In this section, we explain how to establish connectivity and provide details
on the API design patterns and security model.
API communication details
Communication with the Banking FOP API involves transport layer and
application layer security. The transport layer
uses TLS to secure HTTP requests (HTTPS) and the
application layer uses
either PGP or
JWE encryption.
In addition, our Protocol standards to find details on
our API design patterns and strategy for maintaining a robust connection with
partners.
Key exchanges
Encryption keys need to be rotated before they expire or if they are
compromised. As part of your implementation, you need to have a process for
managing these exchanges.
To ensure key rotations do not cause temporary outages or require significant
management overhead, Banking FOP partners must support the use
of multiple encryption keys at once. During a key rotation, a second key will
be trusted and verified to be working correctly before the old key is removed.
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-12-03 UTC.
[null,null,["Last updated 2024-12-03 UTC."],[[["This section outlines how to establish and secure connectivity with the Banking FOP API, including details on transport and application layer security."],["The Banking FOP API leverages TLS for secure HTTP requests and utilizes either PGP or JWE for application layer encryption."],["You can find comprehensive information on API design patterns and connection strategies within the Protocol standards documentation."],["Encryption key rotation is essential for security, and partners must support the use of multiple keys concurrently to ensure seamless transitions and prevent service disruptions."],["Failure to support multiple encryption keys will be deemed a critical issue that must be addressed before launch."]]],["The Banking FOP API communication uses TLS for transport layer security (HTTPS) and either PGP or JWE encryption for application layer security. Partners must adhere to protocol standards for API design patterns. Key rotation is crucial, and partners are required to support multiple encryption keys simultaneously to prevent outages during rotation. This multi-key support is mandatory to ensure continuous connectivity and avoid launch-blocking issues.\n"]]