This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

TPP Onboarding for UK

Owned by Former user (Deleted)
Last updated: Oct 25, 2020 by Former user (Deleted)Version comment
2 min read

Third Party Provider (TPP) Onboarding is the process of ensuring that TPPs are trusted before consuming the banking APIs as they contain confidential customer information.  Therefore, the bank has to implement a proper TPP Onboarding process in its banking system.  This registration process:

    • Validates if the TPP is authorised by a competent authority
    • Validates the TPP's information (TPP role, TPP ID, application type, and request issuance time) See the full list of request parameters that must be validated according to the specification.
    • Allows accessing the banking APIs

For TPP Onboarding, the Open Banking Implementation Entity (OBIE) of the UK recommends any of the following processes:

Signup Workflow

In this method, you can configure workflows to approve TPPs who signup and the applications that are registered. For configurations, see  Using the Signup Workflow for UK.

Dynamic Client Registration

The diagram below shows how Dynamic Client Registration (DCR) functions. The OBIE of the UK has introduced two versions for DCR; v1.0.0 and v3.2. WSO2 Open Banking supports both approaches.


 Click here to see the more information of the two approaches...

v1.0.0v3.2
Software statement can be issued by
  • The directory solution provided by OBIE
  • The directory solution provided by OBIE
Endpoints
  • POST
  • POST
  • GET
  • PUT 
  • DELETE
Supported TPP authentication methods
  • Mutual Transport Layer Security
  • Mutual Transport Layer Security
  • Client Credentials Grant Type

See the following documents to configure TPP Onboarding using one of the above-mentioned approaches:

Manual Client Registration

In this method, TPP uses the OBIE directory as a federated Identity Provider to log in to the Developer Portal (API Store) of ASPSP using Single Sign On. The TPP needs to be registered with OBIE Directory as an Account Information Service Provider (AISP)/Payment Initiation Service Provider (PISP) /Card-Based Payment Instrument Issuer (CBPII) or a combination of AISP, PISP, CBPII to obtain client credentials to use OBIE as the IDP. The authorization code grant is used in OpenID Connect flow when using the federated IDP. ASPSP must provide a redirect URL where the logged-in TPP must be redirected to.

For configurations, see Manual Client Registration.