Version 1 of the Ozone platform includes the following features:

Account & Transaction APIs

Full implementation of the UK Open Banking Account and Transaction API specification v1.1, including:

  • Account Request consent authorization flow
  • All v1.1 end-points implemented: account-requests, accounts, transactions, balances, direct-debits, standing-orders, beneficiaries, products
  • Includes all optional end-points
  • Support for consent revocation through ASPSP and through TPP

Payment APIs

Full implementation of the UK Open Banking Payment Initiation API specification v1.1, including:

  • Payments consent authorization flow with specified debtor account
  • Payments consent authorization flow without specified debtor account
  • All v.1.1 end-points implemented: POST /payments, GET /payments, POST /payment-submissions, GET /payment-submissions
  • Validation of BIC/IBAN or SortCode/AccountNumber
  • Configurable limit validations (overdraft, daily limit, payment limit)

Security Profile

Full implementation of the Open Banking Security Profile – Implementers’ Draft v1.1.1, including:

  • Configured to accept only FAPI approved TLS versions and ciphers
  • TLS 1.2 MA on resource end-points and token and Dynamic Client Registration end-points using OB MIT or self-signed certificates
  • TLS 1.2 using AWS issued certificates on authorization and discover end-points
  • FAPI profile and Open Banking Profile compliance
  • Asymmetrically signed request objects, id tokens and SSAs (using RS256, PS256 or ES256)
  • All standard client authentication mechanisms supported (client_secret_basic, client_secret_post, client_secret_jwt,private_key_jwt)

Dynamic Client Registration

Supports dynamic/automated on-boarding as per the Open Banking Dynamic Client Registration Specification v1.0.0-rc2

Sample Data

Out of the box sample data specific to each account type:

  • Updates in real-time as payments are made
  • Additional data can be imported via UI

Training Wheels

Additional features to speed up developers’ learning curve:

  • Includes a Postman collection and configured environments – setup a working profile in under five minutes
  • Detailed error messages on failures
  • Detailed error messages in API responses
  • Error tracing to track failures
  • Step-by-step guide for generating SSAs for dynamic client registration
  • Step-by-step guide for generating consent-authorization URLs and signed request objects
  • Ability to configure ‘permissive’ or ‘strict’ instances of banks. Permissive instances bypass the security profile and can be used to simplify the TPP learning curve and to focus hackathons on functional aspects