What it does
finX is an Open Finance platform built for Malaysian financial institutions to meet Bank Negara Malaysia's ED-OFIN-25 mandate without rebuilding their stack. It packages a FAPI 2.0 authorisation server, a consent management engine, core-banking adapters, a sandbox, and SDKs into one deployable platform — so banks, insurers, EMIs, and DFIs can stand up Open Finance APIs in weeks instead of running a multi-year programme.
From customer-permissioned data sharing and OFM-schema API exposure to consent capture, audit, and PayNet conformance testing, finX handles the regulated plumbing while your teams focus on products and partner enablement. Purpose-built for Malaysian Open Finance — with full data residency and PDPA-aligned handling.
FAPI 2.0 authorisation server with mTLS, PAR, JWS/JWE, and private_key_jwt
BNM-compliant consent lifecycle — capture, scope, expiry, revoke, audit
Pre-built core-banking adapters via Apache Camel and language SDKs
Conformance sandbox aligned to PayNet OFP v1.2.2 with mock data
Platform Architecture & Capabilities
Deep dive into the modular systems that power our Open Finance delivery model.
OFM Ready Server
A FAPI 2.0 authorisation server with the full BNM-aligned security profile, ready out of the box.
The OFM Ready Server provides OAuth 2.0 and OpenID Connect authorisation, OIDC identity, token storage, and rate limiting in a single deployable. It implements the full FAPI 2.0 security profile — mTLS, private_key_jwt, PAR (Pushed Authorization Requests), and PS256-signed JWS/JWE — so data providers get a regulator-aligned authorisation layer without assembling it themselves.
Certificate and key management is automated across the PKI lifecycle, with CSR generation, key rotation, and JWKS hosting included. Schema conformance is aligned to PayNet OFP v1.2.2, and the platform supports the OpenAPI 3.0 specifications BNM and PayNet publish.
FAPI 2.0 Security Profile Sequence
mTLS & private_key_jwt Authentication
Clients connect via mTLS with PKI-validated certificates and sign client assertion with private_key_jwt.
PAR Request Submission
Authorization details passed securely out-of-band via Pushed Authorization Request endpoint, returning a short-lived URI.
Consent Validation & Token Issuance
Consent lifecycle checked. Token issued signed via JWS (PS256) and optionally encrypted via JWE (ECDH-ES).
Integration Studio
Author Camel routes, manage integrations, and deploy from one workspace.
Self-service integration workspace for data-provider teams to map legacy core-banking APIs to OFM schema. Visual Camel route editor, low-code configuration, and one-click deployment to a Camel Spring Boot 4.18.0 runtime — backed by route templates for authentication, session validation, schema mapping, and response shaping that cover most Phase 1 implementation patterns.
Kraft Integration Studio — author, test & deploy integrations on Camel Spring Boot 4.18.0.
Consent Management
Design consent schemas, publish forms, and capture customer approval.
Turnkey consent engine with explicit customer control, BNM-compliant lifecycle, and an immutable audit trail. Compliance and product teams design BNM-aligned consent schemas with a drag-and-drop form builder, publish them as customer-facing approval screens, and govern grant, revoke, and expiry events from one console.
User Interface Experience
Reference demo application (Moneyview) built entirely on finX Open Finance APIs to demonstrate live account linkage, data aggregation, and consent.
Moneyview
Reference demo app built on finX Open Finance APIs.
Experience Open Finance in action. The Moneyview reference app demonstrates how data-consumers securely connect to financial institutions via finX APIs, retrieve real-time account balances, capture historical transaction streams, and display spend analytics — with the user maintaining absolute consent control throughout.
Moneyview demo app — consumes finX Open Finance APIs for live account, balance & transaction data.
How it integrates with your stack
finX connects to core banking, identity, and partner systems via standard protocols and pre-built connectors. The platform is designed for reliability, standards conformance, and ease of integration into existing FSI environments.
Who uses it
finX serves key teams across financial institutions, bringing security, agility, and compliance under one roof.
Open Finance & Digital Banking Teams
Integration & API Architects
Compliance, Risk & PDPA
Developer & Partner Enablement
Industries served
Accelerating Open Banking & Open Finance compliance across key sectors:
Security & Compliance standards
Strict alignment to regional financial regulations and security standards:
Request a demo
Tell us a bit about your institution and we'll schedule a short technical walkthrough of finX.