This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Using the Signup Workflow for UK

Owned by Former user (Deleted)
Last updated: Mar 30, 2020
8 min read

Third-Party Providers (TPPs) can create third-party applications to facilitate banking services exposed via banking APIs. A TPP can play the role of a PISP/AISP/CBPII or a combination of those roles.

The TPPs are subject to thorough verification before connecting them with the banks/ASPSPs. This verification includes a comprehensive sign-up process at the API Store; the developer portal of WSO2 Open Banking. For a TPP to start providing open banking services, it has to be registered under a Competent Authority, which is a regulatory body that authorizes and supervises the open banking services delivered by the TPP

This tutorial lets you try out a sample TPP onboarding process.

Prerequisites

  1. Download WSO2 EI 6.4.0 and unzip the file.

  2. Set the path and hostname to EI in the <WSO2_OB_APIM_HOME>/repository/resources/finance/script/startup.properties file.

    If you are using Microsoft SQL Server or Oracle, create the bpsdb and bps_configdb databases.

  3. Go to the <WSO2_OB_APIM_HOME>/repository/resources/finance/scripts/wso2ei-bps directory and give execution permissions to the configure-bps.sh file.

  4. Run configure-bps.sh

  5. Add the following artifacts to the given locations:
    1. Download the ApplicationRegistrationWorkflowProcess_1.0.0.zip and UserSignupApprovalProcess_1.0.0.zip BPEL artifcats and place them in the <WSO2_EI_HOME>/repository/deployment/server/bpel directory.
    2. Download the UserApprovalTask-1.0.0.zip and ApplicationRegistrationTask-1.0.0.zip human task artifacts and place them in the <WSO2_EI_HOME>/repository/deployment/server/humantask directory.

  6. Navigate to the wso2ei-6.4.0/wso2/business-process/bin directory, and execute the following command:

    ./wso2server.sh -Dsetup

  7. Sign in to the API management console https://<WSO2_OB_APIM_HOST>:9443/carbon.

    Sign in as a super admin. Default credentials are: - Username: admin@wso2.com - Password: wso2123

  8. On the Main tab, click Resources > Browse.

  9. Navigate to the /_system/governance/apimgt/applicationdata/workflow-extensions.xml registry file.

  10. In the workflow-extensions.xml registry file, navigate to Content and click Edit as text.

  11. Add the following configurations under ProductApplicationRegisteration and  UserSignup  in the registry file:

    <ProductionApplicationRegistration executor="com.wso2.finance.tpp.prodaccess.impl.TPPProdAccessWorkFlow">
	<Property name="serviceEndpoint">http://localhost:9765/services/ApplicationRegistrationWorkFlowProcess/</Property>
	<Property name="username">admin@wso2.com@carbon.super</Property>
	<Property name="password">wso2123</Property>
	<Property name="callbackURL">https://localhost:8243/services/WorkflowCallbackService</Property>
</ProductionApplicationRegistration>
    <UserSignUp executor="com.wso2.finance.tpp.signup.impl.TPPSignUpWorkFlow">
<Property name="serviceEndpoint">http://localhost:9765/services/UserSignupProcess/</Property>
<Property name="username">admin@wso2.com@carbon.super</Property>
<Property name="password">wso2123</Property>
<Property name="callbackURL">https://localhost:8243/services/WorkflowCallbackService</Property>
<Property name="aispRole">internal/aispRole</Property>
<Property name="pispRole">internal/pispRole</Property>
<Property name="piispRole">internal/piispRole</Property>
</UserSignUp>
  12. Click  Save Content.

  1. Access the WSO2 Open Banking API Store using either of the following URLs:

    ProtocolURL
    HTTPhttp://<HTTP_OB_HOST>:9763/store
    HTTPShttps://<HTTPS_OB_HOST>:9443/store
  2. Access the WSO2 Open Banking Admin Portal using either of the following URLs:


    ProtocolURL
    HTTPhttp://<HTTP_OB_HOST>:9763/admin
    HTTPShttps://<HTTPS_OB_HOST>:9443/admin


    1. Click Sign In and navigate to the sign-in screen.
    2. Enter the username and the password and click Sign In.

Let's get started!


Step 01 Sign up as a TPP user

Follow the steps below to sign up as a TPP user

  1. Navigate to the API Store.

  2. Click Sign Up and navigate to the sign-up screen.   

  3. Provide the requested details as defined below: 

    1. Generic Details 

      FieldDescriptionSample Value
      Username/EmailThe username/email the TPP user uses to sign in to the API Store.tony@fincom.com
      PasswordThe password the TPP user uses to sign in to the API Store.
      Re-type PasswordRe-type the password to prevent an incorrect password being set accidentally.
      First NameThe first name of the TPP user.Tony
      Last NameThe last name of the TPP user.Paige

    2. Company details 

      FieldDescriptionSample Value
      Legal Entity NameThe official name of the TPP.FinCom
      Country of RegistrationThe country in which the TPP is registered.United Kingdom
      Legal Entity Identifier (LEI) NumberThe legal entity number that identifies the TPP.123400WSGIIACXF1P520
      Company RegisterThe organization that registered the TPP.
      Company Registration NumberThe identifier issued at the TPP registration.
      Address Line 1The address of the TPP.
      Address Line 2The address of the TPP.
      CityThe city in which the TPP is located.
      Postal CodeThe postal code of the geographical location of the TPP.
      CountryThe country in which the TPP is located.

    3. Competent Authority registration details 

      FieldDescriptionSample Value
      Competent AuthorityThe regulatory body that authorizes and supervises the open banking services delivered by the TPP.Financial Conduct Authority
      Competent Authority CountryThe country of the Competent Authority that authorized the TPP to provide open banking services.
      Competent Authority Registration NumberThe registration number issued by the Competent Authority to the TPP.
      URL of the Competent Authority Register PageThe URL of the page that has the list of organizations authorized by the given competent authority.
      Open Banking Roles

      The open banking roles the TPP is willing to take up:

      • Account Information Service Provider:
        An Account Information Service Provider (AISP) provides an aggregated view of all the accounts and past transactions that a customer has with different banks. To provide this view to the customer, the AISP should have authorization from the customer to view the corresponding transaction and balance information of all the payment accounts. The AISPs can also provide the facility to analyze the customer's spending patterns, expenses, and financial needs. Unlike a PISP, an AISP cannot transfer funds from a payment account. 
      • Payment Initiation Service Provider: A Payment Initiation Service Provider (PISP) initiates credit transfers on behalf of a bank's customer.
      • Payment Instrument Issuer Service Provider:

        A Payment Instrument Issuer Service Provider (PIISP) is a PSP that verifies the coverage of a given payment amount of the PSU's account. Examples of PIISPs are the banks and credit card issuers that are obligated to verify whether the given payment amount can be covered by the PSU's account through APIs.


      After selecting the roles, indicate whether or not the TPP is authorized by a competent authority to provide the services of the selected roles.

      If the TPP has not yet registered to provide the services of the selected roles, indicate whether or not the TPP has applied for registration.


  4. Agree to the terms and conditions by selecting the check box.

  5. Click Sign Up

    A request to approve the user sign up is sent to the admin users

Step 02 Approve the TPP user account

Follow the steps below to approve the newly created TPP user account:

It is not mandatory to include the approval step for the TPP user to become PSD2-compliant. In order to add this step, you need to configure workflows in the WSO2 Open Banking solution. For more information on configuring workflows, see here.

  1. Navigate to the Admin Portal.  

  2. Locate the approval request and click Assign To Me.    

  3. Click Start to start the approval process.
  4. Select Approve and click Complete.

    The TPP user can now sign in to the API Store.

Step 03 Sign in as a TPP user

Follow the steps below to sign in to the API Store:

  1. Navigate to the API Store.
  2. Click Sign In and navigate to the sign in screen.
  3. Enter the username and the password you entered at the user sign up.
  4. Click Sign In.

    The API Store home screen with the APIs appears. Remain in the API Store to create an application.

Step 04 Create an application

An application is an intermediary that sits between an API and its consumer. API consumers use applications to subscribe to APIs and consume them.

An API consumer can subscribe to multiple APIs using a single application. Thus, it acts as a logical collection of API subscriptions and decouples the API consumer from the APIs. Each application can be associated with different Service Level Agreement (SLA) levels. This is enabled by attaching an application with throttling tiers that determine the maximum number of API calls allowed during a given duration.

Follow the steps below to create an application:

  1. In the API Store, click Applications.
  2. Click Add Application.

  3. Enter the application details. 

    FieldDescriptionSample Value
    NameThe application name.FinComApp
    Per Token QuotaDetermines the maximum number of API requests accepted within a given duration.Unlimited
    DescriptionDescribes the purpose of the application.

  4. Click Add to create the application.  

    Remain on the same page to generate application access tokens. 

Step 05 Create the certificates

Follow the steps below to create a public key certificate, and application certificate:

  1. Update the place holders of the following command and run it in a command prompt to create a keystore, which is a repository of security certificates. 

    • alias: This is a preferred alias for the keystore.

    • preferred-filename: This is a preferred name for the keystore. You can even enter the location where you want the keystore to be generated.     

    keytool -genkey -alias <<alias>> -keyalg RSA -keystore <<filename>>.jks

    Example:

    keytool -genkey -alias KeyStore -keyalg RSA -keystore tpp.jks
     Click here to see a single command to create the certificate, and set certificate attributes
    keytool -genkey -alias <<alias>> -keyalg RSA -keysize 2048 -keystore <<filename>>.jks -dname "CN=<<Common Name>>,OU=<<Organization Unit>>,O=<<Organization>>,L=<<Locality>>,S=<<StateofProvice Name>>,C=<<Country Name>>" -storepass <<password>> -keypass <<password>>

  2. Provide a password for the keystore, and setup the hostname by providing the following certificate attributes for the newly created certificate when prompted:

    • Common Name (CN)

    • Organizational Unit (OU)
    • Organization (O)
    • Locality (L)
    • StateofProvince Name (S)

    • Country Name (C) 

  3. Update the place holders of the following command and run it in a command prompt to extract the certificate from the generated keystore.  

    1. alias: The alias of the keystore.

    2. fileName: The name of the certificate.

    3. keyStoreName: The name of the keystore. 

    keytool -export -alias <<alias>> -file <<fileName>> -keystore <<keyStoreName>>.jks

    Example:

    keytool -export -alias KeyStore -file cert -keystore tpp.jks

  4. Provide the password you used for the keystore.
    The public key certificate is extracted to the same location where you ran the command.    

  5. Update the placeholders of the following command, and run in a command prompt to convert the keystore from the jks format to PKCS12

    1. keyStoreName: The name of the keystore. 

    2. PKCS12FileName: The name of the keystore in the PKCS12 format. 
    keytool -importkeystore -srckeystore <keystoreStoreName>.jks -destkeystore <<PKCS12FileName>>.p12 -deststoretype PKCS12

    Example:

    keytool -importkeystore -srckeystore tpp.jks -destkeystore tpp.p12 -deststoretype PKCS12

  6. Update the place holders of the following commands, and run in a command prompt to create the application certificate (.pem) file using the keystore, in the PKCS12 format, e.g., tpp.p12.  

    1. PKCS12FileName: The name of the keystore in the PKCS12 format. 

    2. PEMFileName: The name of the application certificate that is created in the .pem format. 

    openssl pkcs12 -in <<PKCS12FileName>>.p12 -nokeys -out <<PEMFileName>>.pem

    Example:

    openssl pkcs12 -in tpp.p12 -nokeys -out tpp.pem

Step 06 Request access tokens

Step 07 Approve the access key generation

Follow the steps below to approve the access key generation:

  1. Navigate to the Admin Portal.
  2. Click Tasks > Application Registration.
  3. Locate the approval request and click Assign To Me.
  4. Click Start to start the approval process.
  5. Select Approve and then click Complete.
  6. Navigate back to the API Store and click Applications
  7. Click View of the application that you created in Step 04, e.g., FinComApp to navigate to the application details page.
  8. Click Production Keys tab.

    Observe the generated keys. 

    Next, you can subscribe to APIs available in the API Store and invoke them.