Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: update for ob2.0

WSO2 Open Banking supports publishing non-regulatory APIs that are not bound to any regulations or standards. You can create non-regulatory applications to access the non-regulatory APIs.

Certain security aspects of regulatory applications are minimised to cater to business use cases of a bank. The non-regulatory applications access the non-regulatory APIs without transport layer security. Therefore, grant types that are not allowed in regulatory applications such as password can be used in non-regulatory applications. This These features adds add more flexibility in designing use cases and user experiences when managing APIs and applications using WSO2 Open Banking. For example, you can publish an API to retrieve branch details and ATM details of a bank. 

Use You can use one of the following methods to deploy a non-regulatory API in WSO2 in the API Publisher of WSO2 Open Banking API Manager - API Publisher.Image Removed

Image Added.

This document explains how to create an application that subscribes to a non-regulatory API using WSO2 Open Banking.

...

Note

A sample non-regulatory API is available in WSO2 Open Banking.

Expand
titleClick here to see how to deploy the sample non-regulatory API

  1. Sign in to the API Publisher (https://<WSO2_OB_APIM_HOST>:9443/publisher) with a user whose roles includes Internal/publisher.

  2. In the APIS menu, click Click Deploy Sample API . This is to deploy the sample PizzaShackAPI - 1.0.0, which is a non-regulatory API.
     Image Removed Image Added
  3. Upon successful deployment, the following message is displayed.  Click OK to continue. You can see the API in the API Publisher Listing page as follows:
     Image Removed you are redirected to the Overview page for the Pizza Shack v1.0.0 API.Image Added

Create an application

This section explains how to create an application to subscribe to non-regulatory APIs.

  1. Sign in to the API Store Developer Portal (https://<WSO2_OB_APIM_HOST>:9443/storedevportal) with a user whose roles includes Internal/subscriber.
  2. Go to the   Applications tab.
    Image RemovedApplications tab in the Developer Portal.  
    Image Added

  3. Click

    Add

     

    Application

    ADD NEW APPLICATION.

    Image Removed Image Added

  4. Enter application details.

    FieldDescriptionNameThe name of the application.Per Token QuotaDetermines the maximum number of API requests accepted within a given duration.Regulatory ComplianceDetermines whether this application handle regulatory compliance APIs
    Note

    Clear the checkbox with the label Will this application handle regulatory compliance APIs?

    This is to mark whether this application handles any regulatory compliance APIs or not. By default, this box is checked.

    Uncheck the box as this application is to subscribe for non-regulatory APIs.

    Once you uncheck the checkbox the Token Type field will be enabled for non-Regulatory applications.

    Description

    The purpose of the application.

    Token TypeDetermines the issuer of the token.  For Non-Regulatory applications, there is no restriction on the token type. You can select a preferred token type from the drop-down list (OAuth, JWT).

    Image Removed

  5. Click Add.

Generating Keys

Image Removed

  1. For non-regulatory compliance applications, make sure to clear the checkbox.

    Image Added

  2. Click  SAVE

Subscribe to API

Use the application created above to subscribe to a non-regulatory API to access the API resources. Once subscribed, the application can access all the supported services of the API resources.

  1. Go to the APIs tab in the Developer portal.
    Image Added

  2. Select the deployed non-regulatory API.
    Image Added

  3. Go to  Subscriptions  at the bottom of the API and select  SUBSCRIBE .
    Image Added
  4. Select your non-regulatory Application from the drop-down list, set the Throttling Policy and click SUBSCRIBE.Image Added
  5. Once you subscribe, you can find the list of subscriptions in the bottom.
    Image Added

  6. Now that you have subscribed to the API, generate access tokens and invoke the API.

Generating Keys

After creating an application it is configured as a Non-Regulatory application. Follow the steps below to generate keys:

...

  1. Once the application is successfully created, you are redirected to the Overview page of the application. 
  2. Scroll down and select either of the following tabstypes of keys:

    1. Production Keys: Generates access tokens in the production environment.

    2. Sandbox Keys: Generates access tokens in the sandbox environment.

  3. Click Manage at the bottom of the page.
    Image Added

  4. Provide the requested information

    .

    as defined below:  

    Field

    Description

    Grant Types

    Determines

    These determine the credentials that are used to generate the access token. All the grant types are applicable for non-regulatory applications and you may select them by checking the boxes.

    • Code: This relates to the authorisation code grant type and is applicable when consuming the API as a user.
    • Implicit: This is similar to the code grant type, but instead of generating code, this directly provides the access token.
    • Refresh Token: This is to renew an expired access token.
    • Client Credential: This relates to the client credentials grant type and is applicable when consuming the API as an application.

    Callback URL

    The URL used by the application to receive the authorisation code sent from the bank. The authorisation code can be used later to generate an OAuth2 access token.

    Image Removed

    To generate consumer key and consumer secret:

    If you are generating production keys: Click Request Access. If workflows are configured in the solution, it sends a request to Approver user to approve the token generation. Otherwise, it

    Application Certificate

    This is the content between the BEGIN CERTIFICATE and END CERTIFICATE strings of the application certificate (.PEM).  

    Image Added

  5. Click  GENERATE KEYS to generate production or sandbox keys. It generates consumer key and consumer secret.

  6. If you are generating sandbox keys: Click Generate Keys

  7. Use the generated cURL commands to generate access tokens to invoke a non-regulatory API.

Subscribe to API

Use the application created above to subscribe to a non-regulatory API to access the API resources. Once subscribed, the application can access all the supported services of the API resources.

...

Select the application you created in the Create an application section.
Image Removed

...

Set the throttling policy to Unlimited.

...

Now you can invoke the API using the non-regulatory application.