Page Comparison

...

The diagram below provides a general outline of the Consumer Data Standards API flow.

1. The Data Recipient sends an authorisation request to the Data Holder. This request is sent to authenticate the consumer before retrieving information through an Accredited Data Recipient's interface.
2. The consumer logs into the Data Holder’s authorisation webpage using the username. This is achieved using the identifier-first authenticator in WSO2 Open Banking Key Manager. Once the username is entered, an OTP is sent. Instead of the password, auth web app of WSO2 Open Banking Key Manager authenticates the consumer using the username and the OTP. Upon successful authentication, the consumer is able to view requested data. At this point, the consumer requires to select the account and authorise the consent.
3. The Auth web app of WSO2 Open Banking Key Manager sends an authorisation code to the defined redirection URL of Data Recipient application.
4. The Data Recipient requests for a user access token and a refresh token using the authorisation code sent in step 4.
5. Using the generated access token, now the Data Recipient can retrieve information via the Data Holder's interface.

Sequence Diagram

Authorisation flow

...