implementation of open APIs will begin in 2026.

tanjimajuha20 · Post by **tanjimajuha20** » Sun Jan 19, 2025 7:10 am

The new standards have been developed based on previous versions. There are no large-scale changes, the continuity of old and new standards is maintained, Alexander Tovstolip, head of the information security department of the FinTech Association, told ComNews.

"The most important change is that the standards of the first version were oriented towards the use of foreign cryptography, while the new ones have been evolutionarily canada telegram refined taking into account the adopted and implemented Methodological Recommendations of the Technical Committee for Standardization "Cryptographic Protection of Information" (TC 26) and use domestic sovereign cryptography for protection," explained Alexander Tovstolip.

Open APIs (Application Programming Interface) are software interfaces published by organizations in accordance with the requirements of the Bank of Russia to enable digital data exchange with service providers and clients within the organization and the provision of financial services. The phased

The new standards includeSTO BR FAPI.SEC-1.6-2024"Application programming interfaces for ensuring financial services security based on the OpenID Connect protocol" andSTO BR FAPI.PAOK-1.0-2024"Application Programming Interfaces: Ensuring Financial Services Security When an OpenID Connect Client Initiates an Authentication Flow Over a Separate Channel."

The standards will come into force on January 1, 2025. It is expected that thanks to them, financial institutions will be able to ensure a high level of security when transferring personal data and banking secrecy. The standards will be advisory in nature, unless the mandatory application of individual standards is established by regulatory legal acts, including regulatory acts of the Bank of Russia.

"The new editions are fully aligned with the methodological recommendations for the use of domestic cryptography; they assume that information security becomes part of the solution architecture and guarantees maximum protection and resistance to current cyber threats," said Kirill Kuzmin, Deputy General Director and Head of the Piloting and Prototyping Department of the FinTech Association.

The issue of open API security has been raised many times. ComNews previously wrote about what information security experts and banks think about it.