ForgeRock Open Banking Reference Implementation (Release 3.0.0)

Last updated Nov 2, 2020

This document describes the changes in the 3.0.0 release of the ForgeRock Open Banking Reference Implementation.

Release Notes

ForgeRock is pleased to announce the release of version 3.0.0 of the ForgeRock Open Banking Reference Implementation; release date: 24/01/2019. This is a feature release that contains bug fixes, improvements and features. It is also the first release to run in our new Kubernetes environment! While we were migrating to Kubernetes, our releases were less frequent but going forward we will resume regular releases.


  • All Open Banking 3.0.0 APIs are now supported. For example, have a look at the RS discovery endpoint.
  • Payment simulation has been extended to support 3.0.0; this means all APIs in 3.0.0 have payment simulation in the backend.
  • Payment simulation now credits the creditor account if the account number matches one of our PSU accounts. Previously it only debited the PSU accounts.
  • ForgeRock Directory now issues EIDAS certificates. This change won't affect you but if you introspect our certificate, you will notice it is now an EIDAS certificate.
  • Headless authentication and authorization is now available. This is mainly a feature for the Conformance team but can be useful if you want to skip the security flow and focus on consuming the APIs.


We have migrated your data to the new platform and version, but you should be aware of the following:

  • All keys have been reset during the migration. As a result, you will need to download the latest set of keys.
  • All of your data has been migrated from Open Banking v.2 to v.3. If you have added custom data to our mock bank, you should double-check the data has been migrated correctly.
  • The ASPSP and Directory user stores have now been separated. You must now register a TPP in the Directory and register a second time in the ASPSP to get a PSU. Previously with the user store shared between our ASPSP and Directory, you could log in to the ASPSP with a user register in the Directory.


  • The dynamic registration endpoint has been moved to the AS. It is now under the following url

TPP should retrieve the registration endpoint using the AS well-known endpoint. It is not recommended to hard code the value of the dynamic registration endpoint.

{ ... "registration_endpoint": "", ... }

Dedicated instances:

Moving to Kubernetes and CI/CD means we are now in a position to quickly create new instances of the OBRI. In the past we have had requests for dedicated instances, for example, to allow people to learn how to build it with ForgeRock products or for testing purposes. 

Please contact ForgeRock if you want access to a dedicated instance.

Copyright and Trademarks Copyright © 2020 ForgeRock, all rights reserved.