/
Integrate Open Banking Business Intelligence

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Integrate Open Banking Business Intelligence

Jan 25, 2023

The WSO2 Open Banking Business Intelligence(WSO2 OB BI) component enables monitoring and recording of API-level usage activity to ensure that the API owners have full awareness of the APIs, applications, and subscriptions. It generates alerts by analyzing the risk involved in transactions and fraudulent activities. It also generates statistics using the data collected from WSO2 Open Banking Identity and Access Management and API Management modules. WSO2 Open Banking Business Intelligence module contains the following features: 

API Analytics

Provides reports, statistics and graphs on the APIs deployed in WSO2 Open Banking API Manager. Helps Third-party providers (TPP) to monitor how their applications perform while banks can analyze how the bank APIs perform.

Transaction Risk Analysis

Enables analyzing the risk level based on predefined rules and exempt the user from having to provide the second factor.

Fraud Detection

For transaction monitoring mechanisms to detect unauthorized or fraudulent transactions and generate alerts. It also exempts the security requirements of strong customer authentication based on the identified level of risk and recurrence of the payment transaction. 

Data Reporting

The WSO2 Open Banking Business Intelligence captures data published in WSO2 Open Banking Identity and Access Management and API Management modules. Data Reporting is the process of processing and summarizing this data. 

It also supports business Key Performance Indicator (KPI) dashboards with business intelligence and insights on usage trends as well as custom business insights on the account and payment flows. The decision-makers of banks can use these statistics to align the business to better suit the customer needs and ultimately increase profits.  The configurable alerting module enables informing the necessary parties of abnormal behaviour, e.g., API failures, a sudden increase in the response time of APIs, and a change in the API resource access pattern.

The placement of the WSO2 OB BI component is as follows:

Before you begin

Download Open Banking Business Intelligence and unzip the file, or add it through WUM using the following commands:

  1. Add the wso2-obbi WUM pack.

    wum add wso2-obbi-<version>

  2. Update the wso2-obbi product pack using WUM.

    wum update wso2-obbi-<version>

  3. Copy <WSO2_OB_BI_HOME>/resources/finance/scripts/wso2-obbi-conf/deployment.yaml to <WSO2_OB_BI_HOME>/conf/worker/deployment.yaml. 

The WSO2 Open Banking Business Intelligence server uses the worker and dashboard profiles for the above-mentioned features. In a production deployment, the worker and dashboard profiles should run in two different JVMs. You need to enable the below ports, in order to publish data to these two nodes.

  • <WSO2_OB_BI_HOME>/conf/worker/deployment.yaml

  • <WSO2_OB_BI_HOME>/conf/dashboard/deployment.yaml

You can find that the worker node has a port offset of 1 and it opens the following ports.

The dashboard node has a port offset of 6 and it opens the following port.

Configuring databases

The following is a list of database versions that are compatible with the WSO2 API Manager Analytics.

  • MySQL 5.7 

  • MS SQL Server 2016 

  • Oracle 12c

  1. Make sure the following databases are created in your database server, if not create them:  

    • openbank_apimgt_statsdb 

    • openbank_openbankingdb 

    • openbank_geolocationdb

    • openbank_ob_reporting_statsdb

    • openbank_ob_reporting_summarizeddb

  2. Update the  <WSO2_OB_BI_HOME>/conf/worker/deployment.yaml  file. Modify the datasources below by pointing them to the databases you created in the above step (in the given order). 

    • APIM_ANALYTICS_DB

    • OPEN_BANKING_DB

    • GEO_LOCATION_DATA

    • OB_REPORTING_DB  

    • OB_REPORTING_SUMMARIZED_DB

    Update the datasource entry in the deployment.yaml with your database configurations.

    - name: GEO_LOCATION_DATA description: "The data source used for geo location database" jndiConfig: name: jdbc/GEO_LOCATION_DATA definition: type: RDBMS configuration: jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_geolocationdb?autoReconnect=true&useSSL=false' username: <USERNAME> password: <PASSWORD> driverClassName: com.mysql.jdbc.Driver maxPoolSize: 50 idleTimeout: 60000 connectionTestQuery: SELECT 1 # Use below for oracle database # connectionTestQuery: SELECT 1 FROM DUAL validationTimeout: 30000 isAutoCommit: false - name: APIM_ANALYTICS_DB description: "The datasource used for APIM statistics aggregated data." jndiConfig: name: jdbc/APIM_ANALYTICS_DB definition: type: RDBMS configuration: jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_apimgt_statsdb?autoReconnect=true&useSSL=false' username: <USERNAME> password: <PASSWORD> driverClassName: com.mysql.jdbc.Driver maxPoolSize: 50 idleTimeout: 60000 connectionTestQuery: SELECT 1 validationTimeout: 30000 isAutoCommit: false - name: OPEN_BANKING_DB description: "The datasource used to store payment consents" jndiConfig: name: jdbc/OPEN_BANKING_DB definition: type: RDBMS configuration: jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_openbankingdb?autoReconnect=true&useSSL=false' username: <USERNAME> password: <PASSWORD> driverClassName: com.mysql.jdbc.Driver maxPoolSize: 50 idleTimeout: 60000 connectionTestQuery: SELECT 1 validationTimeout: 30000 isAutoCommit: false - name: OB_REPORTING_DB description: The datasource used to store statistics for OB Reporting module jndiConfig: name: jdbc/OB_REPORTING_DB definition: type: RDBMS configuration: jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_statsdb?autoReconnect=true&useSSL=false' username: <USERNAME> password: <PASSWORD> driverClassName: com.mysql.jdbc.Driver maxPoolSize: 20 idleTimeout: 60000 connectionTestQuery: SELECT 1 validationTimeout: 30000 isAutoCommit: false - name: OB_REPORTING_SUMMARIZED_DB description: The datasource used to store statistics for OB Reporting module jndiConfig: name: jdbc/OB_REPORTING_SUMMARIZED_DB definition: type: RDBMS configuration: jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_summarizeddb?autoReconnect=true&useSSL=false' username: <USERNAME> password: <PASSWORD> driverClassName: com.mysql.jdbc.Driver maxPoolSize: 20 idleTimeout: 60000 connectionTestQuery: SELECT 1 validationTimeout: 30000 isAutoCommit: false

  3. Modify the datasources of AM_DB and OB_REPORTING_DB  in the <WSO2_OB_BI_HOME>/conf/dashboard/deployment.yaml file.                                                          

    Use your database configurations and update the datasource properties as follows: 

    #Main datasource used in API Manager - name: AM_DB description: Main datasource used by API Manager jndiConfig: name: jdbc/AM_DB definition: type: RDBMS configuration: jdbcUrl: "jdbc:mysql://localhost:3306/openbank_apimgtdb?autoReconnect=true&useSSL=false" username: <USERNAME> password: <PASSWORD> driverClassName: 'com.mysql.jdbc.Driver' maxPoolSize: 10 idleTimeout: 60000 connectionTestQuery: SELECT 1 validationTimeout: 30000 isAutoCommit: false - name: OB_REPORTING_DB description: The datasource used to store statistics for OB Reporting module jndiConfig: name: jdbc/OB_REPORTING_DB definition: type: RDBMS configuration: jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_statsdb?autoReconnect=true&useSSL=false' username: <USERNAME> password: <PASSWORD> driverClassName: 'com.mysql.jdbc.Driver' maxPoolSize: 20 idleTimeout: 60000 connectionTestQuery: SELECT 1 # Use below for oracle database # connectionTestQuery: SELECT 1 FROM DUAL validationTimeout: 30000 isAutoCommit: false

Configuring WSO2 OB BI worker 

Update listenerConfigurations in the <WSO2_OB_BI_HOME>/wso2/worker/conf/transports/netty-transports.yml as follows:

Note that keyStorePass: wso2carbon needs to be changed as keyStorePassword: wso2carbon.

listenerConfigurations: - id: "default" host: "0.0.0.0" port: 9090 messageProcessorId: "MSF4J-CM-PROCESSOR" - id: "https" host: "0.0.0.0" port: 9443 scheme: https keyStoreFile: ${carbon.home}/resources/security/wso2carbon.jks keyStorePassword: wso2carbon certPass: wso2carbon messageProcessorId: "MSF4J-CM-PROCESSOR"

Configuring keystores

In the SSL handshake between the Open Banking API Manager and Open Banking Business Intelligence servers, the client (i.e. Open Banking API Manager) needs to verify the certificate presented by the server (i.e. Open Banking Business Intelligence). For this purpose, the client stores the trusted certificate of the server in the client-truststore.jks keystore.

If you use a custom keystore in Open Banking API Manager and/or Open Banking Business Intelligence, import the public key certificate of Open Banking Business Intelligence into the client-truststore.jks file of the Open Banking API Manager. To export the public key from the server and import it into the client's trust store, follow the steps given in Adding CA-signed certificates to keystores in the Administration Guide.

Enabling data publishing in API Manager

Follow the instructions below to configure the WSO2 Open Banking API Manager to publish statistics. 

  1. Open the <WSO2_OB_APIM_HOME>/repository/conf/deployment.toml file

  2. Enable the[apim.analytics] sub-element by configuring it as true.

    [apim.analytics] enable = false

  3. Change the values for the following properties accordingly:

    [apim.analytics] receiver_urls = "{tcp://<WSO2_OB_BI_HOST>:7612}" receiver_username = "$ref{super_admin.username}@carbon.super" receiver_password = "$ref{super_admin.password}" store_api_username = "$ref{super_admin.username}@carbon.super"

  4. Set the enable property under [open_banking.au.unattended_session_count_throttling] to true.

    [open_banking.au.unattended_session_count_throttling] enable = true

  5. If you're using a custom keystore where the keystore password is not "wso2carbon":

    1. Open the <WSO2_OB_BI_HOME>/conf/worker/deployment.yaml file.

    2. Add the following configurations under the siddhi tag:  

      - extension: name: 'http-request' namespace: 'source' properties: keyStoreFile : ${sys:carbon.home}/resources/security/wso2carbon.jks keyStorePassword : <password> keyStoreAlgorithm : SunX509

  6. Save the changes and restart the WSO2 Open Banking API Manager server.

Enabling Open Banking Data Publishing

Follow the steps below to enable Data Reporting. 

  1. Open  <WSO2_OB_APIM_HOME>/repository/conf/deployment.toml and  <WSO2_OB_IAM_HOME>/repository/conf/deployment.toml  files.

  2. Under the [open_banking.bi_server.data_publishing] sub-element set the enable property to true to enable the feature. 

  3. Replace the <WSO2_OB_BI_HOST> placeholder with the hostname of your WSO2 OB BI server and configure the other parameters accordingly.  

    [open_banking.bi_server.data_publishing] enable = false server_url = "{tcp://<WSO2_OB_BI_HOST>:7612}"

Improving Metrics API Performance

Follow the steps below to improve the performance of the Metrics API.

This is only available as a WSO2 Update from WSO2 Open Banking API Manager Level 2.0.0.136, WSO2 Open Banking Identity Server Level 2.0.0.147, and WSO2 Open Banking Business Intelligence Level 2.0.0.36 onwards. For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

This can be configured only in Open Banking for AU.

 

  1. Open the <WSO2_OB_APIM_HOME>/repository/conf/deployment.toml file.

  2. Add the following configurations:

    [open_banking.au.admin.api] self_url = "https://localhost:8243/cds-au/v2/admin/" current_tps_retrieval_url = "http://<ANALYTICS_HOSTNAME>:8007/CDSCurrentPeakTPSApp/CDSCurrentPeakTPSAppStream" max_tps_aggregation_url = "https://<ANALYTICS_HOSTNAME>:8008/CDSPeakTPSMetricsAggregationApp/MaxTPSMetricsAggregationInputStream" availability_aggregation_url = "https://<ANALYTICS_HOSTNAME>:8008/CDSAvailabilityMetricsAggregationApp/AvailabilityMetricsAggregationInputStream"
    [open_banking.periodical_task_manager] enable = true

  3. Open the <WSO2_OB_APIM_HOME>/repository/conf/finance/quartz.properties file.

  4. Replace the <CARBON_HOME> placeholder with the path to the WSO2 Open Banking API Manager component.

  5. Follow the steps in the Periodical Task Manager and CRON job service documentation.

  6. Go to the <WSO2_OB_BI_HOME>/resources/finance/cds-siddhi-files folder.

  7. Copy the CDSAvailabilityMetricsAggregationApp.siddhi, CDSPeakTPSMetricsAggregationApp.siddhi, and CDSCurrentPeakTPSApp.siddhi files to the <OBBI_HOME>/deployment/siddhi-files folder.

  8. Go to the <WSO2_OB_BI_HOME>/deployment/siddhi-files folder.

  9. Replace the <ANALYTICS_HOSTNAME> with the correct hostname of the BI server in the CDSAvailabilityMetricsAggregationApp.siddhi, CDSPeakTPSMetricsAggregationApp.siddhi, and CDSCurrentPeakTPSApp.siddhi files.

Enabling the Sharing Date Display Feature

This feature is provided only in Open Banking for AU.

This is only available as a WSO2 Update from WSO2 Open Banking API Manager Level 2.0.0.201, WSO2 Open Banking Identity Server Level 2.0.0.214, and WSO2 Open Banking Business Intelligence Level 2.0.0.53 onwards. For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

If you already have a working setup of WSO2 OB Business Intelligence, follow the steps below to enable the sharing date display feature:

For more information, see the Configuring Consent Manager documentation.

Enabling Transaction Risk Analysis (TRA) 

  1. Open the <WSO2_OB_IAM_HOME>/repository/conf/deployment.toml and <WSO2_OB_APIM_HOME>/repository/conf/deployment.toml files to enable Transaction Risk Analysis (TRA):

    1. To enable the TRA feature, set the enable property under [open_banking.bi_server.tra] to true. To enable the feature for both payments and accounts, set the configurations as follows:

      [open_banking.bi_server.tra] enable = true payment_validation.enable = true account_validation.enable = true

    2. You can enable TRA for either payments and accounts validations. Set only the relevant property to true.  For example: 

      • To enable TRA only for payments :

        [open_banking.bi_server.tra] enable = true payment_validation.enable = true account_validation.enable = false

      • To enable TRA only for accounts:

        [open_banking.bi_server.tra] enable = true payment_validation.enable = false account_validation.enable = true

    3. The configurations related to TRA Receivers are under the [open_banking.bi_server.tra.receivers] property. You may use the default WSO2 Open Banking Business Intelligence server username and password. Replace the placeholders in  account_validation_url and payment_validation_url properties to set the Account and Payment validation URLs respectively.

      [open_banking.bi_server.tra.receivers] account_validation_url = "http://<WSO2_OB_BI_HOST>:8007/TRAAccountValidationApp/TRAValidationStream" payment_validation_url = "http://<WSO2_OB_BI_HOST>:8007/TRAPaymentValidationApp/TRAValidationStream"

  2. Make the following changes to the files given below.

    1. Open the <WSO2_OB_BI_HOME>/deployment/siddhi-files/TRAAccountValidationApp.siddhi file.

      • Update the <WSO2_OB_BI_HOST> placeholder in the receiver URL, with the hostname of your WSO2 OB BI server. 

        receiver.url='http://<WSO2_OB_BI_HOST>:8007/TRAAccountValidationApp/TRAValidationStream'

    2. Open the <WSO2_OB_BI_HOME>/deployment/siddhi-files/TRAPaymentValidationApp.siddhi file.

      • Update the <WSO2_OB_BI_HOSTNAME> placeholder in the receiver URL, with the hostname of your WSO2 OB BI server. 

        receiver.url='http://<WSO2_OB_BI_HOST>:8007/TRAPaymentValidationApp/TRAValidationStream'

Enabling Fraud Detection

  1. Open the <WSO2_OB_IAM_HOME>/repository/conf/deployment.toml and <WSO2_OB_APIM_HOME>/repository/conf/deployment.toml files to enable Fraud Detection: 

    1. To enable the feature, set the enable property under [open_banking.bi_server.fraud_detection] to true

      [open_banking.bi_server.fraud_detection] enable = true

    2. The configurations related to Fraud Detection receivers are under the [open_banking.bi_server.fraud_detection.receivers] property. You may use the default WSO2 Open Banking Business Intelligence server username and password. Replace the placeholders in  account_validation_url and payment_validation_url properties to set the Account and Payment validation URLs respectively.

      [open_banking.bi_server.fraud_detection.receivers] fraud_detection_url = "http://<WSO2_OB_BI_HOST>:8007/FraudDetectionApp/FraudDetectionStream" invalid_submission_url = "http://<WSO2_OB_BI_HOST>:8006/InvalidSubmissionsApp/InvalidSubmissionsStream"

  2. Open the <WSO2_OB_BI_HOME>/deployment/siddhi-files/FraudStatusUpdaterApp.siddhi file and update <localhost> in the receiver URL with the hostname of your WSO2 OB BI server.

  3. Once you configure the TRA and FD modules, start the servers in the order of:

1. Dashboard profile in <WSO2_OB_BI_HOME>/bin

2. Worker profile in <WSO2_OB_BI_HOME>/bin

3. WSO2 OB IAM

4. WSO2 OB APIM

[Back to Top]

Enabling performance tuning and starting the servers

  1. You can enable performance tuning by adding configurations, as described in Performance Tuning in the WSO2 Stream Processor documentation.

  2. Navigate to the <WSO2_OB_BI_HOME>/bin directory, and give execution permissions to the dashboard.sh file.

  3. Run the API Manager Analytics dashboard.sh as follows: 

    ./dashboard.sh

  4. Navigate to the <WSO2_OB_BI_HOME>/bin directory and give execute permissions to the worker.sh file.

  5. Run the following command and start the WSO2 Open Banking Business Intelligence in worker profile.

    ./worker.sh

  6. Restart the Identity and Access Management and API Management servers in the mentioned order. 

  7. The Fraud Detection dashboards are accessible at https://<WSO2_OB_BI_HOST>:9643/portal/dashboards/frauddetectiondashboard/home.

  8. You can view API analytics data as described below:

    • Log in to the API Store or API Publisher.

    • Click the Analytics tab.

    • You can view API Usage, Top Users and Faulty Invocations details through the subtopics.

  9. To observe data analysis based on geographical locations, see Configuring Geolocation Based Statistics.

The WSO2 Open Banking Business Intelligence captures data published in WSO2 Open Banking Identity and Access Management and API Management modules. Data Reporting is the process of processing and summarizing this data. For more details, see PSD2 Data Reporting.