This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Support for non-regulatory APIs

WSO2 Open Banking supports publishing non-regulatory APIs that are not bound to any regulations or standards. You can create non-regulatory applications to access the non-regulatory APIs.

Certain security aspects of regulatory applications are minimised to cater to business use cases of a bank. The non-regulatory applications access the non-regulatory APIs without transport layer security. Therefore, grant types that are not allowed in regulatory applications such as password can be used in non-regulatory applications. These features add more flexibility in designing use cases and user experiences when managing APIs and applications using WSO2 Open Banking. For example, you can publish an API to retrieve branch details and ATM details of a bank. 

You can use one of the following methods to deploy a non-regulatory API in the API Publisher of WSO2 Open Banking API Manager

.

This document explains how to create an application that subscribes to a non-regulatory API using WSO2 Open Banking.

A sample non-regulatory API is available in WSO2 Open Banking.

 Click here to see how to deploy the sample non-regulatory API
  1. Sign in to the API Publisher (https://<WSO2_OB_APIM_HOST>:9443/publisher) with a user whose roles includes Internal/publisher.

  2. Click Deploy Sample API . This is to deploy the sample PizzaShackAPI - 1.0.0, which is a non-regulatory API.
  3. Upon successful deployment, you are redirected to the Overview page for the Pizza Shack v1.0.0 API.

Create an application

This section explains how to create an application to subscribe to non-regulatory APIs.

  1. Sign in to the Developer Portal (https://<WSO2_OB_APIM_HOST>:9443/devportal) with a user whose roles includes Internal/subscriber.
  2. Go to the Applications tab in the Developer Portal.  
  3. Click  ADD NEW APPLICATION.

  4. Enter application details.

    Clear the checkbox with the label Will this application handle regulatory compliance APIs?

    This is to mark whether this application handles any regulatory compliance APIs or not. By default, this box is checked. For non-regulatory compliance applications, make sure to clear the checkbox.

  5. Click  SAVE. 

Subscribe to API

Use the application created above to subscribe to a non-regulatory API to access the API resources. Once subscribed, the application can access all the supported services of the API resources.

  1. Go to the APIs tab in the Developer portal.

  2. Select the deployed non-regulatory API.

  3. Go to  Subscriptions  at the bottom of the API and select  SUBSCRIBE .
  4. Select your non-regulatory Application from the drop-down list, set the Throttling Policy and click SUBSCRIBE.
  5. Once you subscribe, you can find the list of subscriptions in the bottom.
  6. Now that you have subscribed to the API, generate access tokens and invoke the API.

Generating Keys

After creating an application it is configured as a Non-Regulatory application. Follow the steps below to generate keys:

  1. Once the application is successfully created, you are redirected to the Overview page of the application. 
  2. Scroll down and select either of the following types of keys:
    1. Production Keys: Generates access tokens in the production environment.

    2. Sandbox Keys: Generates access tokens in the sandbox environment.

  3. Click Manage at the bottom of the page.
  4. Provide the requested information as defined below:  

    Field

    Description

    Grant Types

    These determine the credentials that are used to generate the access token. All the grant types are applicable for non-regulatory applications and you may select them by checking the boxes.

    • Code: This relates to the authorisation code grant type and is applicable when consuming the API as a user.
    • Implicit: This is similar to the code grant type, but instead of generating code, this directly provides the access token.
    • Refresh Token: This is to renew an expired access token.
    • Client Credential: This relates to the client credentials grant type and is applicable when consuming the API as an application.

    Callback URL

    The URL used by the application to receive the authorisation code sent from the bank. The authorisation code can be used later to generate an OAuth2 access token.

    Application Certificate

    This is the content between the BEGIN CERTIFICATE and END CERTIFICATE strings of the application certificate (.PEM).  

  5. Click  GENERATE KEYS to generate production or sandbox keys. It generates consumer key and consumer secret.

Now you can invoke the API using the non-regulatory application.Â