bank-api
Verified Safeby erwinkramer
Overview
A design reference project for building a compliant and modern bank API, exposed via Model Context Protocol.
Installation
dotnet run --project BankApi.OrchestrationEnvironment Variables
- ASPNETCORE_ENVIRONMENT
- ConnectionStrings__BankStorage
- ApiSettings__EntraId__TenantId
- ApiSettings__EntraId__ClientId
- OTEL_EXPORTER_OTLP_ENDPOINT
- OTEL_SERVICE_NAME
Security Notes
The project demonstrates a strong commitment to API security and compliance by adhering to OWASP API Security Top 10, OpenAPI Specification, and data protection regulations (GDPR, CCPA). It implements JSON Web Signature (JWS) for response signing and JSON Web Key Sets (JWKS) for validation. Multiple authentication methods (API Key, JWT, OpenID Connect, OAuth2) are supported. Configuration values for Entra ID are present in appsettings.json, which are public IDs, but for a production setup, secret management would be ideal for sensitive identifiers. No 'eval', obfuscation, or malicious patterns were identified.
Similar Servers
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
mcp-dotnet-samples
This MCP server retrieves GitHub Copilot customizations, including instructions, agents, prompts, and collections, from the `awesome-copilot` repository to provide contextual guidance to AI models.
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.