Versions Compared

Old Version 25

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 Open Banking provides the complete technology stack for a hassle-free PSD2 compliance. This guide gives you For a quick walk-through to the WSO2 Open Banking using the following sample scenario. 

Sample scenario

In order to comply with the PSD2 directive, the ABC Bank wishes to expose its customers' account and transaction data to third-parties via APIs upon receiving the consent from authenticated customers. Account Information Service Provider (AISPs) and Payment Initiation Service Providers (PISPs) are two types of third-parties that utilize these account and transaction data. AccPro is an AISP that subscribes to the ABC Bank's APIs to provide an aggregated view of customers' account and transaction details. TransacPro is a PISP that subscribes to the ABC Bank's APIs to initiate credit transfers on behalf of the ABC Bank's customers. 

Image Removed

Let's see how AISPs and PISPs interact with WSO2 Open Banking. 

Tip

Before you begin

Make sure you have the following ready:

  1. A wso2.com user account. If you do not have a WSO2 account yet,

    1. Go to https://wso2.com/user/register.

    2. Enter the required information.

      Note

      Provide a valid phone number with the country code to complete the two-factor authentication, e.g., +44 xxxxxxxxxx for a UK phone number.

    3. Click Register.
    4. Validate your account details by accessing the one-time login URL that you received via email.

  2. cURL: You need cURL on your machine so that you can make API calls using the command line.

  3. A web browser: You need a web browser to work with the customer consent approval process.

Let's get started!

...

Imagine that you are an administrator at AccPro (the AISP) responsible for subscribing to ABC Bank's APIs that expose customers' account and transaction data. Let's take a look at the tasks you need to perform to consume these APIs.

...

minLevel3
locationtop

...

Follow the steps below to sign in to the WSO2 Open Banking live demo:

  1. Go to the Home page and click Try Developer Portal > App (Sandbox).
    Image Removed
    The API Store with the available APIs you can try appears.
  2. Click Sign in in the upper right corner and sign in with your wso2.com account details.
    Image Removed

Follow the steps below to create an application with which you can subscribe to APIs:

  1. Click Applications on the WSO2 Open Banking live demo to view all the applications.

    Image Removed

    Note

    WSO2 Open Banking comes with a sample application named DefaultApplication, which has a service-level agreement (SLA) with unlimited access.

  2. Click Add Application.
    Image Removed

  3. Enter a name for the application and click Add to create the application. 

    Tip

    You can select an SLA via the Per Token Quota dropdown, e.g., 50PerMin. If you do not select an SLA, the default SLA, which is unlimited will be applied.

    Image Removed
    After the application is created, the application details page appears.

    Image Removed

...

Follow the steps below to subscribe to an API via an application:

  1. Click APIs to view all the available WSO2 Open Banking APIs.
    Image Removed

  2. Click the AccountsInformationAPI API.
    Image Removed
  3. Select the application that you created from the Applications drop-down. If you did not create an application, select the DefaultApplication.
    Image Removed
  4. Click Subscribe
    A message appears to confirm that you have successfully subscribed to the API. Click View Subscriptions.
    Image Removed
    The Subscriptions tab of the Application Details page appears.
    Image Removed

...

Follow the steps below to generate the application access token and the security keys with which you can invoke an API:

...

Enter the required information.

...

This determines the credentials used to generate the access token. There are two types of grant types available in the WSO2 Open Banking live demo:

  • Client Credentials: This relates to the Client Credentials grant type and is applicable when consuming the API as an application.
  • Code: This relates to the Authorization Code grant type and is applicable when consuming the API as a user.

...

Scopes enable fine-grained access control to API resources based on user roles. Select the accounts : accounts scope.

...

This defines the access token's validity period after which it requires regeneration. You can keep the default value, which is 3600 seconds.

Tip

If you set the validity period to a minus value, e.g., -1, the token never expires.

...

Click Generate Keys
This generates an access token, consumer key, and consumer secret. 

Image Removed

Step 5 - Consume an API

Now that you have your access token, follow the steps below to invoke the AccountsInformationAPI and obtain the account information:

  1. Navigate to the WSO2 Open Banking live demo and click AccountsInformationAPI API.

    Note

    Make sure you are signed in to the WSO2 Open Banking live demo.

  2. Select the application you used to subscribe to the AccountsInformationAPI API from the Try dropdown. The previously generated access token appears by default.
  3. Cilck POST /account-initiation to expand the POST /account-initiation API resource.
    1. Enter the application access token you generated in Step 4 to the Authorization : Bearer field.
    2. Enter the sample values given in the UI to body, x-jws-signature, x-fapi-interaction-id, and x-fapi-financial-id fields.

    3. Click Try it out. You receive a 201 response upon successful API invocation.

      Tip

      Copy the AccountRequestId that is returned from above API call so that you can use it for the other API invocations.

...

Follow the steps below to generate a user access token:

Copy the URL shown below and update the placeholders as follows:

...

Replace the <redirect-URL> with the Callback URL that you entered when generating the keys in Step 4, e.g., https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do.

...

directionhorizontal

...

titleURL Format

...

titleURL Sample

...

Click Approve to allow sharing of customer data.

Image Removed

...

After the consent process is approved, the authorization code appears.
Image Removed

...

Copy the cURL command shown below and update the placeholders as follows:

  1. <client-ID>:<client-secret> : Replace the  <client-ID> and the <client-secret> with the consumer key and the consumer secret you generated in Step 4 respectively. Make sure to keep the colon (:) separator between them.

  2. <client-ID> : Again, replace the <client-ID> with the consumer key.

  3. <authorization-code> : Replace this with the authorization code, e.g., 2b602c70-6a6e-3e96-9132-8570aaad4458.

  4. <redirect-URL> : Replace this with the Callback URL that you used to generate the keys, e.g., https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do.

    Note

    You can only use the authorization code once.

    Localtabgroup
    Localtab
    activetrue
    idformat-access-token
    titleFormat
    Code Block
    curl -v -X POST --basic -u <client-ID>:<client-secret> -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "client_id=<client-ID>&grant_type=authorization_code&code=<authorization-code>&redirect_uri=<redirect-URL>" https://api-openbanking.wso2.com/TokenAPI/v1.0.0/
    Localtab
    idexample-access-token
    titleExample
    Code Block
    curl -v -X POST --basic -u fAIwK4n9QKKHIoGOv1DF6eUOkiMa:2Ui34DIx7LfIiXtrUCCpkoUqKDUa -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "client_id=fAIwK4n9QKKHIoGOv1DF6eUOkiMa&grant_type=authorization_code&code=ff105634-e437-3567-955d-0bcaee3603d8&redirect_uri=https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do" https://api-openbanking.wso2.com/TokenAPI/v1.0.0/

    Paste the updated cURL command in the command prompt to generate the user access token with the consented privileges.

    Example:

    Code Block
    > POST /TokenAPI/v1.0.0/ HTTP/1.1
> Host: api-openbanking.wso2.com
> Authorization: Basic ZkFJd0s0bjlRS0tISW9HT3YxREY2ZVVPa2lNYToyVWkzNERJeDdMZklpWHRyVUNDcGtvVXFLRFVh
> User-Agent: curl/7.51.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded;charset=UTF-8
> Content-Length: 197
< HTTP/1.1 200 OK
< Server: nginx/1.12.1
< Date: Fri, 15 Sep 2017 05:30:23 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Frame-Options: DENY
< Cache-Control: no-store
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: POST
< X-Content-Type-Options: nosniff
< Pragma: no-cache
< X-XSS-Protection: 1; mode=block
< Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction
< 
{"access_token":"c2f32c1e-37eb-3d86-8c48-f96cc200d16e","refresh_token":"9e38e258-385d-3bfc-82f6-b5ada4007589","scope":"payments","token_type":"

...

Now, try out other API resources with the generated user access token.

Localtabgroup
Localtab
activetrue
idac-info-apis
titleAPIs used by users
When accessing the following API resources, use the user access token you generated.
  • GET /accounts/{AccountId}/beneficiaries
  • GET /accounts/{AccountId}/direct-debits
  • GET /accounts/{AccountId}/standing-orders
  • GET /accounts/{AccountId}/balances
  • GET /accounts/{AccountId}/product
  • GET /accounts/{AccountId}/transactions
  • GET /accounts
  • GET /accounts/{AccountId}
Localtab
idpaymt-apis
titleAPIs used by applications

When accessing the following API resources, use the access token you generated using the Client Credentials grant type and accounts : accounts scope in Step 4.

  • POST /account-initiations

  • DELETE /account-initiations/{AccountRequestId}

  • GET /account-initiations/{AccountRequestId}

[Back to Top]

...

Imagine that you are an administrator at TransacPro (the PISP) responsible for subscribing to ABC Bank's APIs to initiate credit transfers on behalf of the ABC Bank's customers. Let's take a look at the tasks you need to perform to consume these APIs.

...

minLevel3
locationtop

...

Follow the steps below to sign in to the WSO2 Open Banking live demo:

  1. Go to the Home page and click Try Developer Portal > App (Sandbox).
    Image Removed
    The API Store with the available APIs you can try appears.
  2. Click Sign in in the upper right corner and sign in with your wso2.com account details.
    Image Removed

Follow the steps below to create an application with which you can subscribe to APIs:

  1. Click Applications on the WSO2 Open Banking live demo to view all the applications.
    Image Removed

    Note

    WSO2 Open Banking comes with a sample application named DefaultApplication, which has a service-level agreement (SLA) with unlimited access, by default.

  2. Click Add Application.
    Image Removed

  3. Enter a name for the application and click Add to create an application. 

    Tip

    If you like you can select an SLA via the Per Token Quota dropdown, e.g., 50PerMin. If you do not select an SLA, the default SLA, which is unlimited will be applied

    Image Removed

    After the application is created, the application details page appears.
    Image Removed

...

Follow the steps below to subscribe to an API via an application:

  1. Click APIs to view all available WSO2 Open Banking APIs.
    Image Removed

  2. Click the PaymentsAPI v1.0.0 API.
    Image Removed
  3. Select the application that you created from the Applications drop-down. If you did not create an application, select DefaultApplication.
    Image Removed
  4. Click Subscribe
    A message appears to confirm that you have successfully subscribed to the API. Click View Subscriptions.
    Image Removed
    The Subscriptions tab of the Application Details page appears.
    Image Removed

...

Follow the steps below to generate the application access token and the security keys with which you can create a user access token:

...

Enter the required information.

...

This determines the credentials used to generate the access token. There are two types of grant types available in the WSO2 Open Banking live demo:

  • Client Credentials: This relates to the Client Credentials grant type and is applicable when consuming the API as an application.
  • Code: This relates to the Authorization Code grant type and is applicable when consuming the API as a user.

...

This is the URL used by TransacPro to receive the authorization code sent from the ABC Bank.

...

Scopes enable fine-grained access control to API resource based on user roles. Select payments : payments.

...

This defines the access token's validity period after which it requires regeneration. You can keep the default value, which is 3600 seconds.

Tip

If you set the validity period to a minus value, e.g., -1, the token never expires

...

Click  Generate Keys

This generates an access token, consumer key, and consumer secret, which you can use in token generation API calls. 

Image Removed

Step 5 - Consume an API

Now that you have your access token, follow the steps below to invoke the PaymentsAPI API and post payments:

  1. Click APIs on the WSO2 Open Banking live demo and click PaymentsAPI API.

    Tip

    Make sure you are signed in to the WSO2 Open Banking live demo.

  2. Select the application you used to subscribe to the PaymentsAPI API from the Try dropdown. The previously generated access token appears by default.
  3. Click POST /payment-initiation to expand the POST /payment-initiation API resource.
    1. Enter the application access token you generated in Step 4 to the Authorization : Bearer field.
    2. Enter the sample values given in the UI to x-idempotency-key, x-jws-signature, x-fapi-interaction-id, x-fapi-financial-id, and body fields.

  4. Click Try it out. A 201 response appears upon a successful API invocation.

    Tip

    Copy the PaymentID that is returned from the API call so that you can use it for other API invocations.

...

Follow the steps below to generate a user access token using the client key and the client secret:  

  1. Copy the URL shown below and update the placeholders as follows:

    1. <client-ID> : Replace this with the consumer key that you generated in Step 4, e.g., fAIwK4n9QKKHIoGOv1DF6eUOkiMa.

    2. <riderect-URL> : Replace this with the Callback URL that you used when generating the kes in Step 4, e.g.,  https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do .

      Localtabgroup
      Localtab
      activetrue
      idAISP
      titleURL Format
      Code Block
      https://api-openbanking.wso2.com/AuthorizeAPI/v1.0.0/?response_type=code&scope=payments&state=cGlzcDoyMTU2&client_id=<client-ID>&redirect_uri=<redirect-URL>
      Localtab
      idPISP
      titleURL Sample
      Code Block
      https://api-openbanking.wso2.com/AuthorizeAPI/v1.0.0/?response_type=code&scope=payments&state=cGlzcDoyMTU2&client_id=fAIwK4n9QKKHIoGOv1DF6eUOkiMa&redirect_uri=https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do
  2. Paste the updated URL on your browser to navigate to the ABC Bank's open banking system.
  3. When prompted, sign in using your wso2.com credentials. 
    This is the first factor of Strong Customer Authentication (SCA)
    Image Removed
  4. Enter the verification code that you received via SMS to the mobile number that you gave at the time of signing up to wso2.com.
    This serves as the second factor of SCA. 
    Image Removed
    After the authentication process is complete, you are directed to the customer consent approval process.

  5. Click Approve to perform the transaction.

    Image Removed

  6. After the consent process is approved, the authorization code appears.

    Image Removed

  7. Copy the cURL command shown below and update the placeholders as follows:

    1. <client-ID>:<client-secret> : Replace the <client-ID> andthe <client-secrent> with the consumer key and the consumer secret you generated in Step 4 respectively. Make sure to keep the colon (:) separator between them.

    2. <client-ID> : Again, replace the <client-ID> withthe consumer key.

    3. <authorization-code> : Replace this with the authorization code, e.g., 2b602c70-6a6e-3e96-9132-8570aaad4458.

    4. <redirect-URL> : Replace this with the Callback URL that you used to generate the keys, e.g., https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do.

      Note

      You can only use the authorization code once.

      Localtabgroup
      Localtab
      activetrue
      idformat-access-token
      titleFormat
      Code Block
      curl -v -X POST --basic -u <client-ID>:<client-secret> -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "client_id=<client-ID>&grant_type=authorization_code&code=<authorization-code>&redirect_uri=<redirect-URL>" https://api-openbanking.wso2.com/TokenAPI/v1.0.0/
      Localtab
      idexample-access-token
      titleExample
      Code Block
      curl -v -X POST --basic -u fAIwK4n9QKKHIoGOv1DF6eUOkiMa:2Ui34DIx7LfIiXtrUCCpkoUqKDUa -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "client_id=fAIwK4n9QKKHIoGOv1DF6eUOkiMa&grant_type=authorization_code&code=ff105634-e437-3567-955d-0bcaee3603d8&redirect_uri=https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do" https://api-openbanking.wso2.com/TokenAPI/v1.0.0/

      Paste the updated cURL command in the command prompt to generate the user access token with the consented privileges.

      Example:

      Code Block
      > POST /TokenAPI/v1.0.0/ HTTP/1.1
> Host: api-openbanking.wso2.com
> Authorization: Basic ZkFJd0s0bjlRS0tISW9HT3YxREY2ZVVPa2lNYToyVWkzNERJeDdMZklpWHRyVUNDcGtvVXFLRFVh
> User-Agent: curl/7.51.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded;charset=UTF-8
> Content-Length: 197
< HTTP/1.1 200 OK
< Server: nginx/1.12.1
< Date: Fri, 15 Sep 2017 05:30:23 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Frame-Options: DENY
< Cache-Control: no-store
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: POST
< X-Content-Type-Options: nosniff
< Pragma: no-cache
< X-XSS-Protection: 1; mode=block
< Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction
< 
{"access_token":"c2f32c1e-37eb-3d86-8c48-f96cc200d16e","refresh_token":"9e38e258-385d-3bfc-82f6-b5ada4007589","scope":"payments","token_type":"

  8. Now, try out other API resources of the PaymentsAPI API.

    Localtabgroup
    Localtab
    idpaymt-apis
    titleAPIs used by users
    When accessing the following API resources, use the user access token you generated.
    • POST /payment-submissions
    • GET /payment-submissions/{PaymentSubmissionId}
    Localtab
    idpayment-apis
    titleAPIs used by applications

    When accessing the following API resources, use the access token you generated using the Client Credentials grant type and the payments : payments scope in Step 4.

    • POST /payment-initiations

    • GET /payment-initiations/{PaymentId}

...

hands-on experience, see Sandbox Guide.