Deploying APIs for UK

This document guides you with the assumption that you have set up WSO2 Open Banking Key Manager and WSO2 Open Banking API Manager on separate servers. 

Configuring the velocity_template.xml 

Make sure to update the <WSO2_OB_KM_HOST> parameter in the consent enforcement handler of the <WSO2_OB_APIM_HOME>/repository/resources/api_templates/velocity_template.xml file, before creating the APIs. 

<handler class="com.wso2.finance.open.banking.uk.consent.enforcement.ConsentEnforcementHandler">
    #if($!apiVersion == "v3.0" || $!apiVersion == "v3.1" || $!apiVersion == "v3.1.1")
    <property name="accountValidationUrl" value="https://<WSO2_OB_KM_HOST>:9446/consent/uk300/accounts-validation"/>
    <property name="paymentConsumtionUpdateUrl"
              value="https://<WSO2_OB_KM_HOST>:9446/consent/uk300/payments/{PaymentType}/{ConsentId}/status/{Status}"/>
    <property name="paymentSubmissionValidationUrl"
              value="https://<WSO2_OB_KM_HOST>:9446/consent/uk300/payment-submission-validation"/>
    <property name="paymentConsentDataUrl"
              value="https://<WSO2_OB_KM_HOST>:9446/consent/uk300/payments/{PaymentType}/{ConsentId}/Consumption"/>
    <property name="fundConfirmationValidationUrl"
              value="https://<WSO2_OB_KM_HOST>:9446/consent/uk300/funds-confirmation-validation"/>
    #elseif($!apiVersion == "v2.0")
    <property name="accountValidationUrl" value="https://<WSO2_OB_KM_HOST>::9446/consent/uk200/accounts-validation"/>
    <property name="paymentSubmissionValidationUrl"
              value="https://<WSO2_OB_KM_HOST>:9446/consent/uk110/payment-submission-validation"/>
    #else
    <property name="accountValidationUrl" value="https://<WSO2_OB_KM_HOST>:9446/consent/uk110/accounts-validation"/>
    <property name="paymentSubmissionValidationUrl"
              value="https://<WSO2_OB_KM_HOST>:9446/consent/uk110/payment-submission-validation"/>
    #end
    <property name="keyStore" value="./repository/resources/security/wso2carbon.jks"/>
    <property name="password" value="wso2carbon"/>
    <property name="alias" value="wso2carbon"/>
</handler>

Configuring sequence files

In order to update the In Sequence file for the Accounts, Payment, and Confirmation of Funds APIs, update the relevant XML file from the <WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/<Name of the API>/<version of the API> directory.

Update the <WSO2_OB_KM_HOST> and <WSO2_OB_APIM_HOST> placeholders with the hostname of the WSO2 OB KM and APIM servers respectively.

By default, a mock backend is configured in the In Sequence file of the API Manager instance in WSO2 Open Banking. Ideally, the two occurrences of https://<WSO2_OB_APIM_HOST>:9443/open-banking/services/accounts/accountservice under the <filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION"> parameter should be replaced by the core banking system's API endpoints corresponding to the production and sandbox environments respectively. For more information on how to integrate a core banking system, see Integrating Core Banking System.

Displaying the error response for access token failures in the UK error format

Add the following configuration to the <WSO2_OB_APIM_HOME>/repository/deployment/server/synapse-configs/default/sequences/auth_failure_handler.xml under the <sequence key="_cors_request_handler_"/> configuration to display the error response for access token failures in the UK error format.

<filter source="get-property('REST_API_CONTEXT')" regex=".*\/(pisp|aisp|cbpii).*">
		<then>
			<class name="com.wso2.finance.open.banking.gateway.uk.AuthFailureResponseCreationMediator"/>
			<respond/>
		</then>
</filter>

Create and publish an API

In WSO2 Open Banking for UK, you can configure the following APIs:

• Accounts API 
• Payments API 
• Confirmation of Funds API 

Follow the steps given below to create and publish an API.

You can configure APIs through the API Publisher by signing in as a user whose role includes  Internal/publisher . Follow the steps given below:

1. Sign in to the API Publisher https:// <WSO2_OB_APIM_HOST>:9443/publisher .

   

2. Click ADD NEW API > I have an existing API. 

   

3. Select the Swagger definition from <WSO2_OB_APIM_HOME>/repository/resources/finance/apis and configure the properties according to the open-banking specification. Find more information from the table given below.

   
4. Click Start Creating.

5. Set the Context value as follows: 

   If you are using WSO2 Open Banking API Manager Level 1.5.0.94 or above:

   If you are configuring an API of v3.1.8 or above, set the following context value manually.  
6. Click Next: Implement to navigate to the next level.
7. Expand Managed API, and use the table below to select the relevant Endpoint Type from the drop down list.
8. Check Select a message mediation policy to be executed in the message flow under Message Mediation Policies.

9. Click Upload In Flow and select the corresponding In sequence file from <WSO2_OB_APIM_HOME>/repository/resources/finance/apis.
   

10. Click Next: Manage to navigate to the next level.

11. Expand Throttling Settings. Under Subscription Tiers, check the option as Unlimited : Allows unlimited requests unless you want to limit the requests.
    

    
    

12. Add the following Additional properties based on the API you're publishing. Click the + button to save each property. 

    Set the value of the ob-api-version property according to the version of the API. See the version mentioned in the swagger file.

    Given below are sample values for v3.1.1 APIs. Update the property values according to the API version that you're deploying.

    API	Property Name	Property Value
    AccountInfo API v3.1.1	ob-spec	uk
    	ob-api-type	account
    	ob-api-version	3.1.1
    Payments API v3.1.1	ob-spec	uk
    	ob-api-type	payment
    	ob-api-version	3.1.1
    Funds Confirmation API v3.1.1	ob-spec	uk
    	ob-api-type	cof
    	ob-api-version	3.1.1
    Event Notifications API v3.1.0	ob-spec	uk
    	ob-api-type	event
    	ob-api-version	3.1.0
    Dynamic Client Registration API v3.2	ob-spec	uk
    	ob-api-type	dcr
    	ob-api-version	3.2

    

13. Click Save & Publish.

Summarized information for configuring APIs - UK specification

This summary table contains sample values for v3.1.1 APIs. Use relevant insequence files in respective directories and the API property values according to the APIs that you're deploying.

Create a new version for an existing API

In the API Publisher of WSO2 Open Banking, users are not allowed to duplicate the scope of an API. Therefore, users are allowed to create a new version for the API in order to share the same scope. See below to find how it is done:

1. In the API Publisher (https://<WSO2_OB_APIM_HOST>:9443/publisher), click the API thumbnail to view the API overview.
   

2. Select the CREATE NEW VERSION tab.

   

3. Follow the versioning format and define the new version.
   

4. Click Done.

   Define the correct version for the API and choose the swagger and In sequence files appropriately.

   The directory path to the files in the solution pack helps you to choose the correct file. For example, choose the swagger and in sequence files from <WSO2_OB_APIM_HOME>/repository/resources/finance/apis/openbanking.org.uk/Accounts/3.1.0 if you want to create the 3.1.0 version of Payment Initiation API.

5. Select the newly created API and click EDIT API.
   
6. You are redirected to the Design phase. Click the Edit Source button under API Definition section.
   
7. In the Swagger Editor menu bar, select File>Import File.
8. Browse for the intended swagger file in .yaml format and click Open File.
9. Click Apply Changes to save the changes and go back to the Design page.
   
10. Scroll down and click Save.
11. Click Next: Implement > to navigate to the next page.
12. Expand Managed API, and click Upload In Flow.
13. Select the relevant In sequence file for the corresponding API and its version, and click Upload.
    
14. Click Next: Manage > to navigate to the next page.
15. Expand API Properties and ensure the ob-spec property is set to reflect the correct specification.

16. Click Save & Publish.

    To get the existing subscriptions to the new version, follow the steps below:

    1. In the API Publisher, click the new API thumbnail to Browse API.
       
    2. Go to the Lifecycle tab.
       Tick the relevant boxes if you want to:
       1. Deprecate the old versions after publishing this new version.
       2. Remove the existing subscriptions and require the applications to re-subscribe.
       
    3. Click Publish.
    4. To verify the subscriptions, go to the Versions tab.
       

Request payload validation

Request payload validation adds flexibility to validate an incoming request against any customisations done to the swagger definition. For example, remove an enumeration from an existing set and check whether the incoming request contains the defined enumerations. 

According to the following sample payload, the given account number formats are accepted.

If your API supports only the UK.OBIE.IBAN and UK.OBIE.SortCodeAccountNumber account number formats, you can simply modify the published swagger file and republish the API for the modifications to take effect.