To begin with, congratulations on taking the decision to join the AA ecosystem!
Financial Information Provider (FIP) and Financial Information User (FIU) modules are available from Technical Service Providers that you could use readily to get onto the AA ecosystem quickly. If you decide to build on your own FIP/FIU module, the steps are below.
To begin with, please refer to the following on our Resources page.
- Account Aggregators in India
- Account Aggregator Master Directive by RBI
- Account Aggregator Ecosystem API Specifications
- Account Aggregator Schema Definitions
- Account Aggregator Purpose Definitions
- Electronic Consent Framework by MeitY
Currently, only players who are registered and regulated by either of the four Financial Service Regulators (FSR)– RBI, SEBI, IRDAI, PFRDA, are allowed to be FIPs and FIUs.
Account Aggregator Sandboxes
The companies listed below offer sandboxes that implement the ReBIT specifications for AAs. Developers wishing to test integrations of their FIU/FIP implementations may use these sandboxes.
| Sr. No. | Company | Sandbox URL | Support Contact Info |
|---|---|---|---|
| 1 | Finvu | https://finvu.github.io/sandbox/ | support@cookiejar.co.in |
| 2 | OneMoney | https://developer.onemoney.in | support@onemoney.in |
| 3 | Anumati | https://www.anumati.co.in/ | support@perfios-aa.com |
| 4 | Setu | https://setu.co/data/account-aggregator | aa@setu.co |
| 5 | INK-Account Aggregator | https://ink-aa.com/developer2/ | connect@ink-aa.com |
| 6 | Saafe | https://sandbox.saafe.in/ | techsupport@saafe.in |
Best practices for FIPs in the Central Registry UAT Environment
FIPs intending to join the Central Registry UAT environment of the AA network are requested to ensure that:
- All data shared within the UAT environment is strictly dummy data i.e., data that does not disclose any Personally Identifiable Information (PII) or other details of any account(s) of a Customer;
- Linking, OTP verification, and data fetches should exclusively be from such dummy accounts; and
- Under no circumstances should any user account(s) or replica(s) of production accounts be discoverable or linkable in the UAT environment.
In other words, for the purposes of UAT, discovery, linking through OTP verification, and the corresponding data fetches should strictly relate to dummy accounts/dummy data.
Please note that in case live/production user account(s) or replica(s) of production account(s) are discoverable or linkable in the UAT environment, there may be entailing risks of PII breach(es) at the instance of such FIP(s).
Onboarding an FIU with an Account Aggregator
- Implement (buy or build) an API driven tech platform based on ReBIT FIU specifications. Refer to the FIU API specifications.
- Tech platform should enable FIUs to
- Request for customer consent. (Call the AA /Consent API)
- Process notification from the AA when the customer has accepted/rejected the consent on AA domain (mobile, web).
- Store the customer consent and request for financial information via AA
- Process the data ready notification received from AA, and call fetch API of AA to fetch the financial data. Refer to AA API specifications.
- Decrypt and store the data for the various use cases.
- Enhance the Customer experience on the existing FIU Mobile / Web app to facilitate the customer to provide financial information from AA.
- The UI should allow the customer to enter an AA id, and based on the AA handle request for customer consent from the AA (Refer Step 2.1)
- Test the platform and the flows with an AA sandbox.
- Additionally, FIU should determine consent request parameters for the product(s) – consent purpose, consent frequency, FI Types for which financial information is requested, data range etc. Refer to the FIU API specifications.
- Write to services@sahamati.org.in for accessing the AA Common Service (Central Registry, Token Server)
Onboarding a FIP with an Account Aggregator
- Implement (buy or build) an API driven tech platform based on ReBIT FIP API specifications.
- The tech platform should enable FIP to
- Allow the AA to discover customer accounts as per the identifiers provided by the customer on the AA domain (eg RMN, Customer ID, PAN, Account No, etc).
- Authenticate the customer account via OTP based token that the Customer will receive from FIP and enter on the AA domain (mobile, web). This establishes the linkage of the customer accounts with the FIP.
- Receive and store the customer consent as received from AA.
- Allow the AA to request financial information based on the customer consent presented in the FI request.
- Check the validity of consent and process the received FI request by calling internal FIP source systems to fetch financial information.
- Once data is available from the FIP source system to encrypt and notify AA of data availability.
- Process the AA call to fetch financial information and return encrypted data.
- Determine and leverage existing APIs available with FIP to enable Step 2.
- For Step 2 & 3, additional integration work may be required so that the new platform can interact with the existing FIP source system.
- Ensure that financial data is as per the standard data schemas provided by ReBIT. Refer to (https://api.rebit.org.in/schema)
- Enrich the data being shared based on the ReBIT FI data types and schemas.
- Expose APIs implemented as part of the tech platform (Step 1 & 2) for AA to call. Refer to the link of FIP API specifications.
- Test with multiple AAs on a sandbox environment.
- Additionally,
- Determine the FI types that are being supported by FIP and for which data is being shared (e.g. CASA, term deposit, credit card account, etc). Refer to FI Type at https://api.rebit.org.in/schema
- Setup test data based on FI Type so that AAs can test with multiple accounts.
- Write to services@sahamati.org.in for accessing the AA Common Service (Central Registry, Token Server)
Before your FIP and FIU modules go live we recommend they get certified by one of the Sahamati empanelled auditors.