Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Content Zone
minLevel3
locationtop

Follow the steps below to sign in to the WSO2 Open Banking live demo:

  1. Go to the Home page and click Try Developer Portal > App (Sandbox).

    The API Store with the available APIs you can try appears.
  2. Click Sign in in the upper right corner and sign in with your wso2.com account details.

Follow the steps below to create an application with which you can subscribe to APIs:

  1. Click Applications on the WSO2 Open Banking live demo to view all the applications.

    Note

    WSO2 Open Banking comes with a sample application named DefaultApplication, which has a service-level agreement (SLA) with unlimited access.

  2. Click Add Application.
  3. Enter a name for the application and click Add to create the application. 

    Tip

    You can select an SLA via the Per Token Quota dropdown, e.g., 50PerMin. If you do not select an SLA, the default SLA, which is unlimited will be applied.


    After the application is created, the application details page appears.

Anchor
AISP-Step3
AISP-Step3
Step 3 - Subscribe to an API

Follow the steps below to subscribe to an API via an application:

  1. Click APIs to view all the available WSO2 Open Banking APIs.

  2. Click the AccountsInformationAPI API.
  3. Select the application that you created from the Applications drop-down. If you did not create an application, select the DefaultApplication.
  4. Click Subscribe
    A message appears to confirm that you have successfully subscribed to the API. Click View Subscriptions.

    The Subscriptions tab of the Application Details page appears.

Anchor
AISP-Step4
AISP-Step4
Step 4 - Generate an application access token

Follow the steps below to generate the application access token and the security keys with which you can invoke an API:

  1. Click Sandbox Keys tab on the Application Details page.
  2. Enter the required information.

    FieldPurpose
    Grant Types

    This determines the credentials used to generate the access token. There are two types of grant types available in the WSO2 Open Banking live demo:

    • Client Credentials: This relates to the Client Credentials grant type and is applicable when consuming the API as an application.
    • Code: This relates to the Authorization Code grant type and is applicable when consuming the API as a user.
    Callback URLThis is the URL used by AccPro to receive the authorization code sent from the ABC Bank.
    Scopes

    Scopes enable fine-grained access control to API resources based on user roles. Select the accounts : accounts scope.

    Validity Period

    This defines the access token's validity period after which it requires regeneration. You can keep the default value, which is 3600 seconds.

    Tip

    If you set the validity period to a minus value, e.g., -1, the token never expires.

  3. Fill the Application Certificate field using a self-signed certificate.

    Expand
    titleClick here to view how to generate a self-signed certificate
    1. Create a keystore file using the command below. Make sure you update the following placeholders:

      1. <alias> : A preferred alias for the keystore file

      2. <preferred-filename> : A preferred name for the keystore file

        Code Block
        keytool -genkey -alias <alias> -keyalg RSA -keystore <filename>.jks
    2. Currently, the keystore is in the jks format. Convert it to the PKCS12 format. Make sure you update the following placeholders:

      1. <keyStoreName> : This is the name of the keystore.

      2. <PKCS12FileName> : This is the name of the keystore in the PKCS12 format.

        Code Block
        keytool -importkeystore -srckeystore <keystoreStoreName>.jks -destkeystore <PKCS12FileName>.p12 -deststoretype PKCS12
    3. Create the certificate (.pem) file using the keystore in the PKCS12 format. Make sure you update the following placeholders:

      1. <PKCS12FileName> : This is the name of the keystore in the PKCS12 format.

      2. <PublicCertPem> : This is the name of the application certificate that is created in the .pem format.

      3. <PrivateCertPem> : Private certificate that can be used to sign the requests

        Code Block
        languagebash
        titlepublic certificate
        openssl pkcs12 -in <PKCS12FileName>.p12 -nokeys -out <PublicCertPem>.pem
        Code Block
        languagebash
        titleprivate certificate
        openssl pkcs12 -in <PKCS12FileName>.p12 -nodes -nocerts -out <PrivateCertPem>.pem
    4. Generate the fingerprint (kid) of the keystore from the command below, this is for future use.


      Code Block
      keytool -list -v -keystore <keystoreStoreName>.jks

    You can either open the certificate file with a text editor, copy the certificate value and paste the content in the Application Certificate field or simply click Browse and upload the certificate(.pem) file.

  4. Click Generate Keys
    This generates an access token, consumer key, and consumer secret. 

Step 5 - Consume an API

Now that you have your access token, follow the steps below to invoke the AccountsInformationAPI and obtain the account information:

  1. Navigate to the WSO2 Open Banking live demo and click AccountsInformationAPI API.

    Note

    Make sure you are signed in to the WSO2 Open Banking live demo.

  2. Select the application you used to subscribe to the AccountsInformationAPI API from the Try dropdown. The previously generated access token appears by default.
  3. CilckPOST /account-initiation to expand the POST /account-initiation API resource.
    1. Enter the application access token you generated in Step 4 to the Authorization : Bearer field.
    2. Enter the sample values given in the UI to body, x-jws-signature, x-fapi-interaction-id, and x-fapi-financial-id fields.
    3. Click Try it out. You receive a 201 response upon successful API invocation.

      Tip

      Copy the AccountRequestId that is returned from above API call so that you can use it for the other API invocations.

Anchor
What'sNext
What'sNext
What's Next?

Follow the steps below to generate a user access token:

  1. CopytheURL Copy the URL shown below and update the placeholders as follows:

    1. Replace the<client-ID> with the consumer key that you generated in Step 4, e.g., fAIwK4n9QKKHIoGOv1DF6eUOkiMa.
    2. Replace the <redirect-URL> with the Callback URL that you entered when generating the keys in Step 4, e.g., https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do.

      Format:

      Code Block
      https://api-openbanking.wso2.com/AuthorizeAPI/v1.0.0/?response_type=code&scope=accounts&state=YWlzcDozMTQ2&client_id=<client-ID>&redirect_uri=<redirect-URL>

      Example:

      Code Block
      https://api-openbanking.wso2.com/AuthorizeAPI/v1.0.0/?response_type=code&scope=accounts&state=YWlzcDozMTQ2&client_id=fAIwK4n9QKKHIoGOv1DF6eUOkiMa&redirect_uri=https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do
  2. Paste the updated URL in your browser to navigate to the ABC Bank's open banking system.
  3. When prompted, sign in using your wso2.com credentials. 
    This is the first factor of Strong Customer Authentication (SCA)
  4. Enter the verification code that you received via SMS to the mobile number that you gave at the time of signing up to wso2.com.
    This serves as the second factor of SCA. 

    After the authentication process is complete, you are directed to the customer consent approval process.
  5. Click Approve to allow sharing of customer data.

  6. After the consent process is approved, the authorization code appears.

  7. Copy the cURL command shown below and update the placeholders as follows:

    1. <client-ID>:<client-secret> : Replace the  <client-ID> and the <client-secret> with the consumer key and the consumer secret you generated in Step 4 respectively. Make sure to keep the colon (:) separator between them.

    2. <client-ID> : Again, replace the <client-ID> with the consumer key.

    3. <authorization-code> : Replace this with the authorization code, e.g., 2b602c70-6a6e-3e96-9132-8570aaad4458.

    4. <redirect-URL> : Replace this with the Callback URL that you used to generate the keys, e.g., https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do.

      Note

      You can only use the authorization code once.

      Format:

      Code Block
      curl -v -X POST --basic -u <client-ID>:<client-secret> -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "client_id=<client-ID>&grant_type=authorization_code&code=<authorization-code>&redirect_uri=<redirect-URL>" https://api-openbanking.wso2.com/token/

      Example:

      Code Block
      curl -v -X POST --basic -u fAIwK4n9QKKHIoGOv1DF6eUOkiMa:2Ui34DIx7LfIiXtrUCCpkoUqKDUa -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "client_id=fAIwK4n9QKKHIoGOv1DF6eUOkiMa&grant_type=authorization_code&code=ff105634-e437-3567-955d-0bcaee3603d8&redirect_uri=https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do" https://api-openbanking.wso2.com/token/ 

      Paste the updated cURL command in the command prompt to generate the user access token with the consented privileges.

      Example:

      Code Block
      > POST /token/ HTTP/1.1
      > Host: api-openbanking.wso2.com
      > Authorization: Basic ZkFJd0s0bjlRS0tISW9HT3YxREY2ZVVPa2lNYToyVWkzNERJeDdMZklpWHRyVUNDcGtvVXFLRFVh
      > User-Agent: curl/7.51.0
      > Accept: */*
      > Content-Type: application/x-www-form-urlencoded;charset=UTF-8
      > Content-Length: 197
      < HTTP/1.1 200 OK
      < Server: nginx/1.12.1
      < Date: Fri, 15 Sep 2017 05:30:23 GMT
      < Content-Type: application/json
      < Transfer-Encoding: chunked
      < Connection: keep-alive
      < X-Frame-Options: DENY
      < Cache-Control: no-store
      < Access-Control-Allow-Origin: *
      < Access-Control-Allow-Methods: POST
      < X-Content-Type-Options: nosniff
      < Pragma: no-cache
      < X-XSS-Protection: 1; mode=block
      < Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction
      < 
      {"access_token":"c2f32c1e-37eb-3d86-8c48-f96cc200d16e","refresh_token":"9e38e258-385d-3bfc-82f6-b5ada4007589","scope":"payments","token_type":"
  8. Now, try out other API resources with the generated user access token.

    Info
    activetrue
    idac-info-apis
    APIs used by users When accessing the following API resources, use the user access token you generated.
    • GET /accounts/{AccountId}/beneficiaries
    • GET /accounts/{AccountId}/direct-debits
    • GET /accounts/{AccountId}/standing-orders
    • GET /accounts/{AccountId}/balances
    • GET /accounts/{AccountId}/product
    • GET /accounts/{AccountId}/transactions
    • GET /accounts
    • GET /accounts/{AccountId}

    APIs used by applications

    When accessing the following API resources, use the access token you generated using the Client Credentials grant type and accounts : accounts scope in Step 4.

    • POST /account-initiations

    • DELETE /account-initiations/{AccountRequestId}

    • GET /account-initiations/{AccountRequestId}

...