What APIs do Saudi banks need to expose for open banking compliance?

Under SAMA's Open Banking Framework, Saudi banks must expose Account Information Service (AIS) APIs — account balances, transaction history, and account details — and Payment Initiation Service (PIS) APIs — initiating payments on behalf of customers. Crux designs and builds these APIs to SAMA's published technical specifications, with OAuth 2.0 consent flows, FAPI security profiles, and TPP certificate validation.

How does open banking create revenue opportunities for Saudi banks?

Open banking transforms Saudi banks from product providers into platform providers — enabling them to monetise their data and services through API subscriptions, revenue sharing with fintech partners, and embedded banking products in third-party apps. Saudi banks with strong API platforms attract the most fintech partners, creating a distribution advantage that grows over time as the SAMA-licensed TPP ecosystem expands.

About

AI Strategy & Intelligent Systems

Strategy, governance and delivery of AI

AI Strategy Consulting Enterprise AI Architecture AI Governance & Compliance Enterprise AI Advisory Agentic AI Systems

Featured · 2025

Agentic AI Services

Automate enterprise workflows with intelligent AI agents — Vision 2030 aligned.

Explore →

Intelligent Application Engineering

Build next-gen applications with AI

AI-Powered App Development Intelligent Workflow Automation Enterprise AI Integration AI-Powered Enterprise Applications AI Enterprise Portals

Featured · 2025

AI-Powered Enterprise Applications

Embed intelligence into every enterprise application layer.

Explore →

Enterprise Application Modernization

Transform legacy systems into modern platforms

Legacy System Modernization Monolith to Microservices Cloud Native Modernization Enterprise UI/UX Modernization

Featured · 2025

Monolith to Microservices Migration

Break apart legacy monoliths into scalable, independent microservices.

Explore →

Cloud & DevOps Transformation

Migrate, engineer and optimise cloud

Cloud Migration Services KSA DevOps Automation Services Enterprise Cloud Architecture Kubernetes Container Platforms

Featured · 2025

Cloud Migration Services KSA

Move Saudi enterprise workloads to AWS or Azure — safely and at speed.

Explore →

Data Engineering & Advanced Analytics

Robust data pipelines and infrastructure

Enterprise Data Engineering Data Platform Architecture Predictive Analytics AI Business Intelligence Solutions

Featured · 2025

Predictive Analytics AI

Turn enterprise data into accurate forecasts.

Explore →

Customer Experience & Digital Product

Build digital products that lead markets

Enterprise Digital Product Dev Customer Experience Platforms Enterprise Mobile App Development Digital Platform Innovation

Featured · 2025

Enterprise Mobile App Development

Arabic-first iOS and Android apps — Vision 2030 aligned.

Explore →

Digital Banking & Financial Services

SAMA compliant · Arabic-first · Mada integrated

Core Banking Modernization AI Credit Decisioning Open Banking APIs AI Fraud Detection

Featured · 2025

AI Credit Decisioning

Automate loan decisions in seconds — SAMA compliant.

Explore →

AI Engineering Accelerators

MLOps · LLM Integration · Production AI

AI Platform Engineering Enterprise LLM Integration AI Model Deployment AI Automation Frameworks

Featured · 2025

Enterprise LLM Integration

Connect GPT-4, Claude, Gemini and Arabic LLMs into your enterprise systems.

Explore →

Cybersecurity, Risk & AI Governance

NCA ECC · SAMA CCSF · PDPL · Zero Trust

Enterprise Cybersecurity Zero Trust Architecture AI Risk & Governance Data Privacy & PDPL

Featured · 2025

Zero Trust Architecture

Never trust. Always verify. Eliminate implicit trust from your networks.

Explore →

Credit Modelling Propensity Modelling Application Scorecard Behavioural Scorecard Collection Scorecard

Banking Fintech Digital Financial Platform

Decision Engine

Open Banking · SAMA Framework · Saudi Arabia

Open Banking APIs
Built for Saudi Arabia's
Financial Ecosystem.

Q: What security requirements do open banking APIs need in Saudi Arabia?

SAMA's Open Banking Framework requires Saudi bank APIs to implement OAuth 2.0 with PKCE for consent management, FAPI (Financial-grade API) security profiles, mutual TLS (mTLS) for TPP authentication, qualified certificates from SAMA-approved certificate authorities, and comprehensive audit logging of all API access and consent events. Crux implements all SAMA security requirements as part of every open banking API platform build.

Build SAMA-compliant open banking API infrastructure — secure API gateways, TPP partner portals, and fintech ecosystem APIs — turning your Saudi bank into a platform that powers the Kingdom's financial innovation.

Build Open Banking Platform See Capabilities

        SAMA Open Banking Compliant      

        OAuth 2.0 + FAPI Security      

        TPP Developer Portal      

        Account and Payment APIs      

        Arabic API Documentation      

TPP FINTECH APP

📱

مصرفية مفتوحة

GET /accounts

POST /payments

OAuth 2.0 · PKCE

API Request

mTLS + JWT

CRUX API GATEWAY

🔐

Auth · Rate Limit

Consent Check

AML Screening

Audit Logging

SAMA Compliant ✓

Verified Request

Encrypted

BANK CORE SYSTEM

🏦

200 Account Balance · SAR 48,200

200 Transactions · 42 records

201 Payment Initiated · SAR 1,200

200 Consent Granted ✓

Avg response: 142ms API calls today: 2.4M Active TPPs: 38 SAMA Open Banking Framework v2.0

SAMA

Open Banking Ready

Full SAMA Open Banking Framework compliance — Account Information APIs, Payment Initiation APIs, and TPP consent management built to Saudi Central Bank specifications

38+

Fintech Partner APIs

Saudi banks with strong open banking platforms attract more fintech partners — creating a distribution ecosystem that grows revenue without proportional cost increases

142ms

API Response Time

Crux-built open banking API gateways achieve sub-200ms average response times — meeting SAMA performance standards and delivering seamless fintech partner integration

OAuth

FAPI Security

Financial-grade API (FAPI) security profile with OAuth 2.0, PKCE, mTLS, and SAMA-approved certificate authorities — the security standard all Saudi open banking APIs must meet

Fintech Partner Ecosystem

The types of fintech partners your open banking API unlocks.

💰

PFM Apps

Personal finance management apps — spending tracking, savings goals, and financial health scores built on your bank's account and transaction APIs

📊

Accounting Platforms

Business accounting software — ZATCA-integrated bookkeeping using your bank's transaction data feed for automatic reconciliation

🏠

Mortgage Platforms

Digital mortgage and home finance applications — using Open Banking income verification instead of manual payslip submission

🚀

Neobanks

New digital banking services — payment accounts, savings products, and lending built on your bank's licensed infrastructure and API layer

🔗

Payment Initiators

Payment initiation service providers — enabling direct bank-to-bank payments through your open banking API, competing with card networks

📈

Investment Platforms

Investment and robo-advisory platforms — using account balance and income data to power AI-driven investment recommendations

🏪

E-commerce Platforms

Checkout payment options — direct bank payment at checkout using SAMA payment initiation APIs, reducing card processing fees for merchants

🔐

Identity Verifiers

Digital identity and KYC services — using open banking income and account data for faster, more reliable customer identity verification

Platform Capabilities

Complete open banking infrastructure for Saudi banks.

SAMA Open Banking API Development

Design and build Account Information Service (AIS) and Payment Initiation Service (PIS) APIs to SAMA's Open Banking Framework technical specifications — RESTful, JSON, and SAMA-compliant API standards.

AIS APIsPIS APIsSAMA specsOpenAPI 3.0

OAuth 2.0 and FAPI Security

Implement Financial-grade API (FAPI) security profile — OAuth 2.0 with PKCE, mTLS client authentication, DPoP token binding, qualified SAMA certificates, and JWE encryption for all open banking API calls.

FAPI profileOAuth 2.0 PKCEmTLS authJWE encryption

Consent Management Platform

Build PDPL-compliant consent management — customer consent journeys, granular permission management, consent withdrawal, and complete audit trails of all data sharing events as required by SAMA and PDPL regulations.

Consent UIPermission scopesPDPL audit trailConsent withdrawal

TPP Developer Portal

Build a developer portal that attracts Saudi fintech partners — API documentation in Arabic and English, sandbox environment, TPP onboarding, API key management, and usage analytics dashboard.

Dev portalAPI sandboxArabic docsTPP onboarding

API Gateway and Rate Management

Deploy enterprise API gateway infrastructure — TPP certificate validation, rate limiting per TPP tier, API versioning, traffic monitoring, SLA enforcement, and 99.99% availability SLA for Saudi financial API infrastructure.

API gatewayRate limitingTPP certificates99.99% SLA

Open Banking Analytics

Real-time open banking analytics — API call volumes, TPP performance, consent conversion rates, popular API endpoints, error rate monitoring, and SAMA regulatory usage reports.

API analyticsTPP dashboardsConsent metricsSAMA reports

Open Banking FAQ

Open banking questions answered.

QWhat is SAMA's Open Banking Framework for Saudi Arabia?

SAMA's Open Banking Framework requires Saudi banks to provide secure API access to customer financial data (with consent) to licensed third-party providers (TPPs). Crux builds the technical infrastructure Saudi banks need to comply — including consent management, TPP API gateway, and developer portal.

QWhat APIs do Saudi banks need to expose for open banking?

Under SAMA's framework, Saudi banks must expose Account Information Service (AIS) APIs and Payment Initiation Service (PIS) APIs. Crux designs these APIs to SAMA's technical specifications with OAuth 2.0 consent flows, FAPI security profiles, and TPP certificate validation.

QHow does open banking create revenue for Saudi banks?

Open banking transforms Saudi banks into platform providers — enabling them to monetise data and services through API subscriptions and revenue sharing with fintech partners. Banks with strong API platforms attract more fintech partners, creating a distribution advantage that compounds over time.

QWhat security requirements do open banking APIs need in Saudi Arabia?

SAMA requires OAuth 2.0 with PKCE, FAPI security profiles, mutual TLS (mTLS) for TPP authentication, SAMA-approved certificates, and comprehensive audit logging of all API access and consent events. Crux implements all SAMA security requirements on every open banking platform build.

Build Your Open Banking Platform

Open your bank.
Own the ecosystem.

SAMA-compliant APIs. FAPI security. Arabic developer documentation. Crux builds open banking platforms that make Saudi banks the infrastructure layer for Saudi Arabia's fintech economy.

Start Open Banking Platform All Banking Services

Open Banking APIsBuilt for Saudi Arabia'sFinancial Ecosystem.

The types of fintech partners your open banking API unlocks.

Complete open banking infrastructure for Saudi banks.

Open banking questions answered.

Open your bank.Own the ecosystem.

Open Banking APIs
Built for Saudi Arabia's
Financial Ecosystem.

Open your bank.
Own the ecosystem.