This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Deploying Consumer Data Standards Administration API v1.28.0

Owned by Akram Azarm
Last updated: Apr 16, 2024
32 min read

Before you begin:

Configure Metadata Cache Management endpoint that is required for the Administration API.

  • Open the  <WSO2_OB_APIM_HOME>/repository/conf/deployment.toml  file.

  • Add the following configurations and restart the server. 

[open_banking.au.metadata_cache]
metadata_mgt_endpoint = "https://<WSO2_OB_IAM_HOST>:9446/api/openbanking/au-metadata-mgt/au100/register/metadata"

The following configuration is to generate self-link in the CDS Administration API response. This is only available as a WSO2 Update from WSO2 Open Banking API Manager Level 2.0.0.46 onwards. For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

[open_banking.au.admin.api]
self_url = "_self-url_"

  • Add the following synapse configurations to retrieve infosec statistics:

    This is available only as a WSO2 Update and is effective from July 09, 2021 (07-09-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

     Click here to see how it done...
    1. Go to the <WSO2_OB_APIM_HOME>/repository/deployment/server/synapse-configs/default/api/ directory.
    2. Open the following files and update them by adding the given property and handlers:
      1. _TokenAPI_.xml
      2. _RevokeAPI_.xml
      3. _AuthorizeAPI_.xml

    3. Add the following property just under the <inSequence> tag: 

      <property name="api.ut.backendRequestTime" expression="get-property('SYSTEM_TIME')"/>

    4. Add the following two handlers just under the <handlers> tag: 

      <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.APIMgtLatencyStatsHandler"/>
<handler class="com.wso2.finance.open.banking.management.information.reporting.data.publisher.ReportingDataHandler"/>

  • If you want to support ID permanence, make sure to follow the below steps before deploying the CDS Standard API  in <WSO2_APIM)_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/<version>:

    This is available only as a WUM update and is effective from March 24, 2021 (03-24-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

     Click here to see how it done...

    1. Open <WSO2_OB_APIM_HOME>/repository/resources/api_templates/velocity_template.xml 

    2. Under #if($apiObj.additionalProperties.get("ob-spec") == "au" && $apiObj.additionalProperties.get("ob-api-type") != "dcr" && $apiObj.additionalProperties.get("ob-api-type") != "cdr-arrangement" && $apiObj.additionalProperties.get("ob-api-type") != "cds-admin"), add <handler class="com.wso2.finance.open.banking.gateway.au.IdPermanenceHandler"/>
      after <handler class="com.wso2.finance.open.banking.gateway.api.schema.validation.RequestSchemaValidationHandler"/> and before <handler class="com.wso2.finance.open.banking.au.consent.enforcement.AUConsentEnforcementHandler">:

       Click here to see modified the configuration...
      ##
## Start of AU Specification Handlers
##

#if($apiObj.additionalProperties.get("ob-spec") == "au" && $apiObj.additionalProperties.get("ob-api-type") != "dcr"
&& $apiObj.additionalProperties.get("ob-api-type") != "cdr-arrangement"
&& $apiObj.additionalProperties.get("ob-api-type") != "cds-admin")
<handler class="com.wso2.finance.open.banking.custom.throttling.CDSThrottlingPolicyHandler"/>
<handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSValidationHandler"/>
<handler class="com.wso2.finance.open.banking.gateway.common.APIResourceAccessHandler"/>
<handler class="com.wso2.finance.open.banking.mtls.validator.handler.HolderOfKeyValidationHandler"/>
<handler class="com.wso2.finance.open.banking.gateway.api.schema.validation.RequestSchemaValidationHandler"/>
<handler class="com.wso2.finance.open.banking.gateway.au.IdPermanenceHandler"/>
<handler class="com.wso2.finance.open.banking.au.consent.enforcement.AUConsentEnforcementHandler">
    <property name="validationBaseUrl" value="https://IAM_HOSTNAME:9446/api/openbanking/consent-mgt/au100"/>
</handler>
#end

      In case you have already deployed and subscribed the CDS Standard API, 

      • Open the <WSO2_OB_APIM_HOME>/repository/deployment/server/synapse-configs/default/api/<API_PUBLISHER_NAME>–ConsumerDataStandards_vv1.xml. For example, <WSO2_OB_APIM_HOME>/repository/deployment/server/synapse-configs/default/api/mark-AT-gold.com--ConsumerDataStandards_vv1.xml and locate the <handlers> tag

      • Add <handler class="com.wso2.finance.open.banking.gateway.au.IdPermanenceHandler"/>
        after <handler class="com.wso2.finance.open.banking.gateway.api.schema.validation.RequestSchemaValidationHandler"/> and before <handler class="com.wso2.finance.open.banking.au.consent.enforcement.AUConsentEnforcementHandler">:

        <handler class="com.wso2.finance.open.banking.gateway.api.schema.validation.RequestSchemaValidationHandler"/>
<handler class="com.wso2.finance.open.banking.gateway.au.IdPermanenceHandler"/> 
<handler class="com.wso2.finance.open.banking.au.consent.enforcement.AUConsentEnforcementHandler">

    1. Configure the encryption/decryption key for ID permanence. By default, the secret value is "wso2". 

      [open_banking.au.id_permanence]
secret_key = <SECRET_KEY>
    2. Restart the servers.

  1. Sign in to the API Publisher Portal (https://<WSO2_OB_APIM_HOST>:9443/publisher) as an API creator/publisher.

  2. In the APIs tab, select CREATE NEW API > I Have an Existing REST API

  3. Set the Input Type to OpenAPI File

  4. Click BROWSE FILE TO UPLOAD and select the <WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/CDSAdminAPIs/1.28.0/13th-may-2024-obligation/cds-admin-1.28.0.yaml Swagger file.

  5. Click Next

  6. Set the endpoint as follows: 

    https://<WSO2_OB_APIM_HOST>:9443/api/openbanking/cds-admin-api/au100
  7. Set the business plan to Unlimited : Allows unlimited  requests unless you want to limit the requests. 

  8. Click Create to create the API.
  9. Once you get the message that the API is successfully updated, go to Runtime Configurations using the left menu panel.

  10. Click the edit button under Request > Message Mediation

  11. Now, select the Custom Policy option.   
  12. Upload the <WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/CDSAdminAPIs/1.28.0/cds-admin-endpoint-insequence-1.28.0.xml file and click SELECT

  13. Scroll down and click SAVE.
  14. Now, go to  Properties using the left menu panel.

  15. Click Add New Property.

  16. Add the following properties and click  the Add button to save the values.

    Property NameProperty Value
    ob-specau
    ob-api-typecds-admin

  17. Click SAVE.

  18. Go back to Overview using the left menu panel.

  19. Click PUBLISH.

  20. The published API is available in the Developer Portal at https://<WSO2_OB_APIM_HOST>:9443/devportal.


Important:

Please follow these instructions if your WSO2 Open Banking API Manager Level is lower than 2.0.0.307, your WSO2 Open Banking Identity Server Level is lower than 2.0.0.325, or your WSO2 Open Banking Business Intelligence Server Level is lower than 2.0.0.71.

Backup Required Before Running Migration Scripts

Before proceeding with the migration scripts, please ensure that a full backup of the database has been taken. This precautionary step is crucial to safeguard data integrity.

 Click here to view the changes required to be done to the WSO2 OBBI Server
  • Get the latest live updates for the product.
  • Copy/replace the following files from <WSO2_OB_BI_HOME>/resources/finance/cds-siddhi-files to deployment/siddhi-files:
    • CDSAuthorisationMetricsApp.siddhi
    • CDSAvailabilityMetricsApp.siddhi
    • CDSCurrentPeakTPSApp.siddhi
    • CDSAvailabilityMetricsAggregationApp.siddhi
    • CDSPeakTPSMetricsAggregationApp.siddhi
    • CDSInvocationMetricsApp.siddhi
    • APIRawDataSubmissionApp.siddhi
    • CDSCustomerRecipientMetricsApp.siddhi
  • Replace the <ANALYTICS_HOSTNAME> if it exists in the above files for the receiver.url with the OBBI server hostname.
  • Restart the OBBI server.
 Click here to view the changes required to be done to the WSO2 OBAM Server
  • Get the latest live updates for the product.
  • Update the definition of the CDS Admin API in the publisher portal with the swagger definition provided at <WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/CDSAdminAPIs/1.28.0/13th-may-2024-obligation/cds-admin-1.28.0.yaml.
  • Update the insequence for the CDS Admin API in the publisher portal with the insequence provided at the location <WSO2_OB_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/CDSAdminAPIs/1.28.0/cds-admin-endpoint-insequence-1.28.0.xml.
  • Republish the CDS Admin API after the above changes.

  • Update the following functions in the adaptive authentication script at the location <WSO2_OB_APIM_HOME>/repository/conf/finance/common.auth.script.js as follows:

onLoginRequest:

function onLoginRequest(context) {
    reportingData(context, "AuthenticationAttempted", false, psuChannel);
    reportingAuthorisationData(context, "started");
    doLogin(context);
}

doLogin:

var doLogin = function(context) {
    executeStep(1, {
        onSuccess: function (context) {
            //identifier-first success
            reportingData(context, "AuthenticationSuccessful", false, psuChannel);
            reportingAuthorisationData(context, "userIdentified");
            OTPFlow(context);
        },
        onFail: function (context) { //identifier-first fail
            reportingData(context, "AuthenticationFailed", false, psuChannel);
            doLogin(context);
        }
    });
}

OTPFlow:

var OTPFlow = function(context) {
    executeStep(2, {
				//OTP-authentication
                onSuccess: function (context) {
                    context.selectedAcr = "urn:cds.au:cdr:2";
                    reportingData(context, "AuthenticationSuccessful", true, psuChannel);
                    reportingAuthorisationData(context, "userAuthenticated");
                },
                onFail: function (context) {
                    reportingData(context, "AuthenticationFailed", false, psuChannel);
                    OTPFlow(context);
                }
            });
}
 Click here to view the changes required to be done to the WSO2 OBIAM Server

To calculate the abandonedConsentFlowCount metric, we've added a new step in the process. Now, when the service provider's adaptive authentication script runs, it generates and records a specific data point, which we use to determine how many users have abandoned the consent flow.

There are 2 options to incorporate this change to the already existing service providers:

Option 1

  • Run the relevant database migration script available at the location <WSO2_OB_IAM_HOME>/dbscripts/finance/apimgt/migration_sp_script_for_metrics_v3_to_v4/... against the OPENBANK_APIMGTDB.

Make sure to add the updated adaptive authentication script as mentioned in the previous section(Click here to view the changes required to be done to the WSO2 OBAM Server) to the provided placeholder in the migration script and also make sure that the adaptive authentication script file is located at a place where it is accessible by the database server.

Option 2

  • Go to the carbon console at https://<WSO2_OBIAM_HOSTNAME>:9446/carbon
  • Go to Home > Identity > Service Providers > List
  • Click the Edit action button on each service provider
  • Expand the Local & Outbound Authentication Configuration menu
  • Click Advanced Configuration
  • Update the Script Based Adaptive Authentication with the updated adaptive authentication script
  • Click Update
  • Repeat the above steps for all the previous service providers

Configuring Metrics API v5

Configuring the deployment.toml file of the WSO2 Open Banking API Management module:

  • Use the following configuration to indicate the first date that metrics data is available for metrics v5 computation. The default date is 2024-05-01.
[open_banking.au.admin.api]
metrics_v5_start_date = "2024-05-20"
  • Use the following configuration to indicate the first date that metrics data is available for availability metrics computation. The default date is 2023-11-01.
[open_banking.au.admin.api]
availability_start_date = "2023-12-01"
  • Use the following configuration to define the duration threshold for considering consent as abandoned once the specified time has elapsed. The default value is "300"
[open_banking.au.admin.api]
consent_abandonment_time = "120"
  • Use the following configuration to define the validity period of the authorization code as defined in the WSO2 Open Banking Identity and Access Management module. The default value is "300"
[open_banking.api_security]
authorization_code_validity = "120"

Invoke Metrics API

GET Metrics - GET /admin/metrics

GET /admin/metrics is an endpoint determined by the non-functional requirements for the CDR regime to obtain statistics. 

  • This operation may only be called by the CDR Register.
  • The CDR regime will authenticate the clients seeking access to end points based on a signed JWT.

This is the only endpoint available in the API. A sample request and response are as follows:


Availability Metrics

This is the endpoint that determines the percentage availability of the CDR platform over time. Availability is calculated as follows: 

Data Holders have to publish the outage data to Open Banking Business Intelligence in the following format:

Note:

  • Outages between months need to publish as separate events.
  • Availability value is rounded up to 2 decimal points.
  • Availability metrics calculate for previous months based on the oldest published data (up to a maximum of 12 months).

Publishing Outage Information

Availability Metrics v3

This is available only as a WUM update and is effective from April 09, 2021 (04-09-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

Availability Metrics v4 and v5

This is only available as a WSO2 Update from WSO2 Open Banking API Manager Level 2.0.0.276, WSO2 Open Banking Identity Server Level 2.0.0.294 and WSO2 Open Banking Business Intelligence Server Level 2.0.0.63 onwards. For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

Note:

A new attribute called aspect has been introduced to determine whether the endpoints experiencing the outage are authenticated, unauthenticated, or relevant for both types of endpoints (all).

Deleting Outage Information

This is available only as a WSO2 Update and is effective from September 17, 2021 (09-17-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

You can delete outage information using the /AvailabilityMetricsRawDataApp/IncidentDeletionRawDataStream endpoint.