This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Consumer Data Standards API

Data Recipients can use the Consumer Data Standards API v1.2.0 to retrieve the account and transaction details of consumers with the authorisation of the consumer. This documentation explains the Consumer Data Standards API under the following topics:

Basic flow

The diagram below provides a general outline of the Consumer Data Standards API flow.

  1. The Data Recipient sends an authorisation request to the Data Holder. This request is sent to authenticate the consumer before retrieving information through an Accredited Data Recipient's interface.
  2. The consumer logs into the Data Holder’s authorisation webpage using the username. This is achieved using the identifier-first authenticator in WSO2 Open Banking Key Manager. Once the username is entered, an OTP is sent. Instead of the password, auth web app of WSO2 Open Banking Key Manager authenticates the consumer using the username and the OTP. Upon successful authentication, the consumer is able to view requested data. At this point, the consumer requires to select the account and authorise the consent.
  3. The Auth web app of WSO2 Open Banking Key Manager sends an authorisation code to the defined redirection URL of Data Recipient application.
  4. The Data Recipient requests for a user access token and a refresh token using the authorisation code sent in step 4.
  5. Using the generated access token, now the Data Recipient can retrieve information via the Data Holder's interface.

Sequence Diagram

Authorisation flow

Access token generation

Information retrieval flow

Endpoints

Following endpoints are available in the Consumer Data Standards API 1.2.0.

  • The Product Reference Data (PRD) endpoints do not require authentication. Banks need to expose these endpoints by the phase I deadline. PRD endpoints: Get Products and Get Products Detail.
  • The rest of the endpoints are secured endpoints and are used to retrieve consumer data. Banks need to expose these endpoints in phase II.