You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 222
Next »
WSO2 Open Banking provides the complete technology stack for a hassle-free PSD2 compliance. This guide gives you a quick walk-through to the WSO2 Open Banking using the following sample scenario.
Sample scenario
In order to comply with the PSD2 directive, the ABC Bank wishes to expose its customers' account and transaction data to third-parties via APIs upon receiving the consent from authenticated customers. Account Information Service Provider (AISPs) and Payment Initiation Service Providers (PISPs) are two types of third-parties that utilize these account and transaction data. AccPro is an AISP that subscribes to the ABC Bank's APIs to provide an aggregated view of customers' account and transaction details. TransacPro is a PISP that subscribes to the ABC Bank's APIs to initiate credit transfers on behalf of the ABC Bank's customers.
Let's see how AISPs and PISPs interact with WSO2 Open Banking.
AISP Flow
Imagine that you are an administrator at AccPro (the AISP) responsible for subscribing to ABC Bank's APIs that expose customers' account and transaction data. Let's take a look at the tasks you need to perform to consume these APIs.
Step 1 - Sign in
Follow the steps below to sign in to the WSO2 Open Banking live demo:
- Go to the Home page and click API.
The API Store with the available APIs you can try appears. - Click Sign in in the upper right corner and sign in with your wso2.com account details.
Step 2 - Create an application
Follow the steps below to create an application with which you can subscribe to APIs:
Click Applications on the WSO2 Open Banking live demo to view all the applications.
- Click Add Application.
Enter a name for the application and click Add to create the application.
After the application is created, you are directed to the application details page.
Step 3 - Subscribe to an API
Follow the steps below to subscribe to an API via an application:
Click APIs to view all the available WSO2 Open Banking APIs.
- Click the
AccountsInformationAPI
API. - Select the application that you created from the Applications drop-down. If you did not create an application, select the
DefaultApplication
.
- Click Subscribe.
A message appears to confirm that you have successfully subscribed to the API. - Click View Subscriptions and navigate to the Subscriptions tab on the Application Details page.
Step 4 - Generate an application access token
Follow the steps below to generate the application access token and the security keys with which you can invoke an API:
- Click Sandbox Keys tab on the Application Details page.
Enter the required information.
Field | Purpose |
---|
Grant Types | This determines the credentials used to generate the access token. There are two types of grant types available in the WSO2 Open Banking live demo: - Client Credentials: This relates to the
Client Credentials grant type and is applicable when consuming the API as an application. - Code: This relates to the
Authorization Code grant type and is applicable when consuming the API as a user.
|
Callback URL | This is the URL used by AccPro to receive the authorization code sent from the ABC Bank. |
Scopes | Scopes enable fine-grained access control to API resources based on user roles. Select the accounts : accounts scope. |
Validity Period | This defines the access token's validity period after which it requires regeneration. You can keep the default value, which is 3600 seconds. |
Fill the Application Certificate field using a self-signed certificate.
Click here to view how to generate a self-signed certificate
Create a keystore file using the command below. Make sure you update the following placeholders:
<alias> :
A preferred alias for the keystore file
<preferred-filename> :
A preferred name for the keystore file
keytool -genkey -alias <alias> -keyalg RSA -keystore <filename>.jks
Currently, the keystore is in the jks
format. Convert it to the PKCS12
format. Make sure you update the following placeholders:
<keyStoreName> :
This is the name of the keystore.
<PKCS12FileName> :
This is the name of the keystore in the PKCS12 format.
keytool -importkeystore -srckeystore <keystoreStoreName>.jks -destkeystore <PKCS12FileName>.p12 -deststoretype PKCS12
Create the certificate (.pem) file using the keystore in the PKCS12 format. Make sure you update the following placeholders:
<PKCS12FileName> : This is the name of the keystore in the PKCS12 format.
<PublicCertPem> : This is the name of the application certificate that is created in the .pem format.
<PrivateCertPem> : Private certificate that can be used to sign the requests
public certificate : - openssl pkcs12 -in <PKCS12FileName>.p12 -nokeys -out <PublicCertPem>.pem
private certificate :- openssl pkcs12 -in <PKCS12FileName>.p12 -nodes -nocerts -out <PrivateCertPem>.pem
Generate the fingerprint (kid) of the keystore from the command below, this is for future use.
keytool -list -v -keystore <keystoreStoreName>.jks
You can either open the certificate file with a text editor, copy the certificate value and paste the content in the Application Certificate field or simply click Browse and upload the certificate(.pem) file.
Click Generate Keys.
This generates an access token, consumer key, and consumer secret.
Step 5 - Consume an API
PISP Flow
Imagine that you are an administrator at TransacPro (the PISP) responsible for subscribing to ABC Bank's APIs to initiate credit transfers on behalf of the ABC Bank's customers. Let's take a look at the tasks you need to perform to consume these APIs.
Step 1 - Sign in
Follow the steps below to sign in to the WSO2 Open Banking live demo:
- Go to the Home page and click API.
The API Store with the available APIs you can try appears. - Click Sign in in the upper right corner and sign in with your wso2.com account details.
Step 2 - Create an application
Follow the steps below to create an application with which you can subscribe to APIs:
Click Applications on the WSO2 Open Banking live demo to view all the applications.
- Click Add Application.
Ente a name for the application and click Add to create an application.
After the application is created, you are directed to the application details page.
Step 3 - Subscribe to an API
Follow the steps below to subscribe to an API via an application:
Click APIs to view all available WSO2 Open Banking APIs.
- Click the
PaymentsAPI - v1.0.0
API. - Select the application that you created from the Applications drop-down. If you did not create an application, select
DefaultApplication
.
- Click Subscribe.
A message appears to confirm that you have successfully subscribed to the API. - Click View Subscriptions and navigate to the Subscriptions tab of the Application Details page.
Step 4 - Generate an application access token
Follow the steps below to generate the application access token and the security keys with which you can create a user access token:
- Click Sandbox Keys tab on the Application Details page.
Enter the required information.
Field | Purpose |
---|
Grant Types | This determines the credentials used to generate the access token. There are two types of grant types available in the WSO2 Open Banking live demo: - Client Credentials: This relates to the Client Credentials grant type and is applicable when consuming the API as an application.
- Code: This relates to the Authorization Code grant type and is applicable when consuming the API as a user.
|
Callback URL | This is the URL used by TransacPro to receive the authorization code sent from the ABC Bank. |
Scopes | Scopes enable fine-grained access control to API resource based on user roles. Select payments : payments . |
Validity Period | This defines the access token's validity period after which it requires regeneration. You can keep the default value, which is 3600 seconds. |
Click Generate Keys.
This generates an access token, consumer key, and consumer secret, which you can use in token generation API calls.
Step 5 - Consume an API
Now that you have your access token, follow the steps below to invoke the PaymentsAPI
API and post payments:
Navigate to the WSO2 Open Banking live demo and click PaymentsAPI API.
- Select the application you used to subscribe to the
PaymentsAPI
API from the Try dropdown. The previously generated access token appears by default. - Click POST /payment-initiation to expand the
POST /payment-initiation
API resource.- Enter the application access token you generated in Step 4 to the Authorization : Bearer field.
- Enter the sample values given in the UI to
x-idempotency-key
, x-
jws-signature
, x-fapi-interaction-id
, x-fapi-financial-id
, and body
fields.
Click Try it out. A 201 response appears upon a successful API invocation.
What's Next?
Follow the steps below to generate a user access token using the client key and the client secret:
- Copy the URL shown below and update the placeholders as follows:
<client-ID>
: Replace this with the consumer key
that you generated in Step 4, e.g., fAIwK4n9QKKHIoGOv1DF6eUOkiMa.
<riderect-URL>
: Replace this with the Callback URL
that you used when generating the kes in Step 4, e.g., https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do.
Format:
https://api-openbanking.wso2.com/AuthorizeAPI/v1.0.0/?response_type=code&scope=payments&state=cGlzcDoyMTU2&client_id=<client-ID>&redirect_uri=<redirect-URL>
Example:
https://api-openbanking.wso2.com/AuthorizeAPI/v1.0.0/?response_type=code&scope=payments&state=cGlzcDoyMTU2&client_id=fAIwK4n9QKKHIoGOv1DF6eUOkiMa&redirect_uri=https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do
Paste the updated URL
on your browser to navigate to the ABC Bank's open banking system.
- When prompted, sign in using your wso2.com credentials.
This is the first factor of Strong Customer Authentication (SCA).
- Enter the verification code that you received via SMS to the mobile number that you gave at the time of signing up to wso2.com.
This serves as the second factor of SCA.
After the authentication process is complete, you are directed to the customer consent approval process. Click Approve to perform the transaction.
After the consent process is approved, the authorization code appears.
Copy the cURL command shown below and update the placeholders as follows:
<client-ID>:<client-secret>
: Replace the <client-ID>
and the <client-secrent>
with the consumer key and the consumer secret
you generated in Step 4 respectively. Make sure to keep the colon (:) separator between them.
<client-ID>
: Again, replace the <client-ID>
with the consumer key
.
<authorization-code>
: Replace this with the authorization code
, e.g., 2b602c70-6a6e-3e96-9132-8570aaad4458.
<redirect-URL>
: Replace this with the Callback URL
that you used to generate the keys, e.g., https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do
.
Format:
curl -v -X POST --basic -u <client-ID>:<client-secret> -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "client_id=<client-ID>&grant_type=authorization_code&code=<authorization-code>&redirect_uri=<redirect-URL>" https://api-openbanking.wso2.com/TokenAPI/v1.0.0/
Example:
curl -v -X POST --basic -u fAIwK4n9QKKHIoGOv1DF6eUOkiMa:2Ui34DIx7LfIiXtrUCCpkoUqKDUa -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "client_id=fAIwK4n9QKKHIoGOv1DF6eUOkiMa&grant_type=authorization_code&code=ff105634-e437-3567-955d-0bcaee3603d8&redirect_uri=https://openbanking.wso2.com/authenticationendpoint/authorize_callback.do" https://api-openbanking.wso2.com/TokenAPI/v1.0.0/
Paste the updated cURL command in the command prompt to generate the user access token with the consented privileges.
Example:
> POST /TokenAPI/v1.0.0/ HTTP/1.1
> Host: api-openbanking.wso2.com
> Authorization: Basic ZkFJd0s0bjlRS0tISW9HT3YxREY2ZVVPa2lNYToyVWkzNERJeDdMZklpWHRyVUNDcGtvVXFLRFVh
> User-Agent: curl/7.51.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded;charset=UTF-8
> Content-Length: 197
< HTTP/1.1 200 OK
< Server: nginx/1.12.1
< Date: Fri, 15 Sep 2017 05:30:23 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Frame-Options: DENY
< Cache-Control: no-store
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: POST
< X-Content-Type-Options: nosniff
< Pragma: no-cache
< X-XSS-Protection: 1; mode=block
< Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction
<
{"access_token":"c2f32c1e-37eb-3d86-8c48-f96cc200d16e","refresh_token":"9e38e258-385d-3bfc-82f6-b5ada4007589","scope":"payments","token_type":"
Now, try out other API resources of the PaymentsAPI
API.
<prefe