Reply to https://lobste.rs/s/4qf4tj/future_web_isn_t_web#c_932z7f

I work on Open Banking APIs for a UK credit card provider.

A large reason I see that the data isn't made directly available to the customer is because if the customer were to accidentally leak / lose their own data, the provider (HSBC, Barclays etc) would be liable, not you. That means lots of hefty fines.

You'd also likely be touching some PCI data, so you'd need to be cleared / set up to handle that safely (or having some way to filter it before you received it).

Also, it requires a fair bit of extra setup and the use of certificate-based authentication (MTLS + signing request objects) means that as it currently sits you'd be need one of those, which aren't cheap as they're all EV certs.

Its a shame, because the customer should get their data. But you may be able to work with intermediaries that may provide an interface for that data, who can do the hard work for you, ie https://www.openwrks.com/

Also on: Lobste.rs logo

This post was filed under replies.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.