On this page you'll find a list of frequently asked questions about the v2.0 API standardstandards.
Use the search bar function to find references to a specific issue or area for consideration or the table of contents for full list of answered questions.
Live Search | ||||||||
---|---|---|---|---|---|---|---|---|
|
Table of Contents |
---|
Who
...
is involved in developing the API standards?
Expand | ||
---|---|---|
| ||
The API standards were developed primarily by two working groups: the API Technical Working Group and the API Business Working Group. All Standards Users can contribute and participate on these working groups. Each group generally meets fortnightly, on alternating weeks. You can see who the API Provider and Third Party Standards Users are on the API Centre public website. The API Technical Working Group’s main focus from May 2019 to March 2020 was the development of the v2.0 standard. The API standard standards documentation on Confluence, and Swagger documentation on GitHub, were are developed iteratively against an agreed scope for each version of the API standardstandards. Once final drafts of the standard were are developed, the working group held holds longer working sessions to walk through the draft API standardstandards. This helped ensure ensures the final API standard aligned aligns with the scope, accurately reflected the group’s previous discussions and agreements, and that the API standard held holds together as a whole. The Business Working Group was instrumental in is tasked with making scoping decisions on non-technical issues that arose from time to time. They also assessed arise through the development process and assess the risks and scope of the standards, and generally supported supporting the API Centre to run the API standards development process. |
What does the security profile do?
Expand | |||
---|---|---|---|
| The v2.0 security profile
| ||
The ‘NZ Banking Data Security Security Profile’ sets out how Third Parties connect securely to an API Provider .The NZ Banking Data Security Profile v2.0.0 and supports each version of the API Standards. It is based on the OpenID Foundation's FAPI Read+Write specification document, and applies this standard to the New Zealand market context. This specification is used to help define requirements for how API Providers can safely make APIs available and connect with Third Parties. This specification applies to both the Payment Initiation and Account Information API specifications. The security profile:
Key changes made to the v2.0 security profile (compared to v1.0) include:
|
What international standards does v2.0 leverage?
The security profile is reviewed and updated along with every standards version release to ensure it remains up to date and capable of supporting any new functions implemented in the standards. |
What international standards do the New Zealand API Standards leverage?
Expand | ||
---|---|---|
| ||
The standard draws extensively from international standards and global best practices, notably:
|
What technical improvements have been made to the API standards?
Expand | ||
---|---|---|
| ||
Every version of the standard will have detailed and comprehensive documentation published alongside the specifications that can be read in conjunction with the relevant version change logs for a full summary of the key functional changes and improvements for that version. These explainers and support materials can be found below: |
What functionality is supported?
Expand | ||
---|---|---|
| ||
Functionality delivered by the API standard is supported through the use of static endpoint URLs that allow a developer to enable specific functionality as defined in the specification.
|
What are mandatory and optional endpoints?
Expand | ||
---|---|---|
| ||
The way in which the API specifications have been structured allow , allows the API Centre to mandate a core set of functions that API Providers must support when they implement the API standards, as a minimum to meet their obligations in their terms and conditions as a Standards User in the API Centre. There are however a range of additional optional endpoints that API Providers can choose to support and provide if they decide to do so. These endpoints have been defined as ‘mandatory’ and 'optional' in the specification for both the Account Information API Specification v2.0.0 and Payments Initiation API Specification - v2.0.0 APIs. The optional endpoints that are being made available will be published on the respective organisations' developer portals and made available upon request. The intent of the API Centre and Standards Users is that no new optional functionalities will be introduced in future iterations of the API Specifications and that all currently optional functions will be phased out over time. |
What methods of customer authentication are supported?
Expand | ||
---|---|---|
| ||
Customer authentication is a crucial part of the consent journey, this is where an API Provider validates that a customer has authorised a Third Party’s consent request, before providing access to a protected resource. This can be carried out using one of two flows defined in the specification. The Using the redirect flow has been defined as a mandatory function and API Providers must provide this method of authentication to customers. The decoupled flow has been defined as an optional function and may be implemented by API Providers. This information will be made available via their developer portals. , a Customer authorises a consent in the same end to end flow in the same instance as it was submitted. The decoupled flow allows a Customer to authorise a consent at a later date or time and/or using a different device. More information about decoupled flow and redirect flow can be seen here. |
What error responses have been defined?
Expand | ||
---|---|---|
| ||
The specifications leverage existing international error responses and structures, and have been expanded and tailored for implementation in the New Zealand environment. Further detail can be found in the API specification, https://paymentsnz.atlassian.net/wiki/spaces/PaymentsNZAPIStandards/pages/294486025/ NZ + Banking + Data +API+Specification+v2.0.0#Enumerations error API specification, 'Error code enumeration' section. |