Configuring Open Banking API Management for Australia

Follow the below-mentioned steps to deploy the Open Banking API Management (WSO2-OB-APIM) module.

Copy the <WSO2_OB_APIM_HOME>/repository/resources/finance/scripts/wso2-obam-conf/deployement/au/deployment.toml file to the <WSO2_OB_APIM_HOME>/repository/conf/ directory and replace the existing one.
Do the below-mentioned configurations in <WSO2_OB_APIM_HOME>/repository/conf/deployment.toml and restart the Open Banking API Manager server.

Make sure the Identity and Access Management server is running before you start the API Manager server.
To start, go to the <WSO2_OB_APIM_HOME>/bin directory and execute the following command:
```
./wso2server.sh
```


[[custom_message_formatters]]
class = "org.apache.axis2.format.PlainTextFormatter"
content_type = "application/jwt"

[[custom_message_builders]]
class = "org.apache.axis2.format.PlainTextBuilder"
content_type = "application/jwt"
[transport.passthru_https.sender.parameters]
HostnameVerifier = "AllowAll"

[transport.passthru_https.listener.parameters]
"SSLVerifyClient" = "optional"
#Use below for oracle
#validationQuery="SELECT 1 FROM DUAL"
[super_admin]
username = "<username>"
password = "<password>"
create_admin_account = true

[realm_manager]
data_source= "WSO2UM_DB"

[user_store]
type = "database_unique_id"
class = "org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager"

[user_store.properties]
UsernameJavaRegEx = "a-zA-Z0-9@._-{3,30}$"
UsernameJavaScriptRegEx = "^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,4}$"
SCIMEnabled = false
IsBulkImportSupported = false
LeadingOrTrailingSpaceAllowedInUserName = false
UsernameWithEmailJavaScriptRegEx = "^[\\S]{3,30}$"

[authorization_manager]
class = "org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager"

[authorization_manager.properties]
AdminRoleManagementPermissions = "/permission"
AuthorizationCacheEnabled = true
GetAllRolesOfUserEnabled = false
[[apim.gateway.environment]]
http_endpoint = "http://<WSO2_OB_APIM_HOST>:${http.nio.port}"
https_endpoint = "https://<WSO2_OB_APIM_HOST>:${https.nio.port}"
[apim.analytics]
enable = false

receiver_username = "$ref{super_admin.username}@carbon.super"
store_api_username = "$ref{super_admin.username}@carbon.super"
[apim.key_manager]
service_url = "https://<WSO2_OB_IAM_HOST>:9446${carbon.context}services/"
key_manager_client_impl = "com.wso2.finance.open.banking.sca.keymanager.SCABasedKeyManagerClient"
[apim.oauth_config]
enable_outbound_auth_header = true
[apim.oauth_config]
white_listed_scopes = ["^device_.*", "openid", "^OB_.*", "^TIME_.*"]
[apim.devportal]
enable_comments = false
enable_ratings = false
[apim.throttling]
enable_data_publishing = true
jms.topic_connection_factory = "amqp://admin!wso2.com!carbon.super:$ref{super_admin.password}@clientid/carbon?brokerlist='tcp://${carbon.local.ip}:${jms.port}'"
receiver_username = "$ref{super_admin.username}@carbon.super"
[server]
hostname = "<WSO2_OB_APIM_HOST>"
node_ip = "IP_ADDRESS"
mode = "single" #single or ha
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
#discard_empty_caches = false
server_role = "default"
[open_banking]
deployed_spec = "AU"
[open_banking]
sharable_accounts_retrieve_endpoint ="http://<WSO2_OB_APIM_HOST>:9763/api/openbanking/backenduk/services/bankaccounts/bankaccountservice/sharable-accounts"
[open_banking.au.metadata_cache]
default_timeout = 1
dcr_internal_url = "https://<WSO2_OB_APIM_HOST>:9443/api/openbanking/dynamic-client-registration/common/register/"
[open_banking.au.metadata_cache]
metadata_mgt_endpoint = "https://<WSO2_OB_IAM_HOST>:9446/api/openbanking/au-metadata-mgt/au100/register/metadata"
[open_banking.au]
holder_identifier = "ABC-Bank"
[open_banking.au.admin.api]
self_url = "_self-url_"
[open_banking.api_security]
mtls_token_binding.enable = false
[open_banking.cert_mgt]
client_auth_header = "x-wso2-mutual-auth-cert"
[open_banking.bi_server.data_publishing]
enable = false
server_url = "{tcp://<WSO2_OB_BI_HOST>:7612}"
[open_banking.api_security.global]
username = "$ref{super_admin.username}"
password = "$ref{super_admin.password}"
[open_banking.dcr]
uri_validation.enable = false
hostname_validation.enable = false
software_id_as_application_name.enable = true
[open_banking.dcr]
sector_identifier_uri_validation.enable = true
[open_banking.dcr]
request_jti_validation.enable = true
ssa_jti_validation.enable = true
jti_cache_expiry_time = 60
[open_banking.jwt_authentication_handler]
enable = true
issuer = "cdr-register" [default value]
subject = "cdr-register" [default value]
audience = "https://wso2ob.com"
jwks_url = "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/9b5usDpbNtmxDcTzs7GzKp.jwks"
cache_expiry_time = "1440"
[open_banking.sca]
primary_authenticator.name="OBIdentifierExecutor"
primary_authenticator.display_name="ob-identifier-first"
[open_banking.account_id_validation_on_retrieval]
enable = true
[open_banking.uk.inbound_signature]
algo = "PS256"
##
## Start of AU Specification Handlers
##

#if($apiObj.additionalProperties.get("ob-spec") == "au" && $apiObj.additionalProperties.get("ob-api-type") != "dcr"
&& $apiObj.additionalProperties.get("ob-api-type") != "cdr-arrangement"
&& $apiObj.additionalProperties.get("ob-api-type") != "cds-admin")
<handler class="com.wso2.finance.open.banking.custom.throttling.CDSThrottlingPolicyHandler"/>
<handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSValidationHandler"/>
<handler class="com.wso2.finance.open.banking.gateway.common.APIResourceAccessHandler"/>
<handler class="com.wso2.finance.open.banking.mtls.validator.handler.HolderOfKeyValidationHandler"/>
<handler class="com.wso2.finance.open.banking.gateway.api.schema.validation.RequestSchemaValidationHandler"/>
<handler class="com.wso2.finance.open.banking.gateway.au.IdPermanenceHandler"/>
<handler class="com.wso2.finance.open.banking.au.consent.enforcement.AUConsentEnforcementHandler">
    <property name="validationBaseUrl" value="https://IAM_HOSTNAME:9446/api/openbanking/consent-mgt/au100"/>
</handler>
#end
[[apim.devportal.application_attributes]]
required = false
hidden = false
name ="recipient_base_uri_sandbox"
description = "Recipient Base URI of the sandbox"

[[apim.devportal.application_attributes]]
required = false
hidden = false
name ="recipient_base_uri_production"
description = "Recipient Base URI of the production"

Disabling weak ciphers

A cipher is an algorithm for performing encryption or decryption. When you set the SSL protocol of your server to TLS, the TLS and the default ciphers get enabled without considering the strength of the ciphers. This is a security risk as weak ciphers, also known as EXPORT ciphers, can make your system vulnerable to attacks. To prevent these types of security attacks, it is encouraged to disable the weak ciphers.

Refer to Disabling weak ciphers in the WSO2 Administration Guide and disable weak ciphers.

To enable logs:

If you want to add/enable logs, follow the steps given below:

Open the <WSO2_OB_APIM_HOME>/repository/conf/log4j2.properties file.
Add the name and the level of the logger if they are not already available. The sample explains how to add a mtls-validation-handler logger.

Append the new logger to the list of loggers: 

loggers = mtls-validation-handler, AUDIT_LOG, trace-messages, org-apache-coyote,...

Restart the server.

	Configuration	Functionality
1	[[custom_message_formatters]] class = "org.apache.axis2.format.PlainTextFormatter" content_type = "application/jwt" [[custom_message_builders]] class = "org.apache.axis2.format.PlainTextBuilder" content_type = "application/jwt"	By default, the message_formatters and message_builders are configured. If you want to change them, update the `[custom_message_formatters]` and `[custom_message_builders]` properties.
2	[transport.passthru_https.sender.parameters] HostnameVerifier = "AllowAll" [transport.passthru_https.listener.parameters] "SSLVerifyClient" = "optional"	By default, the `HostnameVerifier` property is set to `AllowAl`l. Possible Values: `Strict` , `DefaultAndLocalhost,` `default`
3	# for registry data [database.shared_db] url = "jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_govdb?autoReconnect=true&useSSL=false" username = "<username>" password = "<password>" driver = "<driver_class_name>" [database.shared_db.pool_options] maxActive = "150" maxWait = "60000" minIdle ="5" testOnBorrow = true validationQuery="SELECT 1" #Use below for oracle #validationQuery="SELECT 1 FROM DUAL" validationInterval="30000" defaultAutoCommit=false # for api manager data [database.apim_db] url = "jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_apimgtdb?autoReconnect=true&useSSL=false" username = "<username>" password = "<password>" driver = "<driver_class_name>" [database.apim_db.pool_options] maxActive = "150" maxWait = "60000" minIdle ="5" testOnBorrow = true validationQuery="SELECT 1" #Use below for oracle #validationQuery="SELECT 1 FROM DUAL" validationInterval="30000" defaultAutoCommit=false # for am-config registry [database.config] url = "jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_am_configdb?autoReconnect=true&useSSL=false" username = "<username>" password = "<password>" driver = "<driver_class_name>" [database.config.pool_options] maxActive = "150" maxWait = "60000" minIdle ="5" testOnBorrow = true validationQuery="SELECT 1" #Use below for oracle #validationQuery="SELECT 1 FROM DUAL" validationInterval="30000" defaultAutoCommit=false # for user management data [[datasource]] id="WSO2UM_DB" url = "jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_userdb?autoReconnect=true&useSSL=false" username = "<username>" password = "<password>" driver = "<driver_class_name>" jmx_enable=false pool_options.maxActive = "150" pool_options.maxWait = "60000" pool_options.minIdle = "5" pool_options.testOnBorrow = true pool_options.validationQuery="SELECT 1" #Use below for oracle #validationQuery="SELECT 1 FROM DUAL" pool_options.validationInterval="30000" pool_options.defaultAutoCommit=false # for getting statistics to API Manager id="WSO2AM_STATS_DB" url = "jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_apimgt_statsdb?autoReconnect=true&useSSL=false" username = "<username>" password = "<password>" driver = "<driver_class_name>" jmx_enable=false pool_options.maxActive = "150" pool_options.maxWait = "60000" pool_options.minIdle = "5" pool_options.testOnBorrow = true pool_options.validationQuery="SELECT 1" #Use below for oracle #validationQuery="SELECT 1 FROM DUAL" pool_options.validationInterval="30000" pool_options.defaultAutoCommit=false [open_banking_database] config.url = "jdbc:mysql://<MYSQL_DB_HOST>:3306/openbank_openbankingdb?autoReconnect=true&useSSL=false" username = "<username>" password = "<password>" driver = "<driver_class_name>" [open_banking_database.config.pool_options] maxActive = "150" maxWait = "60000" minIdle ="5" testOnBorrow = true validationQuery="SELECT 1" #Use below for oracle #validationQuery="SELECT 1 FROM DUAL" validationInterval="30000" defaultAutoCommit=false	Update the `URL` , `username` , `password` , and `driverClassName` with the database credentials, and relevant database driver name. See the sample MySQL configuration on the left column. If you are using Oracle, update the `validationQuery` in each datasource by uncommenting the below configuration: #Use below for oracle #validationQuery="SELECT 1 FROM DUAL"
4	[super_admin] username = "<username>" password = "<password>" create_admin_account = true [realm_manager] data_source= "WSO2UM_DB" [user_store] type = "database_unique_id" class = "org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager" [user_store.properties] UsernameJavaRegEx = "a-zA-Z0-9@._-{3,30}$" UsernameJavaScriptRegEx = "^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,4}$" SCIMEnabled = false IsBulkImportSupported = false LeadingOrTrailingSpaceAllowedInUserName = false UsernameWithEmailJavaScriptRegEx = "^[\\S]{3,30}$" [authorization_manager] class = "org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager" [authorization_manager.properties] AdminRoleManagementPermissions = "/permission" AuthorizationCacheEnabled = true GetAllRolesOfUserEnabled = false	`Update username, password, UsernameJavaRegEx, UsernameJavaScriptRegEx, IsBulkImportSupported, and UsernameWithEmailJavaScriptRegEx` properties.
5	[[apim.gateway.environment]] http_endpoint = "http://<WSO2_OB_APIM_HOST>:${http.nio.port}" https_endpoint = "https://<WSO2_OB_APIM_HOST>:${https.nio.port}"	Update the endpoint URLs for the APIs hosted in this API Gateway.
6	[apim.analytics] enable = false receiver_username = "$ref{super_admin.username}@carbon.super" store_api_username = "$ref{super_admin.username}@carbon.super"	Enable analytics for the API Manager by setting the value for `enable` property as `true` and update the `reciever_username`, `store_api_username`.
7	[apim.key_manager] service_url = "https://<WSO2_OB_IAM_HOST>:9446${carbon.context}services/" key_manager_client_impl = "com.wso2.finance.open.banking.sca.keymanager.SCABasedKeyManagerClient"	Add the port to the `service_url` parameter of authentication service and update the key_manager_client_impl parameter with relevant values.
8	[apim.oauth_config] enable_outbound_auth_header = true	Remove OAuth headers from an outgoing message by updating the value for `enable_outbound_auth_header` as `false.`
9	[apim.oauth_config] white_listed_scopes = ["^device_.", "openid", "^OB_.", "^TIME_.*"]	By default, white_listed_scopes are configured as in the left column. If you want to change, update with the relevant values.
10	[apim.devportal] enable_comments = false enable_ratings = false	By default, display the comment editing facility and ratings are set to "false". If you want to enable, set the values for `enable_comments` and `enable_ratings` as `true`.
11	[apim.throttling] enable_data_publishing = true jms.topic_connection_factory = "amqp://admin!wso2.com!carbon.super:$ref{super_admin.password}@clientid/carbon?brokerlist='tcp://${carbon.local.ip}:${jms.port}'" receiver_username = "$ref{super_admin.username}@carbon.super"	By `default jms.topic_connection_factory` is configured. If you want to change, update with relevant values.
12	[server] hostname = "<WSO2_OB_APIM_HOST>" node_ip = "IP_ADDRESS" mode = "single" #single or ha base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}" #discard_empty_caches = false server_role = "default"	Update the hostname and the IP address of the WSO2 Open Banking API Management server.
13	[open_banking] deployed_spec = "AU"	Defines the specification that you plan to deploy.
14	[open_banking] sharable_accounts_retrieve_endpoint ="http://<WSO2_OB_APIM_HOST>:9763/api/openbanking/backenduk/services/bankaccounts/bankaccountservice/sharable-accounts"	Sharable Accounts: Accounts that are accessible online Configures the endpoint to retrieve sharable accounts that are required to list on the consent page.
15	[open_banking.au.metadata_cache] default_timeout = 1 dcr_internal_url = "https://<WSO2_OB_APIM_HOST>:9443/api/openbanking/dynamic-client-registration/common/register/"	Metadata Management ACCC does not support this feature yet. To try out the feature before the ACCC endpoints are available, create a mock back end and invoke the hosted services. Once ACCC creates its status discovery endpoints, the Data Holder should configure the following properties: `default_imeout` : The expiration time of base cache in minutes. `dcr_internal_url` : The API Manager internal URL for accessing Dynamic Client Registration.
16	[open_banking.au.metadata_cache] metadata_mgt_endpoint = "https://<WSO2_OB_IAM_HOST>:9446/api/openbanking/au-metadata-mgt/au100/register/metadata"	Add the given `metadata_mgt_endpoint` tag and configure the Metadata Cache Management endpoint. This is required for the Consumer Data Standards Administration API.
17	[open_banking.au] holder_identifier = "<!--configure bank specific identifier-->"	Define a Data Holder specific identifier for extended API endpoints by configuring the `holder_identifier` property . For example, if the Data Holder is ABC-Bank. [open_banking.au] holder_identifier = "ABC-Bank"
18	[open_banking.au.admin.api] self_url = "_self-url_"	Generate self-link in the CDS Administration API response. This is only available as a WSO2 Update from WSO2 Open Banking API Manager Level 2.0.0.46 onwards. For more information on updating WSO2 Open Banking, see Updating WSO2 Products.
19	[open_banking.api_security] mtls_token_binding.enable = false	By default, Mutual Transport Later Security (MTLS) certificate bound access token is disabled. To enable, configure set `mtls_token_binding.enable` as `true`.
20	[open_banking.cert_mgt] client_auth_header = "x-wso2-mutual-auth-cert"	If MTLS is terminated before the request reaches the Gateway, retrieve the Data Recipient's certificate from the MTLS session and include as a transport certificate header. Include the value for the transport certificate header under `client_auth_header` property.
21	[open_banking.bi_server.data_publishing] enable = false server_url = "{tcp://<WSO2_OB_BI_HOST>:7612}"	This is for the Data Reporting feature, to enable data publishing set the e `nable` property value to `true`. So, the WSO2 Open Banking Business Intelligence can capture and summarize data. Replace the `<WSO2_OB_BI_HOST>` placeholder with the hostname of Open Banking Business Intelligence server.
22	[open_banking.api_security.global] username = "$ref{super_admin.username}" password = "$ref{super_admin.password}"	By default, the Consent Management APIs are secured with basic authentication. To access the Consent Management APIs, use the default user or create a new user using the WSO2 Open Banking Identity and Access Management Console. Update the credentials under `username` and `password` properties.
23	[open_banking.dcr] uri_validation.enable = false hostname_validation.enable = false software_id_as_application_name.enable = true	Dynamic Client Registration (DCR). `uri_validation.enable` : validates the policy, client, terms of service, logo URIs. By default, this is set to `false`. To validate the above, set this configuration to true. `hostname_validation.enable` : validates the hostnames of policy, client, terms of service, logo URIs against the hostname of redirect URIs. By default, this is set to `false` . To validate the above, set this configuration to `true` `software_id_as_application_name.enable` : uses SoftwareID in SSA as the name of the application. This is by default, set to true. Make sure to keep the `software_id_as_application_name.enable` property always set to `true` .
24	[open_banking.dcr] sector_identifier_uri_validation.enable = true	Sector Identifier URI validation This is available only as a WUM update and is effective from June 30, 2021 (06-30-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products. To validate the Sector Identifier URI, add the `sector_identifier_uri_validation.enable` configuration under the `[open_banking.dcr]` tag and set it to `true`.
25	[open_banking.dcr] request_jti_validation.enable = true ssa_jti_validation.enable = true jti_cache_expiry_time = 60	Validate the JTI claim in the SSA This is only available as a WSO2 Update from WSO2 Open Banking API Manager Level 2.0.0.85 and WSO2 Open Banking Identity Server Level 2.0.0.93 onwards. For more information on updating WSO2 Open Banking, see Updating WSO2 Products. Add the following configurations under `[open_banking.dcr]` to validate the JTI claims in the JWT and the SSA in a DCR request: `request_jti_validation.enable`: Set this to `true` to validate the JTI claim in request JWT. `ssa_jti_validation.enable`: Set this to `true` to validate the JTI claim in the SSA. `jti_cache_expiry_time`: Set the expiration time for the JTI cache in minutes.
26	[open_banking.jwt_authentication_handler] enable = true issuer = "<CDR_REGISTER_ID>" subject = "<CDR_REGISTER_ID>" audience = "<TOKEN_ENDPOINT_URL>" jwks_url = "<JWKS_URL>" cache_expiry_time = "1440"	CDS Admin API Authentication To enable CDS Admin API authentication, update the following properties with relevant values: `issuer` : The static CDR Register ID of 'cdr-register' `subject` : The static CDR Register ID of 'cdr-register' `audience` : The Token Endpoint URL `jwks_url` : The JWKS URL retrieved from the CDR Register `cache_expiry_time` : The time to expire the JSON Web Token ID (JTI) cache in minutes See the sample configuration below: [open_banking.jwt_authentication_handler] enable = true issuer = "cdr-register" [default value] subject = "cdr-register" [default value] audience = "https://wso2ob.com" jwks_url = "https://keystore.openbankingtest.org.uk/0015800001HQQrZAAX/9b5usDpbNtmxDcTzs7GzKp.jwks" cache_expiry_time = "1440"
27	[open_banking.sca] primary_authenticator.name="OBIdentifierExecutor" primary_authenticator.display_name="ob-identifier-first"	By default, two factors (basic, and smsotp) are configured to engage when a TPP creates an application and generates keys. To enable identifier-first authentication, add the configurations as in the left column.
28	[open_banking.account_id_validation_on_retrieval] enable = true	Enable Request-URI validation that validates `AccountID` against the `AccountID` in CDR Arrangement during account retrieval. By default, this is set to `false`.
29	[open_banking.uk.inbound_signature] algo = "PS256"	Specify the allowed signature algorithms in TPP requests. With this configuration, WSO2 Open Banking rejects the JWTs signed in algorithms that are not in the following list. If the configuration is not added, no validation occurs and any algorithm is passed through. By default, allowed values are; PS256
30	[open_banking.au.id_permanence] secret_key = <SECRET_KEY>	Configure encryption/decryption key for ID permanence. By default, the secret value is "`wso2`". This is available only as a WUM update and is effective from March 24, 2021 (03-24-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products. Prerequisite If you need to support ID permanence, make sure to follow the below steps before deploying the CDS Standard API in `<WSO2_APIM_HOME>/repository/resources/finance/apis/consumerdatastandards.org.au/<version>`, Open `<WSO2_OB_APIM_HOME>/repository/resources/api_templates/velocity_template.xml` Under `#if($apiObj.additionalProperties.get("ob-spec") == "au" && $apiObj.additionalProperties.get("ob-api-type") != "dcr" && $apiObj.additionalProperties.get("ob-api-type") != "cdr-arrangement" && $apiObj.additionalProperties.get("ob-api-type") != "cds-admin")`, add `<handler class="com.wso2.finance.open.banking.gateway.au.IdPermanenceHandler"/>` after `<handler class="com.wso2.finance.open.banking.gateway.api.schema.validation.RequestSchemaValidationHandler"/>` and before `<handler class="com.wso2.finance.open.banking.au.consent.enforcement.AUConsentEnforcementHandler">:` Click here to see modified the configuration... ## ## Start of AU Specification Handlers ## #if($apiObj.additionalProperties.get("ob-spec") == "au" && $apiObj.additionalProperties.get("ob-api-type") != "dcr" && $apiObj.additionalProperties.get("ob-api-type") != "cdr-arrangement" && $apiObj.additionalProperties.get("ob-api-type") != "cds-admin") <handler class="com.wso2.finance.open.banking.custom.throttling.CDSThrottlingPolicyHandler"/> <handler class="com.wso2.finance.open.banking.mtls.validator.handler.MTLSValidationHandler"/> <handler class="com.wso2.finance.open.banking.gateway.common.APIResourceAccessHandler"/> <handler class="com.wso2.finance.open.banking.mtls.validator.handler.HolderOfKeyValidationHandler"/> <handler class="com.wso2.finance.open.banking.gateway.api.schema.validation.RequestSchemaValidationHandler"/> <handler class="com.wso2.finance.open.banking.gateway.au.IdPermanenceHandler"/> <handler class="com.wso2.finance.open.banking.au.consent.enforcement.AUConsentEnforcementHandler"> <property name="validationBaseUrl" value="https://IAM_HOSTNAME:9446/api/openbanking/consent-mgt/au100"/> </handler> #end In case you have already deployed and subscribed the CDS Standard API, Open the `<WSO2_OB_APIM_HOME>/repository/deployment/server/synapse-configs/default/api/<API_PUBLISHER_NAME>–ConsumerDataStandards_vv1.xml`. For example, `<WSO2_OB_APIM_HOME>/repository/deployment/server/synapse-configs/default/api/mark-AT-gold.com--ConsumerDataStandards_vv1.xml` and locate the `<handlers>` tag Add `<handler class="com.wso2.finance.open.banking.gateway.au.IdPermanenceHandler"/>` after `<handler class="com.wso2.finance.open.banking.gateway.api.schema.validation.RequestSchemaValidationHandler"/>` and before `<handler class="com.wso2.finance.open.banking.au.consent.enforcement.AUConsentEnforcementHandler">:` <handler class="com.wso2.finance.open.banking.gateway.api.schema.validation.RequestSchemaValidationHandler"/> <handler class="com.wso2.finance.open.banking.gateway.au.IdPermanenceHandler"/> <handler class="com.wso2.finance.open.banking.au.consent.enforcement.AUConsentEnforcementHandler"> Restart the servers.
31	[[apim.devportal.application_attributes]] required = false hidden = false name ="recipient_base_uri_sandbox" description = "Recipient Base URI of the sandbox" [[apim.devportal.application_attributes]] required = false hidden = false name ="recipient_base_uri_production" description = "Recipient Base URI of the production"	Data Holder Initiated Consent Revocation via Data Recipient's Consent Revocation Endpoint This is available only as a WSO2 Update and is effective from July 21, 2021 (07-21-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products. To persist `recipient_base_uri` as service provider metadata, add the given configurations. For the rest of the configurations, see the Before we begin section in Deploying CDR Arrangement Management API v1.0.0.

Configuring Open Banking API Management for Australia

Sharable Accounts: Accounts that are accessible online

Metadata Management

Dynamic Client Registration (DCR).

CDS Admin API Authentication

Data Holder Initiated Consent Revocation via Data Recipient's Consent Revocation Endpoint