2. check documentation
Sure, real programmers don’t need documentation but some of us are happy to have a helping hand or at least a reference when things go wrong.
3. Got lost anywhere?
Search through the Fidor developer community in case you’re still stuck, have found a bug, have feature requests or just want to give feedback to the developer team.
REST, JSON, OAuth 2
APIs are products. Developers are customers. Fidor APIs were designed with the developer in mind. That is why we adopted Internet standards set by global players like PayPal, Facebook and Google.
Recent regulatory initiatives like PSD2 and the UK Open Banking Standard follow that route, too.
API security is provided on different levels: It starts with web security through an existing firewall, load balancing and business continuity technologies.
Access security is provided by risk managing static and dynamic scopes, configurations for Oauth 2, IP restrictions, access and refresh tokens, device management (in particular for mobile devices) and 2nd factor authentication services.
Operational security is supported by approval processes, rights and role models and backoffice solutions.
Additional security is provided through technologies against fraud, money laundery and other threats provided by 3rd party solutions that are connected to fidorOS.