This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Configuring Data Sharing for Secondary Users

Owned by Former user (Deleted)
Last updated: Jul 31, 2022
1 min read

WSO2 Open Banking supports the secondary user data sharing obligations.

This is only available as a WSO2 Update from WSO2 Open Banking API Manager Level 2.0.0.153 andWSO2 Open Banking Identity Server 2.0.0.161 onwards. For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

This is a new requirement introduced to the Consumer Data Specification via Decision Proposal 160: Secondary Users. An account owner can nominate a secondary user for a particular account. The secondary account users can include such accounts as a secondary account in a data-sharing arrangement. This is an optional feature that enables data sharing of the secondary accounts.

Creating database tables

To create a new table named OB_SECONDARY_USER_ACCOUNT,

  1. Go to the <WSO2_OB_IAM_HOME>/dbscripts/finance/ob-secondary-user-accounts directory.
  2. Execute the relevant script according to your database type against the the openbank_openbankingdb database.

Configuring the Identity Server

  1. Open the <WSO2_OB_IAM_HOME>/repository/conf/deployment.toml file.

  2. Add the following configurations: 

    [[open_banking.authorize.steps.persist.step]]
class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.persist.SecondaryAccountConsentPersistenceStep"
priority=6

[open_banking.secondary_user_accounts]
enable = true
  3. Restart the Open Banking Identity Server.

Integrating with the bank back-end

You need to update the response from the bank's sharable account endpoint so that it returns secondary account data of the customer as well.

Secondary Account Update API

The Secondary Account Update API is defined below. Banks should invoke this API to update the WSO2 Open Banking solution regarding the changes done to any secondary user account instruction/privileges.  

curl --location --request PUT 'https://<WSO2_OB_APIM_HOME>:9446/api/openbanking/consent-mgt/au/account-access-consents/secondary-accounts' \
--header 'Authorization: Basic YWRtaW5Ad3NvMi5jb206d3NvMjEyMw==' \
--header 'Content-Type: application/json' \
--data-raw '{
"data": [
{
   "accountID":"210587690",
   "secondaryUserID":"34567890",
   "otherAccountsAvailability":true,
   "secondaryAccountInstructionStatus":"inactive",
   "secondaryAccountPrivilegeStatus":"active"
}
]
}'