FDX API (Financial Data Exchange)

Financial Data Exchange (FDX)

United States

Banking | Finance

• Banking / financial data (accounts, transactions)
• Payment initiation (as supported in FDX)
• Consent management
• Other domains being introduced, e.g. payroll data, identity data, etc.

JSON | REST

• JSON (primary payload format)
• REST / HTTP APIs

Market Driven

So far, the FDX API has been standardised mainly through voluntary participation from industry players. While Section 1033 of the Dodd-Frank Act technically provides the basis, the framework is still under review.

Since October 22, 2024, U.S. open banking has been formally codified under the Personal Financial Data Rights (PFDR) rule, built on Section 1033. However, the rule has been met with legal challenges and slowed by major restructuring within the CFPB.

• All participants—banks, data providers, and data recipients—are required to register with FDX and meet its certification standards.
• The framework supports reciprocal data access, meaning recipients should also be able to handle incoming requests, which is considered a core principle in Canada.
• FDX governance covers areas such as auditing, logging, rate limiting, and security controls.

• Common API standard across multiple institutions
• Extensible domains (accounts, transactions, payments, payroll, etc.)
• Strong consent and security architecture (OAuth2, FAPI)
• Emphasis on interoperability, modularity, user experience, data privacy
• Formal certification process currently under development

FAPI 1 | FAPI 2 | OAuth

FAPI 1.0 Advanced Final | FAPI 2.0 | FAPI1 | FAPI2 | OAuth

• Authentication: OAuth2, OpenID Connect, FAPI profiles (optional)
• Authorisation: via scopes, consent tokens
• Token format & expiry: JWT tokens (or similar) with expiration and claims
• Encryption / transport: TLS (latest versions) for API calls
• Message integrity: Signature, or token-based integrity checks
• Rate limiting / throttling: enforced by providers
• Global runtime policies (logging, monitoring, alerting)

• FDX provides developer portal, spec browser, certification guide, sample YAML / OpenAPI
• Documentation, SDKs, community working groups

• FDX (previously known as DDA – Durable Data API) was officially introduced in 2018.
• Over successive versions (5.x, 6.x), it expanded to cover new domains such as payroll and added stronger security features.
• Its adoption has steadily grown among banks and fintechs across the U.S. and Canada.

• FDX’s Board and working groups manage version control, certification processes, and standards development.
• Participants are required to follow audit, logging, and liability frameworks.
• While FDX is not a government body, the CFPB has acknowledged it as an official standards organization.

• FDX’s Board and working groups manage version control, certification processes, and standards development.
• Participants are required to follow audit, logging, and liability frameworks.
• While FDX is not a government body, the CFPB has acknowledged it as an official standards organization.

No federal law in the U.S. explicitly requires open banking; instead, regulatory frameworks such as the CFPB’s Personal Financial Data Rights (PFDR) rule—commonly referred to as Section 1033—serve as the foundation for consumer financial data access.