Ozone

Open Finance Malaysia Developer Portal

Introduction

Introduction

Open Finance Malaysia

Welcome to the Open Finance Malaysia (OFM) Developer Portal. OFM Platform is a financial-grade Application Programming Interface (FAPI) based on OpenID, the global open standard that enables secure, customer-consented access to a wide range of user data — from banks, financial institutions and pension providers (EPF).

Overview

Open Finance Malaysia facilitates secure exchange of data between:

  • Data Consumers (DC): Entities consuming consented user data to build personalised services (eg. PFM, lending, etc.)
  • Data Providers (DP): Entities providing consented user data to Data Consumers after authenticating and obtaining user authorization.

The platform operates through two main server endpoints:

  • Authorization Server (AS): Responsible for managing user consent, authentication, and access tokens. It ensures that only authorized parties can access financial data, and it enforces security and compliance standards such as OAuth 2.0 and OpenID Connect.

  • Resource Server (RS): Where the actual financial or user data is retrieved—such as account balances, transactions, insurance details, etc. It serves the data only when a valid access token is presented.

API Standards

The PayNet Open Finance Platform implements:

  • OAuth 2.0 and OpenID Connect for authentication and authorization
  • Financial-grade API (FAPI) 2.0 security profile for enhanced security
  • Mutual TLS (mTLS) for client authentication
  • JWS Message Signing for request/response integrity
  • JWE Data Encryption for sensitive data protection
  • Pushed Authorization Request (PAR) for secure authorization flows

Key Features

  • Secure Data Exchange: Industry-standard encryption and authentication mechanisms
  • User Consent Management: Transparent consent lifecycle management
  • Real-time Access: Synchronous API responses for immediate data retrieval
  • Comprehensive Coverage: Support for accounts, transactions, balances, and more
  • Webhook Notifications: Real-time consent event notifications

Getting Started

We recommend starting with our Sandbox environment to test your integration.

Our Sandbox fully reflects our production environment and provides an easy route to testing out your proposition.

For production access, please see our Production guide.

See our Getting Started page for detailed instructions on accessing our sandbox and production APIs.

You contact us through our Contact Us page.

API Documentation

For detailed API specifications, please refer to:

Next
Getting started
Powered by ozoneapi

© 2026 Open Finance Malaysia Developer Portal. All rights reserved.