Custom API Consumer Validation Executor
The API Consumer Validation service in WSO2 Open Banking allows banks to validate API consumers from the National Competent Authorities (NCAs). This is done by validating the transport layer certificate an API consumer has obtained.
By default, WSO2 Open Banking Accelerator supports a sample API flow to get account information and to initiate a
payment. Therefore, the following configuration exists in
<APIM_HOME>/repository/conf/deployment.toml by default:
[open_banking.gateway.tpp_management.tpp_validation] enabled = false implementation_path = "" cache_expiry = 3600 [open_banking.gateway.tpp_management.psd2_role_validation] enabled = true [[open_banking.gateway.tpp_management.allowed_scopes]] name = "accounts" roles = "AISP, PISP" [[open_banking.gateway.tpp_management.allowed_scopes]] name = "payments" roles = "PISP"
According to your requirements, you can extend and override the methods in the
To write a custom API consumer validation executor, extend the following class:
To extend the validation capabilities according to your requirements, override relevant methods of this class. Given below is a brief description of each method.
Validates the roles and returns a boolean response as follows:
- If the roles match with the roles in the transport certificate, the returned value is
- Else, the returned value is
Given below is the method signature:
boolean validate(X509Certificate peerCertificate, List < PSD2RoleEnum > requiredPSD2Roles, Map < String, Object > metadata) throws TPPValidationException;
Returns the cache key used for caching the responses and an ID that is unique to the API flow. Given below is the method signature:
String getCacheKey(X509Certificate peerCertificate, List < PSD2RoleEnum > requiredPSD2Roles, Map < String, Object > metadata) throws TPPValidationException;
<APIM_HOME>/repository/conf/deployment.tomland locate the following to configure your custom API Consumer Validation class:
- Set the
- Add the implemented class under
[open_banking.gateway.tpp_management.tpp_validation] enabled = true implementation_path = "<FQN of the extended class>" cache_expiry = 3600
- Set the