API Security

This section includes the Security Standards Documents and all the Related Materials created for the CBUAE Project.

The Security Standards include the following documents :

• Security Profile - FAPI : Defines the ways that an accredited institution (Data Receiver) can use to authenticate itself to access protected resource endpoints from the Data Provider, as well as receive authorization from a customer to access their personal data.

• Registration Framework : Defines the technical ways for the participating institutions to register their organizations by leveraging a trust framework. Defines how participants can confirm the identity of other participating institutions and what access scope they have within the ecosystem.

• Certificate Standard : Specifies the set of necessary certificates required by organizations participating in Open Finance UAE to ensure the interoperability for authentication, confidentiality of data, integrity and non-repudiation among participants, as well as for users and consumers of these entities.