Configuring API Manager

WSO2 Open Banking Accelerator contains TOML-based configurations. All the server-level configurations of the API Manager instance can be applied using a single configuration file, which is the deployment.toml file.

Configuring deployment.toml

Follow the steps below to configure the deployment.toml file and set up the default open banking flow for WSO2 API Manager.

Tip

If you want to customize and learn more about TOML configurations, see API Manager Configuration Catalog for open banking.

  1. Replace the deployment.toml file as explained in the Setting up the servers section.

  2. Open the <APIM_HOME>/repository/conf/deployment.toml file.

  3. Set the hostname of the API Manager:

    [server]
    hostname = "<APIM_HOST>" 
  4. Configure super admin credentials.

    [super_admin]
    username = "<APIM_SUPER_ADMIN_USERNAME>"
    password = "<APIM_SUPER_ADMIN_PASSWORD>"
    create_admin_account = true

  5. Configure the following configs to enable email as username.

    [tenant_mgt]
    enable_email_domain = true
    
    [realm_manager]
    data_source= "WSO2UM_DB"
    
    [user_store]
    type = "database_unique_id"
    class = "org.wso2.carbon.user.core.jdbc.UniqueIDJDBCUserStoreManager"

  6. Update the datasource configurations with your database properties, such as the username, password, JDBC URL for the database server, and the JDBC driver.

    • Given below are sample configurations for a MySQL database. For other DBMS types and more information, see Setting up databases.
    [database.shared_db]
    url = "jdbc:mysql://localhost:3306/am_configdb?autoReconnect=true&amp;useSSL=false"
    username = "root"
    password = "root"
    driver = "com.mysql.jdbc.Driver"
    [database.apim_db]
    url = "jdbc:mysql://localhost:3306/apimgtdb?autoReconnect=true&amp;useSSL=false"
    username = "root"
    password = "root"
    driver = "com.mysql.jdbc.Driver"
    [database.config]
    url = "jdbc:mysql://localhost:3306/am_configdb?autoReconnect=true&amp;useSSL=false"
    username = "root"
    password = "root"
    driver = "com.mysql.jdbc.Driver"
    [[datasource]]
    id="WSO2UM_DB"
    url = "jdbc:mysql://localhost:3306/userdb?autoReconnect=true&amp;useSSL=false"
    username = "root"
    password = "root"
    driver = "com.mysql.jdbc.Driver"
  7. Update the following configurations with the hostname of the Identity Server.

    [apim.key_manager]
    service_url = "https://<IS_HOSTNAME>:9446/services/"
    username = "<IS_SUPER_ADMIN_USERNAME>"
    password = "<IS_SUPER_ADMIN_PASSWORD>"
  8. Disable subscription validation as follows.

    [apim.key_manager]
    allow_subscription_validation_disabling = true
  9. Configure the following to skip dropping the AUTH header from gateway and to configure allowed scopes.

    [apim.oauth_config]
    enable_outbound_auth_header = true
    white_listed_scopes = ["^device_.*", "openid", "^FS_.*", "^TIME_.*"]
  10. Configure the admin username for following features as follows.

    [apim.throttling]
    username = "$ref{super_admin.username}@carbon.super"
    
    [apim.throttling.policy_deploy]
    username = "$ref{super_admin.username}@carbon.super"
    
    [apim.throttling.jms]
    password = "$ref{super_admin.password}"
    username = "am_admin!wso2.com!carbon.super"
  11. Add the following config to support JWT content type.

    [[blocking.custom_message_formatters]]
    class = "org.apache.axis2.format.PlainTextFormatter"
    content_type = "application/jwt"
    
    [[blocking.custom_message_builders]]
    class = "org.apache.axis2.format.PlainTextBuilder"
    content_type = "application/jwt"
    
    [[custom_message_formatters]]
    class = "org.apache.axis2.format.PlainTextFormatter"
    content_type = "application/jwt"
    
    [[custom_message_builders]]
    class = "org.apache.axis2.format.PlainTextBuilder"
    content_type = "application/jwt"
  12. Add following to configure transport layer configs.

    [transport.passthru_https.sender.parameters]
    HostnameVerifier = "AllowAll"
    
    [passthru_http]
    "http.headers.preserve"="Content-Type,Date"
    
    [transport.passthru_https.listener.parameters]
    HttpsProtocols = "TLSv1.2"
    PreferredCiphers = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
  13. Enable certificate chain validation as the following.

    [apimgt.mutual_ssl]
    enable_certificate_chain_validation = true
  14. Enable certificate revocation validation as follows.

    [transport.passthru_https.listener.cert_revocation_validation]
    enable = true
    allow_cert_expiry_validation = true
    allow_full_cert_chain_validation = false
    cache_delay = 1000
    cache_size = 1024
  15. Add the following configurations to enable the external service extension.

    [financial_services.extensions.endpoint]
    enabled = true
    allowed_extensions = ["pre-process-application-creation", "pre-process-application-update"]
    base_url = "<EXTERNAL_SERVICE_URL>"
    retry_count = 5
    connect_timeout = 5000
    read_timeout = 5000
    
    
    [financial_services.extensions.endpoint.security]
    # supported types : Basic-Auth or OAuth2
    type = "Basic-Auth"
    username = "<EXTERNAL_SERVICE_USERNAME>"
    password = "<EXTERNAL_SERVICE_PASSWORD>"

Starting servers

  1. Go to the <APIM_HOME>/bin directory using a terminal.

  2. Run the api-manager.sh script as follows:

    ./api-manager.sh
Top