Introducing WSO2 Open Banking 2.0

As an enabler of open banking, our job is to make API-led collaboration and innovation (i.e., true digital transformation) between you and your partners as easy as possible.

Our October 2020 release simplifies scaling your open banking capabilities. We are happy to announce standards-compliant support for microservices architecture and several more enhancements to help you build new open banking use cases more easily. With these new capabilities, WSO2 Open Banking 2.0 improves how we help your developers and business teams create, quickly deploy, manage and monetize APIs that add real value for your internal teams, partners, and consumers.

Accelerated by the wider consumer adoption of open banking use cases and the impacts of COVID lockdowns globally, more and more banks are looking at open banking as a key aspect of their digital transformation. Within this context, our teams helped a London-based bank overcome legacy tech, keep their APIs up 24/7, and expand their target customer base via partners to millennials demanding anytime banking. Another CMA9 subsidiary customer is now focused on doubling third-party providers (TPPs) onboarded with them in the coming months. We also brought Australian banks online with the Consumer Data Right, fully compliant and on time, and enabled them to build advanced open banking use cases out-of-the-box.

These use cases have been possible based not only on our commitment to delivering open banking on the back of industry-leading API management and integration technology. Our consistently updated documentation, highly responsive support and delivery, and open banking consultancy, help your teams understand both our technology and, importantly, how to deploy it most effectively coupled with an effective open banking strategy

Included in this release

Microservices

The solution now brings open banking standards-compliant support for WSO2’s cloud-native, developer-centric, decentralized API gateway for microservices. This adds extensive scalability to the bank’s API-led product and services innovation. The microgateway deployments are based on Docker and Kubernetes, greatly simplifying the process of creating, deploying, and securing APIs within distributed microservice architectures.

Microservices architecture enables replacing hundreds of enterprise apps within the bank with thousands of microservices. The capacity for exponential growth in the creation of API-based services delivers a far higher potential for commercial success for the bank’s collaborative innovation efforts between internal teams and with partners.

Updated Compliance

The Consumer Data Standards version 1.3.1

• API flow support for CX Guidelines version 1.3.0, which includes Identifier First Authentication coupled with SMS OTP as the second factor.
• Additional layers of security introduced to the authentication flow to prevent attacks including enumeration attack and brute-forcing the OTP.
• The Admin API is secured with JWT Authentication, allowing it to be only called by the CDR Register and containing the metadata update endpoint and the get metrics endpoint.
• All API calls are throttled in line with nonfunctional requirements with thresholds set using the metrics TPS, number of calls, and number of sessions per day.
• Support for the CDR Arrangement API, which facilitates the revocation of an existing sharing arrangement using the CDR arrangement ID.
• Concurrent consents are supported, which allows multiple consents for the same client_id and user_id combination.
• Support for the pushed authorization endpoint.
• Support for the regulatory reporting requirements

The Open Banking Implementation Entity’s Open Banking Standard version 3.1.5

• Updates to the Accounts, Payments, and Confirmation of Funds Service (CoF) APIs.
• Support for the latest Customer Experience Guidelines, and Operational Guidelines.
• Aggregated Polling allowing a TPP to request an aggregated set of access revocations and other account access events related to multiple access consents from multiple Payment Service Users (PSUs) during a specific period.
• Support for Management Information reporting version 3.1.2.
• JWS Signature validation is now enforced as waiver 007 (which indicated ASPSPs and TPPs must not validate the message signature) is no longer effective.

The Berlin Group NextGenPSD2 XS2A Framework Implementation version 1.3.6

• Functional and security updates for Accounts, Payments, and CoF APIs.

Enabling Advanced and Premium Open Banking Capabilities

Commercial capabilities

• Support for API monetization out of the box.
• API Productization allowing users to integrate several APIs and expose them as a single product

Enhanced UX & simplifying workflows

• GraphQL API support enabling managing GraphQL services as APIs.
• A revamped ReactJS-based UI delivering more flexibility for the users and developers.
• A new user portal allowing users to manage their user account-related preferences with more convenience.
• A single file configuration model reducing the scope for human errors and improving user experience.
• API schema validation with the ability for users to use their Open API definitions and enforce request and response validations without additional work.
• API Mocking, allowing the creation of prototype APIs using a mock payload generated for inline scripts.
• Scope-based authorization for internal REST APIs using OAuth2 common flows.

Security

• Passwordless authentication using FIDO2 boosting your ability to combat phishing.
• JWT Authentication allows users to use self-contained tokens when invoking APIs.
• Bot detection and notification including detection of context scanning and internal service scanning.
• Support for API Keys, able to be configured via the Developer Portal

Sign up for our release webinar to get a more interactive introduction to WSO2 OB 2.0!