The WSO2 API Microgateway is a lightweight message processor for APIs. The API Microgateway is used for message security, transport security, routing, and other common API Management related quality of services. It can process incoming and outgoing messages while collecting information required for usage metering and throttling capabilities. The API Microgateway natively supports scaling in highly decentralized environments including microservice architecture. An immutable, ephemeral Microgateway fits well with the microservice architecture.
...
- Pull the Docker image for Consumer Data Standards API from the Docker registry.
Run the Docker image using the commands below:
Localtabgroup Localtab title Format Code Block docker run -e productionEndpoint_prod_endpoint_0="<PRODUCTION_ENDPOINT_URL>" -d --name <PROJECT_NAME> -p 9095:9095 docker.wso2.com/<PROJECT_NAME>:<WSO2_OB_SOLUTION_VERSION>
Localtab title Sample Code Block docker run -e productionEndpoint_prod_endpoint_0="https://localhost:9443/open-banking-australia/services" -d --name wso2-obmg-au-cds -p 9095:9095 docker.wso2.com/wso2-obmg-au-cds:1.2.0_2.0.0
Tip For a sandbox environment, instead of
productionEndpoint_prod_endpoint_0
, you can use this flag with the aboverun
command:Code Block sandboxEndpoint_sand_endpoint_0=<SANDBOX_ENDPOINT_URL>
- All the configurations related to WSO2 API Microgateway and WSO2 Open Banking are available in the
micro-gw.conf
file.Get the container Id of the Docker image with the API:
Code Block language powershell docker ps
Copy the
micro-gw.conf
file from the Docker image to the host:Code Block language powershell docker cp <CONTAINER_ID>:/home/ballerina/conf/micro-gw.conf <DEST_PATH>
- Configure the
micro-gw.conf
file: The microgateway is available in the port defined below, by default it's set to 9095:
Code Block language xml [listenerConfig] httpsPort = 9095
Note icon false To run multiple Microgateway Docker images parallelly on the same server, update the below configurations accordingly so that the ports used by each Docker container are unique:
Localtabgroup Localtab title Configuration format Code Block language xml [listenerConfig] httpPort = <HTTP_PORT> httpsPort = <HTTPS_PORT> tokenListenerPort = <TOKEN_LISTNER_PORT>
Localtab title Sample Code Block language xml [listenerConfig] httpPort = 9090 httpsPort = 9095 tokenListenerPort = 9096
Note title For example: To run both
wso2-obmg-au-cds-accounts
andwso2-obmg-au-cds-transactions
Microgateway Docker images parallelly, update the configurations as shown below:Localtabgroup Localtab title wso2-obmg-au-cds-accounts Code Block [listenerConfig] httpPort = 9090 httpsPort = 9095 tokenListenerPort = 9096
Localtab title wso2-obmg-au-cds-transactions Code Block [listenerConfig] httpPort = 9091 httpsPort = 9098 tokenListenerPort = 9097
Configure the hostname of your WSO2 Open Banking Identity and Access Manager server in the following configuration:
Code Block language xml [keyManager] serverUrl = "https://<WSO2_OB_IAM_HOST>:9446"
Configure the hostname of your WSO2 Open Banking API Manager server in the following configuration:
Code Block language xml [apiManager] serverUrl = "https://<WSO2_OB_APIM_HOST>:9443"
Code Block language xml [openbanking.iam] serverUrl = "https://<WSO2_OB_IAM_HOST>:9446"
If the Admin API is APIs are being deployed using the Microgateway Docker image, update the below configurations based on the deployment:
Localtabgroup Localtab title Configuration format Code Block language xml [openbanking.jwt.authentication] jwksURL = "<JWKS_URL>" issuer = "<ISSUER_VALUE>" audience = "<AUDIENCE_VALUE>"
Localtab title Sample Code Block language xml [openbanking.jwt.authentication] jwksURL = "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/9b5usDpbNtmxDcTzs7GzKp.jwks" issuer = "cdr-register" audience = "https://wso2ob.com"
Configure encryption/decryption key for ID permanence under the
[openbanking.au]
tag. By default, the secret key value is "wso2
".Info This is available only as a WUM update and is effective from March 24, 2021 (03-24-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.
Code Block language xml [openbanking.au.id.permanence] secretKey = <SECRET_KEY>
To remove the Auth header from the authentication filter, set the following configuration to
true
. For throttling purposes, set the value tofalse
.Info This is available only as a WUM update and is effective from May 13, 2021 (05-13-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.
Code Block language xml [authConfig] removeAuthHeaderFromOutMessage = false
Note title For the Unattended traffic, 20 sessions per day, per customer, per data recipient policy Info This is available only as a WSO2 Update and is effective from September 14, 2021 (09-14-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.
Add the following configuration to enable the policy:
Code Block language xml [openbanking.au.unattendedSessionCountThrottling] enable = true
To avoid sending the Auth header to the back end, add the following configuration under the
[openbanking]
tag and set the value totrue
.Info This is available only as a WUM update and is effective from May 13, 2021 (05-13-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.
This is only available for
wso2-obmg-au-cds
docker images.Code Block language xml [openbanking.authConfig] removeAuthHeaderFromOutMessage = true
Add custom filters using the following configuration:
Code Block language xml [openbanking.au.filters] <FilterName>="Fully qualified class name"
You can configure filters; add custom filters and skip certain filters with the following configurations:
Info This is available only as a WUM update and is effective from May 18, 2021 (05-18-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.
Localtabgroup Localtab title Configuration format Code Block [openbanking.au.filters.FilterName] name = "Fully qualified class name" skips = ["Resources to be skipped"]
Localtab title Sample Code Block language xml [openbanking.au.filters.ReportingDataFilter] name = "com.example.package.CustomReportingDataFilter" skips = ["authorizeResource", "revokeResource", "tokenResource", "apiKeyResource", "userInfoResource", "healthCheck"]
Copy the updated
micro-gw.conf
file to the Docker image:Code Block language powershell docker cp <PATH_TO_UPDATED_micro-gw.conf> <CONTAINER_ID>:/home/ballerina/conf/micro-gw.conf
- If you have a distributed deployment, exchange the certificates as explained in Setting Up Servers-Exchanging the certificates.
- Add any additional certificates to the client truststore of the Docker image:
Get the container Id of the Docker image with CDS API:
Code Block language powershell docker ps
Copy the
ballerinaTruststore.p12
file from the Docker image to the host:Code Block language powershell docker cp <CONTAINER_ID>:/home/ballerina/wso2/runtime/bre/security/ballerinaTruststore.p12 <DEST_PATH>
Use the keytool commands and add the relevant certificates (regulatory certificates, server certificates) to the copied
ballerinaTruststore.p12
file. The password to access the keystore isballerina
.Code Block language powershell keytool -import -alias <CERT_ALIAS> -file <CERT_TO_ADD> -keystore ballerinaTruststore.p12 -storepass ballerina
Copy the updated client trustore to the Docker image:
Code Block language powershell docker cp <PATH_TO_UPDATED_ballerinaTruststore.p12> <CONTAINER_ID>:/home/ballerina/wso2/runtime/bre/security/ballerinaTruststore.p12
Run the Docker image using the commands below:
<PRODUCTION_ENDPOINT_URL>
: Endpoint URL of the production server. For a sandbox environment, instead ofproductionEndpoint_prod_endpoint_0
, use thesandboxEndpoint_sand_endpoint_0=<SANDBOX_ENDPOINT_URL>
flag.<PROJECT_NAME>
: Name of Docker image without the registry hostname.<PUBLISHED_PORT>
: The port which the Docker image is exposed.<HTTPS_PORT>
:httpsPort
configured in the micro-gw.conf file.<WSO2_OB_SOLUTION_VERSION>
: The version of the WSO2 Open Banking solution.Localtabgroup Localtab title Format Code Block docker run -e productionEndpoint_prod_endpoint_0="<PRODUCTION_ENDPOINT_URL>" -d --name <PROJECT_NAME> -p <PUBLISHED_PORT>:<HTTPS_PORT> docker.wso2.com/<PROJECT_NAME>:<WSO2_OB_SOLUTION_VERSION>
Localtab title Sample Code Block docker run -e productionEndpoint_prod_endpoint_0="https://localhost:9443/open-banking-australia/services" -d --name wso2-obmg-au-cds -p 9095:9095 docker.wso2.com/wso2-obmg-au-cds:1.2.0_2.0.0
Note title To view logs: Execute the command below:
Localtabgroup Localtab title Format Code Block docker logs <PROJECT_NAME> --follow
Localtab title Sample Code Block docker logs wso2-obmg-au-cds --follow
Invoke the endpoints using the proper server hostname and port of your WSO2 API Microgateway (WSO2 API MG) server.
Note For example:
- When you are using the regular gateway -
https://<WSO2_OB_APIM_HOST>:8243/cds-au/v1/banking/accounts/
- When you are using WSO2 API Microgateway -
https://<WSO2_OB_API_MG>:9095/cds-au/v1/banking/accounts/
For more information on invoking the API, see Consumer Data Standards API v1.2.0.
- When you are using the regular gateway -
...