The Ozone API is a highly secure, highly available platform which includes:

  • Regular updates to the latest version of the UK Open Banking API Standard.
  • 99.9% availability.
  • 24/7 monitoring.

Ozone provides dedicated support direct to corporate clients via Slack and Jira Service Desk.

For developers using the Modelo or Referenco banks in the UK Open Banking Directory Sandbox environment, please contact the Open Banking Service Desk for support

Frequently Asked Questions

What is Open Banking?

Open Banking is a global concept which infers the use of open APIs as an alternative interface for customers to access their bank account(s).

With these Open Banking APIs, personal and business banking customers are able to use web and mobile applications from a Third Party Provider (TPP) to connect to and move money between bank accounts. These apps include financial management services which save customers money, as well as enabling faster, cheaper and more secure online payments.

Who is Open Banking Limited?

In 2016, The Competition and Markets Authority (CMA) published a report on the UK’s retail banking market and proposed a number of remedies including Open Banking, which enables customers and small and medium-sized businesses to share their current account information securely with other third party providers.

The CMA setup Open Banking Limited, also known as the Open Banking Implementation Entity (OBIE), to create a single API standard for this remedy, and mandated that this be adopted by the CMA9, the UK’s nine largest banks and building societies: Allied Irish Bank, Bank of Ireland, Barclays, Danske, HSBC, Lloyds Banking Group, Nationwide, RBS Group and Santander.

This UK Open Banking standard is now fully aligned to PSD2 and RTS (see below), and enables any ASPSP to meet their regularory requirements in this regard.

What is PSD2?

The Second Payment Services Directive (PSD2) is European legislation which came into force on 13 January 2018. This legislation sets out the rules for payment services in Europe, including the United Kingdom. Amongst other things, PSD2 defines:

  • The type of payment enabled accounts which are covered.
  • The role and requirements of the Account Servicing Payment Service Provider (ASPSP) in providing an alternative interface to these accounts.
  • The role and requirements of regulated Third Party Providers (TPPs), in particular Account Information Service Providers (AISPs) who can access account and transaction APIs, and Payment Initiation Service Providers (PISPs) who can access payment initiation APIs.
  • The rights of the customer or Payment Service User (PSU).
  • The role of national competent authorities in each country, such as the UK’s Financial Conduct Authority (FCA), in governing the ecosystem.
What are the RTS?

The Regulatory Technical Standards (RTS) are an extension to PSD2 which define the rules for Strong Customer Authentication (SCA) and secure communication.   

RTS is to be implemented by 14 September 2019. Article 30.5 mandates that each ASPSP provides a testing facility six months in advance of this target date:

 “Account servicing payment service providers shall make available a testing facility, including support, for connection and functional testing to enable authorised payment initiation service providers, payment service providers issuing card-based payment instruments and account information service providers, or payment service providers that have applied for the relevant authorisation, to test their software and applications used for offering a payment service to users. This testing facility should be made available no later than six months before the application date referred to in Article38(2) or before the target date for the market launch of the access interface when the launch takes place after the date referred to in Article 38(2). However, no sensitive information shall be shared through the testing facility.”

In other words, by 14 March 2019 each ASPSP was required to provide access for TPPs to a simulation of their APIs which does not expose real customer data.