Authorization Server

For customers (financial institutions and fintechs) to participate in Open Finance Brazil, they need to communicate with each other in a direct conversation, transmitting end-user data from express consent and sharing information regarding the consent itself.

The Authorization Server is responsible for ensuring that transactions which take place within the scope of Open Finance are authorized and follow all security requirements. It follows all regulations required by Open Finance - implementing OAuth 2.0, OpenID Connect and FAPI-RW rules.

How It Works

The Authorization Server acts on two ends. On one end it is responsible for the authorization of customer registration at Sensedia, the consent process, and the generation and revocation of access tokens. On the other end, it is responsible for validating the authentication and authorization scope when accessing the resources of the Open Finance business APIs. In this case, we have unique Open Finance interceptors that do the necessary validations by internally calling the Authorization Server.

How does the authorization flow work?

The institutions participating in Open Finance need to communicate directly for data exchanges. When this conversation happens over the APIs that are deployed on the Sensedia API Platform, the institutions must be registered as clients and we provide the server that creates and validates the client access tokens. Each client is an institution that has its users (the data owners). The users' data is kept in the customers' databases - this data is never manipulated by Sensedia.

The Authorization Server is the authorization bridge that enables the exchange of data between financial institutions. User information is never manipulated or maintained by Sensedia.

auth server diagram

Useful links:

Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]