WSO2 Open Banking provides the complete technology stack for a hassle-free PSD2 compliance. This guide gives you For a quick walk-through to the WSO2 Open Banking using the following sample scenario.
Sample scenario
In order to comply with the PSD2 directive, the ABC Bank wishes to expose its customers' account and transaction data to third-parties via APIs upon receiving the consent from authenticated customers. Account Information Service Provider (AISPs) and Payment Initiation Service Providers (PISPs) are two types of third-parties that utilize these account and transaction data. AccPro is an AISP that subscribes to the ABC Bank's APIs to provide an aggregated view of customers' account and transaction details. TransacPro is a PISP that subscribes to the ABC Bank's APIs to initiate credit transfers on behalf of the ABC Bank's customers.
Let's see how AISPs and PISPs interact with WSO2 Open Banking.
Tip | ||
---|---|---|
Before you begin Make sure you have the following ready:
Let's get started! |
...
direction | horizontal |
---|
...
title | AISP |
---|
AISP Flow
Imagine that you are an administrator at AccPro (the AISP) responsible for subscribing to ABC Bank's APIs that expose customers' account and transaction data. Let's take a look at the tasks you need to perform to consume these APIs.
...
AISP-Sign-In Step 1 - Sign in
Follow the steps below to sign in to the WSO2 Open Banking live demo:
...
Step 2 - Create an application
Follow the steps below to create an application with which you can subscribe to APIs:
Click Applications on the WSO2 Open Banking live demo to view all the applications.
...
WSO2 Open Banking comes with a sample application named DefaultApplication
, which has a service-level agreement (SLA) with unlimited access.
...
Enter a name for the application and click Add to create the application.
...
You can select an SLA via the Per Token Quota dropdown, e.g., 50PerMin. If you do not select an SLA, the default SLA, which is unlimited
will be applied.
...
AISP-Step3 Step 3 - Subscribe to an API
Follow the steps below to subscribe to an API via an application:
...
AISP-Step4 Step 4 - Generate an application access token
...
Enter the required information.
...
This determines the credentials used to generate the access token. There are two types of grant types available in the WSO2 Open Banking live demo:
- Client Credentials: This relates to the
Client Credentials
grant type and is applicable when consuming the API as an application. - Code: This relates to the
Authorization Code
grant type and is applicable when consuming the API as a user.
...
This defines the access token's validity period after which it requires regeneration. You can keep the default value, which is 3600
seconds.
If you set the validity period to a minus value, e.g., -1, the token never expires.
Click Generate Keys.
This generates an access token, consumer key, and consumer secret.
Step 5 - Consume an API
Now that you have your access token, follow the steps below to invoke the AccountsInformationAPI and obtain the account information:
Navigate to the WSO2 Open Banking live demo and click AccountsInformationAPI
API.
...
Click Try it out. You receive a 201 response upon successful API invocation.
...
Copy the AccountRequestId
that is returned from above API call so that you can use it for the other API invocations.
What'sNext What's Next?
...
Copy the URL shown below and update the placeholders as follows:
...
Click Approve to allow sharing of customer data.
...
Copy the cURL command shown below and update the placeholders as follows:
...
<client-ID>
: Again, replace the <client-ID>
with the consumer key
.
...
<authorization-code>
: Replace this with the authorization code
, e.g., 2b602c70-6a6e-3e96-9132-8570aaad4458.
...
You can only use the authorization code once.
...
Paste the updated cURL command in the command prompt to generate the user access token with the consented privileges.
Example:
Now, try out other API resources with the generated user access token.
...
GET /accounts/{AccountId}/beneficiaries
GET /accounts/{AccountId}/direct-debits
GET /accounts/{AccountId}/standing-orders
GET /accounts/{AccountId}/balances
GET /accounts/{AccountId}/product
GET /accounts/{AccountId}/transactions
GET /accounts
GET /accounts/{AccountId}
...
POST /account-initiations
DELETE /account-initiations/{AccountRequestId}
GET /account-initiations/{AccountRequestId}
...
title | PISP |
---|
PISP Flow
Imagine that you are an administrator at TransacPro (the PISP) responsible for subscribing to ABC Bank's APIs to initiate credit transfers on behalf of the ABC Bank's customers. Let's take a look at the tasks you need to perform to consume these APIs.
...
PISP-Step1 Step 1 - Sign in
Follow the steps below to sign in to the WSO2 Open Banking live demo:
...
Step 2 - Create an application
Follow the steps below to create an application with which you can subscribe to APIs:
...
Enter a name for the application and click Add to create an application.
...
If you like you can select an SLA via the Per Token Quota dropdown, e.g., 50PerMin. If you do not select an SLA, the default SLA, which is unlimited will be applied
...
PISP-Step3 Step 3 - Subscribe to an API
Follow the steps below to subscribe to an API via an application:
...
PISP-Step4 Step 4 - Generate an application access token
...
Enter the required information.
...
This determines the credentials used to generate the access token. There are two types of grant types available in the WSO2 Open Banking live demo:
- Client Credentials: This relates to the Client Credentials grant type and is applicable when consuming the API as an application.
- Code: This relates to the Authorization Code grant type and is applicable when consuming the API as a user.
...
This is the URL used by TransacPro to receive the authorization code sent from the ABC Bank.
...
Scopes enable fine-grained access control to API resource based on user roles. Select payments : payments
.
...
This defines the access token's validity period after which it requires regeneration. You can keep the default value, which is 3600
seconds.
If you set the validity period to a minus value, e.g., -1, the token never expires
Click Generate Keys.
This generates an access token, consumer key, and consumer secret, which you can use in token generation API calls.
Step 5 - Consume an API
Now that you have your access token, follow the steps below to invoke the PaymentsAPI
API and post payments:
Click APIs on the WSO2 Open Banking live demo and click PaymentsAPI API.
...
Click Try it out. A 201 response appears upon a successful API invocation.
...
Copy the PaymentID
that is returned from the API call so that you can use it for other API invocations.
PISP-What'sNext What's Next?
...
Click Approve to perform the transaction.
After the consent process is approved, the authorization code appears.
Copy the cURL command shown below and update the placeholders as follows:
...
<client-ID>
: Again, replace the <client-ID>
withthe consumer key
.
...
<authorization-code>
: Replace this with the authorization code
, e.g., 2b602c70-6a6e-3e96-9132-8570aaad4458.
...
You can only use the authorization code once.
...
Paste the updated cURL command in the command prompt to generate the user access token with the consented privileges.
Example:
Now, try out other API resources of the PaymentsAPI
API.
...
POST /payment-submissions
GET /payment-submissions/{PaymentSubmissionId}
...
POST /payment-initiations
...
hands-on experience, see Sandbox Guide.