Page Comparison

The WSO2 API Microgateway is a lightweight message processor for APIs. The API Microgateway is used for message security, transport security, routing, and other common API Management related quality of services. It can process incoming and outgoing messages while collecting information required for usage metering and throttling capabilities. The API Microgateway natively supports scaling in highly decentralized environments including microservice architecture. An immutable, ephemeral Microgateway fits well with the microservice architecture. 

...

1. Pull the Docker image for Consumer Data Standards API from the Docker registry.

2. Run the Docker image using the commands below:

   Localtabgroup

   Localtab title Format Code Block docker run -e productionEndpoint_prod_endpoint_0="<PRODUCTION_ENDPOINT_URL>" -d --name <PROJECT_NAME> -p 9095:9095 docker.wso2.com/<PROJECT_NAME>:<WSO2_OB_SOLUTION_VERSION> Localtab title Sample Code Block docker run -e productionEndpoint_prod_endpoint_0="https://localhost:9443/open-banking-australia/services" -d --name wso2-obmg-au-cds -p 9095:9095 docker.wso2.com/wso2-obmg-au-cds:1.2.0_2.0.0

   Tip
   For a sandbox environment, instead of productionEndpoint_prod_endpoint_0, you can use this flag with the above run command:  Code Block sandboxEndpoint_sand_endpoint_0=<SANDBOX_ENDPOINT_URL>

3. All the configurations related to WSO2 API Microgateway and WSO2 Open Banking are available in the micro-gw.conf file. 

   1. Get the container Id of the Docker image with the API: 

      Code Block
      language powershell
      docker ps

   2. Copy the micro-gw.conf file from the Docker image to the host: 

      Code Block
      language powershell
      docker cp <CONTAINER_ID>:/home/ballerina/conf/micro-gw.conf <DEST_PATH>

4. Configure the micro-gw.conf file:

1. The microgateway is available in the port defined below, by default it's set to 9095: 

   Code Block
   language xml
   [listenerConfig] httpsPort = 9095

   Note
   icon false
   To run multiple Microgateway Docker images parallelly on the same server, update the below configurations accordingly so that the ports used by each Docker container are unique: Localtabgroup Localtab title Configuration format Code Block language xml [listenerConfig] httpPort = <HTTP_PORT> httpsPort = <HTTPS_PORT> tokenListenerPort = <TOKEN_LISTNER_PORT> Localtab title Sample Code Block language xml [listenerConfig] httpPort = 9090 httpsPort = 9095 tokenListenerPort = 9096 Note title For example: To run both wso2-obmg-au-cds-accounts and wso2-obmg-au-cds-transactions Microgateway Docker images parallelly, update the configurations as shown below: Localtabgroup Localtab title wso2-obmg-au-cds-accounts Code Block [listenerConfig] httpPort = 9090 httpsPort = 9095 tokenListenerPort = 9096 Localtab title wso2-obmg-au-cds-transactions Code Block [listenerConfig] httpPort = 9091 httpsPort = 9098 tokenListenerPort = 9097

2. Configure the hostname of your  WSO2 Open Banking Identity and Access Manager server in the following configuration:

   Code Block
   language xml
   [keyManager] serverUrl = "https://<WSO2_OB_IAM_HOST>:9446"

3. Configure the hostname of your WSO2 Open Banking API Manager server in the following configuration:

   Code Block
   language xml
   [apiManager] serverUrl = "https://<WSO2_OB_APIM_HOST>:9443"

   Code Block
   language xml
   [openbanking.iam] serverUrl = "https://<WSO2_OB_IAM_HOST>:9446"

4. If the Admin API is APIs are being deployed using the Microgateway Docker image, update the below configurations based on the deployment:

   Localtabgroup

   Localtab title Configuration format Code Block language xml [openbanking.jwt.authentication] jwksURL = "<JWKS_URL>" issuer = "<ISSUER_VALUE>" audience = "<AUDIENCE_VALUE>" Localtab title Sample Code Block language xml [openbanking.jwt.authentication] jwksURL = "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/9b5usDpbNtmxDcTzs7GzKp.jwks" issuer = "cdr-register" audience = "https://wso2ob.com"

5. Configure encryption/decryption key for ID permanence under the [openbanking.au] tag. By default, the secret key value is "wso2". 

   Info
   This is available only as a WUM update and is effective from March 24, 2021 (03-24-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

   Code Block
   language xml
   [openbanking.au.id.permanence] secretKey = <SECRET_KEY>

6. To remove the Auth header from the authentication filter, set the following configuration to true. For throttling purposes, set the value to false. 

   Info
   This is available only as a WUM update and is effective from May 13, 2021 (05-13-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

   Code Block
   language xml
   [authConfig] removeAuthHeaderFromOutMessage = false

   Note
   title For the Unattended traffic, 20 sessions per day, per customer, per data recipient policy
   Info This is available only as a WSO2 Update and is effective from September 14, 2021 (09-14-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products. Add the following configuration to enable the policy: Code Block language xml [openbanking.au.unattendedSessionCountThrottling] enable = true

7. To avoid sending the Auth header to the back end, add the following configuration under the [openbanking] tag and set the value to true.

   Info
   This is available only as a WUM update and is effective from May 13, 2021 (05-13-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

   
   

   • This is only available for wso2-obmg-au-cds docker images.

     Code Block
     language xml
     [openbanking.authConfig] removeAuthHeaderFromOutMessage = true

8. Add custom filters using the following configuration: 

   Code Block
   language xml
   [openbanking.au.filters] <FilterName>="Fully qualified class name"

   
   

   • You can configure filters; add custom filters and skip certain filters with the following configurations:  

     Info
     This is available only as a WUM update and is effective from May 18, 2021 (05-18-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

     Localtabgroup

     Localtab title Configuration format Code Block [openbanking.au.filters.FilterName] name = "Fully qualified class name" skips = ["Resources to be skipped"] Localtab title Sample Code Block language xml [openbanking.au.filters.ReportingDataFilter] name = "com.example.package.CustomReportingDataFilter" skips = ["authorizeResource", "revokeResource", "tokenResource", "apiKeyResource", "userInfoResource", "healthCheck"]

9. Copy the updated micro-gw.conf file to the Docker image:

   Code Block
   language powershell
   docker cp <PATH_TO_UPDATED_micro-gw.conf> <CONTAINER_ID>:/home/ballerina/conf/micro-gw.conf

5. If you have a distributed deployment, exchange the certificates as explained in Setting Up Servers-Exchanging the certificates.
6. Add any additional certificates to the client truststore of the Docker image:

   1. Get the container Id of the Docker image with CDS API: 

      Code Block
      language powershell
      docker ps

   2. Copy the ballerinaTruststore.p12 file from the Docker image to the host: 

      Code Block
      language powershell
      docker cp <CONTAINER_ID>:/home/ballerina/wso2/runtime/bre/security/ballerinaTruststore.p12 <DEST_PATH>

   3. Use the keytool commands and add the relevant certificates (regulatory certificates, server certificates) to the copied ballerinaTruststore.p12 file. The password to access the keystore is ballerina.

      Code Block
      language powershell
      keytool -import -alias <CERT_ALIAS> -file <CERT_TO_ADD> -keystore ballerinaTruststore.p12 -storepass ballerina

   4. Copy the updated client trustore to the Docker image:

      Code Block
      language powershell
      docker cp <PATH_TO_UPDATED_ballerinaTruststore.p12> <CONTAINER_ID>:/home/ballerina/wso2/runtime/bre/security/ballerinaTruststore.p12

7. Run the Docker image using the commands below: 

   • <PRODUCTION_ENDPOINT_URL> : Endpoint URL of the production server. For a sandbox environment, instead of productionEndpoint_prod_endpoint_0, use the sandboxEndpoint_sand_endpoint_0=<SANDBOX_ENDPOINT_URL> flag.
   • <PROJECT_NAME>: Name of Docker image without the registry hostname.
   • <PUBLISHED_PORT>: The port which the Docker image is exposed.
   • <HTTPS_PORT>: httpsPort configured in the micro-gw.conf file.

   • <WSO2_OB_SOLUTION_VERSION>: The version of the WSO2 Open Banking solution.

     Localtabgroup

     Localtab title Format Code Block docker run -e productionEndpoint_prod_endpoint_0="<PRODUCTION_ENDPOINT_URL>" -d --name <PROJECT_NAME> -p <PUBLISHED_PORT>:<HTTPS_PORT> docker.wso2.com/<PROJECT_NAME>:<WSO2_OB_SOLUTION_VERSION> Localtab title Sample Code Block docker run -e productionEndpoint_prod_endpoint_0="https://localhost:9443/open-banking-australia/services" -d --name wso2-obmg-au-cds -p 9095:9095 docker.wso2.com/wso2-obmg-au-cds:1.2.0_2.0.0

     Note
     title To view logs:
     Execute the command below:  Localtabgroup Localtab title Format Code Block docker logs <PROJECT_NAME> --follow Localtab title Sample Code Block docker logs wso2-obmg-au-cds --follow

8. Invoke the endpoints using the proper server hostname and port of your WSO2 API Microgateway (WSO2 API MG) server. 

   Note
   For example: When you are using the regular gateway - https://<WSO2_OB_APIM_HOST>:8243/cds-au/v1/banking/accounts/  When you are using WSO2 API Microgateway - https://<WSO2_OB_API_MG>:9095/cds-au/v1/banking/accounts/ For more information on invoking the API, see Consumer Data Standards API v1.2.0.

...