📝
Security Standards
  • Overview – Security Standards
  • Background
  • Layered Security
  • Mapping layered security with AA ecosystem APIs
  • API Design Strategy Best Practices
  • Annexures
    • Annexure A – Business Layer Security – End-to-End Encryption
    • Annexure B – Application Layer Security – JWS Signature
    • Annexure C – Protocol Layer security – Payload Encryption using TLSv1.2
Powered by GitBook
On this page

Was this helpful?

API Design Strategy Best Practices

The API design of NBFC ecosystem uses the RESTful principle to design the programming interfaces that each of the stakeholders, viz. the FIP, the AA, and the FIU need to host to facilitate the account aggregation functionality. The following HTTP methods are used in the design of AA ecosystem.

HTTP Method
Description
Request has body
Response has body
Idempotent
Cacheable

GET

Requests the representation of a resource.

The primary information retrieval mechanism.

No

Yes

Yes

Yes

POST

Requests server processing of an attached payload according to its own semantics.

Can be used to submit a form, post a message, or add items to a database.

Yes

Yes

No

Yes

DELETE

Requests server removal of a specified resource.

It is up to the server to archive or actually delete information.

No

Yes

Yes

No

PreviousMapping layered security with AA ecosystem APIsNextAnnexure A – Business Layer Security – End-to-End Encryption

Last updated 3 years ago

Was this helpful?