This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Configuring the Open-Banking.xml File for Berlin

Owned by Former user (Deleted)
Last updated: Sept 20, 2019 by Former user (Deleted)
3 min read

Open open-banking.xml file in the repository/conf/finance of both WSO2_OB_APIM and WSO2_OB_KM nodes. Configure the open-banking.xml file based on the configurations listed below. 

Do the following configurations in both the wso2-obam and wso2-obkm nodes, and restart the servers.


Configuration

1

Define the specification that you plan to deploy.

Possible values: UK, BERLIN, STET

<DeployedSpecification>BERLIN</DeployedSpecification>
2
Select a SCA approach from

1. Redirect (OAUTH2 is subsumed by this)
2. Decoupled
3. Embedded

<SCA>
<SelectedSCAApproach>REDIRECT</SelectedSCAApproach>
</SCA>
3

The endpoint to retrieve OIDC Discovery metadata.

<SCA>
<OAuthMetadataEndpoint>https://<WSO2_OB_APIM_HOST>/<WSO2_OB_KM>/.well-known/openid-configuration</OAuthMetadataEndpoint>
</SCA>
4

You need to get the latest product updates to verify if an account-id sent within the account-consents resource that is sent by TPP, is valid from the bank back-end. This improvement is available as a product update from June 27, 2019 (06-27-2019) onwards.

  • <SharableAccountsRetriveEndpoint>: Configures the endpoint to retrieve sharable accounts that required to list on the consent page.

Sharable accounts - accounts that are accessible online.


<SharableAccountsRetriveEndpoint>http://<WSO2_OB_APIM_HOST>/<WSO2_OB_KM>:9763/open-banking/services/bankaccounts/bankaccountservice/sharable-accounts</SharableAccountsRetriveEndpoint>

In some banks, some PSUs may have a certain number of accounts, but not all accounts have the ability to be shared externally or to make a payment online. In a bank, the sharable account list and the payable account list can either be the same or different.

In the default WSO2 Open Banking solution, at least two APIs are expected to return sharable and payable accounts when passing the user_id, and the given JSON response must be returned. Then it automatically loads the accounts list in the consent page.

The bank's backend endpoint for retrieving the user's accounts returns a response in the following format:

Account:
    type: object
    properties:
      iban:
        type: string
        example: DE12345678901234567890
        description: IBAN of account
  GetAccountsResponse:
    type: object
    properties:
      customerNumber:
        type: string
      accounts:
        type: array
        items:
          $ref: '#/definitions/Account'
    description: The response related to the get method of Account

When bank back-end is configured, required parameters can be passed as query parameters to those endpoints. As an example:

http://<WSO2_OB_APIM_HOST>/<WSO2_OB_KM>:9763/open-banking/services/bankaccounts/bankaccountservice/sharable-accounts?userId=john@gold.com&consentId=1234567890
5

The link to the payment initiation resource, which needs to be updated by the PSU identification. This might be used in an embedded, redirect or decoupled SCA Approach, where the PSU ID was missing in the first request.

<SCA>
<UpdatePSUIdentification>https://<WSO2_OB_APIM_HOST>/<WSO2_OB_KM></UpdatePSUIdentification>
</SCA>
6

The link to the payment initiation resource, which needs to be updated by a PSU password and eventually the PSU identification if not delivered yet. This is used in case of the Embedded or Decoupled SCA approach.

<SCA>
<UpdatePSUAuthentication>https://<WSO2_OB_APIM_HOST>/<WSO2_OB_KM></UpdatePSUAuthentication>
</SCA>
7

This is a link to a resource, where the TPP can select the applicable strong customer authentication methods for the PSU, if there were several available authentication method.

<SCA>
<SelectAuthenticationMethod>https://<WSO2_OB_APIM_HOST>/<WSO2_OB_KM></SelectAuthenticationMethod>
</SCA>
8

The link to the payment initiation resource, where the "Payment Authorisation Request" is sent to. This is the link to the resource which will authorise the payment by checking the SCA authentication data within the Embedded SCA approach.

<SCA>
<AuthorizeTransaction>https://<WSO2_OB_APIM_HOST>/<WSO2_OB_KM></AuthorizeTransaction>
</SCA>
9

The time interval for duplicate checking of payment consent initiation requests using X-Request-ID.

<DuplicateCheck>
            <TimeIntervalInMinutes>60</TimeIntervalInMinutes>
</DuplicateCheck>
			<EnableIBANBasedAccountRetrievalValidation>true</EnableIBANBasedAccountRetrievalValidation>
        	<Host><WSO2_OB_APIM_HOST>/<WSO2_OB_KM>/Host>
        	<Port>8243</Port>
       		<AccountConsentsApiPath>/AccountsInfoAPI/v1.1.0/consents</AccountConsentsApiPath>
        	<PaymentConsentsApiPath>/PaymentsAPI/v1.1.0/payments</PaymentConsentsApiPath>