotholddataonunbankedcitizens.Accordingly,afinanciallyinclusiveapproachshouldconsiderincludingcomplementary/alternativedatasuchasdatasourcedfromsocialnetworks,sensors,theinternetofthings(IoT)andmobiletechnologiesamongothers.Thiswouldhelptoovercomethechallengesassociatedwithincludingunbankedcitizens.1.1.5APIstandardsInternationalandindustry-acceptedstandardsarenecessarytoimplementAPI-baseddata-sharingsolutions.Themostcommonstandardsarethefollowing:•OpenAPI:definesastandardfordescribingresource-orientedandREST-basedAPIs.ThestandardwasoriginallybasedontheSwaggerspecificationandiscurrentlydevelopedbytheOpenAPIInitiative.2•W3C:prominentindustrystandardsareXML,XMLSchema,XQuery,XMLEncryption,XMLSignature,XPath,XSLT,WSDL,SOAP,WS-AddressingandWS-Policy.•OASIS:prominentdeliverablesareWS-BPEL,WS-Security,UDDI,ebXMLandSAML.•IETF:prominentdeliverablesareHTTP,URITemplate,JSON,JSONSchemaandJSONPointer.•OpenContainerInitiative:prominentdeliverablesareRuntimeSpecificationandImageSpecification(basedonDocker).MessagingdataformatsanddatamodelsServiceconsumersinteractwithweb-basedservicesthroughtheexchangeofmessagesthatuseindustrydata-formatlanguages.ThetwomostcommondataformatsareExtensibleMarkupLanguage(XML)andJavaScriptObjectNotation(JSON).Schemadefinitionlanguagesdescribethevocabulary,structureanddatatypesofmessagecontents.Manyschemascanrepresentcommonorganisationaldocumentssuchasinvoicesandbudgets.Aschemalanguageessentiallyprovidesameansofexpressingthedefinitionofadatamodelforthemessagevocabularyinamannerthatenablesvalidationofthemessagecontentsagainstaschemadefinitionduringruntime.XMLSchemaDefinition(XSD)candefinethestructureofmessagesformattedinXML.JSONSchemacandefinedatamodelsformessagesexchangedinJSON.XMLmessagingisrelevanttobothSimpleObjectAccessProtocol(SOAP)-basedwebservicesandRepresentationalStateTransfer(REST)services.JSONmessagingisprimarilyrelevantforRESTservices(Deepak(2020)).3DataprovidersEndusers’financialinformationisstoredinbanksandwithinsurancecompanies,mutualfunds,stockbrokersandevengovernmentagencies.Theseexternalrepositoriesofpersonalfinancialdataaredataproviders(DPs).DPshavedatascatteredinseveralstoragemanagers,whichareaccessiblethroughlocationmechanisms(ieURL(uniformresourcelocator),DNS(domainnamesystem),IP(internetprotocol)CBS2Formoredetails,seetheOpenAPIInitiativesite.CGIDE–APIstandardsfordata-sharing–October202210addressesetc).Inmostcases,usersarenotawareoftheownershiptheyhaveovertheirowndataandtheirassociatedrights.EachDPhasitsownstandardandthereisusuallynoconsensus.Hence,arelevantstartingpointforanypotentialdata-sharingoropenbankinginitiativeistostandardiseandharmonisedataproviders’repositoriesandassociatedservices.DataconsumersDataconsumers(DCs)areanytypeofentitythatwouldlikeaccesstoendusers’financialdata.Forexample,loanfintechs,personalfinancemanagers,advisorybots,banksandotherfinancialorganisationsconstantlyrequireaccesstoaccurategranulardataontheircurrentandpotentialclients.Theyaimtoprovidecustomisedservicestotheirclients.Dataconsumerswoulduseservicesofferedbydataproviderstoaccessclients’data.Thedeliveryofvalueisaconstantdriverfordataconsumers,andaccessingclientdatahostedbyexternalserversisrequiredinordertooffersuitablefinancialproducts..5ConsentarchitectureThehealthsectorhasextensivelydevelopeditsconsentarchitecture.Itallowspatientstoconsenttoaccesstopersonalmedicaldata.Inthisway,medicalpersonnelcanaccesspatients’dataatcriticaltimesandreadthisinformationunderrestrictedauthorisations(Bergmannetal(2007)).Inthecontextofopenbanking,itisachallengeforbankstosharesensitivecustomerdatainaconsentarchitecture.Instead,third-partyAPIscanserveaschannelsforthesecuresharingofdataandpromotetrustbetweenparticipants.Aconsentschemeconsistsof:3•••Consent:auserinterfacedisplaysadescriptionofthedatathattheDCrequires.Italsodisplaystheperiodoftimeforwhichtheownerofthedatagrantsconsent.Authentication:participatingbanksareresponsibleforsecurityandauthenticationmechanisms.Credentialsofbanksandthird-partyAPIsmustbeautonomous.Authorisation:theuserreceivesthedetailsoftherequestedconsentandcanthenapproveordenyit.Thebanksarenotifiedoftheanswer.6TheaccountaggregatorAnaccountaggregator(AA)isanintermediatetechnologicalplatformresponsibleformanagingandtransferringdataflowsbetweenDPsandDCs.OnefunctionofAAsistodevelopinteroperabilitybetweenparticipants.Buttheyareonlyintermediariesandcannotstorethedataorredirectittounauthorisedentities.Animportantfeatureofaccountaggregatorsishowtheydevelopmechanismstogainconsentfordataflowsfromandfortheendusers.4CentralauthoritiescouldplaytheroleofAAs.3CGIDE(2021)providesanexampleofanauthenticationandauthorisationprocess.Forexample,forthepaymentinitiationprocess,theuserapprovestheactionandthefinancialinstitutionvalidatestheconsent.Anotherexamplerelatestotheonboardingprocessinwhichtheauthenticationfactormaintainsknowledgeoftheuser’sfinancialinstitutiononanexclusivebasisindependentofthethirdpartyinvolvedintheprocess.Formoredetails,seePressInformationBureau,GovernmentofIndia(2021).CGIDE–APIstandardsfordata-sharing–October202211sentarchitecturewithaccountaggregatorThereareexamplesofAAsinwhichthirdpartiescertifiedbycentralauthoritiescarryoutdevelopmentsandimplementations.Forinstance,inIndiatherearecurrentlythreecompaniesregulatedbytheReserveBankofIndia(RBI)thatprovideservicesasAAs.India’sAAecosystemrequiresAPIschema,financialinformationschemaconformance,compliancewithsecurityspecificationsandatestplan.5Inotherwords,theRBIdoesnotimplementapublicaccountaggregatorplatformfordata-sharing.Insteaditregulates,certifiesandlicensesthird-partyprovidersthatimplementtheaccountaggregator.AAecosystemscontainthefollowingflows:6(i)accountdiscoveryandlinkingflow;(ii)consentflow;(iii)consenthandlingmanagementflow;(iv)financialinstitutionsdataflow;(v)notificationflow;and(vi)monitoringflow.InSouthKoreatheaccountaggregator’sbaseistheKoreaFinancialTelecommunicationsandClearingsInstitute(KFTC).TheKFTCisauniqueplatformprovidedbytheBankofKorea(BOK)andaconsortiumofcommercialbanks.ItcentralisesallmanagementandAPIcalls,actsastheaccountaggregatorandmanagesconsent.TheKFTCisalsoaretailpaymentnetworkoperator,whichisnotthecasefortheIndianAA.ThefollowingservicesimplementtransactionandqueryAPIsforthedataaggregator:7Moredetailsandaccountaggregatorflowsareavailableat.in/certification/.DetailedlistofflowsandAPIsareavailableat.in/account-aggregator-key-resources/#technical.tpsolcworldbankorgsystemfilesKoreasOpen