This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Account and Transaction API v3.1.1
This document explains the flow of events related to the Account and Transaction API v3.1.1.Â
Before you begin:
You need to deploy the Account Information and Transaction API in <WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/Accounts/3.1.1/account-info-swagger-3.1.1.yaml
file. To deploy APIs for WSO2 Open Banking UK, see Deploying APIs for UK.
If you have already deployed v3.1 APIs:
According to Open Banking Implementation Entity (OBIE), the v3.1 and v3.1.1 APIs have the same context values. Therefore, if you have already deployed v3.1 APIs, the v3.1.1 APIs cannot be deployed as new versions of existing APIs. You have to update the swagger file content.
If you have integrated with OBIE you can use the Dynamic Client Registration v3.2 API. Once you deploy the DCR v3.2 API you can continue from the Generate application access token step.
- Step 1 - Sign up as a TPP
- Step 2 - Approve the TPP
- Step 3 - Sign in to the API store as the TPP
- Step 4 - Create an application
- Step 5 - Subscribe to API
- Step 6 - Create and upload certificates
- Step 7 - Generate keys
- Step 8 - Approve Production Key generation
- Step 9 - Generate application access token
- Step 10 - Initiate account consents
- Step 11 - Authorizing account consents
- Step 12 - Generate user access token
- Step 13 - Invoke Account and Transaction APIs
Step 1 - Sign up as a TPP
In this step, the TPP registers its TPP application in WSO2 API store.
Step 2 - Approve the TPP
Now that you have signed up as a TPP, an admin who overlooks all TPP sign-up forms must approve it.
It is not mandatory to include the approval step for approving the TPP. In order to add this step, you need to configure workflows in the WSO2 Open Banking solution.
Step 3 - Sign in to the API store as the TPP
Step 4 - Create an application
Step 5 - Subscribe to API
The TPP user needs to subscribe to the AccountAndTransactionAPI - v3.1.1
API in order to access API resources. Once subscribed, the users can access all the supported services of the API resources.
Step 6 - Create and upload certificates
The TPP user needs to create certificates to validate whether the TPP is registered in a governing entity. It is verified in the TPP Onboarding process. For example, in Dynamic Client Registration, the TPP is dynamically registered with ASPSPs when the client sends a registration request with its metadata. Therefore, the ASPSP is required to upload the root and issuer certificates obtained from Open Banking Implementation Entity. For more information, see Dynamic Client Registration v3.2.
You can also create a self-signed certificate the following instructions given below and try out the API flow:
When you are using self-signed certificates, make sure to disable the certificate revocation validation:
- Open the
<WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml
file Navigate to the certificate revocation validation configuration and disable it as follows:
<CertificateManagement> <!-- Enable certificate OCSP and CRL validation --> <CertificateRevocationValidationEnabled>true</CertificateRevocationValidationEnabled> /CertificateManagement>
Once you create a self-signed certificate, upload it to the client trust stores of WSO2 OB APIM and WSO2 OB KM.
- Locate the client trust stores in WSO2 OB APIM and WSO2 OB KM in the following directory paths:
<WSO2_OB_APIM_HOME>/repository/resources/security/client-truststore.jks
<WSO2_OB_KM_HOME>/repository/resources/security/client-truststore.jks
Use the following command to upload the self-signed certificate:
keytool -import -alias <alias> -keystore cacerts -file <PEMFileName>.pem
Step 7 - Generate keys
The TPP user requires a Client ID(Consumer Key) and a Client secret(Consumer Secret) to access the subscribed APIs.
Step 8 - Approve Production Key generation
This step includes instructions to an Approver user to review and approve a request to generate production keys for an application.
It is not mandatory to include the approval step for the Production Key generation. In order to add this step, you need to configure workflows in the WSO2 Open Banking solution.
Step 9 - Generate application access token
When invoking APIs in the Account and Transaction flow, application access tokens must be generated using the client credential grant type. The generated application access token is used to invoke the AccountAndTransactionAPI - v3.1.1 API.
Step 10 - Initiate account consents
In this step, the TPP creates a request to get the consent of the PSU to access the accounts and its information from the bank. The Bank sends the request to the PSU stating the accounts and information that the TPP wishes to access. Upon the user approving or denying the account consent, the TPP is now eligible to access the user's account details.
Step 11 - Authorizing account consents
The AISP redirects the bank customer to authenticate and approve/deny application-provided consents.
Step 12 - Generate user access token
In this section, you will be generating an access token using the authorization code generated in the section above .
Step 13 - Invoke Account and Transaction APIs
Following API functionalities are available in the Account and Transaction API.
- GET /accounts
- GET /accounts/{AccountId}
- GET /accounts/{AccountId}/balances
- GET /balances
- GET /accounts/{AccountId}/beneficiaries
- GET /beneficiaries
- GET /accounts/{AccountId}/direct-debits
- GET /direct-debits
- GET /accounts/{AccountId}/offers
- GET /offers
- GET /accounts/{AccountId}/parties
- GET /accounts/{AccountId}/party
- GET /party
- GET /accounts/{AccountId}/product
- GET /products
- GET /accounts/{AccountId}/scheduled-payments
- GET /scheduled-payments
- GET /accounts/{AccountId}/standing-orders
- GET /standing-orders
- GET /accounts/{AccountId}/statements
- GET /accounts/{AccountId}/statements/{StatementId}
- GET /accounts/{AccountId}/statements/{StatementId}/file
- GET /accounts/{AccountId}/statements/{StatementId}/transactions
- GET /statements
- GET /accounts/{AccountId}/transactions
- GET /transactions
GET /accounts
The first step for an AISP after an account request is authorised is to call the GET /accounts endpoint.
An AISP will be given the full list of accounts that the PSU has authorised the AISP to access. The AccountIds
returned is used to retrieve other resources for a specific AccountId
.
GET /accounts/{AccountId}
The AISPs are able to retrieve the account information for a given AccountId. The AccountID
is retrieved in the call to GET /accounts.
GET /accounts/{AccountId}/balances
The AISPs are able to retrieve the account balance information resource for a specific AccountId.
The AccountId is retrieved in the call to GET /accounts.
GET /balances
The AISPs are able to retrieve the account information resources in bulk.
This retrieves the resources for all authorised accounts linked to the account request.
GET /accounts/{AccountId}/beneficiaries
The AISPs are able to retrieve the account beneficiaries information resource for a specific AccountId
. The AccountId is retrieved in the call to GET /accounts.
GET /beneficiaries
The AISPs are able to retrieve the beneficiaries' information in bulk.
This endpoint will retrieve the beneficiaries' resources for all authorised accounts linked to a specific account request.
GET /accounts/{AccountId}/direct-debits
The AISPs are able to retrieve the direct-debits for a specific account identified by AccountId
using this endpoint. The AccountId
is retrieved in the call to GET /accounts.
GET /direct-debits
The AISPs are able to retrieve direct-debits for all accounts that the PSU has consented to.
This will retrieve the direct-debit resources for all authorised accounts linked to the account request.
GET /accounts/{AccountId}/offers
The AISPs are able to retrieve the offers resource for a specific AccountId
. The AccountId
is retrieved in the call to GET /accounts.
GET /offers
The AISPs are able to retrieve the offers resources in bulk. This will retrieve the resources for all authorised accounts linked to the account request.
GET /accounts/{AccountId}/parties
The AISPs are able to retrieve details on the account owners or holders and operators. The AccountId
is retrieved in the call to GET /accounts.
GET /accounts/{AccountId}/party
The AISPs are able to retrieve details on the account owner or holder for a given AccountId
.
- In the case of a business, this will be the details of the business
In the case of a joint account, this will be the party that has given authorisation to the AISP to view the account
GET /party
The AISPs are able to retrieve details on the user that has authorised the account-access-consent with the ASPSP:
- In the case of a business account, this will be the details of the party that has given authorisation to the AISP to view the account
In the case of a joint account, this will be the party that has given authorisation to the AISP to view the account
GET /accounts/{AccountId}/product
AccountId
. The AccountId
is retrieved in the call to GET /accounts.GET /products
The AISPs are able to retrieve the products information in bulk.
This endpoint will retrieve the products resources for all authorised accounts linked to a specific account request.
GET /accounts/{AccountId}/scheduled-payments
The AISPs are able to retrieve the scheduled-payments for a specific AccountId
. The AccountId
is retrieved in the call to GET /accounts.
GET /scheduled-payments
The AISPs are able to retrieve the scheduled-payments resources in bulk.
This will retrieve the scheduled-payments resources for all authorised accounts linked to the account request.
GET /accounts/{AccountId}/standing-orders
The AISPs are able to retrieve the standing-order resources for a specific AccountId
. The AccountId
is retrieved in the call to GET /accounts.
GET /standing-orders
The AISPs are able to retrieve the standing orders' resources in bulk.
This will retrieve the scheduled-payments resources for all authorised accounts linked to the account request.
GET /accounts/{AccountId}/statements
The AISPs are able to retrieve the statements information resource for a given AccountId.
The AccountId
is retrieved in the call to GET /accounts.
GET /accounts/{AccountId}/statements/{StatementId}
The AISPs are able to retrieve the statement information resource for a specific statement in the AccountId.
The AccountId
is retrieved in the call to GET /accounts.
GET /accounts/{AccountId}/statements/{StatementId}/file
The AISPs are able to retrieve a non-json representation of a specific statement as specified in the Accept header by the AISP. The statement can be downloaded in formats such as pdf
, doc
and csv
.
curl -X GET \ https://<WSO2_OB_APIM_HOST>:8243/open-banking/v3.1/aisp/accounts/<AccountId>/statements/<StatementId>/file \ -H 'Authorization: Bearer <USER_ACCESS_TOKEN>' -k \ -H 'Cache-Control: no-cache' \ -H 'accept: application/pdf' \ -H 'x-fapi-financial-id: open-bank' \ --output statement.pdf
GET /accounts/{AccountId}/statements/{StatementId}/transactions
The AISPs are able to retrieve the transaction resources for a specific AccountId
and a StatemntId
.
GET /statements
The AISPs are able to retrieve statement information for all accounts that the PSU has consented to.
This will retrieve the statement resources for all authorised accounts linked to the account request.
GET /accounts/{AccountId}/transactions
The AISPs are able to retrieve the transaction resource for a specific AccountId
. The AccountId
is retrieved in the call to GET /accounts.
GET /transactions
The AISPs are able to retrieve the transactions in bulk.
This will retrieve the transactions resources for all authorised accounts linked to the account request.