This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, go to https://wso2.com/documentation/.

Consumer Data Standards API

Owned by Former user (Deleted)
Last updated: Oct 29, 2020
3 min read

Data Recipients can use the Consumer Data Standards API v1.2.0 to retrieve the account and transaction details of consumers with the authorisation of the consumer. This documentation explains the Consumer Data Standards API under the following topics:

Basic flow

The diagram below provides a general outline of the Consumer Data Standards API flow.

  1. The Data Recipient sends an authorisation request to the Data Holder. This request is sent to authenticate the consumer before retrieving information through an Accredited Data Recipient's interface.
  2. The consumer logs into the Data Holder’s authorisation webpage using the username. This is achieved using the identifier-first authenticator in the WSO2 Open Banking Identity and Access Management module. Once the username is entered, an OTP is sent. Instead of the password, auth web app of the Identity and Access Management module authenticates the consumer using the username and the OTP. Upon successful authentication, the consumer can view requested data. At this point, the consumer requires to select the account and authorise CDR Arrangement ID.
  3. The Auth web app of the Identity and Access Management module sends an authorisation code to the defined redirection URL of Data Recipient application.
  4. The Data Recipient requests for a user access token and a refresh token using the authorisation code sent in step 4.
  5. Using the generated access token, now the Data Recipient can retrieve information via the Data Holder's interface.

Sequence Diagram

Authorisation flow

Access token generation

Information retrieval flow

Endpoints

Following endpoints are available in the Consumer Data Standards API 1.2.0.

  • The Product Reference Data (PRD) endpoints do not require authentication. Banks need to expose these endpoints by the phase I deadline. PRD endpoints: Get Products and Get Products Detail.
  • The rest of the endpoints are secured endpoints and are used to retrieve consumer data. Banks need to expose these endpoints in phase II.

For more information on Authorisation Scopes, see https://consumerdatastandardsaustralia.github.io/standards/#authorisation-scopes.