Versions Compared

Old Version 16

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: add content

A Third Party Provider (TPP) Onboarding is a service provider for both Payment Service Users (PSUs), and Account Servicing Payment Service Providers (ASPSPs). A TPP provides an interface for the PSU to allow and manage transactions from the ASPSP. TPP Onboarding is a process in WSO2 Open Banking to secure the data flow between the ASPSP and the TPP. The TPP is verified by a competent authorised body. Therefore, the ASPSP can identify and authorise the TPP with TPP Onboarding. There are two methods for TPP Onboarding:childrenthe process of ensuring that TPPs are trusted before consuming the banking APIs as they contain confidential customer information.  Therefore, the bank has to implement a proper TPP Onboarding process in its banking system.  This registration process:

    • Validates if the TPP is authorised by a competent authority
    • Validates the TPP's information (TPP role, TPP ID, application type, and request issuance time) See the full list of request parameters that must be validated according to the specification.
    • Allows accessing the banking APIs

For TPP Onboarding, the Open Banking Implementation Entity (OBIE) of the UK recommends any of the following processes:

Table of Contents
maxLevel2

Image Added

Signup Workflow

In this method, you can configure workflows to approve TPPs who signup and the applications that are registered. For configurations, see  Using the Signup Workflow for UK.

Image Added

Dynamic Client Registration

The diagram below shows how Dynamic Client Registration (DCR) functions. The OBIE of the UK has introduced two versions for DCR; v1.0.0 and v3.2. WSO2 Open Banking supports both approaches.

Image Added


Expand
titleClick here to see the more information of the two approaches...

v1.0.0v3.2
Software statement can be issued by
  • The directory solution provided by OBIE
  • The directory solution provided by OBIE
Endpoints
  • POST
  • POST
  • GET
  • PUT 
  • DELETE
Supported TPP authentication methods
  • Mutual Transport Layer Security
  • Mutual Transport Layer Security
  • Client Credentials Grant Type

See the following documents to configure TPP Onboarding using one of the above-mentioned approaches:

Manual Client Registration

In this method, TPP uses the OBIE directory as a federated Identity Provider to log in to the Developer Portal (API Store) of ASPSP using Single Sign On. The TPP needs to be registered with OBIE Directory as an Account Information Service Provider (AISP)/Payment Initiation Service Provider (PISP) /Card-Based Payment Instrument Issuer (CBPII) or a combination of AISP, PISP, CBPII to obtain client credentials to use OBIE as the IDP. The authorization code grant is used in OpenID Connect flow when using the federated IDP. ASPSP must provide a redirect URL where the logged-in TPP must be redirected to.

Image Added

For configurations, see Manual Client Registration.