This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Support for non-regulatory APIs
WSO2 Open Banking supports publishing non-regulatory APIs that are not bound to any regulations or standards. You can create non-regulatory applications to access the non-regulatory APIs.
Certain security aspects of regulatory applications are minimised to cater to business use cases of a bank. The non-regulatory applications access the non-regulatory APIs without transport layer security. Therefore, grant types that are not allowed in regulatory applications such as password can be used in non-regulatory applications. These features add more flexibility in designing use cases and user experiences when managing APIs and applications using WSO2 Open Banking. For example, you can publish an API to retrieve branch details and ATM details of a bank.Â
You can use one of the following methods to deploy a non-regulatory API in the API Publisher of WSO2 Open Banking API Manager
.
This document explains how to create an application that subscribes to a non-regulatory API using WSO2 Open Banking.
A sample non-regulatory API is available in WSO2 Open Banking.
Create an application
This section explains how to create an application to subscribe to non-regulatory APIs.
- Sign in to the Developer Portal (
https://<WSO2_OB_APIM_HOST>:9443/devportal
) with a user whose roles includesÂInternal/subscriber
. - Go to the Applications tab in the Developer Portal. Â
Click ADD NEW APPLICATION.
Enter application details.
Clear the checkbox with the label
Will this application handle regulatory compliance APIs?
This is to mark whether this application handles any regulatory compliance APIs or not. By default, this box is checked. For non-regulatory compliance applications, make sure to clear the checkbox.
- Click SAVE.Â
Subscribe to API
Use the application created above to subscribe to a non-regulatory API to access the API resources. Once subscribed, the application can access all the supported services of the API resources.
Go to the APIs tab in the Developer portal.
Select the deployed non-regulatory API.
- Go to Subscriptions  at the bottom of the API and select SUBSCRIBE .
- Select your non-regulatory Application from the drop-down list, set the Throttling Policy and click SUBSCRIBE.
- Once you subscribe, you can find the list of subscriptions in the bottom.
Now that you have subscribed to the API, generate access tokens and invoke the API.
Generating Keys
After creating an application it is configured as a Non-Regulatory application. Follow the steps below to generate keys:
- Once the application is successfully created, you are redirected to the Overview page of the application.Â
- Scroll down and select either of the following types of keys:
Production Keys: Generates access tokens in the production environment.
Sandbox Keys: Generates access tokens in the sandbox environment.
- Click Manage at the bottom of the page.
Provide the requested information as defined below:Â Â
Field
Description
Grant Types
These determine the credentials that are used to generate the access token. All the grant types are applicable for non-regulatory applications and you may select them by checking the boxes.
- Code: This relates to the authorisation code grant type and is applicable when consuming the API as a user.
- Implicit:Â This is similar to the code grant type, but instead of generating code, this directly provides the access token.
- Refresh Token: This is to renew an expired access token.
- Client Credential: This relates to the client credentials grant type and is applicable when consuming the API as an application.
Callback URL
The URL used by the application to receive the authorisation code sent from the bank. The authorisation code can be used later to generate an OAuth2 access token.
Application Certificate
This is the content between the BEGIN CERTIFICATE and END CERTIFICATE strings of the application certificate (.PEM). Â
- Click GENERATE KEYS to generate production or sandbox keys. It generates consumer key and consumer secret.
Now you can invoke the API using the non-regulatory application.Â