1. Data At-Rest Encryption
Data At-Rest Encryption using symmetric keys managed through a Key Management Service.

2. Data-in-motion Encryption
Data-in-motion Encryption using Key Exchanges performed through Diffie-Hellman Key Exchange (ECDHE) mechanism and digital signature certificates.

3. Privacy Protection
Privacy Protection through Data Masking, Tokenization and Identity visibility Protection rules.

4. API security
API security enforced using HTTPS, API Keys, Digitally signed requests and responses and OWASP compliance.

5. Logging
Logging of all activities and preservation of historical records in compliance with the IT Act.

Kindly note, we need details of how to comply with the bank's policies regarding secure consumption of their APIs, e.g. mechanisms to receive tokens using a client ID and a secret or the like.