Analysts and leading industry surveys have found more and more banks, even in countries with an absence of open banking regulation, have prioritized implementing open banking to fast-track digital transformation and achieve business goals. This means, to stand out in the crowd in mature open banking ecosystems, and to secure a lasting competitive advantage as an early adopter in new markets, banks should select open banking technology that delivers advanced capabilities and scalability backed by a strong vision and industry-understanding.
In this release webinar, you will learn how WSO2 Open Banking 2.0 improves the way we help your developers and business teams create, quickly deploy, manage and monetize APIs that add real value for your internal teams, partners, and consumers. We will also help you understand how our technology can be best deployed as a part of a successful open banking strategy.
3. Introduction to WSO2 Open Banking
What’s New With 2.0
Support for Microservices Architecture
Updated Support for Open Banking Standards
Enabling Premium Open Banking Capabilities
Future Roadmap
3
Today’s Session
4. 4
Open Banking Evolution
Industry-Driven “Open Banking”
Progressive banks working with “fintech” to build new consumer value
WSO2 working with banks since 2005 on building ecosystems
2017
Regulated Open Banking
PSD2 forces API-based data sharing on all banks, intent is compliance
WSO2 launches formal open banking solution with digital transformation focus
2019/ 2020
Banks Switch Mindset
Banks see digital transformation potential of open banking
WSO2 formalizes technology & consultancy model
6. WSO2 Open Banking delivers accelerated compliance to global standards built on
proven, extensible & industry-leading API-technology to realise the transformative
potential of open banking for the bank, it’s partners and consumers.
6
Simplify Open Banking Success
7. Comprehensive Open Banking Technology
7
WSO2 Open
Banking
Technology
Standards
-Based
API Templates
Third Party
Onboarding &
Management
Developer
Portal &
API Marketplace
Premium APIs
& Monetization
Banking
Systems
IntegrationData Analytics
Data
Security
Fraud
Detection
Consent
Management
Consumer
Authentication
8. Open Banking APIs Use Cases You Can Build
Account & Product Information APIs
Aggregation & Comparison
Lending & Credit Scoring
Debt Advice & Restructuring
KYC & Verification
Payment Initiation APIs
Payment Request Initiation
Refunds or Payment Reversals
Premium APIs
Personal Financial Management
SME Financial Management
Business Invoicing & Payments
Advanced Lending & Credit Scoring
Advanced KYC & Verification
Loyalty & Rewards
8
16. 16
● To revoke an existing sharing arrangement.
● If the CDR Arrangement API is called for revocation, it must delete associated
refresh and/or access tokens.
● Mandatory from November 2020.
API Function URI
Revoke Consent DELETE https://data.holder.com.au/arrangements/v1/{cdr-arrangement-id}
https://docs.wso2.com/display/OB200/Deploying+CDR+Arrangement+Management+API+v1.0.0
Support for the CDR Arrangement Management API
17. 17
● Allows OAuth 2.0 clients a back-channel to post the parameters of an
authorisation request to the authorization server and obtain an opaque URI.
● Main Benefits of the PAR endpoint
⦿ Frees the authorization request from any browser URL length limits.
⦿ Ensures confidentiality of request parameters of authorization requests.
⦿ Confidential OAuth clients will be authenticated up-front and the request parameters
will be checked for errors before the end-user redirect to the authorization endpoint
for login and consent.
https://docs.wso2.com/display/OB200/Pushed+Authorisation+Endpoint
Support for Pushed Authorization [PAR] Endpoint
18. 18
1. Identifier First Authenticator step enhanced to prevent attacks including enumeration
attacks and brute-forcing the OTP.
Enhanced CX Guideline-Support for API Flows
19. 19
2. UX updated for the consent granting
step.
https://consumerdatastandards.gov.au/consumer-d
ata-standards/consumer-experience/
22. ● Minimum round trip time for Data Recipients
22
Tier Round Trip Type Scope
Unauthenticated 1500ms products()
productDetails(productId)
High Priority 1000ms InfoSec endpoints
DCR endpoint
Common APIs
Low Priority 1500ms Banking APIs
Unattended 4000ms Unattended calls to High and
Low priority
Large Payload 6000ms Banking APIs
Performance Requirements
23. 23
Customer
present traffic
Unattended traffic Secure traffic
(customer
presented and
unattended)
Public traffic
(traffic to
unauthenticated
endpoints)
Number of
sessions per day
Unlimited 20 - -
TPS 10 per customer
50 per Data
Recipient
5 per session
50 per Data
Recipient
300 across all
consumers
300 across all
consumers
(additive to secure
traffic)
Number of calls - 100 total calls per
session
- -
Scenario
Threshold
Traffic Thresholds
24. 24
● Collects and stores API invocation data in a reporting database.
● Exposes a REST endpoint for banks to collect API invocation data to generate reports.
Support for Regulatory Reporting Requirements
25. 25
● Support for concurrent consents
⦿ Allow multiple consents for the same Data Recipient-consumer combination.
⦿ Enforced after November 2020.
Official documentation - https://docs.wso2.com/display/OB200/Open+Banking+Australia
Self learning course - https://lms.wso2.com/courses/wso2-open-banking-for-australias-cdr
Additional Features
26. 26
● Continuous specification version updates for 1.5.1 & future versions
● Enhancements to data reporting for phase 2 APIs
● Revamping consent management app UIs
What’s Next?
29. 29
● Improving the consumer experience ...
Support for the Latest CX Guidelines
30. 30
● Allows a TPP to request an aggregated set of access revocations and other account access
events related to multiple access consents from multiple Payment Service Users (PSUs)
during a specific period
Aggregated Polling
31. 31
● Support for Management Information reporting version 3.1.2
https://docs.wso2.com/display/OB200/PSD2+Data+Reporting
● Support for JSON Web Signature validation (being enforced since June 2020)
https://docs.wso2.com/display/OB200/API+Security+for+UK#APISecurityforUK-JSONWebSignature(JWS)
Official documentation - https://docs.wso2.com/display/OB200/Open+Banking+UK
Self learning course - https://lms.wso2.com/courses/wso2-open-banking-for-the-uk/
Additional Features
32. 32
● Continuous updates to meet new versions of the standard
● Support for post-eIDAS certificate regime
What’s Next?
36. 36
● Continuous updates to meet new versions of the standard
● Support for extended value addition services such as Multiple Consent Management
& the Lean Push Service
● Align with changes that come with the Berlin Group Open Finance standard
Official documentation - https://docs.wso2.com/display/OB200/Open+Banking+Berlin
What’s Next?
38. 38
● Supported out-of-the-box
● Multiple business models provided
⦾ Consumers pay for API usage (e.g., tiered, pay-as-you-go)
⦾ Consumers get paid for API usage (e.g., affiliated marketing)
⦾ Indirect revenue model (e.g., internal API usage, e-commerce platform-integration)
● Ability to integrate with third party billing systems (e.g., Stripe, Paypal)
https://apim.docs.wso2.com/en/latest/learn/api-monetization/monetizing-an-api/
Commercial Capabilities—API Monetization
40. 40
● Supported out-of-the-box.
● Repackage existing APIs in different combinations to offer tailor-made experiences.
https://apim.docs.wso2.com/en/latest/learn/design-api/create-api-product/api-product-overview/
Commercial Capabilities— API Productization
41. 41
● Out-of-the-box support for create/ publish GraphQL APIs
● Authentication via operation-level security
● Authorization via operation-level access control
● Rate limiting
● Operation-level analytics
● Detect and block malicious queries
● Developer portal access
https://apim.docs.wso2.com/en/latest/learn/design-api/create-api/create-a-graphql-api/
First Class Support for GraphQL APIs
45. 45
● Single Page Architecture
● Modernized JS dependency system
(NPM)
● Improved packaging and build system
(Webpack)
● Build versatile yet easily customizable
portals
Revamped ReactJS based UI
46. 46
● Centralized configuration model
⦿ Introduced easy configuration model
in TOML format.
⦿ A single configuration file per WSO2
Open Banking server without multiple
configuration files.
Easy Configuration
50. 50
Understanding All Your Questions
TECHNOLOGY
“What do we need to deploy
& how do we do it best?”
INTERNAL ALIGNMENT
“Are teams set up to make the most of
digitization & collaboration?”
ECOSYSTEM
“How do we choose & work with the best
fintech firms & other partners?”
INNOVATION
“Which consumer problems should we solve
& how do we scale new solutions?”
STANDARDS
“Why should we consider standards and
how should we approach compliance?”BUSINESS GOALS
Which business
goals can we best
achieve through
open banking?
51. 51
Answering All Your Questions
Commercially Successful
Open Banking
API Management IAM
Integration
& Legacy Override
Analytics
Technology
Open Banking Capabilities
Discovery
Design
Workshop
Technology & Process Implementation
Engage the
Ecosystem
Technology & Strategic Consultancy
52. The WSO2 Advantage for Open Banking
52
Consultancy services built on delivering
open banking & mission critical solutions
to global financial services leaders
Cost-effective without
compromising on rich experience
$
API templates & security profiles
complying with global standards
AUS | UK | EU | BR | MX | FAPI
Microservices, containers & beyond
to future-proof your customer offerings
Built on industry-leading API platform to
enable impactful collaboration with fintech
firms & generate new commercial opportunities
Leader in The Forrester Wave™: API Management Solutions, Q3 2020 Report
Recognized in integration & IAM by Forrester, Gartner & KuppingerCole
A Comprehensive technology
& services solution guiding you to
open banking-driven digital maturity