This document discusses WSO2 Open Banking, a solution for enabling open banking through APIs. It provides an overview of key components like API specifications, business functionality APIs, API security, strong customer authentication, integration with core banking systems, consent management, and a developer portal. Use cases are presented for banks like Societe Generale and Nation TrustBank. The solution features API templates for open banking standards, built-in API security including OAuth2, fraud detection, analytics and more.

2. Iscriviti al gruppo Linkedin WSO2 Italia per entrare nella community italiana,
conoscere la tecnologia WSO2 e condividere strategie di integrazione e use cases

3. Open Banking
APIs
provisioning by
financial institutions
to third-party
developers,
they can create
new applications
and services

4. Open Banking enablement
API Portal
● User Registration
● API Catalog
● API documentation
● Try It
● Subscription
● API reports
● Billing
API Manager
● User management
● API publishing
● Financials
● Operations

5. WSO2 Open Banking
the solution

6. WSO2 Open Banking in action

7. WSO2 Open Banking
use cases
Societe Generale
● New Projects
● Step by Step
● Implemented in
many countries
● API integration
● Security
● Adaptive
Nations TrustBank
● Multi environment
● Create a defacto
regulation
● Security
● Integration
● API standard
Australian regulation
● Start from a implemented
specification (openBanking
UK)
● Customer Consent
regulamentation
● API standard specification
● System Integration
Others…
● Bank in the UK,
supported to
reach the stricter
compliance
standards and
earlier deadlines
● Bank in the Gulf
region,
supported for an
Open Banking
Standard UK
deployment
within 6 weeks
● ….
Sitography:
https://wso2.com/blogs/thesource/2019/01/open-banking-implementations-in-europe-and-africa-the-story-of-societe-generale-so-far/
https://wso2.com/blogs/thesource/2019/02/evolution-of-nation-trust-banks-open-banking-story/
https://wso2.com/whitepapers/open-banking-australia-all-your-pressing-questions-answered/

8. WSO2 Open Banking
Key Features
API templates that support Open Banking UK,
The Berlin Group, Australian CDR and Singapore
specifications
Built-in API Security including OAuth2 and
eIDAS certificate validation
Strong customer authentication, adaptive
authentication, and user consent management
Fraud detection and transaction risk analysis
API analytics & business insights with dashboards
and data reporting capabilities
Integration points to core banking systems
General Data Protection Regulation (GDPR)
compliant solution
Built on top of the WSO2 Platform making it easily
extends for digital transformation initiatives beyond
open banking

9. Key components required
for compliant

10. API specifications
● Predefined API Specifications related to Open Banking
○ Open Banking UK
○ STET
○ Berlin Group NextGen
○ CDR Australia
● Custom API specifications
Business Functionality APIs provided
● AccountAPI
○ Provides account informations, transactions, standing orders, beneficiaries, credit card details, etc…
● PaymentAPI
○ Perform the payment transactions
● OpenAPI
○ Provides open data such as list of branches, locations of the ATMs, supported products, exchange rates,
interest rates, etc…
● Custom APIs
○ Additional APIs as required by the Bank can be added for Open Banking purposes as well as internal
usage purposes.
In addition to the above, APIs are provided for authorization, consent management and any APIs specifically required
for the bank specific implementation

11. API Security
Inbuilt OAuth2 security layer for secure API invocations
● Support for common grant types such as
● Client Credentials,
● Authorization Code,
● Password,
● Implicit,
● SAML Bearer and Integrated Windows Authentication (IWA)
Inbuilt certificate validation based secure API invocations
● TPP role based validations
● Certificate validity period based validations
● Certificate revocation checks

12. Strong Customer Authentication
SCA
● Redirect and decoupled authentication approaches are
supported
● Multi Factor Authentication (MFA ) support with SMS/OTP,
FIDO, DUO
● Extensible to support any other mechanism which banks
require to authenticate end users.

13. Transaction Risk Analysis
based Adaptive Authentication
● Allows the solution to vary the authentication strength based
on factors which can be configured as rules.
● Analysis of preconfigured rules to decide how authentication
should be done.

14. Integration with Core-Banking
or Other Services
● Support for different message
protocols [HTTP/TCP], various
message types [REST/SOAP] and
formats [ISO 8583, ISO 20022].
● Integration points with popular
core banking systems
External Services

15. Consent Management
Support to manage user consent, under the following conditions
● Consent capture, store and lifecycle management
● Out of the box APIs for all above functions
● Optional web applications to handle customer consent
revocation
○ Directly by the customer
○ Through customer care executive

16. Developer Portal
Overview

17. Technology Components

18. Componentized Architecture
logy Components

19. Q&A?

20. GRAZIE!!!
Prossimo appuntamento:
MARTEDÌ 26 MAGGIO H 15:00
Use Case Developer Portal:
consumo di API WSO2 Open Banking
Utilizzo Developer
Portal per i seguenti use
case:
● Recupero bank
accounts
● Simulazione
pagamento
● Gestione consensi
Per ogni use case
vedremo:●
Registrazione,
●
sottoscrizione alle
API,●
generazione token
di accesso●
consumo delle API

21. Contatti
DOVE SIAMO
Milano - Torino - Padova - Roma
TELEFONO
Torino +39-011-0120371
EMAIL
wso2.sales@profesia.it
@