Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Release Notes

November 2022 Release

Support for Asset Category Transfer

The newly introduced ACATS (Asset Category Transfer) product facilitates the data provision required for moving user assets from one brokerage firm to another. This requires passing the ACATS-specific configurations. Currently, this product is available only in the US locale.

ACATS requires the sites to have unmasked account number, and the accounts should be of Investment type. The GET account APIs will return two new attributes (if available) - dtcMemberClearingNumber and nsccClearingNumber - for accounts aggregated through the ACATS flow.

Impacted API URLs:

September 2022 Release

Introducing the State Parameter

A new request attribute, state, has been introduced for the providerAccounts APIs. Passing the state parameter is mandatory during the add or update account process only for the Redsys or PSD2 sites.

The state parameter key can be found in the authParameter attribute of the get provider or the get provider details APIs’ response. The value for the state parameter is present in the Authorization URL. The callback URL will be appended to the state parameter while adding or updating an account.

Impacted API URLs:    

July 2022 Release

Change in Expiration Date Attribute

Enhancements have been done to dynamically calculate the consent expirationDate based on the provider support. If the provider-provided expirationDate is available, it will be populated in the API response. If not present, the value will have defaulted to the region's requirements:

  • US providers – As the consent does not expire for accounts with US Open Banking providers, the expirationDate attribute is not relevant in this scenario. The consents APIs will not be sending this attribute as part of the response.
  • UK providers – The default consent expiry is 90 days.
  • AU providers – The default consent expiry is 365 days.
Impacted API URLs:    

March 2022 Release

Persistence of User IP Address

Some of the European and Singapore Open Banking providers require the PSU (Payment Service User) IP address to be mandatorily specified for retrieving users’ financial data. This enhancement will allow persisting the user’s IP address in an encrypted format.

When invoking user token-based v1.1 APIs, you must capture the user’s IP address and populate it in the following newly introduced optional request header parameter: x-fapi-customer-ip-address.

New API to Support Open Banking Consent Renewal Flow – UK and AU

The new consent renewal API v1.1 renews the consent by validating the consent state and decides whether to perform third-party provider (TPP) renewal or reauthorization at the provider. The new consent renewal endpoint that is added to the consent resource supports consent renewal flow for both UK and AU Open Banking regions.

API URL: