/
WSO2 API Microgateway for WSO2 Open Banking

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

WSO2 API Microgateway for WSO2 Open Banking

Mar 21, 2023

The WSO2 API Microgateway is a lightweight message processor for APIs. The API Microgateway is used for message security, transport security, routing, and other common API Management related quality of services. It can process incoming and outgoing messages while collecting information required for usage metering and throttling capabilities. The API Microgateway natively supports scaling in highly decentralized environments including microservice architecture. An immutable, ephemeral Microgateway fits well with the microservice architecture. 

Setting up API Microgateways close to your backend servers and on-premise deployments not only reduces network latency but also adds additional security as you can run it in a fully controlled environment with a selected set of APIs. You can run the API Microgateway in a regional data centre, in the same server instance as your service implementation, or even in your local workstation.

The API microgateways are placed as follows when placed in a deployment diagram. 

Before you begin:

  1. Download and set up the WSO2 Open Banking 2.0 solution.

  2. Install and set up Docker in your servers.

  3. Download Microgateway Docker images for WSO2 Open Banking Australia. WSO2 Open Banking contains Docker images for each API in the Consumer Data Standards (CDS) specification. The Docker images are available in the Docker Hub. 

The following section explains how to try out the Consumer Data Standards API using WSO2 API Microgateway:

  1. Pull the Docker image for Consumer Data Standards API from the Docker registry.

  2. Run the Docker image using the commands below:

  3. All the configurations related to WSO2 API Microgateway and WSO2 Open Banking are available in the micro-gw.conf file. 

    1. Get the container Id of the Docker image with the API: 

      docker ps

    2. Copy the micro-gw.conf file from the Docker image to the host: 

      docker cp <CONTAINER_ID>:/home/ballerina/conf/micro-gw.conf <DEST_PATH>

  4. Configure the micro-gw.conf file:

    1. The microgateway is available in the port defined below, by default it's set to 9095: 

      [listenerConfig] httpsPort = 9095

    2. Configure the hostname of your  WSO2 Open Banking Identity and Access Manager server in the following configuration:

      [keyManager] serverUrl = "https://<WSO2_OB_IAM_HOST>:9446"

    3. Configure the hostname of your WSO2 Open Banking API Manager server in the following configuration:

      [apiManager] serverUrl = "https://<WSO2_OB_APIM_HOST>:9443"
      [openbanking.iam] serverUrl = "https://<WSO2_OB_IAM_HOST>:9446"

    4. If the Admin APIs are being deployed using the Microgateway Docker image, update the below configurations based on the deployment:

    5. Configure encryption/decryption key for ID permanence under the [openbanking.au] tag. By default, the secret key value is "wso2". 

      [openbanking.au.id.permanence] secretKey = <SECRET_KEY>

    6. To remove the Auth header from the authentication filter, set the following configuration to true. For throttling purposes, set the value to false

      [authConfig] removeAuthHeaderFromOutMessage = false

    7. To avoid sending the Auth header to the back end, add the following configuration under the [openbanking] tag and set the value to true.

       

      • This is only available for wso2-obmg-au-cds docker images.

        [openbanking.authConfig] removeAuthHeaderFromOutMessage = true

    8. Add custom filters using the following configuration: 

      [openbanking.au.filters] <FilterName>="Fully qualified class name"

       

      • You can configure filters; add custom filters and skip certain filters with the following configurations:  

    9. Copy the updated micro-gw.conf file to the Docker image:

      docker cp <PATH_TO_UPDATED_micro-gw.conf> <CONTAINER_ID>:/home/ballerina/conf/micro-gw.conf

  5. If you have a distributed deployment, exchange the certificates as explained in Setting Up Servers-Exchanging the certificates.

  6. Add any additional certificates to the client truststore of the Docker image:

    1. Get the container Id of the Docker image with CDS API: 

      docker ps

    2. Copy the ballerinaTruststore.p12 file from the Docker image to the host: 

      docker cp <CONTAINER_ID>:/home/ballerina/wso2/runtime/bre/security/ballerinaTruststore.p12 <DEST_PATH>

    3. Use the keytool commands and add the relevant certificates (regulatory certificates, server certificates) to the copied ballerinaTruststore.p12 file. The password to access the keystore is ballerina.

      keytool -import -alias <CERT_ALIAS> -file <CERT_TO_ADD> -keystore ballerinaTruststore.p12 -storepass ballerina

    4. Copy the updated client trustore to the Docker image:

      docker cp <PATH_TO_UPDATED_ballerinaTruststore.p12> <CONTAINER_ID>:/home/ballerina/wso2/runtime/bre/security/ballerinaTruststore.p12

  7. Run the Docker image using the commands below: 

    • <PRODUCTION_ENDPOINT_URL> : Endpoint URL of the production server. For a sandbox environment, instead of productionEndpoint_prod_endpoint_0, use the sandboxEndpoint_sand_endpoint_0=<SANDBOX_ENDPOINT_URL> flag.

    • <PROJECT_NAME>: Name of Docker image without the registry hostname.

    • <PUBLISHED_PORT>: The port which the Docker image is exposed.

    • <HTTPS_PORT>: httpsPort configured in the micro-gw.conf file.

    • <WSO2_OB_SOLUTION_VERSION>: The version of the WSO2 Open Banking solution.

  8. Invoke the endpoints using the proper server hostname and port of your WSO2 API Microgateway (WSO2 API MG) server.