...
The WSO2 Open Banking API management component allows banks to securely expose data to third parties via APIs. This enables banks to grant third-party providers (TPPs) with access to customers' account data and the ability to initiate payments with the customers' consent. The API design time supports comprehensive API management capabilities that enable designing and documenting APIs in compliance with popular open banking specifications as well as custom templates. It supports a fully-fledged API lifecycle management functionality along with version management. API publishers can publish APIs as prototypes in the developer portal. API consumers can invoke prototype APIs without subscribing to them and provide feedback. After incorporating the consumer feedback, the APIs can be published to the developer portal. Once TPP onboarding is completed, API consumers can subscribe to published APIs and use them in their banking applications. Token validation, scope validation, and fine-grained access control ensure API security that prevents unauthorized API calls.
...
The WSO2 Open Banking identity and access management component enables comprehensive security mechanisms to prevent unauthorized access to APIs and secured data. The strong customer authentication (SCA) module enables banks to authenticate the customers who are requesting to access account data via an AISP and the customers who are requesting to initiate a credit transfer via a PISP. Once authenticated, the user consent management module facilitates banks to obtain the customers' consent to proceed with the initiation request. In order to improve the user experience and reduce the friction between the bank and the customer/PSU, the transaction risk analysis (TRA) module identifies the scenarios where SCA is necessary and feeds that information to the adaptive authentication module. The adaptive authentication module thereby adjusts the authentication strength and enforces SCA only when it is necessary.
...