The WSO2 Open Banking Business Intelligence(WSO2 OB BI) component enables monitoring and recording of API-level usage activity to ensure that the API owners have full awareness of the APIs, applications, and subscriptions. It generates alerts by analyzing the risk involved in transactions and fraudulent activities. It also generates statistics using the data collected from WSO2 Open Banking Key Manager and API Manager. WSO2 Open Banking Business Intelligence contains the following features:
API Analytics
Provides reports, statistics and graphs on the APIs deployed in WSO2 Open Banking API Manager. Helps Third-party providers (TPP) to monitor how their applications perform while banks can analyze how the bank APIs perform.
Transaction Risk Analysis
Enables analyzing the risk level based on predefined rules and exempt the user from having to provide the second factor.
Fraud Detection
For transaction monitoring mechanisms to detect unauthorized or fraudulent transactions and generate alerts. It also exempts the security requirements of strong customer authentication based on the identified level of risk and recurrence of the payment transaction.
Data Reporting
The WSO2 Open Banking Business Intelligence captures data published in WSO2 Open Banking API Manager and WSO2 Open Banking Key Manager. Data Reporting is the process of processing and summarizing these data.
It also supports business key performance indicator (KPI) dashboards with business intelligence and insights on usage trends as well as custom business insights on the account and payment flows. The decision makers of banks can use these statistics to align the business to better suit the customer needs and ultimately increase profits. The configurable alerting module enables informing the necessary parties of abnormal behavior, e.g., API failures, a sudden increase in the response time of APIs, and a change in the API resource access pattern.
The placement of the WSO2 OB BI component is as follows:
Before you begin
Download Open Banking Business Intelligence and unzip the file, or add it through WUM using the following commands:
Add the wso2-obbi WUM pack.
wum add wso2-obbi-<version>
Update the wso2-obbi product pack using WUM.
wum update wso2-obbi-<version>
WSO2 Updates Manager (WUM) is deprecated and will be unavailable from July 2021 onwards. WSO2 Updates is the new tool to include the solution and security improvements that are released by WSO2 Open Banking, on top of a released version. For more information, see WSO2 Updates.
- Copy
<WSO2_OB_BI_HOME>/resources/finance/scripts/wso2-obbi-conf/deployment.yaml
to the<WSO2_OB_BI_HOME>/conf/worker
directory and replace the existingdeployment.yaml
file.
The WSO2 Open Banking Business Intelligence server uses the worker
and dashboard
profiles for the above mentioned features. In a production deployment, the worker
and dashboard
profiles should run in two different JVMs. You need to enable the below ports, in order to publish data to these two nodes.
The worker node has a port offset of 1 and it opens the following ports.
HTTPS requests | 9444, 8006, 8007 |
Thrift transport | 7612, 7712 |
The dashboard node has a port offset of 6 and it opens the following port.
HTTPS requests | 9449 |
Configuring databases
The following is a list of database versions that are compatible with the WSO2 API Manager Analytics.
- MySQL 5.7
- MS SQL Server 2016
- Oracle 12c
To configure the databases, follow the steps below:
The WSO2 Open Banking Business Intelligence will be using the following databases. Make sure you have created them in your database server.
openbank_apimgt_statsdb
openbank_openbankingdb
openbank_geolocationdb
openbank_ob_reporting_statsdb
openbank_ob_reporting_summarizeddb
Update the
<WSO2_OB_BI_HOME>/conf/worker/deployment.yaml
file. Modify the datasources below by pointing them to the databases you created in the above step.APIM_ANALYTICS_DB
OPEN_BANKING_DB
GEO_LOCATION_DATA
OB_REPORTING_DB
OB_REPORTING_SUMMARIZED_DB
Update the datasource entry in the
deployment.yaml
with your database configurations.Property Description jdbcUrl This is the port to connect to on database server
The jdbcUrl property expects the JDBC driver connection string. A sample jdbcUrl:
'jdbc:mysql://localhost:3306/openbank_ob_reporting_summarizeddb?autoReconnect=true&useSSL=false'
username
The database user
password
Password set for the database connection
driverClassName
The JDBC driver name
Mysql JDBC Driver :
com.mysql.jdbc.Driver
MSSQL JDBC Driver :com.microsoft.sqlserver.jdbc.SQLServerDriver
Oracle JDBC Driver :oracle.jdbc.driver.OracleDriver
If you are using Oracle, update the
connectionTestQuery
in each datasource with the following value.connectionTestQuery: SELECT 1 FROM DUAL
- name: GEO_LOCATION_DATA description: "The data source used for geo location database" jndiConfig: name: jdbc/GEO_LOCATION_DATA definition: type: RDBMS configuration: jdbcUrl: 'DB_GEO_LOCATION_URL' username: 'DB_USER' password: 'DB_PASS' driverClassName: 'DB_DRIVER' maxPoolSize: 50 idleTimeout: 60000 connectionTestQuery: SELECT 1 # Use below for oracle database # connectionTestQuery: SELECT 1 FROM DUAL validationTimeout: 30000 isAutoCommit: false - name: APIM_ANALYTICS_DB description: "The datasource used for APIM statistics aggregated data." jndiConfig: name: jdbc/APIM_ANALYTICS_DB definition: type: RDBMS configuration: jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_apimgt_statsdb?autoReconnect=true&useSSL=false' username: root password: root driverClassName: com.mysql.jdbc.Driver maxPoolSize: 50 idleTimeout: 60000 connectionTestQuery: SELECT 1 validationTimeout: 30000 isAutoCommit: false - name: OPEN_BANKING_DB description: "The datasource used to store payment consents" jndiConfig: name: jdbc/OPEN_BANKING_DB definition: type: RDBMS configuration: jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_openbankingdb?autoReconnect=true&useSSL=false' username: root password: root driverClassName: com.mysql.jdbc.Driver maxPoolSize: 50 idleTimeout: 60000 connectionTestQuery: SELECT 1 validationTimeout: 30000 isAutoCommit: false - name: OB_REPORTING_DB description: The datasource used to store statistics for OB Reporting module jndiConfig: name: jdbc/OB_REPORTING_DB definition: type: RDBMS configuration: jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_statsdb?autoReconnect=true&useSSL=false' username: root password: root driverClassName: com.mysql.jdbc.Driver maxPoolSize: 20 idleTimeout: 60000 connectionTestQuery: SELECT 1 validationTimeout: 30000 isAutoCommit: false - name: OB_REPORTING_SUMMARIZED_DB description: The datasource used to store statistics for OB Reporting module jndiConfig: name: jdbc/OB_REPORTING_SUMMARIZED_DB definition: type: RDBMS configuration: jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_summarizeddb?autoReconnect=true&useSSL=false' username: root password: root driverClassName: com.mysql.jdbc.Driver maxPoolSize: 20 idleTimeout: 60000 connectionTestQuery: SELECT 1 validationTimeout: 30000 isAutoCommit: false
Modify the
OB_REPORTING_DB
andOB_REPORTING_SUMMARIZED_DB
datasources in the<WSO2_OB_BI_HOME>/conf/dashboard/deployment.yaml
file.Use your database configurations and update the datasource properties as follows:
- name: OB_REPORTING_DB description: The datasource used to store statistics for OB Reporting module jndiConfig: name: jdbc/OB_REPORTING_DB definition: type: RDBMS configuration: jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_statsdb?autoReconnect=true&useSSL=false' username: 'root' password: 'root' driverClassName: 'com.mysql.jdbc.Driver' maxPoolSize: 20 idleTimeout: 60000 connectionTestQuery: SELECT 1 # Use below for oracle database # connectionTestQuery: SELECT 1 FROM DUAL validationTimeout: 30000 isAutoCommit: false - name: OB_REPORTING_SUMMARIZED_DB description: The datasource used to store statistics for OB Reporting module jndiConfig: name: jdbc/OB_REPORTING_SUMMARIZED_DB definition: type: RDBMS configuration: jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_summarizeddb?autoReconnect=true&useSSL=false' username: 'root' password: 'root' driverClassName: 'com.mysql.jdbc.Driver' maxPoolSize: 20 idleTimeout: 60000 connectionTestQuery: SELECT 1 # Use below for oracle database # connectionTestQuery: SELECT 1 FROM DUAL validationTimeout: 30000 isAutoCommit: false
You need to follow the steps below when you are using Oracle or MS SQL database servers.
You need to include the database driver corresponding to the database for the WSO2 Open Banking Business Intelligence server to communicate with the database. The WSO2 Open Banking Business Intelligence is an OSGi-based product. Therefore, when you integrate third party products such as Oracle and MS SQL with WSO2 OB BI, you need to check whether the libraries you need to add are OSGi based. If they are not, you need to convert them to OSGi bundles before adding them to the
<WSO2_OB_BI_HOME>/lib
directory.To convert the jar files to OSGi bundles, follow the steps below.
1. Download the non-OSGi jar for the required third party product, and save it in a preferred directory in your machine.
2. Go to the
<WSO2_OB_BI_HOME>/bin
directory. Run the command given below to generate the converted file in the<WSO2_OB_BI_HOME>/lib
directory../jartobundle.sh <PATH_TO_NON-OSGi_JAR> ../lib
Configuring WSO2 OB BI worker
Update listenerConfigurations
in the <WSO2_OB_BI_HOME>/wso2/worker/conf/transports/netty-transports.yml
as follows:
Note that keyStorePass: wso2carbon needs to be changed as keyStorePassword: wso2carbon.
listenerConfigurations: - id: "default" host: "0.0.0.0" port: 9090 messageProcessorId: "MSF4J-CM-PROCESSOR" - id: "https" host: "0.0.0.0" port: 9443 scheme: https keyStoreFile: ${carbon.home}/resources/security/wso2carbon.jks keyStorePassword: wso2carbon certPass: wso2carbon messageProcessorId: "MSF4J-CM-PROCESSOR"
Configuring keystores
In the SSL handshake between the Open Banking API Manager and Open Banking Business Intelligence servers, the client (i.e. Open Banking API Manager) needs to verify the certificate presented by the server (i.e. Open Banking Business Intelligence). For this purpose, the client stores the trusted certificate of the server in the client-truststore.jks
keystore.
If you use a custom keystore in Open Banking API Manager and/or Open Banking Business Intelligence, import the public key certificate of Open Banking Business Intelligence into the client-truststore.jks
file of the Open Banking API Manager. To export the public key from the server and import it into the client's trust store, follow the steps given in Adding CA-signed certificates to keystores in the Administration Guide.
Enabling data publishing in API Manager
Follow the instructions below to configure the WSO2 Open Banking API Manager to publish statistics.
Open the
<WSO2_OB_APIM_HOME>/repository/conf/api-manager.xml
fileConfigure the properties under the
<Analytics>
sub element.<Analytics> <!-- Enable Analytics for API Manager --> <Enabled>true</Enabled> <!-- Server URL of the remote StreamProcessor server used to collect statistics. Must be specified in protocol://hostname:port/ format. An event can also be published to multiple Receiver Groups each having 1 or more receivers. Receiver Groups are delimited by curly braces whereas receivers are delimited by commas. Ex - Multiple Receivers within a single group tcp://localhost:7612/,tcp://localhost:7613/,tcp://localhost:7614/ Ex - Multiple Receiver Groups with two receivers each {tcp://localhost:7612/,tcp://localhost:7613},{tcp://localhost:7712/,tcp://localhost:7713/} --> <StreamProcessorServerURL>{tcp://<WSO2_OB_BI_HOST>:7612}</StreamProcessorServerURL> </Analytics>
Enable alerts:
If you are using Open Banking Business Intelligence for Analytics, follow the steps below to enable alerts:
- Open the
<WSO2_OB_BI_HOME>/conf/worker/deployment.yaml
file. Update the file as follows:
analytics.solutions: APIM-alerts.enabled: true APIM-analytics.enabled: true
- See Managing Alerts for more information.
- Open the
- Save the changes and restart the WSO2 Open Banking API Manager server.
Enabling Open Banking Data Publishing
Follow the steps below to enable Data Reporting.
- Open
<WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml
and<WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml
files. - Under the
<DataPublishing>
sub-element set the <Enabled>
parameter to true to enable the feature. - Replace the
<WSO2_OB_BI_HOST>
placeholder with the hostname of your WSO2 OB BI server and configure the other parameters accordingly.
<BIServer> <DataPublishing> <!-- Include all configurations related to Data publishing --> <!-- Enable data publishing in WSO2 Open Banking--> <Enabled>true</Enabled> <!-- Server URL of the remote BI server used to collect statistics. Must be specified in protocol://hostname:port/ format. --> <ServerURL>{tcp://<WSO2_OB_BI_HOST>:7612}</ServerURL> <!-- Administrator username to login to the BI server for data publishing. --> <Username>admin@wso2.com@carbon.super</Username> <!-- Administrator password to login to the BI server for data publishing. --> <Password>wso2123</Password> </DataPublishing> </BIServer>
The Key Manager Extension is upgraded for Data Reporting.
If you have customized the default WSO2 Open Banking Key Manager extension:
- Extend it from the WSO2 Open Banking Keymanger extension.
- Set the authentication steps according to the WSO2 Open Banking Keymanger extension.
For more information see, Customising Key Manager extension.
Enabling Transaction Risk Analysis (TRA)
- Open the
<WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml
and<WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml
files to enable Transaction Risk Analysis (TRA):- Set the
<IsEnabled>
property under<TRA>
to true to enable the TRA feature. - Replace the
<WSO2_OB_BI_HOST>
place holder with the hostname of Business Intelligence server. - To enable TRA for:
- payments set the
<PaymentValidationEnabled>
property to true - accounts set the
<AccountValidationEnabled>
property to true
- payments set the
The configurations related to TRA Receivers are under the
<Receivers>
property. You may use the default WSO2 Open Banking Business Intelligence server username and password. Replace the placeholders in<TRAAccountValidationURL>
and<TRAPaymentValidationURL>
properties to set the Account and Payment validation URLs respectively.<BIServer> <!-- Include all configurations related to OBBI component --> <TRA> <!-- Include all configurations related to Transaction Risk Analysis --> <!-- Enable TRA in WSO2 Open Banking--> <IsEnabled>true</IsEnabled> <!-- following configurations are used to enable TRA for specific flows only--> <!-- Enable TRA for Payments--> <PaymentValidationEnabled>true</PaymentValidationEnabled> <!-- Enable TRA for Accounts--> <AccountValidationEnabled>true</AccountValidationEnabled> <!-- Configurations related to TRA Receivers--> <Receivers> <!-- Administrator username to login to the remote BI server. --> <Username>admin@wso2.com@carbon.super</Username> <!-- Administrator password to login to the remote BI server. --> <Password>wso2123</Password> <!-- Receiver URLs of the Siddhi Apps used to validate for TRA.--> <TRAAccountValidationURL>http://<WSO2_OB_BI_HOST>:8007/TRAAccountValidationApp/TRAValidationStream</TRAAccountValidationURL> <TRAPaymentValidationURL>http://<WSO2_OB_BI_HOST>:8007/TRAPaymentValidationApp/TRAValidationStream</TRAPaymentValidationURL> </Receivers> <TimePeriodOfRecurringPayment>90</TimePeriodOfRecurringPayment> <MaxFrequencyOfTransactionsWithoutSCA>5</MaxFrequencyOfTransactionsWithoutSCA> <TotalAmountLimitOfTransactionsWithoutSCA>100</TotalAmountLimitOfTransactionsWithoutSCA> <LastSCATimeLimit>90</LastSCATimeLimit> <TransactionAmountLimit>30</TransactionAmountLimit> </TRA> </BIServer>
- Set the
Make the following changes to the files given below.
Open the
<WSO2_OB_BI_HOME>/deployment/siddhi-files/TRAAccountValidationApp.siddhi
file.Update the
<WSO2_OB_BI_HOST>
placeholder in the receiver URL, with the hostname of your WSO2 OB BI server.receiver.url='http://<WSO2_OB_BI_HOST>:8007/TRAAccountValidationApp/TRAValidationStream'
Open the <WSO2_OB_BI_HOME>/deployment/siddhi-files
/TRAPaymentValidationApp.siddhi
file.Update the
<WSO2_OB_BI_HOSTNAME>
placeholder in the receiver URL, with the hostname of your WSO2 OB BI server.receiver.url='http://<WSO2_OB_BI_HOST>:8007/TRAPaymentValidationApp/TRAValidationStream',
Enabling Fraud Detection
Open the <WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml
and <WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml
files to enable Fraud Detection:
Set the
<IsEnabled>
property under<FraudDetection>
to true to enable the feature.Replace the
<WSO2_OB_BI_HOST>
place holder with the hostname of Business Intelligence server.<BIServer> <!-- Include all configurations related to OBBI component --> <FraudDetection> <!-- Include all configurations related to Fraud Detection --> <!-- Enable FD in WSO2 Open Banking--> <IsEnabled>true</IsEnabled> <!-- Configurations related to FD Receivers--> <Receivers> <!-- Administrator username to login to the remote BI server. --> <Username>admin@wso2.com@carbon.super</Username> <!-- Administrator password to login to the remote BI server. --> <Password>wso2123</Password> <!-- Receiver URLs of the Siddhi Apps used to validate for FD.--> <FraudDetectionURL>http://<WSO2_OB_BI_HOST>:8007/FraudDetectionApp/FraudDetectionStream</FraudDetectionURL> <InvalidSubmissionURL>http://<WSO2_OB_BI_HOST>:8006/InvalidSubmissionsApp/InvalidSubmissionsStream</InvalidSubmissionURL> </Receivers> </FraudDetection> </BIServer>
Open the
<WSO2_OB_BI_HOME>/deployment/siddhi-files/FraudStatusUpdaterApp.siddhi
file and update<localhost>
in the receiver URL with the hostname of yourWSO2 OB BI
server.Open the
<WSO2_OB_BI_HOME>/conf/dashboard/deployment.yaml.
Add theAPIM-alerts.enabled
andwso2-is-analytics
configurations underanalytics.solutions
and set asfalse
. Once you add the configurations, thedeployment.yaml
file should be as follows:analytics.solutions: IS-analytics.enabled: false APIM-analytics.enabled: true EI-analytics.enabled: false APIM-alerts.enabled: false wso2-is-analytics: false
Open the
<WSO2_OB_BI_HOME>/conf/worker/deployment.yaml
file and configure auth.configs:username:
admin@wso2.com@carbon.super
password:
d3NvMjEyMw== (
Password iswso2123
. Make sure you encode the password with Base64).auth.configs: type: 'local' userManager: adminRole: admin userStore: users: - user: username: admin@wso2.com@carbon.super password: d3NvMjEyMw== roles: 1 roles: - role: id: 1 displayName: admin
Once you configure the TRA and FD modules, start the servers in the order of:
1. Dashboard profile in WSO2 OB BI
2. Worker profile in WSO2 OB BI
3. WSO2 OB KM
4. WSO2 OB APIM
Enabling performance tuning and starting the servers
- You can enable performance tuning by adding configurations, as described in Performance Tuning in the WSO2 Stream Processor documentation.
- Navigate to the
<WSO2_OB_BI_HOME>/bin
directory, and give execution permissions to the dashboard.sh file. Run the API-M Analytics dashboard.sh as follows:
./dashboard.sh
Navigate to the
<WSO2_OB_BI_HOME>/bin
directory and give execute permissions to the worker.sh file.Run the following command and start the WSO2 Open Banking Business Intelligence in
worker
profile../worker.sh
Restart the Key Manager and API Manager servers in the mentioned order.
The Fraud Detection dashboards are accessible on
https://<WSO2_OB_BI_HOST>:9643/portal/dashboards/frauddetectiondashboard/home
- You can view API analytics data as described below:
- Log in to the /wiki/spaces/OB130/pages/49053830 or /wiki/spaces/OB130/pages/49053816.
- Click the Analytics tab.
- You can view API Usage, Top Users and Faulty Invocations details through the subtopics.
To observe data analysis based on geographical locations, see Configuring Geolocation Based Statistics.
The WSO2 Open Banking Business Intelligence captures data published in WSO2 Open Banking API Manager and WSO2 Open Banking Key Manager. Data Reporting is the process of processing and summarizing these data. Click here for more details on Data Reporting.