When a consumer revoke granted consents there should be a mechanism to inform relevant parties that the particular CDR Arrangement ID is not valid anymore. The Data Recipients use the CDR Arrangement Management API, which facilitates this requirement. If this communication does not take place, the Data Holder will continue to expose the consumer’s data and the Data Recipient will continue to have the consumer’s data within their system. Therefore, it is important to communicate the revocation to both parties to protect consumer data and prevent misuse.
This page explains how to configure and deploy the CDR Arrangement Management API as per the latest changes introduced in the latest updates of WSO2 Open Banking.
These changes are available only as a WSO2 Update and are effective from June 30, 2021 (06-30-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.
Before we begin:
Do the following configurations to reflect the latest changes related to CDR Arrangement Management API.
Given below are the steps to deploy the CDR Arrangement Management API v1.0.0.
Sign in to the API Publisher Portal (
https://<WSO2_OB_APIM_HOST>:9443/publisher
) as an API creator/publisher.In the APIs tab, select CREATE NEW API > I Have an Existing REST API.
- Set the Input Type to OpenAPI File.
- Click BROWSE FILE TO UPLOAD and select the
<WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/CDRArrangement/cdr-arrangement-mgt-api.yaml
Swagger file. - Click Next.
Set the endpoint as follows:
https://<WSO2_OB_IAM_HOST>:9446/cdr-arrangement-management/arrangements
- Set the business plan to Unlimited : Allows unlimited requests unless you want to limit the requests.
- Click Create to create the API.
- Once you get the message that the API is successfully updated, go to Properties using the left menu panel.
- Click Add New Property.
Add the API Properties according to your API and click the Add button.
Property Name Property Value ob-spec au ob-api-type cdr-arrangement - Click SAVE.
- Go back to Overview using the left menu panel.
- Click PUBLISH.
- The published API is available in the Developer Portal at
https://<WSO2_OB_APIM_HOST>:9443/devportal
.
Invoking CDR Arrangement Management API
This API consists of the following endpoint.
Revoke a sharing arrangement
This endpoint is to revoke a sharing arrangement (consent) between the Data Holder and the Data Recipient. This endpoint must be implemented by both Data Holders and Data Recipients and notifies each other when a CDR Arrangement ID is revoked.
Given below is a sample request: