From f2f8fa4a0cf9ae8919b65d47e153e93bc80bbb80 Mon Sep 17 00:00:00 2001 From: Anuj Kumar <50446801+axway-akb@users.noreply.github.com> Date: Fri, 4 Oct 2024 17:08:20 +0100 Subject: [PATCH] Angob 216 (#59) * docs: added component diagram * docs: added component diagram * docs: deployment folder deleted * docs: open-finance folder deleted * Solution overview updates * removed technical architecture section * updated functional architecture * updated list of supported APIs * docs: added customer-environment-properties.md * docs: added customer-environment-properties.md * docs: changes done for postman collection * docs: added customer-environment-properties.md * docs: added customer-environment-properties.md * docs: added customer-environment-properties.md * docs: added customer-environment-properties.md * docs: added customer-environment-properties.md * Updated Amp Int and Auth Server Configuration * fixed alignment * docs: added images for token mapper * updated broken link * Removed older release notes * MTLS configuration updated * updated postman collection and environment * Update ampint-environment-properties.md markdown errors * Update auth-server-config.md markdown errors * Update _index.md markdown error * Update _index.md markdown errors * Update auth-server-config.md markdown errors * Update auth-server-config.md markdown * Update _index.md markdown * Update auth-server-config.md markdown * Update _index.md markdown edit * Update _index.md review edits * Update ampint-environment-properties.md review edits * Update auth-server-config.md review edits * Update auth-server-config.md markdown error * Update _index.md review edits * Update solution.md review edits * Update _index.md review edits * Update ampint-environment-properties.md change table structure, replace domains with examples * Update ampint-environment-properties.md replaced openbanking.axwaysbsdev.net with openbanking.example.net * updated list of supported APIs * updated images --------- Co-authored-by: mdeb Co-authored-by: lbadenhop --- config.toml | 2 +- content/en/_index.html | 4 +- .../Certificate Management/_index.md | 125 +- .../Certificate Management/jwks.md | 63 - .../Certificate Management/mtls.md | 216 -- .../server-certificates.md | 105 - content/en/docs/Configuration/_index.md | 2 +- .../ampint-environment-properties.md | 78 + .../en/docs/Configuration/api-management.md | 127 - .../docs/Configuration/auth-server-config.md | 103 + .../consent-app-customizations.md | 127 - .../_index.md | 7 +- .../Open-Finance-Brazil-Integration/_index.md | 20 - .../en/docs/Overview/Integration/_index.md | 28 +- .../Overview/Integration/applying-consent.md | 6 +- .../Integration/payment-initiation-ciba.md | 4 +- content/en/docs/Overview/Technical/_index.md | 23 - .../en/docs/Overview/Technical/component.md | 40 - .../docs/Overview/Technical/infrastructure.md | 18 - content/en/docs/Overview/_index.md | 8 +- content/en/docs/Overview/solution.md | 37 +- content/en/docs/Reference/brazil/_index.md | 11 - .../Reference/brazil/multi-authorization.md | 40 - .../en/docs/Reference/brazil/obb-api-list.md | 38 - content/en/docs/Reference/fdx/_index.md | 12 +- .../en/docs/Release-Notes/3.1.0_relnotes.md | 45 - .../en/docs/Release-Notes/3.2.0_relnotes.md | 66 - content/en/docs/Release-Notes/_index.md | 4 +- content/en/docs/Validation/brazil/_index.md | 9 - .../Validation/brazil/brazil-certification.md | 46 - .../Validation/brazil/openid-certification.md | 155 -- .../en/docs/Validation/brazil/postman-obb.md | 227 -- content/en/docs/Validation/fdx/_index.md | 48 +- content/en/docs/Validation/troubleshooting.md | 102 - content/en/docs/deployment/_index.md | 7 - .../installation/API-Management/_index.md | 55 - .../installation/API-Management/fdx-apim.md | 171 -- .../installation/API-Management/obb-apim.md | 165 -- .../installation/Cloudentity/_index.md | 27 - .../installation/Cloudentity/acp.md | 114 - .../installation/Cloudentity/consent-apps.md | 118 - .../en/docs/deployment/installation/_index.md | 32 - .../en/docs/deployment/installation/agents.md | 22 - .../installation/backend-services.md | 154 -- .../en/docs/deployment/installation/jwe.md | 64 - content/en/docs/deployment/prerequisites.md | 131 - content/en/docs/deployment/upgrade.md | 79 - package-lock.json | 52 +- src/plant-uml/ciba-example.puml | 139 +- src/plant-uml/fdx-end-to-end-web-journey.puml | 64 +- .../mtls-termination-verification.puml | 36 +- .../user-consent-filtering-arch-overview.puml | 56 +- static/Images/AI-Env-Property-Details.png | Bin 0 -> 292347 bytes static/Images/AI-Manager-Certificates.png | Bin 0 -> 226663 bytes static/Images/AI-Manager-Environments.png | Bin 0 -> 324697 bytes .../AI-Update-Environment-Properties.png | Bin 0 -> 311139 bytes static/Images/AS-Configure-IdP.png | Bin 0 -> 369955 bytes static/Images/AS-IdP-User-Mapper.png | Bin 0 -> 88995 bytes static/Images/AS-IdPs.png | Bin 0 -> 246038 bytes static/Images/Applying_Consent_Sequence.svg | 120 +- static/Images/CIBA_Example_Sequence.svg | 905 +------ static/Images/FDX-Workflow.svg | 4 + static/Images/FDX_Web_Journey_Sequence.svg | 303 +-- static/Images/FDX_Workflow.png | Bin 57385 -> 0 bytes static/Images/FDX_Workflow_0.png | Bin 137600 -> 0 bytes static/Images/Infrastructure_View.jpg | Bin 66679 -> 0 bytes static/Images/Infrastructure_View_0.png | Bin 73618 -> 0 bytes static/Images/Integration-Overview.svg | 4 + static/Images/Integration_Overview_0.svg | 2 - static/Images/Integration_Overview_OBB.png | Bin 101689 -> 0 bytes .../Images/Mutual_Authentication_Sequence.svg | 147 +- static/Images/Solution-Building-Blocks.svg | 4 + static/Images/Solution-Overview.svg | 4 + static/Images/Solution_Building_Blocks.png | Bin 84261 -> 0 bytes static/Images/Solution_Building_Blocks.svg | 2 - .../Images/Solution_Building_Blocks_bkp.svg | 2 - static/Images/Solution_Overview.png | Bin 220943 -> 0 bytes static/Images/Solution_Overview.svg | 2 - static/Images/Solution_Overview_0.svg | 2 - static/Images/add_environment_properties.png | Bin 0 -> 106816 bytes static/Images/client-policies.png | Bin 0 -> 164914 bytes static/Images/client-scopes.png | Bin 0 -> 145421 bytes static/Images/component-overview-nextgen.png | Bin 0 -> 85004 bytes static/Images/consent-grant-redirect.png | Bin 0 -> 285952 bytes static/Images/end-user-update.png | Bin 0 -> 306204 bytes static/Images/fdx-resource.png | Bin 0 -> 93601 bytes static/Images/identity-providers.png | Bin 0 -> 44434 bytes static/Images/import_collection.png | Bin 0 -> 166748 bytes static/Images/import_collection_set_env.png | Bin 0 -> 186063 bytes static/Images/import_collection_step2.png | Bin 0 -> 174921 bytes static/Images/import_environment.png | Bin 0 -> 53374 bytes static/Images/mapper.png | Bin 0 -> 738385 bytes static/Images/ob-issuer.png | Bin 0 -> 395600 bytes static/Images/post-login-flow.png | Bin 0 -> 81651 bytes .../Images/post-login-identity-provider.png | Bin 0 -> 123894 bytes .../FDX-Demo-postman-collection.json | 2257 +++++++++++++++++ .../FDX-Demo-postman-environment.json | 27 + static/sample-files/tpp1.cnf | 29 - static/sample-files/tpp2.cnf | 29 - 99 files changed, 2839 insertions(+), 4436 deletions(-) delete mode 100644 content/en/docs/Configuration/Certificate Management/jwks.md delete mode 100644 content/en/docs/Configuration/Certificate Management/mtls.md delete mode 100644 content/en/docs/Configuration/Certificate Management/server-certificates.md create mode 100644 content/en/docs/Configuration/ampint-environment-properties.md delete mode 100644 content/en/docs/Configuration/api-management.md create mode 100644 content/en/docs/Configuration/auth-server-config.md delete mode 100644 content/en/docs/Configuration/consent-app-customizations.md delete mode 100644 content/en/docs/Overview/Integration/Open-Finance-Brazil-Integration/_index.md delete mode 100644 content/en/docs/Overview/Technical/_index.md delete mode 100644 content/en/docs/Overview/Technical/component.md delete mode 100644 content/en/docs/Overview/Technical/infrastructure.md delete mode 100644 content/en/docs/Reference/brazil/_index.md delete mode 100644 content/en/docs/Reference/brazil/multi-authorization.md delete mode 100644 content/en/docs/Reference/brazil/obb-api-list.md delete mode 100644 content/en/docs/Release-Notes/3.1.0_relnotes.md delete mode 100644 content/en/docs/Release-Notes/3.2.0_relnotes.md delete mode 100644 content/en/docs/Validation/brazil/_index.md delete mode 100644 content/en/docs/Validation/brazil/brazil-certification.md delete mode 100644 content/en/docs/Validation/brazil/openid-certification.md delete mode 100644 content/en/docs/Validation/brazil/postman-obb.md delete mode 100644 content/en/docs/Validation/troubleshooting.md delete mode 100644 content/en/docs/deployment/_index.md delete mode 100644 content/en/docs/deployment/installation/API-Management/_index.md delete mode 100644 content/en/docs/deployment/installation/API-Management/fdx-apim.md delete mode 100644 content/en/docs/deployment/installation/API-Management/obb-apim.md delete mode 100644 content/en/docs/deployment/installation/Cloudentity/_index.md delete mode 100644 content/en/docs/deployment/installation/Cloudentity/acp.md delete mode 100644 content/en/docs/deployment/installation/Cloudentity/consent-apps.md delete mode 100644 content/en/docs/deployment/installation/_index.md delete mode 100644 content/en/docs/deployment/installation/agents.md delete mode 100644 content/en/docs/deployment/installation/backend-services.md delete mode 100644 content/en/docs/deployment/installation/jwe.md delete mode 100644 content/en/docs/deployment/prerequisites.md delete mode 100644 content/en/docs/deployment/upgrade.md create mode 100644 static/Images/AI-Env-Property-Details.png create mode 100644 static/Images/AI-Manager-Certificates.png create mode 100644 static/Images/AI-Manager-Environments.png create mode 100644 static/Images/AI-Update-Environment-Properties.png create mode 100644 static/Images/AS-Configure-IdP.png create mode 100644 static/Images/AS-IdP-User-Mapper.png create mode 100644 static/Images/AS-IdPs.png create mode 100644 static/Images/FDX-Workflow.svg delete mode 100644 static/Images/FDX_Workflow.png delete mode 100644 static/Images/FDX_Workflow_0.png delete mode 100644 static/Images/Infrastructure_View.jpg delete mode 100644 static/Images/Infrastructure_View_0.png create mode 100644 static/Images/Integration-Overview.svg delete mode 100644 static/Images/Integration_Overview_0.svg delete mode 100644 static/Images/Integration_Overview_OBB.png create mode 100644 static/Images/Solution-Building-Blocks.svg create mode 100644 static/Images/Solution-Overview.svg delete mode 100644 static/Images/Solution_Building_Blocks.png delete mode 100644 static/Images/Solution_Building_Blocks.svg delete mode 100644 static/Images/Solution_Building_Blocks_bkp.svg delete mode 100644 static/Images/Solution_Overview.png delete mode 100644 static/Images/Solution_Overview.svg delete mode 100644 static/Images/Solution_Overview_0.svg create mode 100644 static/Images/add_environment_properties.png create mode 100644 static/Images/client-policies.png create mode 100644 static/Images/client-scopes.png create mode 100644 static/Images/component-overview-nextgen.png create mode 100644 static/Images/consent-grant-redirect.png create mode 100644 static/Images/end-user-update.png create mode 100644 static/Images/fdx-resource.png create mode 100644 static/Images/identity-providers.png create mode 100644 static/Images/import_collection.png create mode 100644 static/Images/import_collection_set_env.png create mode 100644 static/Images/import_collection_step2.png create mode 100644 static/Images/import_environment.png create mode 100644 static/Images/mapper.png create mode 100644 static/Images/ob-issuer.png create mode 100644 static/Images/post-login-flow.png create mode 100644 static/Images/post-login-identity-provider.png create mode 100644 static/postman-collection/FDX-Demo-postman-collection.json create mode 100644 static/postman-collection/FDX-Demo-postman-environment.json delete mode 100644 static/sample-files/tpp1.cnf delete mode 100644 static/sample-files/tpp2.cnf diff --git a/config.toml b/config.toml index 1fec6e6f..3344f37a 100644 --- a/config.toml +++ b/config.toml @@ -39,7 +39,7 @@ anchor = "smart" [services] [services.googleAnalytics] # Comment out the next line to disable GA tracking. Also disables the feature described in [params.ui.feedback]. -#id = "UA-56643615-3" +id = "UA-56643615-3" # Language configuration diff --git a/content/en/_index.html b/content/en/_index.html index e7d5b0e6..a8991ebf 100644 --- a/content/en/_index.html +++ b/content/en/_index.html @@ -45,8 +45,8 @@

Amplify Open Banking

{{% /blocks/feature %}} -{{% blocks/feature icon="fa-lightbulb" title="Deployment" url="/docs/deployment/" %}} -A guide to deploying the solution. +{{% blocks/feature icon="fa-lightbulb" title="Configuration" url="/docs/configuration/" %}} +A guide to configure the solution. {{% /blocks/feature %}} {{< /blocks/section >}} diff --git a/content/en/docs/Configuration/Certificate Management/_index.md b/content/en/docs/Configuration/Certificate Management/_index.md index bab1bdd4..243cbda9 100644 --- a/content/en/docs/Configuration/Certificate Management/_index.md +++ b/content/en/docs/Configuration/Certificate Management/_index.md @@ -7,4 +7,127 @@ date: 2021-09-02 Amplify Open Banking uses digital certificates for many security functions. The solution comes with sample certificates that can be used in non-production environments for testing purposes only. It is highly recommended to change all certificates and use official certificates signed by one of your approved Certificate Authorities. -The following topics provide how-to instructions for managing certificates. \ No newline at end of file +This section provides instructions for managing certificates. + +## Context + +Mutual authentication is required for most APIs developed for Open Banking. + +According to the Open Banking Specification, Mutual Transport Layer Security (MTLS) client connections are required for the API Gateway Listener and Authorization Server components. + +See more about the Certificate Verification with MTLS in the Open Banking context in [Mutual Authentication and Certificate Verification](/docs/overview/integration/mutual-auth). + +## Set up the solution for MTLS with test certificates + +This section includes the prerequisites and tasks to setup the solution for MTLS. + +### Prerequisites + +* An OpenSSL tool is available. +* Amplify Integration is running with Open Banking projects. + +### Create the root CA certificates + +First, some certificates must exist to generate multiples: + +```bash +openssl genrsa -out ca1.key 2048 +openssl req -new -x509 -days 3650 -key ca1.key -subj "/C=US/ST=Arizona/L=Phoenix/O=Axway/CN=Axway Root CA" -out ca1.crt +``` + +### Create client certificates + +The data recipient or Third-Party Provider (TPP) applications need the client certificate for MTLS. In this section there are sample instructions to generate certificates for testing purposes. + +Each certificate must have one key that is signed with a previously created root certificate authority. The following configuration files are provided as examples. + +| tpp1.cnf | +| ----------- | + +```properties +[req] +default_bits = 2048 +default_md = sha256 +encrypt_key = yes +prompt = no +string_mask = utf8only +distinguished_name = client_distinguished_name +req_extensions = req_cert_extensions + +[client_distinguished_name] +businessCategory = Third Party Provider 1 +jurisdictionCountryName = US +serialNumber = 18505934000140 +countryName = US +organizationName = AXWAY +stateOrProvinceName = Arizona +localityName = Phoenix +organizationalUnitName = 00000000-0000-0000-0000-000000000002 +UID = 00000000-0000-0000-0000-000000000002 +commonName = tpp1.demo.axway.com + +[req_cert_extensions] +basicConstraints = CA:FALSE +subjectAltName = @alt_name +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = clientAuth + +[alt_name] +DNS = tpp1.demo.axway.com +``` + +| tpp2.cnf | +| ----------- | + +```properties +[req] +default_bits = 2048 +default_md = sha256 +encrypt_key = yes +prompt = no +string_mask = utf8only +distinguished_name = client_distinguished_name +req_extensions = req_cert_extensions + +[client_distinguished_name] +businessCategory = Third Party Provider 2 +jurisdictionCountryName = US +serialNumber = 18505934000140 +countryName = US +organizationName = AXWAY +stateOrProvinceName = Arizona +localityName = Phoenix +organizationalUnitName = 00000000-0000-0000-0000-000000000002 +UID = 00000000-0000-0000-0000-000000000002 +commonName = tpp2.demo.axway.com + +[req_cert_extensions] +basicConstraints = CA:FALSE +subjectAltName = @alt_name +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = clientAuth + +[alt_name] +DNS = tpp2.demo.axway.com +``` + +Then execute the following commands to generate the required certificates: + +```bash +openssl req -new -newkey rsa:2048 -nodes -out tpp1.csr -keyout tpp1.key -config ./tpp1.cnf +openssl x509 -req -days 3650 -in tpp1.csr -CA ca1.crt -CAkey ca1.key -CAcreateserial -out tpp1.crt +openssl req -new -newkey rsa:2048 -nodes -out tpp2.csr -keyout tpp2.key -config ./tpp2.cnf +openssl x509 -req -days 3650 -in tpp1.csr -CA ca1.crt -CAkey ca1.key -CAcreateserial -out tpp2.crt +``` + +### Configure root CA certificates in Amplify Integration + +The root CA certificate (e.g., ca1.crt), must to be added in Amplify Integration: + +1. Import the certificate in *Manager > Security > Certificates*. +![Certificate Import](/Images/AI-Manager-Certificates.png) +2. Navigate to *Design > Select Project*. +3. Update the **Governance rule** of type *Transport Policy* to add/update the Root CA. +4. Do this for each project in which APIs are exposed via MTLS to add the Root CA. + * FDX_Accounts project and FDX_MTLS governance rule + * FDX_Authorization project and FDX_Authorization_MTLS governance rule diff --git a/content/en/docs/Configuration/Certificate Management/jwks.md b/content/en/docs/Configuration/Certificate Management/jwks.md deleted file mode 100644 index be0ab4db..00000000 --- a/content/en/docs/Configuration/Certificate Management/jwks.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: "JWKS configuration" -linkTitle: "JWKS" -weight: 3 -date: 2021-10-13 ---- - -Some Open Banking flows are using JSON Web Tokens (JWT) for security purposes, for example the Open Finance Brazil Payment API. -To sign or to verify these tokens, the Open Banking solution needs keys that are stored in a JSON Web Key Set (JWKS). - -Each instance of the Amplify Open Banking solution has different keys that correspond to the bank and environment in use. - -{{% alert title="Note" color="primary" %}} The following steps are necessary only for Open Finance Brazil deployments.{{% /alert %}} - -## ASPSP signing certificate - -The ASPSP (Account Servicing Payment Service Provider, the bank or similar institution) signing certificate must be added to the authorization server to sign response messages. - -Follow this procedure to change the signing certificate with the appropriate values: - -1. Connect to the Cloudentity server and check the current authorization server signing certificate. - - * Replace ` by your Cloudentity server interface, and then connect to the following URL in your navigator: - `https:///app/default/admin/openbanking_brasil/workspaces/signing-keys`. - * Connect with your user/admin password. - * Verify that the **Current key in use** is the default ASPSP signing certificate (what you will change with this procedure). - - ![CloudentitySigningKey](/Images/ACPSigningKey.PNG) - -2. Export the actual authorization server configuration with Cloudentity API. - * Navigate to the Cloudentity swagger page. The previous step will keep you logged in with your credentials. - Browse to the servers section, and then *Get authorization server*.
- `https:///api/swagger/default/openbanking_brasil/#/servers/getAuthorizationServer`. - * Click *Try it out*. - * Replace with your tid (tenant id) and aid (authorization server id). In Open Banking Brasil, the tid is *default* and the aid is *openbanking_brasil* - * Execute the request. - ![GetAuthServer](/Images/GetAuthServer.PNG) - * Copy the response. - -3. Convert the ASPSP certificate from PEM to JWK. - You can use your own tools or find tools online to execute this operation. - -4. Modify the response obtained in step 2 to replace the signature entry by your ASPSP JWK certificate converted in step 3. - Use the KID that comes from Central Directory. - -5. Upload the configuration to the authorization server. - * Go back to the swagger page, to the *Update authorization server* section. - `https:///api/swagger/default/openbanking_brasil/#/servers/updateAuthorizationServer`. - * Click *Try it out*. - * Replace with your tid (tenant id) and aid (authorization server id). In Open Banking Brasil, the tid is *default* and the aid is *openbanking_brasil*. - * Paste the response of the previous step 3 with the new signing certificate in the body. - * Execute the request. - ![PutAuthServer](/Images/PutAuthServer.PNG) - -6. Validate the procedure. - * Refresh the Cloudentity interface and you will see that your ASPSP signature key has been modified. - -## TPP signing certificate - -The TPP (Third Party Provider) signing certificates are located in the Cloudentity configuration. Connect to the Cloudentity Interface, navigate to your workspace (openbanking Brasil for Brasil specifications), and then click on the application. Click the application name of the desired TPP. -The signing certificate is located in the OAuth tab, under client authentication, as a JSON Web Key Set. You can modify the signing certificate here, and then click *Save changes*. - -![TPPSignatureKey](/Images/TPPSignatureKey.PNG) \ No newline at end of file diff --git a/content/en/docs/Configuration/Certificate Management/mtls.md b/content/en/docs/Configuration/Certificate Management/mtls.md deleted file mode 100644 index 73712011..00000000 --- a/content/en/docs/Configuration/Certificate Management/mtls.md +++ /dev/null @@ -1,216 +0,0 @@ ---- -title: "MTLS configuration" -linkTitle: "MTLS" -weight: 2 -date: 2021-09-02 ---- - -How to change and test the certificate configurations required for Mutual Authentication. - -## Context - -Mutual authentication is required for most APIs developed for Open Banking. - -According to the Open Banking Specification, Mutual Transport Layer Security (MTLS) client connections are required for the Cloudentity and API Gateway Listener components. See the diagram for details on MTLS setup. -![MTLS diagram](/Images/MTLS.svg) - -See more about the Certificate Verification with MTLS in Open Banking context in [Mutual Authentication and Certificate Verification](/docs/overview/integration/mutual-auth). - -### API Gateway MTLS - -The reference architecture uses an ingress controller to support the MTLS capabilities. - -Others possibilities are: - -* Use a component in front of the Kubernetes cluster to support the MTLS termination. In this condition, Axway recommends to have a component nearest the Kubernetes cluster. - -* Replace the nginx ingress controller by another ingress controller that supports the required features. - -Refer to the required features of the ingress controller in [Deployment - Prerequisites](/docs/deployment/prerequisites). - -{{% alert title="Note" color="primary" %}} Usage of the MTLS Listener embedded on the API-gateway configuration would require each customer to build their own Docker images, as the container maturity level does not allow us to externalize certificates.{{% /alert %}} - -### Cloudentity MTLS - -Cloudentity supports the MTLS and the root CA must be added in the component. - -## Setup the solution for MTLS with test certificates - -This section includes the prerequisites and tasks to setup the solution for MTLS. - -### Prerequisites - -* An openssl tool available. -* A Cloudentity deployed on Kubernetes. -* An APIM component deployed on Kubernetes. -* Nginx Ingress Controller deployed on Kubernetes. - -### Create the root CA certificates - -First, some certificates must exist to generates multiples - -```bash -openssl genrsa -out ca1.key 2048openssl req -new -x509 -days 3650 -key ca1.key -subj "/C=BR/ST=São Paulo/L=São Paulo/O=Axway/CN=Axway Root CA" -out ca1.crtopenssl genrsa -out ca2.key 2048openssl req -new -x509 -days 3650 -key ca2.key -subj "/C=BR/ST=São Paulo/L=São Paulo/O=Axway/CN=Axway Root CA" -out ca2.crt -``` - -### Create Client Certificates - -The Data Recipient or Third-Party Provider (TPP) Applications need the client certificate for MTLS. In this section there are sample instructions to generate certificates for testing purposes. - -Each certificate must have one key that is signed with a previously created root certificate authority. These configuration files below are provided as examples. - -| tpp1.cnf | -| ----------- | - -```properties -[req] -default_bits = 2048 -default_md = sha256 -encrypt_key = yes -prompt = no -string_mask = utf8only -distinguished_name = client_distinguished_name -req_extensions = req_cert_extensions - -[client_distinguished_name] -businessCategory = Third Party Provider 1 -jurisdictionCountryName = BR -serialNumber = 18505934000140 -countryName = BR -organizationName = AXWAY -stateOrProvinceName = SP -localityName = São Paulo -organizationalUnitName = 00000000-0000-0000-0000-000000000002 -UID = 00000000-0000-0000-0000-000000000002 -commonName = tpp1.demo.axway.com - -[req_cert_extensions] -basicConstraints = CA:FALSE -subjectAltName = @alt_name -keyUsage = critical,digitalSignature,keyEncipherment -extendedKeyUsage = clientAuth - -[alt_name] -DNS = tpp1.demo.axway.com -``` - -| tpp2.cnf | -| ----------- | - -```properties -[req] -default_bits = 2048 -default_md = sha256 -encrypt_key = yes -prompt = no -string_mask = utf8only -distinguished_name = client_distinguished_name -req_extensions = req_cert_extensions - -[client_distinguished_name] -businessCategory = Third Party Provider 2 -jurisdictionCountryName = BR -serialNumber = 18505934000140 -countryName = BR -organizationName = AXWAY -stateOrProvinceName = SP -localityName = São Paulo -organizationalUnitName = 00000000-0000-0000-0000-000000000002 -UID = 00000000-0000-0000-0000-000000000002 -commonName = tpp2.demo.axway.com - -[req_cert_extensions] -basicConstraints = CA:FALSE -subjectAltName = @alt_name -keyUsage = critical,digitalSignature,keyEncipherment -extendedKeyUsage = clientAuth - -[alt_name] -DNS = tpp2.demo.axway.com -``` - -Download these files: - -* [tpp1.cnf](https://axway-open-banking-docs.netlify.app/sample-files/tpp1.cnf) -* [tpp2.cnf](https://axway-open-banking-docs.netlify.app/sample-files/tpp2.cnf) - -Then execute the following commands to generate the required certificates: - -```bash -openssl req -new -newkey rsa:2048 -nodes -out tpp1.csr -keyout tpp1.key -config ./tpp1.cnfopenssl x509 -req -days 3650 -in tpp1.csr -CA ca1.crt -CAkey ca1.key -CAcreateserial -out tpp1.crtopenssl req -new -newkey rsa:2048 -nodes -out tpp2.csr -keyout tpp2.key -config ./tpp2.cnfopenssl x509 -req -days 3650 -in tpp1.csr -CA ca2.crt -CAkey ca2.key -CAcreateserial -out tpp2.crt -``` - -### Deploy root CA certificates on the Open Banking platform - -#### Cloudentity - -Connect to the Cloudentity admin page on `https://Cloudentity./app/default/admin/`. - -1. Select workspace **openbanking_brasil**. -2. Click **Settings** on the left panel. -![Cloudentity Authorization Settings](/Images/mtls-acp-auth.png) -3. Click **Authorization** on the main frame. -4. Scroll down to **Trusted client certificates**. -![Cloudentity Trusted client certificates ](/Images/mtls-acp-ca.png) -5. Paste ca1.crt and ca2.crt contents in the text box. -6. Click **Save**. - -#### APIM - -The certificate is managed by nginx. It requires that all root CA used for signing client certificates must be in a secret. - -The secret name is apitraffic-mtls-rootca in the namespace open-banking-apim. - -1. First, concatenate all root CA and encode it in base64. - - ```bash - cat ca1.crt ca2.crt > ca.crtcat ca.crt | base64 - ``` - -2. Edit the values.yaml file in the open-banking-apim Helm chart. Replace the encoded string on value apitraffic.mtlsRootCa. -![values.yaml](/Images/mtls-apim-yaml.png) - -3. For first installation, use the Helm install command otherwise use the Helm upgrade command. - - ```bash - helm install/upgrade open-banking-apim -n open-banking-apim - ``` - -#### NGINX - -For upgrades only, nginx needs to be restarted with a rollout restart command to apply the new root CA. - -```bash -kubectl get deployment -n  kubectl rollout restart deployment   -n  -``` - -Check that all nginx pods are restarted with the age column using the following command: - -```bash -kubectl get pods -n  -``` - -## Test the MTLS setup - -Here are several scenarios you can use to test the MTLS setup with NGINX and APIM: - -* Configure both CA1 and CA2 in NGINX, APIM, and Cloudentity as described in the previous section. - * Use a simple curl command to test a call without cert and keys. - * `curl 'https://mtls-api-proxy./healthcheck'` - * The call should return 400 with a SSL certificate error - * Use a simple curl command to test sending the cert and key for TPP1 and TPP2. - * `curl 'https://mtls-api-proxy./healthcheck' --cert tpp1.crt --key tpp1.key` - * `curl 'https://mtls-api-proxy./healthcheck' --cert tpp2.crt --key tpp2.key` - * The call should return 200 with status ok -* Configure only CA1 in NGINX, APIM, and Cloudentity as described in the previous section. - * Use a simple curl command to test sending the cert and key for TPP2. - * `curl 'https://mtls-api-proxy./healthcheck' --cert tpp2.crt --key tpp2.key` - * The call should return 400 with a SSL certificate error - -You can do similar tests on Cloudentity using the following curl command: - -```bash -curl --request POST 'https://acp./default/openbanking_brasil/oauth2/token' \ ---data-urlencode 'grant_type=client_credentials' --data-urlencode 'scope=accounts' \ ---data-urlencode 'client_id=tpp1' --cert tpp1.crt --key tpp1.key -``` \ No newline at end of file diff --git a/content/en/docs/Configuration/Certificate Management/server-certificates.md b/content/en/docs/Configuration/Certificate Management/server-certificates.md deleted file mode 100644 index 407d6a5b..00000000 --- a/content/en/docs/Configuration/Certificate Management/server-certificates.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: "Server certificates" -linkTitle: "Server certificates" -description: -weight: 1 -date: 2021-09-02 ---- - -How to change and test the server certificate configurations used for https services. - -## Secure external access to services - -Server certificate are required for all of the following ingresses: - -| Ingress Name | External address | NAMESPACE | -|-------------------------------------------|----------------------------------------|--------------------------------| -| acp | acp.`` | open-banking-cloudentity | -| apimanager | api-manager.`` | open-banking-apim | -| gatewaymanager | api-gateway-manager.`` | open-banking-apim | -| traffic | api.`` | open-banking-apim | -| traffichttps | services-api.`` | open-banking-apim | -| trafficmtls | mtls-api-proxy.`` | open-banking-apim | -| consent-openbanking-consent-admin | consent-admin.`` | open-banking-consent | -| consent-openbanking-consent-page | consent.`` | open-banking-consent | -| consent-openbanking-consent-self-service | consent-selfservice.`` | open-banking-consent | -| jwe-generator | jwe.`` | open-banking-jwe | - -These certificates are set at the deployment on each Ingress. See the following options to use your own certificates. - -### Use cert-manager - -You can configure [cert-manager](https://cert-manager.io/) at the ingress controller level. This tool is recommended to manage all certificates of your cluster from the same component. -You can configure your issuers, assignment rules, and so on. Refer to for more details. - -See this tutorial on how to configure cert-manager a Kubertnetes cluster using Let's Encrypt: . - -### Use a wildcard certificate - -If you have a wildcard certificate matching `*.`, it can be configured for all ingress listed above. This certificate should be declared for each Helm chart deployment where you have an ingress defined. You can do so during the first deployment, or update it later if you change certificate strategy or if you need to renew the certificate. - -For each Helm chart where you have a record for global.ingress.wildcard in the `values.yaml`, set its value to `true` and update the global.ingress.certmanager, global.ingress.cert and global.ingress.key values as follows: - -```yaml -global: - ingress: - certManager: false - wildcard: true - cert: | - -----BEGIN CERTIFICATE----- - <> - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - <> - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - <> - -----END CERTIFICATE----- - - key: | - -----BEGIN RSA PRIVATE KEY----- - <> - -----END RSA PRIVATE KEY----- - -``` - -If a Helm chart has ingress but does not have the global.ingress.wildcard option, simply refer to [use specific certificates](#use-specific-certificates) below to set the wildcard certificate in the appropriate record. - -### Use specific certificates - -If you have a specific certificate matching each external address listed above, you can configure each of them in each solution component. This certificate should be declared for each Helm chart deployment where you have an ingress defined. You can update it during the first deployment, or update it later if you change the certificate strategy or if you need to renew the certificate. - -For each Helm chart, update every certmanager, cert, and key values in the `values.yaml` as follows in you have an ingress component: - -```yaml -global: - ingress: - certManager: false - wildcard: false #only if it exists -: #do this for each component with ingress values as below - ingress: - cert: - -----BEGIN CERTIFICATE----- - <> - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - <> - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - <> - -----END CERTIFICATE----- - - key: | - -----BEGIN RSA PRIVATE KEY----- - <> - -----END RSA PRIVATE KEY----- - -``` - -{{% alert title="Important" color="warning" %}}Make sure to keep the indent and format similar as above, as well as the empty line after certificate and key.{{% /alert %}} - - \ No newline at end of file diff --git a/content/en/docs/Configuration/_index.md b/content/en/docs/Configuration/_index.md index 6285946f..ad89ab33 100644 --- a/content/en/docs/Configuration/_index.md +++ b/content/en/docs/Configuration/_index.md @@ -6,4 +6,4 @@ weight: 5 This section provides configuration guidelines for Amplify Open Banking. -Please click on a link below for more information. \ No newline at end of file +Please click on a link below for more information. diff --git a/content/en/docs/Configuration/ampint-environment-properties.md b/content/en/docs/Configuration/ampint-environment-properties.md new file mode 100644 index 00000000..f5e69e19 --- /dev/null +++ b/content/en/docs/Configuration/ampint-environment-properties.md @@ -0,0 +1,78 @@ +--- +title: "Amplify Integration" +linkTitle: "Amplify Integration" +weight: 4 +date: 2024-09-10 +--- + +Open Banking APIs and workflows are developed and exposed via Amplify Integration. These APIs and workflows rely on specific environment properties that must be configured for them to function correctly. This section provides instructions on how to update these environment properties, along with detailed explanations for each property. + +{{% alert title="Note" color="primary" %}} For more information on Amplify Integration, refer to the [Axway Documentation Portal](https://docs.axway.com/bundle/amplify_integration/page/amplify_integration_guide.html).{{% /alert %}} + +## Steps to configure environment properties + +The following steps provide details on how to set up these properties. + +1. Log in to Amplify Integration. + +2. Navigate to *Manager > Environments*. +![Go to Environments](/Images/AI-Manager-Environments.png) + +3. Click **Details**. +![View Details](/Images/AI-Env-Property-Details.png) + +4. Here you can update the environment properties. The details of the properties to be updated are provided in the next section. +![Update Properties](/Images/AI-Update-Environment-Properties.png) + +## Environment properties + +The following environment properties must be set up in each customer's data plane. + +| Environment Property Name | Description | +|--------------------------------------------------------------------------|--------------| +| Connections_APIFrontendUrl | URL to access the FDX APIs
Example:`https://griffin-design.openbanking.example.net:4443/` | +| Connections_realmName | Realm Name in the authorization server representing customer tenant
Example: griffin-design | +| FDX_Accounts_Search_basePath | Basepath of the FDX Accounts API
Default: /fdx/v6/core/accounts | +| FDX_Authorization_consentDurationOneTimePeriod | Default duration value (in days) for ONE_TIME consent
Default: 1 | +| FDX_Authorization_consentDurationPersistentPeriod | Default long time duration of PERSISTENT consent
Default: 36525 | +| FDX_Authorization_consentDurationSupportedTypes | Supported duration types of consent
Default: TIME_BOUND,ONE_TIME,PERSISTENT | +| FDX_Authorization_consentDurationTimeBoundMax | Maximum allowed duration period (in days) for TIME_BOUND consent
Default: 365 | +| FDX_Authorization_consentDurationTimeBoundMin | Minimum allowed duration period (in days) for TIME_BOUND consent
Default: 5 | +| FDX_Authorization_consentLookbackPeriodMax | Maximum allowed lookback period (in days) for which historical data may be requested; measured from request time, not grant time
Default: 90 | +| FDX_Authorization_consentLookbackPeriodMin | Minimum allowed lookback period (in days) for which historical data may be requested; measured from request time, not grant time
Default: 1 | +| FDX_Authorization_consentSupportedDataClusters | Supported enumerations or types of the clusters of data elements that can be requested in a consent grant
Default: ACCOUNT_BASIC,ACCOUNT_DETAILED,TRANSACTIONS,STATEMENTS,CUSTOMER_CONTACT,CUSTOMER_PERSONAL,INVESTMENTS,PAYMENT_SUPPORT | +| FDX_Authorization_consentSupportedResourceTypes | Types of resources that can be requested and for which consent can be given
Default: ACCOUNT | +| FDX_Authorization_wellKnownNotSupportedKeys | The keys of a well known URI's response coming from the authorization server that need to be suppressed before sending the response
Default: introspection_endpoint,userinfo_endpoint,end_session_endpoint,check_session_iframe,device_authorization_endpoint,backchannel_authentication_endpoint,registration_endpoint | +| FDX_Kafka_Publish_Notification_priority | Priority level of the logged events
Default: MEDIUM | +| FDX_Kafka_Publish_Notification_severity | Severity level of the logged events
Default: INFO | +| FDX_Kafka_Publish_Notification_tenantType | Type of the tenant
Default: DATA_PROVIDER | +| FDX_Notification_Subscription_eventTypes | Supported event types for subscription
Default: CONSENT_PARTIALLY_AUTHORIZED,CONSENT_AUTHORIZED,CONSENT_REJECTED,CONSENT_ON_HOLD,CONSENT_CONSUMED,CONSENT_EXPIRED,CONSENT_MODIFIED | +| Generic_Authorization_loginUrl | Login url of the authorization server
Example: `https://auth.openbanking.example.net/realms/griffin-design/protocol/openid-connect/auth`| +| Generic_Authorization_maxConsentAllowedPerUserPerPartner | Maximum number of allowed consents per user per partner
Default: 10 | +| Generic_Authorization_scaMethodEnabled | If strong customer authentication is enabled
Default: TRUE | +| Generic_Authorization_scaMethodExplanation | Description of the SCA method used | +| Generic_Authorization_scaMethodName | SCA method name
Default: Keycloak Redirection | +| Generic_Authorization_scaMethodProtocol | SCA method protocol
Default: REDIRECT | +| Generic_Authorization_scaMethodRedirectUrl | SCA method redirect URL
Example: `https://auth.openbanking.example.net/realms/griffin-design/protocol/openid-connect/auth` | +| PartnerCoreService_CacheExpirationInMinutes | Cache expiration time in minutes
Default: 10 | +| PartnerCoreService_OnboardingFieldLabel_consentDataClusters | Field from the onboarding portal that maps to data clusters
Default: Scope | +| PartnerCoreService_OnboardingFieldLabel_consentDurationPeriod | Field from the partner onboarding portal that maps to consent duration period
Default: Duration Period | +| PartnerCoreService_OnboardingFieldLabel_consentDurationType | Field from the onboarding portal that maps to consent duration type
Default: Duration Type | +| PartnerCoreService_OnboardingFieldLabel_consentLookbackPeriod | Field from the onboarding portal that maps to consent lookback period
Default: Lookback Period | +| PartnerCoreService_OnboardingFieldLabel_intermediaryHomeUrl | Field from the onboarding portal that maps to intermediary uri
Default: Intermediary URI | +| PartnerCoreService_OnboardingFieldLabel_intermediaryLogoUrl | Field from the onboarding portal that maps to intermediary logo uri
Default: Intermediary Logo URI | +| PartnerCoreService_OnboardingFieldLabel_intermediaryme | Field from the onboarding portal that maps to intermediary name
Default: Intermediary Name | +| PartnerCoreService_OnboardingFieldLabel_intermediaryRegisteredEntityId | Field from the onboarding portal that maps to intermediary registered entity id
Default: Intermediary Registered Entity Id | +| PartnerCoreService_OnboardingFieldLabel_intermediaryRegisteredEntityName | Field from the onboarding portal that maps to intermediary registered entity name
Default: Intermediary Registered Entity Name | +| PartnerCoreService_OnboardingFieldLabel_intermediaryRegistry | Field from the onboarding portal that maps to intermediary registry
Default: Intermediary Registry | +| PartnerCoreService_OnboardingFieldLabel_partnerHomeUrl | Field from the onboarding portal that maps to partner home url
Default: Website | +| PartnerCoreService_OnboardingFieldLabel_partnerLogoUrl | Field from the onboarding portal that maps to logo uri
Default: Logo URI | +| PartnerCoreService_OnboardingFieldLabel_partnerRegisteredEntityId | Field from the onboarding portal that maps to partner registered entity id
Default: Registered Entity Id | +| PartnerCoreService_OnboardingFieldLabel_partnerRegisteredEntityName | Field from the onboarding portal that maps to registered entity name
Default: Registered Entity Name | +| PartnerCoreService_OnboardingFieldLabel_partnerRegistry | Field from the onboarding portal that maps to partner registry
Default: Registry | +| PartnerCoreService_OnboardingFieldLabel_partnerType | Field from the onboarding portal that maps to partner type
Default: Entity Type | +| defaultPageSize | Default number of records in a single page
Default: 10 | +| maxPageSize | Maximum allowed number of records in a single page
Default: 100 | +| organizationId | Organization identifier of the customer from market place | +| organizationName | Organization name of the customer from market place | +| revokeRefeshTokenOnConsentExpiry | If refresh token needs to be revoked if consent expires
Default: TRUE | diff --git a/content/en/docs/Configuration/api-management.md b/content/en/docs/Configuration/api-management.md deleted file mode 100644 index 197f951a..00000000 --- a/content/en/docs/Configuration/api-management.md +++ /dev/null @@ -1,127 +0,0 @@ ---- -title: "API Management Configuration" -linkTitle: "API Management" -weight: 1 -date: 2021-09-02 ---- - -## API Gateway - -Amplify Open Banking API Gateway is based on the Axway API Gateway product. - -Most features are documented in the [Axway API Gateway documentation](https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_administration/apigtw_admin/index.html). - -### Key Properties Store (KPS) configuration - -The Key Properties Store of API Gateway is used to store the solution configuration variables. -This configuration can be read at the beginning of any policy using a common policy "Read Configuration." - -| Column Name | Type | Purpose | -| --- | --- | --- | -| a_id | java.lang.String | Autogenerated Id. | -| b_tenantId | java.lang.String | Bank Identifier (helpful in multi tenant setup). | -| c_name | java.lang.String | API Name. | -| d_version | java.lang.String | API Version. | -| e_method | java.lang.String | API Method. | -| f_extension_1 | java.lang.String | For future use | -| g_extension_2 | java.lang.String | For future use. | -| k_values | java.util.Map`` | Key Value Pairs help in extending configuration whenever we want without deployment. New key value pairs can be added easily.| - -In FDX deployment, by default, there is at least one row for each API and a row with generic information which is applicable to all APIs. - -In Open Finance Brazil deployment, by default, only one line exists with no criteria (columns b to e) and values (column k) corresponding to solution deployment parameters. - -Refer to [Solution Deployment](/docs/deployment/installation) to see how to change these values during deployment. - -Additionally, you can check and update your current configuration from API Gateway Manager - Settings - Key Property Stores. - -![kps-configuration](/Images/api-gateway-manager-kps-configuration.png) - -Click on configuration and the line to be checked or updated. - -![kps-values](/Images/api-gateway-manager-kps-values.png) - -Several values should correspond to the settings of Cloudentity or its consent module. See the below mapping table to check that the KPS values are correct. - -#### Mapping table for FDX - -| KPS Values | How to retrieve or check this values in Cloudentity UI | -| --- | --- | -| oauth_ce_host | hostname of Cloudentity server | -| oauth_ce_port | port of Cloudentity server | -| oauth_ce_tenantid | tenant id in Cloudentity server | -| oauth_ce_id | workspace id in Cloudentity where client applications are created and consents are stored | -| oauth_introspect_client_id | client id of app named "bank" in FDX workspace | -| oauth_ce_idp_clientId | client id of the custom IdP configured in FDX workspace | -| oauth_ce_idp_clientSecret | client secret of the custom IdP configured in FDX workspace | -| oauth_consent_user_clientSecret | client secret of the custom IdP configured in bank-customers workspace | - -#### Mapping table for Open Finance Brazil - -| KPS Values | How to retrieve or check this values in Cloudentity UI | -| --- | --- | -| oauth_consent_clientId | Custom IDP Demo bank login ID: bank customer. | -| oauth_consent_clientSecret | Custom IDP Demo bank login secret: bank customer. | -| oauth_consent_confirmation_clientid | Settings: consent screen client id. | -| oauth_consent_confirmation_clientSecret | Settings: consent screen client secret. | -| oauth_consent_user_clientSecret | Custom IDP Demo bank login secret: open banking workspace. | -| oauth_host | Host of Cloudentity server. | -| oauth_id | Openbanking workspace id in Cloudentity server. | -| oauth_introspect_clientid | App is bank in openbanking workspace. | -| oauth_tenantid | Tenant id in Cloudentity server. | - -### API policies - -API Gateway is configured with several API policies that are used with Open Banking flows. -You may want to customize some of these policies. - -You can check the following policy definitions by opening Policy Studio and navigating to Policies. - -For FDX deployment policy container name is - #AMPLIFY-OB-FDX. - -For Open Finance Brazil deployment policy container name is - #AMPLIFY-OB. - -![apim-policy-studio-apis](/Images/apim-policy-studio-api-containers.png) - -If you decide to change one of them, you can use Policy Studio directly for the development environment only. - -For other environments, you must update the FDX-YAML policy project, which is part of apigateway-config-fdx-7.7.0.20xxxxxx-BNxx.tar.gz, and deploy the configuration as detailed in [Mount the FDX Configuration](/docs/deployment/installation/api-management/fdx-apim/#mount-the-fdx-configuration). - -{{% alert title="Note" color="primary" %}} If you make changes to any of the policies in this container then those changes will be overridden by future upgrades. {{% /alert %}} - -### Certificates - -API Gateway is configured with several certificates that are used during the runtime: - -* Server certificate -* Client certificate authority -* Jwt certificate -* Keys - -You can check which ones are in use by opening Policy Studio and navigating to Environment Configuration - Certificate and Keys - Certificates. -Right-click a certificate to see if there are any references to it, meaning that they are currently in use. - -![apim-policy-studio-certificates](/Images/apim-policy-studio-certificates.png) - -If you identify the need to change one of them, refer to the API Gateway instructions that you can find under each section of [Certificate Management](/docs/configuration/certificate-management). - -## API Manager - -Configure the Open Banking API Manager settings, APIs and organizations and applications. - -Amplify Open Banking API Manager is based on the Axway API Manager product. Most features are documented in the [Axway API Manager documentation](https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_administration/apimgr_admin/index.html). - - - -### API Management - -Upon solution deployment, several Open Banking APIs are deployed and published in the catalog. -You can use the admin interface to update the APIs. - -![open banking apis](/Images/api-manager-apis.png) - -Refer to the details in the [Axway API Manager documentation](https://docs.axway.com/bundle/axway-open-docs/page/docs/apim_administration/apimgr_admin/api_mgmt_virtualize_web/index.html) to manage API details. diff --git a/content/en/docs/Configuration/auth-server-config.md b/content/en/docs/Configuration/auth-server-config.md new file mode 100644 index 00000000..f5095698 --- /dev/null +++ b/content/en/docs/Configuration/auth-server-config.md @@ -0,0 +1,103 @@ +--- +title: "Authorization Server" +linkTitle: "Authorization Server" +weight: 6 +date: 2024-09-10 +--- + +This section describes the necessary configuration settings for the Authorization Server, which is a critical component of the Open Banking solution. Proper configuration of the Authorization Server ensures secure and compliant access to APIs, enabling robust authentication and authorization processes. This guide will walk you through the key configuration steps and parameters required to align the Authorization Server with the overall solution architecture. + +## IdP configuration + +Integrating an Identity Provider (IdP) is essential for managing user authentication within the Open Banking solution. This section outlines the steps required to configure and integrate the IdP with the Authorization Server, enabling seamless and secure authentication processes. By connecting the Authorization Server to your chosen IdP, you can leverage existing user directories, enforce authentication policies, and streamline the overall login experience for users. + +The following steps detail how to configure your identity provider. + +1. Log in to Authorization Server. +2. Select *Identity providers* on the left menu. Select **OpenId Connect v1.0** from the Add provider menu. + ![Identity providers](/Images/AS-IdPs.png) +3. Create a new Alias and provide a valid Discovery endpoint. This is the "well-known" URL of the external IdP provider. Also provide the Client ID and Client Secret of the external IdP. + ![Select OpenID Connect](/Images/AS-Configure-IdP.png) +4. Click **Add** to save the configuration. +5. Open the newly created IdP. +6. Open the *Mapper* tab and create a userIdMapper in the IdP. Select Mapper type **User Session Note Mapper**. Make sure you are using the correct claim in userId mapper. + ![Create user mapper](/Images/AS-IdP-User-Mapper.png) + +The external IdP integration is completed. + +## Client policies update + +The following steps detail how to update the client policies. + +1. Select *Realm settings* on the left menu after selecting the desired realm. +2. Open the *Client Policies* tab. + ![Client Policies](/Images/client-policies.png) +3. Select **ob-issuer-verification** from the policies section. +4. Select **ob-issuer** Executor type. +5. Update the issuer URL to the authorize endpoint. This endpoint should be available in the tenant environment. (Shared Dataplane for Design and Check) + ![OB Issuer](/Images/ob-issuer.png) + +The policy issuer update is completed. + +## Token mapper configuration + +The following steps detail how to update the token mapper. + +1. Select *Client scopes* on the left menu after selecting the desired customer realm. +![Client Scopes](/Images/client-scopes.png) +2. Search for "fdx-resource" mapper in the search box. +3. Click on the mappers and open the *Mappers* tab. +![FDX Resurce ](/Images/fdx-resource.png) +4. Open **Openbanking Issuer Mapper**, update the Issuer claim with the authorize endpoint that will be used for Design and Check mode, present in the customer tenant. +![Issuer Mapper ](/Images/mapper.png) +5. Save the mapper. + +The token mapper issuer update is completed. + +## Authentication configuration + +Authentication is the area where you can configure and manage different credential types, authentication flows, screens, and actions during log in, registration, and other Keycloak workflows. + +The following steps detail how to create the post-login flow in addition to the built-in flows that are already there. + +1. Select *Authentication* on the left menu after selecting the desired realm. +2. Configure the **post-login-flow** - This specifies the actions needed after the authentication of the user is done successfully. + ![Post login flow](/Images/post-login-flow.png) + +* **END USER UPDATE** authenticator - When the user is successfully authenticated, Keycloak stores the id_token claims in the user session attribute. This is configured in the END USER UPDATE authenticator. The following configurations must be set for END USER UPDATE. + +| Configuration | Required | Default Value | Description | +| ------------------------------|----------|---------------|------------------------------------------------------------------------------------------------------------------------------------------------| +| Internal Resource Update Host | true | null | This is the host URL for resource update API. End-User Update SPI will use this host URI to update end-user information in the cosnet resource. | +| Internal Client Id | true | internal | The internal client Id to fetch auth token using client-credentials flow. | +| Auth Server Host | true | null | This is Auth-Token host. Using this host, End-User Update SPI will fetch the internal token with required scope. | +| User Id claim | true | sub | This is claim value in which userId is present from the IDP. | +| Openbanking Realm Name | true | null | Openbanking realm name to fetch internal tokens. | + +Refer to the following image: + +![END USER UPDATE](/Images/end-user-update.png) + +* **CONSENT GRANT REDIRECT** authenticator - This is configured to redirect the user to the consent grant application of the bank. The following configurations must be set for CONSENT GRANT REDIRECT. + +| Configuration | Required | Default Value | Description | +|--------------------------------|----------|---------------|----------------------------------------------------------------------------------------------------------------------------------------| +| Internal Resource Update Host | true | null | This is host URL for resource update API. The Consent Grant Redirect Update SPI will use this host URI to update account information. | +| Internal Client Id | true | internal | The Internal Client Id to fetch auth token using client-credentials flow. | +| Auth Server Host | true | null | This is Auth-Token host. Using this host, End-User Update SPI will fetch the internal token with required scope. | +| User Id claim | true | sub | This is claim value in which userId is present from the IDP. | +| Consent Grant Uri | true | null | Provide externally hosted consent grant URL. | +| Action Token Expiration Period | true | 300 | This period will determine the maximum allowed time (in seconds) for external consent application. | +| Issuer url | true | null | This issuer URL will be set in the authorization code jwt response. | + +Refer to the image below: + +![CONSENT GRANT REDIRECT](/Images/consent-grant-redirect.png) + +{{< alert title="Note" color="primary" >}}The above authenticators should be in the same sequence. The sequence cannot be changed.{{< /alert >}} + +## Update Identity providers configuration + +The Identity providers configuration created previously must be updated with the Post login flow, as mentioned in the following image. + +![IDP WITH POST LOGIN](/Images/post-login-identity-provider.png) diff --git a/content/en/docs/Configuration/consent-app-customizations.md b/content/en/docs/Configuration/consent-app-customizations.md deleted file mode 100644 index f220d7e7..00000000 --- a/content/en/docs/Configuration/consent-app-customizations.md +++ /dev/null @@ -1,127 +0,0 @@ ---- -title: "Consent Apps Customization" -linkTitle: "Consent Apps Customization" -weight: 10 -date: 2021-09-02 ---- -This section includes details to customize the Amplify Open Banking Consent Apps. - -## Consent page - -The Consent page embedded in the solution is provided for demonstration purposes only. Each customer should customize the consent page to match their target application's requirements. - -For this you would need to customize the corresponding Docker image and replace its reference to yours. - -* Download the [consent-page-image](https://axway-open-banking-docs.netlify.app/sample-files/consent-page-image.zip) Docker project that is the customization kit for the consent page. -* Customize the items you need to be customized as described in the sections below. -* Rebuild the Docker image with the custom change, and tag it for your own Docker repository: this Docker repository should be reachable from the Kubernetes cluster. - -```console -docker build consent-page -t /open-banking-consent-page: -``` - -* Push the Docker image to your Docker repository. - -```console -docker push /open-banking-consent-page: -``` - -* Update the `open-banking-consent/files/consent.values.yaml` used in [Install Open Banking Consent Helm chart](/docs/deployment/installation/cloudentity#install-open-banking-consent-helm-chart) to insert the _image_ record inside the _consentPage_ record as shown below. - -```yaml - consentPage: - image: - pullPolicy: IfNotPresent - repository: /open-banking-consent-page - tag: -``` - -* Upgrade the Helm chart release - -```console -helm upgrade consent -n open-banking-consent cloudentity/openbanking –-version -f open-banking-consent/files/consent.values.yaml -``` - -The consent page should now reflect your changes on your Kubernetes environment. - -The sections below details how to customize the consent page in the Docker image project. - -### Consent page template files - -The consent pages are generated based on customizable template files. - -You can find them in `consent/consent-page/templates/base`. - -![Consent page image files](/Images/consent-page-files.png) - -For instance, there are two main files you can customize for payment. -![obbr-payment-consent-1.tmpl](/Images/consent-page-obbr-payment1.png) - -* obbr-payment-consent-1.tmpl - -![obbr-payment-consent-2.tmpl](/Images/consent-page-obbr-payment2.png) - -* obbr-payment-consent-2.tmpl - -### Logo - -The logo can be changed by switching the name of the file in the image tag below. - -```html -
- -
-``` - -Host a new logo in the `consent/consent-page/assets/images` folder, preferably with an SVG extension. The set width of the template is 300px, so there is no need for a bigger file. - -### Background color - -Access the stylesheet at `consent/consent-page/assets/style.css`. -![style.css](/Images/consent-page-css.png) - -Change the background-color of the root element. - -### Text translations - -All text elements can be translated using the file in the `consent/consent-page/templates/translations/en-us.yaml` folder. - -Open the file and scroll the page until you find the syntax "br.payment..."; this syntax represents the files of the consent-page. - -![en-us.yaml](/Images/consent-page-language.png) - -Translate all texts for the desired messages in the target language. - -### Button colors - -Cancel and confirm buttons are located and styled inline in the consent-page files. - -```html -
- - -
-``` - -Change the colors, widths, shapes, borders, and paddings as you like. - -### Payment type choice - -As of the date of this document the only payment type accepted is PIX, so there is no need for a dropdown. -Change the Payment Method of file `obbr-payment-consent-1.tmpl` from a ``,\r", + "// {\r", + "// link: link, \r", + "// baseUrl: pm.environment.get('baseUrl'),\r", + "// client_id: pm.environment.get('clientId'),\r", + "// request_uri: pm.collectionVariables.get('request_uri'),\r", + "// })\r", + "" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "urlencoded", + "urlencoded": [ + { + "key": "request", + "value": "{{request_token}}", + "type": "text" + }, + { + "key": "client_id", + "value": "{{clientId}}", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/fdx/auth/v1/par", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "auth", + "v1", + "par" + ] + }, + "description": "#### **Data Recipient (DR) initiates a POST request to Data Provider's (DP’s) POST /par endpoint using the Pushed Authorization Request (PAR) method**" + }, + "response": [ + { + "name": "Step 1 - PAR Request", + "originalRequest": { + "method": "POST", + "header": [], + "body": { + "mode": "urlencoded", + "urlencoded": [ + { + "key": "request", + "value": "{{request_token}}", + "type": "text" + }, + { + "key": "client_id", + "value": "{{clientId}}", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/fdx/auth/v1/par", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "auth", + "v1", + "par" + ] + } + }, + "status": "Created", + "code": 201, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "date", + "value": "Fri, 27 Sep 2024 09:19:28 GMT" + }, + { + "key": "content-type", + "value": "application/json" + }, + { + "key": "content-length", + "value": "104" + }, + { + "key": "x-envoy-upstream-service-time", + "value": "11407" + }, + { + "key": "server", + "value": "envoy" + } + ], + "cookie": [], + "body": "{\n \"request_uri\": \"urn:ietf:params:oauth:request_uri:1392f0f8-3068-4afe-a48a-d368cdab18e0\",\n \"expires_in\": 60\n}" + } + ] + }, + { + "name": "Step 2 - Get Authorize (Follow instructions from Visualize tab)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Response status code is 302\", function () {", + " pm.response.to.have.status(302);", + "});", + "", + "pm.test(\"location is present\", function () {", + " pm.response.to.have.header(\"location\");", + "});", + "", + "const link = pm.response.headers.get('location')", + "", + "pm.visualizer.set(`", + "

Open this link in browser to login and authorize consent:

", + "`,", + "{", + " link: link, ", + "})", + "" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "{{baseUrl}}/fdx/auth/v1/authorize?client_id={{clientId}}&request_uri={{request_uri}}", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "auth", + "v1", + "authorize" + ], + "query": [ + { + "key": "client_id", + "value": "{{clientId}}" + }, + { + "key": "request_uri", + "value": "{{request_uri}}" + } + ] + }, + "description": "- Once you get the response, go to Visualize tab and copy the available link. You need to use this link in the browser of your choice and complete login.\n \n- For login credentials, contact the financial instititution.\n \n- Complete the authorization by granting access to accounts.\n \n- Once redirects are done, copy the URL from the browser's address bar." + }, + "response": [ + { + "name": "Step 2 - Get Authorize (Follow instructions from Visualize tab)", + "originalRequest": { + "method": "GET", + "header": [], + "url": { + "raw": "{{baseUrl}}/fdx/auth/v1/authorize?client_id={{clientId}}&request_uri={{request_uri}}", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "auth", + "v1", + "authorize" + ], + "query": [ + { + "key": "client_id", + "value": "{{clientId}}" + }, + { + "key": "request_uri", + "value": "{{request_uri}}" + } + ] + } + }, + "status": "Found", + "code": 302, + "_postman_previewlanguage": "plain", + "header": [ + { + "key": "date", + "value": "Fri, 27 Sep 2024 09:19:39 GMT" + }, + { + "key": "content-type", + "value": "text/plain" + }, + { + "key": "content-length", + "value": "2" + }, + { + "key": "location", + "value": "https://auth.openbanking.axwaysbsdev.net/realms/griffin-live/protocol/openid-connect/auth?client_id=af20ad73-9ee5-42d4-a1fb-70bfd5de3fdf&request_uri=urn:ietf:params:oauth:request_uri:1392f0f8-3068-4afe-a48a-d368cdab18e0&resourceId=66f6789e31f11123c37dfbfe&resourceType=AIS&authorizationId=66f6789f31f11123c37dfc00" + }, + { + "key": "x-envoy-upstream-service-time", + "value": "981" + }, + { + "key": "server", + "value": "envoy" + } + ], + "cookie": [], + "body": "{}" + } + ] + }, + { + "name": "Step 2.1 Get Code from Redirect URL (paste url in body)", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "const url = pm.request.body.raw", + "", + "const queryString = url.split('?')[1];", + "", + "if (!queryString) {", + " console.warn(\"URL doesn't contain a query string\");", + " return;", + "}", + "", + "// Split the query string by separators (assumes '&' and '=')", + "const params = queryString.split('&').reduce((obj, param) => {", + " const [key, value] = param.split('=');", + " obj[key] = value;", + " return obj;", + "}, {});", + "", + "// Check for \"response\" parameter", + "const token = params.response;", + "", + "if (!token) {", + " console.warn(\"URL doesn't contain a 'response' query parameter with the JWT token\");", + "} else {", + " // Split the token into parts (header, payload, signature)", + " const parts = token.split('.');", + " if (parts.length !== 3) {", + " console.warn(\"Invalid JWT token format\");", + " } else {", + " // Decode the payload (base64 encoded)", + " const decodedPayload = atob(parts[1]); // atob is for base64 decoding", + "", + " try {", + " // Parse the decoded payload as JSON", + " const payload = JSON.parse(decodedPayload);", + "", + " // Extract the \"code\" claim", + " const code = payload.code;", + "", + " if (code) {", + " // Store the code in a variable for use in the request", + " pm.collectionVariables.set(\"code\", code);", + " console.log(\"Extracted code claim:\", code);", + " } else {", + " console.warn(\"JWT token doesn't contain a 'code' claim\");", + " }", + " } catch (error) {", + " console.warn(\"Error decoding JWT payload:\", error);", + " }", + " }", + "}" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "raw", + "raw": "https://oauth.pstmn.io/v1/callback?response=eyJhbGciOiJQUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJtbkplLW1wbTRoX0puMTJRMzhOV0JaUU1xZHQzekhkS2N6ZWNkM0lKTl80In0.eyJleHAiOjE3MjIzNDgxNTUsImlzcyI6Imh0dHBzOi8vYXV0aC5vcGVuYmFua2luZy5heHdheXNic2Rldi5uZXQvcmVhbG1zL2dyaWZmaW4tbGl2ZSIsImF1ZCI6ImVtb25leSIsImNvZGUiOiI2M2Q4NWVlMy1hMTNkLTRjMWYtOTJhZi00NmViMDMwMTc1ZmEuYzA2MDc3NzAtMzE5Ni00NTg0LTljM2YtNWIxMDU2NDI1YjY1LjM1Njg2OTlhLTM1OTMtNGQ2Yy05YmI5LWVmMjg0N2I5MTVlNiIsImlzcyI6Imh0dHBzOi8vYXV0aC5vcGVuYmFua2luZy5heHdheXNic2Rldi5uZXQvcmVhbG1zL2dyaWZmaW4tbGl2ZSIsInN0YXRlIjoiNGE4NzQwNTAtZjgyNi00N2YyLTg1MjUtMWE0NThkMjE5ZmY4Iiwic2Vzc2lvbl9zdGF0ZSI6ImMwNjA3NzcwLTMxOTYtNDU4NC05YzNmLTViMTA1NjQyNWI2NSJ9.nX_cEVwxBCAekLvjCwnzYsNGRBEEX89IjFMs8Ur89sgMRff9vrJWIZ_H2fm8U2YaIjfdSGJGCTJwvZWE5Q9O6Oq0dkHQXsEf-M7FF7JTWhVaOpgUtJgj_7coBdOBb3mu-gygYoD02CtdCt1Rt1PalmAimjryGYqH543Xdgxp9MJ8i7EZPPiKVChE_4lyqmL-tNCWkvvtujQPRr15IoZamzSZ2799Vv-hJ3PydmZ6Hjw8pagPJ2k2sbZVur7gt2uCDJsHeD21AL9YML3YJ1_uvGWqrUGvYRscL31TVs3U69i1DNp5EJu9PXhn_N6YPyCN-zDFlY9GDdGXLV5hqN9Vzw", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "https://postman-echo.com/get", + "protocol": "https", + "host": [ + "postman-echo", + "com" + ], + "path": [ + "get" + ] + }, + "description": "Paste the URL copied in previous step in the body of the request. In the response you will get authorization code." + }, + "response": [ + { + "name": "Step 1a. Get Code from Redirect URL (paste url in body)", + "originalRequest": { + "method": "GET", + "header": [], + "body": { + "mode": "raw", + "raw": "https://oauth.pstmn.io/v1/callback?response=eyJhbGciOiJQUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJtbkplLW1wbTRoX0puMTJRMzhOV0JaUU1xZHQzekhkS2N6ZWNkM0lKTl80In0.eyJleHAiOjE3MjIwMDgyMzQsImlzcyI6Imh0dHBzOi8vYXV0aC5vcGVuYmFua2luZy5heHdheXNic2Rldi5uZXQvcmVhbG1zL2dyaWZmaW4tbGl2ZSIsImF1ZCI6ImVtb25leSIsImNvZGUiOiJjNDhhM2M3YS00OTZmLTRhZDktYmJkYS0zOTBmYTUxNThhNjYuNTQ1ZjdmMTgtMzBlNi00MzE4LWI1YTYtYTBhZGYyZTk4OTZlLjM1Njg2OTlhLTM1OTMtNGQ2Yy05YmI5LWVmMjg0N2I5MTVlNiIsImlzcyI6Imh0dHBzOi8vYXV0aC5vcGVuYmFua2luZy5heHdheXNic2Rldi5uZXQvcmVhbG1zL2dyaWZmaW4tbGl2ZSIsInN0YXRlIjoiMTNjZDg0MGItN2JiNS00ZDEzLWI4NmItNmE2NGI3MmJjOGQ2Iiwic2Vzc2lvbl9zdGF0ZSI6IjU0NWY3ZjE4LTMwZTYtNDMxOC1iNWE2LWEwYWRmMmU5ODk2ZSJ9.obtnQibqbKTnrkOHrK1jbiqI6Hxb2gBn8_h2iGZWq9jnyvAzKQsGaSC0jvr1usQHhd1U-j8VLAagIzEAQxWLrrAG7AaZkgx4suKv-WqLp3DuiICTpk6-UuKwBrb3Pyu8Gq_o2R7sUxWMhI4M-NiezAvFLbkKOI7Y7X8Xjroq70Im8CcEuCt2EDou8zfa9u066c1h3-OP9CfUBAxFtiS9eqX4-u2opqLd3MfcrYZ7dAmVwmBM-qlys045yrEe3iunCEXkW_SfScsdZXRZ1tWAfn6VE2FMC5q5ftegsTqvUl3IUi6slZcaEkjLKd_Yux25-p9JShNgGIBO2eNEa5i2Pw", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "https://postman-echo.com/get", + "protocol": "https", + "host": [ + "postman-echo", + "com" + ], + "path": [ + "get" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Date", + "value": "Fri, 26 Jul 2024 15:32:32 GMT" + }, + { + "key": "Content-Type", + "value": "application/json; charset=utf-8" + }, + { + "key": "Content-Length", + "value": "627" + }, + { + "key": "Connection", + "value": "close" + }, + { + "key": "Server", + "value": "nginx/1.25.3" + }, + { + "key": "ETag", + "value": "W/\"273-vVHifNsaeEGO8GI3W8qFyH0EPJE\"" + }, + { + "key": "set-cookie", + "value": "sails.sid=s%3A8lzMEOIe9_tTVDdha4UrgIl33Gl_LCdX.Kol%2FL9pIDL1%2BrmVgCn7%2FEKLSXnL4sfwotuLiQ9Q6edU; Path=/; HttpOnly" + } + ], + "cookie": [], + "body": "{\n \"args\": {},\n \"headers\": {\n \"host\": \"postman-echo.com\",\n \"x-request-start\": \"t=1722007952.456\",\n \"content-length\": \"6\",\n \"x-forwarded-proto\": \"https\",\n \"x-forwarded-port\": \"443\",\n \"x-amzn-trace-id\": \"Root=1-66a3c190-7b5081de7174600d46ca4846\",\n \"content-type\": \"application/json\",\n \"user-agent\": \"PostmanRuntime/7.40.0\",\n \"accept\": \"*/*\",\n \"postman-token\": \"0d3c895f-ac19-48c7-a297-1c15baf32aeb\",\n \"accept-encoding\": \"gzip, deflate, br\",\n \"cookie\": \"sails.sid=s%3AQbR8DmLDTlf6HhfpeIfrJL5a8t_lHW94.KSl2ZRDXNsKY57YwOnT3QoKoVWgtk1aoSzAAy52hZrE\"\n },\n \"url\": \"https://postman-echo.com/get\"\n}" + } + ] + }, + { + "name": "Step 3 - Get Access Token", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Extract and store the access token, refresh token and consentId in collection variable\", function () {\r", + " const responseData = pm.response.json();\r", + " \r", + " pm.expect(responseData.refresh_token).to.exist;\r", + " pm.collectionVariables.set(\"access_token\", responseData.access_token);\r", + "\r", + " pm.expect(responseData.refresh_token).to.exist;\r", + " pm.collectionVariables.set(\"refresh_token\", responseData.refresh_token);\r", + "\r", + " pm.expect(responseData.refresh_token).to.exist;\r", + " pm.collectionVariables.set(\"consentId\", responseData.grant_id);\r", + "\r", + "});\r", + "\r", + "// Validate that the access_token, token_type, expires_in, refresh_token, scope, state, and grant_id fields are not null\r", + "pm.test(\"Access token is not null\", function () {\r", + " pm.expect(pm.response.json().access_token).to.not.be.null;\r", + "});\r", + "\r", + "pm.test(\"Token type is not null\", function () {\r", + " pm.expect(pm.response.json().token_type).to.not.be.null;\r", + "});\r", + "\r", + "pm.test(\"Expires in is not null\", function () {\r", + " pm.expect(pm.response.json().expires_in).to.not.be.null;\r", + "});\r", + "\r", + "pm.test(\"Refresh token is not null\", function () {\r", + " pm.expect(pm.response.json().refresh_token).to.not.be.null;\r", + "});\r", + "\r", + "pm.test(\"Scope is not null\", function () {\r", + " pm.expect(pm.response.json().scope).to.not.be.null;\r", + "});\r", + "\r", + "pm.test(\"State is not null\", function () {\r", + " pm.expect(pm.response.json().state).to.not.be.null;\r", + "});\r", + "\r", + "pm.test(\"Grant ID is not null\", function () {\r", + " pm.expect(pm.response.json().grant_id).to.not.be.null;\r", + "});\r", + "" + ], + "type": "text/javascript", + "packages": {} + } + }, + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "ssl-client-verify", + "value": "{{ssl-client-verify}}", + "type": "text" + }, + { + "key": "ssl-client-cert", + "value": "{{ssl-client-cert}}", + "type": "text" + } + ], + "body": { + "mode": "urlencoded", + "urlencoded": [ + { + "key": "redirect_uri", + "value": "https://oauth.pstmn.io/v1/callback", + "type": "text" + }, + { + "key": "code", + "value": "{{code}}", + "type": "text" + }, + { + "key": "client_id", + "value": "{{clientId}}", + "type": "text" + }, + { + "key": "code_verifier", + "value": "{{code_verifier}}", + "type": "text" + }, + { + "key": "grant_type", + "value": "authorization_code", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/fdx/auth/v1/token", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "auth", + "v1", + "token" + ] + }, + "description": "### Endpoint Description\n\nThis endpoint is used to make an HTTP POST request to obtain a token for authentication. Once you gets the token in response you are ready to call rest of the API endpoints in this collection. No more copy paste required.\n\n### Request Body\n\n- The request body should be of type x-www-form-urlencoded.\n \n\n### Response\n\nThe response for this request is a JSON object with the following properties:\n\n- `access_token` (string): The access token obtained.\n \n- `expires_in` (number): The duration until the token expires.\n \n- `refresh_expires_in` (number): The duration until the refresh token expires.\n \n- `refresh_token` (string): The refresh token obtained.\n \n- `token_type` (string): The type of token obtained.\n \n- `not-before-policy` (number): Not-before policy value.\n \n- `session_state` (string): The session state.\n \n- `scope` (string): The scope of the token.\n \n- `grant_id` (string): The grant ID.\n \n\n### JSON Schema\n\n``` json\n{\n \"type\": \"object\",\n \"properties\": {\n \"access_token\": { \"type\": \"string\" },\n \"expires_in\": { \"type\": \"number\" },\n \"refresh_expires_in\": { \"type\": \"number\" },\n \"refresh_token\": { \"type\": \"string\" },\n \"token_type\": { \"type\": \"string\" },\n \"not-before-policy\": { \"type\": \"number\" },\n \"session_state\": { \"type\": \"string\" },\n \"scope\": { \"type\": \"string\" },\n \"grant_id\": { \"type\": \"string\" }\n }\n}\n\n ```" + }, + "response": [ + { + "name": "Step 3 - Get Access Token", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "ssl-client-verify", + "value": "{{ssl-client-verify}}", + "type": "text" + }, + { + "key": "ssl-client-cert", + "value": "{{ssl-client-cert}}", + "type": "text" + } + ], + "body": { + "mode": "urlencoded", + "urlencoded": [ + { + "key": "redirect_uri", + "value": "https://oauth.pstmn.io/v1/callback", + "type": "text" + }, + { + "key": "code", + "value": "{{code}}", + "type": "text" + }, + { + "key": "client_id", + "value": "{{clientId}}", + "type": "text" + }, + { + "key": "code_verifier", + "value": "{{code_verifier}}", + "type": "text" + }, + { + "key": "grant_type", + "value": "authorization_code", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/fdx/auth/v1/token", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "auth", + "v1", + "token" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "date", + "value": "Fri, 27 Sep 2024 09:21:24 GMT" + }, + { + "key": "content-type", + "value": "application/json" + }, + { + "key": "content-length", + "value": "2716" + }, + { + "key": "x-envoy-upstream-service-time", + "value": "2455" + }, + { + "key": "server", + "value": "envoy" + } + ], + "cookie": [], + "body": "{\n \"access_token\": \"eyJhbGciOiJQUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJCeWQ0UklSMXpMeUluZi10M1RMV1p1Ql91NUJYVUFVOXc4NEJCQ3duQXNJIn0.eyJleHAiOjE3Mjc0MjkxODIsImlhdCI6MTcyNzQyODg4MiwiYXV0aF90aW1lIjoxNzI3NDI4ODM1LCJqdGkiOiIzODMwNTE4NC0wZTIzLTQ3M2ItYWYxMi00ZTZiZmZkNjhmZWYiLCJpc3MiOiJodHRwczovL2dyaWZmaW4tbGl2ZS5vcGVuYmFua2luZy5heHdheXNic2Rldi5uZXQ6NDQ0My9mZHgvYXV0aC92MSIsInN1YiI6ImMzZjVmZTBmLWExNTMtNDZjOC1iZWFjLTZlNjE4NjgxNTllYSIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFmMjBhZDczLTllZTUtNDJkNC1hMWZiLTcwYmZkNWRlM2ZkZiIsInNpZCI6IjI1NTFmM2YwLTY5ODUtNDMxZS05NjU4LWM2NTFlMzEzNGI5OCIsImNuZiI6eyJ4NXQjUzI1NiI6IldmaVplZFJSc2dWOWxHTmV3MjBkMk1sblYyT2NENFd6TmsxcGJBYkt1VlkifSwic2NvcGUiOiJmZHg6YWNjb3VudGJhc2ljOnJlYWQgZmR4OnBheW1lbnRzdXBwb3J0OnJlYWQgZmR4OmN1c3RvbWVyY29udGFjdDpyZWFkIGZkeDp0cmFuc2FjdGlvbnM6cmVhZCBmZHg6YWNjb3VudGRldGFpbGVkOnJlYWQiLCJ0ZW5hbnRJbmZvcm1hdGlvbiI6eyJ0ZW5hbnROYW1lIjoiZ3JpZmZpbiIsInRlbmFudElkIjoiUFMxMTA2MjAwMCJ9LCJmZHhDb25zZW50SWQiOiI2NmY2Nzg5ZTMxZjExMTIzYzM3ZGZiZmUifQ.SEgOqBQ7QJIWcfOODMp4dXak5Uw53vQQRsEM8AFGHA1r1T2xhAfBfsFtWMrbbX1EeE0pm9-MPXqMnOOeAC5eqDdDPo63iAaXuA-vP-2QVGB0Jfe1hnQmPXEIeU8iprPhikjFZ_7FxVuwtS4H-S0m8HPl9r-Z2gLMogJM5_zHr_lY5d7edAFjeIzrDsuaPfFDRYH9cm2sU-IRx34JXIBNjCegeRsVNO8tK9wzbodCOnq2KBf6yQXRkr02Sf8Rz0DV4B5yPm1bb8bL7Hj2axGpu9JQOwVfTwxXKz2X_UcZzI_jclhWztGbmmm5OgqrMVECxhtz2js_L8UTDQjTi0HMlg\",\n \"expires_in\": 300,\n \"refresh_expires_in\": 2592000,\n \"refresh_token\": \"eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwNjMwMTBkYi03ZmQ0LTQ0YmUtYjJmYi0wZTFhMDYwMTI5NzYifQ.eyJleHAiOjE3MzAwMjA4ODIsImlhdCI6MTcyNzQyODg4MiwianRpIjoiOTJkOTZlODktNzdlOC00YTcxLTlmYzctNzE4OTlmMDFiNzcyIiwiaXNzIjoiaHR0cHM6Ly9ncmlmZmluLWxpdmUub3BlbmJhbmtpbmcuYXh3YXlzYnNkZXYubmV0OjQ0NDMvZmR4L2F1dGgvdjEiLCJhdWQiOiJodHRwczovL2dyaWZmaW4tbGl2ZS5vcGVuYmFua2luZy5heHdheXNic2Rldi5uZXQ6NDQ0My9mZHgvYXV0aC92MSIsInN1YiI6ImMzZjVmZTBmLWExNTMtNDZjOC1iZWFjLTZlNjE4NjgxNTllYSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJhZjIwYWQ3My05ZWU1LTQyZDQtYTFmYi03MGJmZDVkZTNmZGYiLCJzaWQiOiIyNTUxZjNmMC02OTg1LTQzMWUtOTY1OC1jNjUxZTMxMzRiOTgiLCJjbmYiOnsieDV0I1MyNTYiOiJXZmlaZWRSUnNnVjlsR05ldzIwZDJNbG5WMk9jRDRXek5rMXBiQWJLdVZZIn0sInNjb3BlIjoiZmR4LXJlc291cmNlIGZkeDphY2NvdW50YmFzaWM6cmVhZCB0ZW5hbnQtaW5mb3JtYXRpb24gZmR4OnBheW1lbnRzdXBwb3J0OnJlYWQgZmR4OmN1c3RvbWVyY29udGFjdDpyZWFkIGZkeDp0cmFuc2FjdGlvbnM6cmVhZCBmZHg6YWNjb3VudGRldGFpbGVkOnJlYWQgYmFzaWMiLCJyZXVzZV9pZCI6IjFhNmY3N2RmLTU3MzktNGRmNy04Mjg4LTk3OTllNzk3NDQ4ZCJ9.BeH2FKC_9nsRjTOyPyhDeVTU2_Pl2L1EPSIZrne43Xm8hhmm2CczXxIzIsAkabDMrHnDS-Tl85XKUeCqW2nb6w\",\n \"token_type\": \"Bearer\",\n \"not-before-policy\": 0,\n \"session_state\": \"2551f3f0-6985-431e-9658-c651e3134b98\",\n \"scope\": \"fdx:accountbasic:read fdx:paymentsupport:read fdx:customercontact:read fdx:transactions:read fdx:accountdetailed:read\",\n \"grant_id\": \"66f6789e31f11123c37dfbfe\"\n}" + } + ] + } + ], + "description": "Requests in this folder needs to be run first in overall collection and in the sequence as defined in the request names." + }, + { + "name": "Accounts", + "item": [ + { + "name": "Get Accounts", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Response status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "", + "", + "pm.test(\"Content-Type header is application/json\", function () {", + " pm.expect(pm.response.headers.get(\"Content-Type\")).to.include(\"application/json\");", + "});", + "", + "", + "pm.test(\"Validate the accounts array and its structure\", function () {", + " const responseData = pm.response.json();", + " ", + " pm.expect(responseData.accounts).to.be.an('array');", + " pm.expect(responseData.accounts).to.have.lengthOf.at.least(1, \"Accounts array should not be empty\");", + "", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/core/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "core", + "accounts" + ] + } + }, + "response": [ + { + "name": "Get Accounts", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/core/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "core", + "accounts" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "date", + "value": "Fri, 27 Sep 2024 09:21:45 GMT" + }, + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "content-type", + "value": "application/json" + }, + { + "key": "content-length", + "value": "980" + }, + { + "key": "x-envoy-upstream-service-time", + "value": "7458" + }, + { + "key": "server", + "value": "envoy" + } + ], + "cookie": [], + "body": "{\n \"accounts\": [\n {\n \"accountCategory\": \"DEPOSIT_ACCOUNT\",\n \"accountId\": \"948759it3kbm5b3fdkj454\",\n \"accountType\": \"CHECKING\",\n \"accountNumber\": \"1028462538\",\n \"accountNumberDisplay\": \"******2538\",\n \"productName\": \"Checking account\",\n \"nickname\": \"My Checkings\",\n \"status\": \"OPEN\",\n \"description\": \"John Doe's checking account\",\n \"currency\": {\n \"currencyCode\": \"USD\"\n },\n \"fiAttributes\": [\n {\n \"name\": \"attribute1\",\n \"value\": \"12435456\"\n },\n {\n \"name\": \"attribute2\",\n \"value\": \"ABCDEF\"\n }\n ],\n \"parentAccountId\": \"91da8f01-40b2-5d38-1bfc-581fbf8eb169\"\n },\n {\n \"accountCategory\": \"DEPOSIT_ACCOUNT\",\n \"accountId\": \"948759it3kbm5b3f1234454\",\n \"accountType\": \"SAVINGS\",\n \"accountNumber\": \"7234234543\",\n \"accountNumberDisplay\": \"******4543\",\n \"productName\": \"Savings account\",\n \"nickname\": \"My Savings\",\n \"status\": \"OPEN\",\n \"description\": \"John Doe's saving account\",\n \"currency\": {\n \"currencyCode\": \"USD\"\n },\n \"fiAttributes\": [\n {\n \"name\": \"attribute1\",\n \"value\": \"12435456\"\n },\n {\n \"name\": \"attribute2\",\n \"value\": \"ABCDEF\"\n }\n ],\n \"parentAccountId\": \"91da8f01-40b2-5d38-1bfc-581fbf8eb169\"\n }\n ],\n \"page\": {\n \"totalElements\": 2\n }\n}" + } + ] + }, + { + "name": "Get Account by Id", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Response status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "", + "", + "pm.test(\"Content-Type header is application/json\", function () {", + " pm.expect(pm.response.headers.get(\"Content-Type\")).to.include(\"application/json\");", + "});", + "" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/core/accounts/{{accountId}}", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "core", + "accounts", + "{{accountId}}" + ] + } + }, + "response": [ + { + "name": "Get Account by Id", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/core/accounts/{{accountId}}", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "core", + "accounts", + "{{accountId}}" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "date", + "value": "Fri, 27 Sep 2024 09:22:03 GMT" + }, + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "content-type", + "value": "application/json" + }, + { + "key": "content-length", + "value": "1940" + }, + { + "key": "x-envoy-upstream-service-time", + "value": "7458" + }, + { + "key": "server", + "value": "envoy" + } + ], + "cookie": [], + "body": "{\n \"accountCategory\": \"DEPOSIT_ACCOUNT\",\n \"accountId\": \"948759it3kbm5b3fdkj454\",\n \"accountNumber\": \"1028462538\",\n \"accountNumberDisplay\": \"******2538\",\n \"accountOpenDate\": \"2021-07-15\",\n \"accountType\": \"CHECKING\",\n \"annualPercentageYield\": 0,\n \"availableBalance\": 2454.6,\n \"balanceAsOf\": \"2024-07-15T14:46:41.375Z\",\n \"balanceType\": \"ASSET\",\n \"billPayStatus\": \"ACTIVE\",\n \"currency\": {\n \"currencyCode\": \"USD\"\n },\n \"currentBalance\": 2454.6,\n \"description\": \"John Doe's checking account\",\n \"domicile\": {\n \"region\": \"NY\",\n \"country\": \"US\"\n },\n \"earlyPenaltyFlag\": true,\n \"fiAttributes\": [\n {\n \"name\": \"attribute1\",\n \"value\": \"12435456\"\n },\n {\n \"name\": \"attribute2\",\n \"value\": \"ABCDEF\"\n }\n ],\n \"interestRate\": 0,\n \"interestRateAsOf\": \"2021-07-15T14:46:41.375Z\",\n \"interestRateType\": \"FIXED\",\n \"interestYtd\": 0,\n \"lastActivityDate\": \"2024-07-15\",\n \"lineOfBusiness\": \"consumer\",\n \"maturityDate\": \"2021-07-15\",\n \"micrNumber\": \"12443240\",\n \"nickname\": \"My Checkings\",\n \"openingDayBalance\": 2454.6,\n \"parentAccountId\": \"91da8f01-40b2-5d38-1bfc-581fbf8eb169\",\n \"priorInterestRate\": 0,\n \"productName\": \"Checking account\",\n \"rewardProgramId\": \"10001\",\n \"routingTransitNumber\": \"00123000220\",\n \"status\": \"OPEN\",\n \"term\": 0,\n \"transactionsIncluded\": false,\n \"transferIn\": true,\n \"transferOut\": true,\n \"contact\": {\n \"addresses\": [\n {\n \"city\": \"New York\",\n \"country\": \"US\",\n \"line1\": \"829 Spring St.\",\n \"postalCode\": \"10040\",\n \"region\": \"NY\"\n }\n ],\n \"emails\": [\n \"johndoe@demo.com\"\n ],\n \"holders\": [\n {\n \"customerId\": \"49\",\n \"dateOfBirth\": \"2002-08-21\",\n \"governmentId\": \"BBshg054Thv\",\n \"relationship\": \"PRIMARY\",\n \"type\": \"CONSUMER\",\n \"emails\": [\n \"john.doe@gmailcom\",\n \"jd@gmail.com\"\n ],\n \"telephones\": [\n {\n \"type\": \"HOME\",\n \"country\": \"US\",\n \"number\": \"8756565565\"\n }\n ],\n \"name\": {\n \"first\": \"John\",\n \"middle\": \"middle\",\n \"last\": \"Doe\",\n \"suffix\": \"suffix\",\n \"prefix\": \"Mr\",\n \"company\": \"Abc Tech company\"\n },\n \"addresses\": [\n {\n \"line1\": \"#85\",\n \"line2\": \"lastangel\",\n \"line3\": \"Carron\",\n \"city\": \"swiz\",\n \"state\": \"Cargo\",\n \"region\": \"region\",\n \"postalCode\": \"88556\",\n \"country\": \"US\",\n \"type\": \"MAILING\"\n }\n ]\n }\n ],\n \"telephones\": [\n {\n \"type\": \"CELL\",\n \"country\": \"1\",\n \"number\": \"212-916-5097\"\n },\n {\n \"type\": \"HOME\",\n \"country\": \"1\",\n \"number\": \"845-670-0862\"\n }\n ]\n }\n}" + } + ] + }, + { + "name": "Get Account Transactions", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Response status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "", + "", + "pm.test(\"Content-Type header is application/json\", function () {", + " pm.expect(pm.response.headers.get(\"Content-Type\")).to.include(\"application/json\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/core/accounts/{{accountId}}/transactions?startTime=2024-06-15&endTime=2024-07-26&limit=5&offset=Page1", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "core", + "accounts", + "{{accountId}}", + "transactions" + ], + "query": [ + { + "key": "startTime", + "value": "2024-06-15" + }, + { + "key": "endTime", + "value": "2024-07-26" + }, + { + "key": "limit", + "value": "5" + }, + { + "key": "offset", + "value": "Page1" + } + ] + } + }, + "response": [ + { + "name": "Get Account Transactions", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/core/accounts/{{accountId}}/transactions?startTime=2024-06-15&endTime=2024-07-26&limit=5&offset=Page1", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "core", + "accounts", + "{{accountId}}", + "transactions" + ], + "query": [ + { + "key": "startTime", + "value": "2024-06-15" + }, + { + "key": "endTime", + "value": "2024-07-26" + }, + { + "key": "limit", + "value": "5" + }, + { + "key": "offset", + "value": "Page1" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "date", + "value": "Fri, 27 Sep 2024 09:23:09 GMT" + }, + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "content-type", + "value": "application/json" + }, + { + "key": "content-length", + "value": "2855" + }, + { + "key": "x-envoy-upstream-service-time", + "value": "26960" + }, + { + "key": "server", + "value": "envoy" + } + ], + "cookie": [], + "body": "{\n \"page\": {\n \"totalElements\": 18,\n \"nextOffset\": \"Page2\"\n },\n \"transactions\": [\n {\n \"accountId\": \"948759it3kbm5b3fdkj454\",\n \"accountCategory\": \"DEPOSIT_ACCOUNT\",\n \"transactionId\": \"T98224315404\",\n \"referenceTransactionId\": \"RT73659438576\",\n \"postedTimestamp\": \"2024-04-15T12:29:06Z\",\n \"transactionTimestamp\": \"2024-06-23T23:34:51Z\",\n \"description\": \"Online groceries\",\n \"memo\": \"note66\",\n \"debitCreditMemo\": \"DEBIT\",\n \"category\": \"SIC\",\n \"subCategory\": \"Online shopping\",\n \"reference\": \"R68078870179\",\n \"status\": \"AUTHORIZATION\",\n \"amount\": 1491.973856687403,\n \"transactionType\": \"ADJUSTMENT\",\n \"payee\": \"payee66\",\n \"checkNumber\": 77788572142\n },\n {\n \"accountId\": \"948759it3kbm5b3fdkj454\",\n \"accountCategory\": \"DEPOSIT_ACCOUNT\",\n \"transactionId\": \"T40278332806\",\n \"referenceTransactionId\": \"RT30767023464\",\n \"postedTimestamp\": \"2024-03-26T04:21:09Z\",\n \"transactionTimestamp\": \"2024-06-27T13:44:33Z\",\n \"description\": \"Clothing order\",\n \"memo\": \"note26\",\n \"debitCreditMemo\": \"CREDIT\",\n \"category\": \"SIC\",\n \"subCategory\": \"Online shopping\",\n \"reference\": \"R12399236734\",\n \"status\": \"AUTHORIZATION\",\n \"amount\": 427.936701109344,\n \"transactionType\": \"ADJUSTMENT\",\n \"payee\": \"payee26\",\n \"checkNumber\": 77788572102\n },\n {\n \"accountId\": \"948759it3kbm5b3fdkj454\",\n \"accountCategory\": \"DEPOSIT_ACCOUNT\",\n \"transactionId\": \"T43072721806\",\n \"referenceTransactionId\": \"RT28961399291\",\n \"postedTimestamp\": \"2024-06-18T13:38:01Z\",\n \"transactionTimestamp\": \"2024-06-29T04:35:56Z\",\n \"description\": \"Purchased electronics\",\n \"memo\": \"note73\",\n \"debitCreditMemo\": \"DEBIT\",\n \"category\": \"SIC\",\n \"subCategory\": \"Online shopping\",\n \"reference\": \"R70438758597\",\n \"status\": \"AUTHORIZATION\",\n \"amount\": 4162.789132059199,\n \"transactionType\": \"ADJUSTMENT\",\n \"payee\": \"payee73\",\n \"checkNumber\": 77788572149\n },\n {\n \"accountId\": \"948759it3kbm5b3fdkj454\",\n \"accountCategory\": \"DEPOSIT_ACCOUNT\",\n \"transactionId\": \"T99825723577\",\n \"referenceTransactionId\": \"RT85037387918\",\n \"postedTimestamp\": \"2024-09-03T16:48:44Z\",\n \"transactionTimestamp\": \"2024-06-30T21:54:10Z\",\n \"description\": \"Exchanged USD to EUR\",\n \"memo\": \"note72\",\n \"debitCreditMemo\": \"DEBIT\",\n \"category\": \"FX\",\n \"subCategory\": \"Currency Exchange\",\n \"reference\": \"R36526486814\",\n \"status\": \"AUTHORIZATION\",\n \"amount\": 1496.9398666283626,\n \"transactionType\": \"ADJUSTMENT\",\n \"payee\": \"payee72\",\n \"checkNumber\": 77788572148\n },\n {\n \"accountId\": \"948759it3kbm5b3fdkj454\",\n \"accountCategory\": \"DEPOSIT_ACCOUNT\",\n \"transactionId\": \"T59726955289\",\n \"referenceTransactionId\": \"RT17730688466\",\n \"postedTimestamp\": \"2024-01-13T10:33:03Z\",\n \"transactionTimestamp\": \"2024-07-06T22:51:28Z\",\n \"description\": \"Account to account\",\n \"memo\": \"note16\",\n \"debitCreditMemo\": \"DEBIT\",\n \"category\": \"Wire Transfer\",\n \"subCategory\": \"Domestic Transfer\",\n \"reference\": \"R91726241282\",\n \"status\": \"AUTHORIZATION\",\n \"amount\": 1874.3499017522554,\n \"transactionType\": \"ADJUSTMENT\",\n \"payee\": \"payee16\",\n \"checkNumber\": 77788572092\n }\n ],\n \"links\": {\n \"next\": {\n \"action\": \"GET\",\n \"rel\": \"next\",\n \"types\": [\n \"application/json\"\n ],\n \"href\": \"/fdx/v6/core/accounts/948759it3kbm5b3fdkj454/transactions?offset=Page2&startTime=2024-06-15&endTime=2024-07-26&limit=5\"\n }\n }\n}" + } + ] + }, + { + "name": "Get Account's Contact Information", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Response status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "", + "", + "pm.test(\"Content-Type header is application/json\", function () {", + " pm.expect(pm.response.headers.get(\"Content-Type\")).to.include(\"application/json\");", + "});", + "" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/core/accounts/{{accountId}}/contact", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "core", + "accounts", + "{{accountId}}", + "contact" + ] + } + }, + "response": [ + { + "name": "Get Account's Contact Information", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/core/accounts/{{accountId}}/contact", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "core", + "accounts", + "{{accountId}}", + "contact" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "date", + "value": "Fri, 27 Sep 2024 09:53:57 GMT" + }, + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "content-type", + "value": "application/json" + }, + { + "key": "content-length", + "value": "808" + }, + { + "key": "x-envoy-upstream-service-time", + "value": "7410" + }, + { + "key": "server", + "value": "envoy" + } + ], + "cookie": [], + "body": "{\n \"holders\": [\n {\n \"relationship\": \"PRIMARY\",\n \"type\": \"CONSUMER\",\n \"customerId\": \"49\",\n \"dateOfBirth\": \"2002-08-21\",\n \"taxId\": \"taxId\",\n \"governmentId\": \"BBshg054Thv\",\n \"name\": {\n \"first\": \"John\",\n \"middle\": \"middle\",\n \"last\": \"Doe\",\n \"suffix\": \"suffix\",\n \"prefix\": \"Mr\",\n \"company\": \"Abc Tech company\"\n },\n \"emails\": [\n \"john.doe@gmailcom\",\n \"jd@gmail.com\"\n ],\n \"addresses\": [\n {\n \"line1\": \"#85\",\n \"line2\": \"lastangel\",\n \"line3\": \"Carron\",\n \"city\": \"swiz\",\n \"state\": \"Cargo\",\n \"region\": \"region\",\n \"postalCode\": \"88556\",\n \"country\": \"US\",\n \"type\": \"MAILING\"\n }\n ],\n \"telephones\": [\n {\n \"type\": \"HOME\",\n \"country\": \"US\",\n \"number\": \"8756565565\"\n }\n ]\n }\n ],\n \"emails\": [\n \"johndoe@demo.com\"\n ],\n \"addresses\": [\n {\n \"line1\": \"829 Spring St.\",\n \"city\": \"New York\",\n \"region\": \"NY\",\n \"postalCode\": \"10040\",\n \"country\": \"US\"\n }\n ],\n \"telephones\": [\n {\n \"type\": \"CELL\",\n \"country\": \"1\",\n \"number\": \"212-916-5097\"\n },\n {\n \"type\": \"HOME\",\n \"country\": \"1\",\n \"number\": \"845-670-0862\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get Asset Transfer Details of Account", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Response status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "", + "", + "pm.test(\"Content-Type header is application/json\", function () {", + " pm.expect(pm.response.headers.get(\"Content-Type\")).to.include(\"application/json\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/core/accounts/{{accountId}}/asset-transfer-networks", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "core", + "accounts", + "{{accountId}}", + "asset-transfer-networks" + ] + } + }, + "response": [ + { + "name": "Get Asset Transfer Details of Account", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/core/accounts/{{accountId}}/asset-transfer-networks", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "core", + "accounts", + "{{accountId}}", + "asset-transfer-networks" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "date", + "value": "Fri, 27 Sep 2024 09:54:08 GMT" + }, + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "content-type", + "value": "application/json" + }, + { + "key": "content-length", + "value": "518" + }, + { + "key": "x-envoy-upstream-service-time", + "value": "7078" + }, + { + "key": "server", + "value": "envoy" + } + ], + "cookie": [], + "body": "{\n \"assetTransferNetworks\": [\n {\n \"type\": \"US_ACATS\",\n \"identifier\": \"121000358\",\n \"identifierType\": \"ACCOUNT_NUMBER\",\n \"jointAccount\": true,\n \"institutionId\": \"1234567890\",\n \"institutionName\": \"US Investments\"\n },\n {\n \"type\": \"CA_ATON\",\n \"identifier\": \"TKN-221000360\",\n \"jointAccount\": true,\n \"institutionId\": \"1234567890\",\n \"identifierType\": \"TOKENIZED_ACCOUNT_NUMBER\",\n \"institutionName\": \"CANADA BANK\"\n },\n {\n \"type\": \"US_DTC\",\n \"identifier\": \"621000357\",\n \"jointAccount\": false,\n \"institutionId\": \"1234567890\",\n \"identifierType\": \"ACCOUNT_NUMBER\",\n \"institutionName\": \"US Bank\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get Payment Networks of Account", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Response status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "", + "", + "pm.test(\"Content-Type header is application/json\", function () {", + " pm.expect(pm.response.headers.get(\"Content-Type\")).to.include(\"application/json\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/core/accounts/{{accountId}}/payment-networks", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "core", + "accounts", + "{{accountId}}", + "payment-networks" + ] + } + }, + "response": [ + { + "name": "Get Payment Networks of Account", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/core/accounts/{{accountId}}/payment-networks", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "core", + "accounts", + "{{accountId}}", + "payment-networks" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "date", + "value": "Fri, 27 Sep 2024 09:54:44 GMT" + }, + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "content-type", + "value": "application/json" + }, + { + "key": "content-length", + "value": "1569" + }, + { + "key": "x-envoy-upstream-service-time", + "value": "8098" + }, + { + "key": "server", + "value": "envoy" + } + ], + "cookie": [], + "body": "{\n \"page\": {\n \"totalElements\": 13,\n \"nextOffset\": \"Page2\"\n },\n \"paymentNetworks\": [\n {\n \"bankId\": \"501010\",\n \"identifier\": \"idd00test\",\n \"identifierType\": \"ACCOUNT_NUMBER\",\n \"type\": \"US_FEDWIRE\",\n \"transferIn\": true,\n \"transferOut\": true\n },\n {\n \"bankId\": \"501011\",\n \"identifier\": \"idd01test\",\n \"identifierType\": \"ACCOUNT_NUMBER\",\n \"type\": \"US_FEDWIRE\",\n \"transferIn\": true,\n \"transferOut\": true\n },\n {\n \"bankId\": \"501012\",\n \"identifier\": \"idd02test\",\n \"identifierType\": \"ACCOUNT_NUMBER\",\n \"type\": \"US_FEDWIRE\",\n \"transferIn\": true,\n \"transferOut\": true\n },\n {\n \"bankId\": \"501013\",\n \"identifier\": \"idd03test\",\n \"identifierType\": \"ACCOUNT_NUMBER\",\n \"type\": \"US_FEDWIRE\",\n \"transferIn\": true,\n \"transferOut\": true\n },\n {\n \"bankId\": \"501014\",\n \"identifier\": \"idd04test\",\n \"identifierType\": \"ACCOUNT_NUMBER\",\n \"type\": \"US_FEDWIRE\",\n \"transferIn\": true,\n \"transferOut\": true\n },\n {\n \"bankId\": \"501015\",\n \"identifier\": \"idd05test\",\n \"identifierType\": \"ACCOUNT_NUMBER\",\n \"type\": \"US_FEDWIRE\",\n \"transferIn\": true,\n \"transferOut\": true\n },\n {\n \"bankId\": \"501016\",\n \"identifier\": \"idd05test\",\n \"identifierType\": \"ACCOUNT_NUMBER\",\n \"type\": \"US_FEDWIRE\",\n \"transferIn\": true,\n \"transferOut\": true\n },\n {\n \"bankId\": \"501017\",\n \"identifier\": \"idd05test\",\n \"identifierType\": \"ACCOUNT_NUMBER\",\n \"type\": \"US_FEDWIRE\",\n \"transferIn\": true,\n \"transferOut\": true\n },\n {\n \"bankId\": \"501018\",\n \"identifier\": \"idd05test\",\n \"identifierType\": \"ACCOUNT_NUMBER\",\n \"type\": \"US_FEDWIRE\",\n \"transferIn\": true,\n \"transferOut\": true\n },\n {\n \"bankId\": \"501019\",\n \"identifier\": \"idd05test\",\n \"identifierType\": \"ACCOUNT_NUMBER\",\n \"type\": \"US_FEDWIRE\",\n \"transferIn\": true,\n \"transferOut\": true\n }\n ],\n \"links\": {\n \"next\": {\n \"href\": \"/948759it3kbm5b3fdkj454/payment-networks?offset=Page2\",\n \"action\": \"GET\",\n \"rel\": \"next\",\n \"types\": [\n \"application/json\"\n ]\n }\n }\n}" + } + ] + } + ] + }, + { + "name": "Consent", + "item": [ + { + "name": "Get Consent by id", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Response status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});", + "", + "", + "pm.test(\"Content-Type header is application/json\", function () {", + " pm.expect(pm.response.headers.get(\"Content-Type\")).to.include(\"application/json\");", + "});", + "", + "", + "pm.test(\"Response has the required fields\", function () {", + " const responseData = pm.response.json();", + " ", + " pm.expect(responseData).to.be.an('object');", + " pm.expect(responseData).to.have.property('durationPeriod');", + " pm.expect(responseData).to.have.property('id');", + " pm.expect(responseData).to.have.property('expirationTime');", + " pm.expect(responseData).to.have.property('createdTime');", + " pm.expect(responseData).to.have.property('status');", + " pm.expect(responseData).to.have.property('resources');", + " pm.expect(responseData).to.have.property('durationType');", + "});", + "", + "", + "pm.test(\"Validate the resources array and its structure\", function () {", + " const responseData = pm.response.json();", + " ", + " pm.expect(responseData.resources).to.be.an('array');", + " pm.expect(responseData.resources).to.have.lengthOf.at.least(1, \"Resources array should not be empty\");", + "", + " responseData.resources.forEach(function(resource) {", + " pm.expect(resource).to.be.an('object');", + " // Add more specific checks for the structure of each resource if needed", + " });", + "});", + "", + "", + "pm.test(\"Expiration and created time are in valid date format\", function () {", + " const responseData = pm.response.json();", + " ", + " pm.expect(responseData.expirationTime).to.match(/^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}Z$/, \"Expiration time should be in valid date format\");", + " pm.expect(responseData.createdTime).to.match(/^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}Z$/, \"Created time should be in valid date format\");", + "});", + "pm.test(\"Id field is a valid UUID\", function () {", + " const responseData = pm.response.json();", + " const uuidRegex = /^[0-9a-f]{24}$/;", + " pm.expect(responseData.id).to.match(uuidRegex, \"Id should be a valid UUID\");", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/consents/{{consentId}}", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "consents", + "{{consentId}}" + ] + } + }, + "response": [ + { + "name": "Get Consent by id", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "2398f777-9259-4e50-867e-27247a143b1f" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{apiBaseUrl}}/fdx/v6/consents/{{consentId}}", + "host": [ + "{{apiBaseUrl}}" + ], + "path": [ + "fdx", + "v6", + "consents", + "{{consentId}}" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Date", + "value": "Wed, 10 Jul 2024 11:59:51 GMT" + }, + { + "key": "Content-type", + "value": "application/json" + }, + { + "key": "Content-length", + "value": "777" + } + ], + "cookie": [], + "body": "{\n \"durationType\": \"TIME_BOUND\",\n \"id\": \"668e73b5c9adbc2db67f004f\",\n \"createdTime\": \"2024-07-10T11:42:45Z\",\n \"expirationTime\": \"2024-10-08T11:42:28Z\",\n \"updatedTime\": \"2024-07-10T11:46:08Z\",\n \"lookbackPeriod\": 60,\n \"durationPeriod\": 90,\n \"status\": \"REVOKED\",\n \"resources\": [\n {\n \"resourceId\": \"948759it3kbm5b3fdkj454\",\n \"dataClusters\": [\n \"ACCOUNT_BASIC\",\n \"ACCOUNT_DETAILED\",\n \"TRANSACTIONS\"\n ],\n \"resourceType\": \"ACCOUNT\"\n },\n {\n \"resourceId\": \"948759it3kbm5b3f1234454\",\n \"dataClusters\": [\n \"ACCOUNT_BASIC\",\n \"ACCOUNT_DETAILED\",\n \"TRANSACTIONS\"\n ],\n \"resourceType\": \"ACCOUNT\"\n },\n {\n \"resourceId\": \"7493c12151c4bb04e27caa\",\n \"dataClusters\": [\n \"ACCOUNT_BASIC\",\n \"ACCOUNT_DETAILED\",\n \"TRANSACTIONS\"\n ],\n \"resourceType\": \"ACCOUNT\"\n },\n {\n \"resourceId\": \"abc669672cb0869d382920\",\n \"dataClusters\": [\n \"ACCOUNT_BASIC\",\n \"ACCOUNT_DETAILED\",\n \"TRANSACTIONS\"\n ],\n \"resourceType\": \"ACCOUNT\"\n }\n ]\n}" + } + ] + }, + { + "name": "Revoke Consent", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Response status code is 204\", function () {\r", + " pm.response.to.have.status(204);\r", + "});\r", + "" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "PUT", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "47fc8e84-79f0-4003-8f25-73e9be74281c" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n\t\"initiator\": \"INDIVIDUAL\",\r\n\t\"reason\": \"USER_ACTION\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/fdx/v6/consents/{{consentId}}/revocation", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "consents", + "{{consentId}}", + "revocation" + ] + } + }, + "response": [ + { + "name": "Revoke Consent", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "47fc8e84-79f0-4003-8f25-73e9be74281c" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n\t\"initiator\": \"INDIVIDUAL\",\r\n\t\"reason\": \"USER_ACTION\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "{{apiBaseUrl}}/fdx/v6/consents/{{consentId}}/revocation", + "host": [ + "{{apiBaseUrl}}" + ], + "path": [ + "fdx", + "v6", + "consents", + "{{consentId}}", + "revocation" + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Date", + "value": "Wed, 10 Jul 2024 12:02:17 GMT" + }, + { + "key": "X-fapi-interaction-id", + "value": "47fc8e84-79f0-4003-8f25-73e9be74281c" + }, + { + "key": "Content-type", + "value": "application/json" + } + ], + "cookie": [], + "body": "" + } + ] + }, + { + "name": "Get Revoked Consent history", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Response status code is 200\", function () {\r", + " pm.expect(pm.response.code).to.equal(200);\r", + "});\r", + "\r", + "\r", + "pm.test(\"Content-Type header is application/json\", function () {\r", + " pm.expect(pm.response.headers.get(\"Content-Type\")).to.include(\"application/json\");\r", + "});\r", + "\r", + "\r", + "pm.test(\"Response has the required fields\", function () {\r", + " const responseData = pm.response.json().revocations;\r", + "\r", + " pm.expect(responseData).to.be.an('array');\r", + " responseData.forEach(function(revocation) {\r", + " pm.expect(revocation.reason).to.exist;\r", + " pm.expect(revocation.initiator).to.exist;\r", + " pm.expect(revocation.updatedTime).to.exist;\r", + " pm.expect(revocation.status).to.exist;\r", + " pm.expect(revocation.status).to.equal(\"REVOKED\");\r", + " });\r", + "});\r", + "\r", + "\r", + "pm.test(\"Reason, initiator, updatedTime, and status are non-empty strings\", function () {\r", + " const responseData = pm.response.json();\r", + " \r", + " pm.expect(responseData).to.be.an('object');\r", + " responseData.revocations.forEach(function(revocation) {\r", + " pm.expect(revocation.reason).to.be.a('string').and.to.have.lengthOf.at.least(1, \"Reason should not be empty\");\r", + " pm.expect(revocation.initiator).to.be.a('string').and.to.have.lengthOf.at.least(1, \"Initiator should not be empty\");\r", + " pm.expect(revocation.updatedTime).to.be.a('string').and.to.have.lengthOf.at.least(1, \"Updated time should not be empty\");\r", + " pm.expect(revocation.status).to.be.a('string').and.to.have.lengthOf.at.least(1, \"Status should not be empty\");\r", + " });\r", + "});\r", + "" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "47fc8e84-79f0-4003-8f25-73e9be74281c" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{baseUrl}}/fdx/v6/consents/{{consentId}}/revocation", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "v6", + "consents", + "{{consentId}}", + "revocation" + ] + } + }, + "response": [ + { + "name": "Get Revoked Consent history", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "x-fapi-interaction-id", + "value": "47fc8e84-79f0-4003-8f25-73e9be74281c" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "url": { + "raw": "{{apiBaseUrl}}/fdx/v6/consents/{{consentId}}/revocation", + "host": [ + "{{apiBaseUrl}}" + ], + "path": [ + "fdx", + "v6", + "consents", + "{{consentId}}", + "revocation" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Date", + "value": "Wed, 10 Jul 2024 11:57:03 GMT" + }, + { + "key": "Content-type", + "value": "application/json" + }, + { + "key": "Content-length", + "value": "123" + } + ], + "cookie": [], + "body": "{\n \"revocations\": [\n {\n \"reason\": \"USER_ACTION\",\n \"initiator\": \"INDIVIDUAL\",\n \"updatedTime\": \"2024-07-10T11:46:07Z\",\n \"status\": \"REVOKED\"\n }\n ]\n}" + } + ] + } + ] + }, + { + "name": "Refresh token", + "item": [ + { + "name": "Get Access Token from Refresh Token", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Validate that the access_token, token_type, expires_in, scope, state, and grant_id fields are not null\", function () {\r", + " var response = pm.response.json();\r", + "\r", + " pm.expect(response.access_token).to.not.be.null;\r", + " pm.expect(response.token_type).to.not.be.null;\r", + " pm.expect(response.expires_in).to.not.be.null;\r", + " pm.expect(response.scope).to.not.be.null;\r", + " pm.expect(response.grant_id).to.not.be.null;\r", + "});\r", + "\r", + "pm.test(\"Extract and store the access token and refresh token in collection variable\", function () {\r", + " const responseData = pm.response.json();\r", + " \r", + " pm.expect(responseData.refresh_token).to.exist;\r", + " pm.collectionVariables.set(\"access_token\", responseData.access_token);\r", + "\r", + " pm.expect(responseData.refresh_token).to.exist;\r", + " pm.collectionVariables.set(\"refresh_token\", responseData.refresh_token);\r", + "\r", + "});" + ], + "type": "text/javascript", + "packages": {} + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "ssl-client-verify", + "value": "{{ssl-client-verify}}", + "type": "text" + }, + { + "key": "ssl-client-cert", + "value": "{{ssl-client-cert}}", + "type": "text" + } + ], + "body": { + "mode": "urlencoded", + "urlencoded": [ + { + "key": "client_id", + "value": "{{clientId}}", + "type": "text" + }, + { + "key": "grant_type", + "value": "refresh_token", + "type": "text" + }, + { + "key": "refresh_token", + "value": "{{refresh_token}}", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/fdx/auth/v1/token", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "fdx", + "auth", + "v1", + "token" + ] + } + }, + "response": [ + { + "name": "Get Access Token from Refresh Token", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "ssl-client-verify", + "value": "{{ssl-client-verify}}", + "type": "text" + }, + { + "key": "ssl-client-cert", + "value": "{{ssl-client-cert}}", + "type": "text" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}", + "type": "text" + } + ], + "body": { + "mode": "urlencoded", + "urlencoded": [ + { + "key": "client_id", + "value": "{{clientId}}", + "type": "text" + }, + { + "key": "grant_type", + "value": "refresh_token", + "type": "text" + }, + { + "key": "refresh_token", + "value": "{{refresh_token}}", + "type": "text" + } + ] + }, + "url": { + "raw": "{{apiBaseUrl}}/fdx/auth/v1/token", + "host": [ + "{{apiBaseUrl}}" + ], + "path": [ + "fdx", + "auth", + "v1", + "token" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Date", + "value": "Wed, 10 Jul 2024 11:52:11 GMT" + }, + { + "key": "Content-type", + "value": "application/json" + }, + { + "key": "Content-length", + "value": "2468" + } + ], + "cookie": [], + "body": "{\n \"access_token\": \"eyJhbGciOiJQUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJtbkplLW1wbTRoX0puMTJRMzhOV0JaUU1xZHQzekhkS2N6ZWNkM0lKTl80In0.eyJleHAiOjE3MjA2MTI2MzEsImlhdCI6MTcyMDYxMjMzMSwiYXV0aF90aW1lIjoxNzIwNjExNzk2LCJqdGkiOiI4ZGYyYTdjNy1lODI0LTQxZmUtOGUxYi1mMjhhN2ExYzIxZTIiLCJpc3MiOiJodHRwczovL2F1dGgub3BlbmJhbmtpbmcuYXh3YXlzYnNkZXYubmV0L3JlYWxtcy9ncmlmZmluLWxpdmUiLCJzdWIiOiJiMjY4MWM1My04MjM4LTQzYWEtYTdkYi04NDhjNTQ3ZTkwODQiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJlbW9uZXkiLCJzZXNzaW9uX3N0YXRlIjoiMTA0YjFlNTgtZTYyZS00YjRhLTk2MmQtNzk0ZGU1MWFkMWE5IiwiY25mIjp7Ing1dCNTMjU2IjoiX3JRclNzVUNuTlplc0tzZUFNX3A0Y21MMllFeG9sTXV3WkF6Nk53VjFidyJ9LCJzY29wZSI6ImZkeDphY2NvdW50ZGV0YWlsZWQ6cmVhZCBmZHg6dHJhbnNhY3Rpb25zOnJlYWQgZmR4OmFjY291bnRiYXNpYzpyZWFkIiwic2lkIjoiMTA0YjFlNTgtZTYyZS00YjRhLTk2MmQtNzk0ZGU1MWFkMWE5IiwidGVuYW50SW5mb3JtYXRpb24iOnsidGVuYW50TmFtZSI6IkdyaWZmaW4gQmFuayIsInRlbmFudElkIjoiVDAwMDEwMjUxIn0sImZkeENvbnNlbnRJZCI6IjY2OGU3M2I1YzlhZGJjMmRiNjdmMDA0ZiJ9.OqU8yKKLXFeGPXFgQhFKg3hLDkZMrFOG5dt7Qg6Jllw_0hptFCMc5q11P37j3sW5stkfCFkJdcXSVOIjyEWWBXR35F0DCggZcV6s9RZ2QTPDB6fXGGJZmhlUIMeig5YeLomKNMy6NCC1Lm2HGYtGUGQ6k470AFrhZGX0L9wpG5R5MbdYzN5jDThysOEGTDJp9l6jDC7A5Z1cNBtUD20In130iv01JRSCeaq0AGETOTrCA3FpSZZydxjAqX9rRA4zvQf8azVC79x7zljytViHO8M8thDsrUdz4joKSyUkxim0q_jgzxPEvgq687pcOD5_aXog8zYcUbC3zlDOV7N3lQ\",\n \"expires_in\": 300,\n \"refresh_expires_in\": 1800,\n \"refresh_token\": \"eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjZDllMzI2OS0wNTM5LTQ5MTgtOWY4Yi1kM2ZkZWUwNWY2M2QifQ.eyJleHAiOjE3MjA2MTQxMzEsImlhdCI6MTcyMDYxMjMzMSwianRpIjoiYjEzZjRmZWYtN2ZjMi00ZGEyLTgxNWUtMzEyYTk4YjQwNzMyIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLm9wZW5iYW5raW5nLmF4d2F5c2JzZGV2Lm5ldC9yZWFsbXMvZ3JpZmZpbi1saXZlIiwiYXVkIjoiaHR0cHM6Ly9hdXRoLm9wZW5iYW5raW5nLmF4d2F5c2JzZGV2Lm5ldC9yZWFsbXMvZ3JpZmZpbi1saXZlIiwic3ViIjoiYjI2ODFjNTMtODIzOC00M2FhLWE3ZGItODQ4YzU0N2U5MDg0IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImVtb25leSIsInNlc3Npb25fc3RhdGUiOiIxMDRiMWU1OC1lNjJlLTRiNGEtOTYyZC03OTRkZTUxYWQxYTkiLCJjbmYiOnsieDV0I1MyNTYiOiJfclFyU3NVQ25OWmVzS3NlQU1fcDRjbUwyWUV4b2xNdXdaQXo2TndWMWJ3In0sInNjb3BlIjoiZmR4OmFjY291bnRkZXRhaWxlZDpyZWFkIGZkeDp0cmFuc2FjdGlvbnM6cmVhZCBmZHg6YWNjb3VudGJhc2ljOnJlYWQiLCJzaWQiOiIxMDRiMWU1OC1lNjJlLTRiNGEtOTYyZC03OTRkZTUxYWQxYTkifQ.jHHfE4jVgVFr1Iy-Ce37c64XYsg1YQOd14PvWNyP3tBXyLl7RiRzgnCzsR81Rui8rjcsFISty-lncrekRwLXwQ\",\n \"token_type\": \"Bearer\",\n \"not-before-policy\": 0,\n \"session_state\": \"104b1e58-e62e-4b4a-962d-794de51ad1a9\",\n \"scope\": \"fdx:accountdetailed:read fdx:transactions:read fdx:accountbasic:read\",\n \"grant_id\": \"668e73b5c9adbc2db67f004f\"\n}" + } + ] + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "packages": {}, + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "packages": {}, + "exec": [ + "" + ] + } + } + ], + "variable": [ + { + "key": "realmName", + "value": "griffin-live", + "type": "string" + }, + { + "key": "authServerUrl", + "value": "https://auth.openbanking.axwaysbsdev.net", + "type": "string" + }, + { + "key": "ssl-client-verify", + "value": "SUCCESS", + "type": "string" + }, + { + "key": "ssl-client-cert", + "value": "-----BEGIN%20CERTIFICATE-----%0AMIIFbzCCA1cCFF4%2Bf1Ljv7Vo6z5ScO04IEGT1NtdMA0GCSqGSIb3DQEBCwUAMHMx%0ACzAJBgNVBAYTAklOMQwwCgYDVQQIDANERUwxDDAKBgNVBAcMA0RFTDEOMAwGA1UE%0ACgwFQVhXQVkxCzAJBgNVBAsMAk9CMQ0wCwYDVQQDDARST09UMRwwGgYJKoZIhvcN%0AAQkBFg1yb290QHRlc3QuY29tMB4XDTI0MDUxMzEyNDUyM1oXDTI1MDUxMzEyNDUy%0AM1owdTELMAkGA1UEBhMCSU4xDDAKBgNVBAgMA0RFTDEQMA4GA1UEBwwHS09MS0FU%0AQTEMMAoGA1UECgwDU0JTMQswCQYDVQQLDAJPQjENMAsGA1UEAwwESm9objEcMBoG%0ACSqGSIb3DQEJARYNam9obkB0ZXN0LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP%0AADCCAgoCggIBAMNMUuz3d3osn1VYonFOeziMGQj6G6ToCot%2F6ZBL64qs2AnTRDxf%0AafBpjfuQUQAm2JDf41hONIPVJbI0IySbAQQQQvW8uzeB3LhqFT6EmgDMu6e%2Flc3g%0AM2r2DvefLHLgtbvh5jXJP33bdm34BTkT2WXp8trjYl%2F5S6J%2F5hVGn8UnvT%2FdgkdN%0AZaPu9Bpe%2B3OSg1PMz0cwdzfjq86i68Ga%2B5HkTCi979M3%2Fx95zKOdREEBhG%2FmWPz4%0AAlb5BFbCRYxaEbZcXes52LWlFUG9YjNBI%2FE2LoSSpjiHa6vL3CO3QSpjkhVGDits%0AxORn2rBqY%2Bi8duowHyBb%2B%2FIurXrEu1EHf0O9jLxF4svKPNgOk98JG464e%2BUVyJwe%0A83XxAbVnVjYPiTLv6bIlJJQU6T7wPSjHB99dyLz6bUmrcgogPfUIGZjZzJqmtllP%0A77gV%2B%2FIOIC%2FSy7Z%2F40qZvuIa1Hb3lbt%2BHgYlSE9PRHSzF%2BcJsL6X82Om%2B7xtclVb%0Ax5BJKvvQ25wN3VNsZNMDuZjN%2F81cMfKqndy95R6okAO6NIi6t7zK%2BS8dBGO0%2Bs7p%0AsERJkzATkBMvULzP08qNdfvBj0ok69CEuHvgB39H064OZNkvKLeFEqKiuIOrMkdC%0ArY4KiJvj%2FTDGqLR2L3feHJht114mq8FiRwmY4IQK7h6elMQuAM0qInEvAgMBAAEw%0ADQYJKoZIhvcNAQELBQADggIBADa0UxAQZILo%2BF%2FIZrs54AlYIFfDhU%2BnlsrKK%2FBs%0AHbJfUVrG3pVZa%2FIyVMg20vpwNJ9aU2YXlkpxW9NNp7rNhGWWW3wiS4tQgjX1wOw4%0AeZdFGsH7wpdc%2BwUlk9ZBY9Fhm7y5l2c83vZ%2B0rWxxjOm%2BEjLwPeq6s5fJXCsWKHc%0A%2FViSzBaKuZHbIGJpQmy%2BYDXKMn6H8kWJcifa4cNVK4N3y1DKYLQeAHIUBxXIgiSu%0AUzsdiguXjxcrPd3eGglUXtVl7HsSBi7HF%2FdYkPYBdOPq3%2FFH5TDV2c1ZDa9L781y%0AhZh1OQ4KkH%2FJpn%2BGGTm%2Fa%2FdrLtPPaiBWdczikBIcZX9Mj5eGMLBUT6XVTi13UISo%0ARRBtcFbHD5GnLAbeUHwUzHX%2Fyntm3BPtNe7iS%2Bq%2BOVTcxque6CnZGQRNlMEPJkWi%0AjkkCVVDBMlGimFrXowEw48XJ7vnIXg20rUVI68IeVsy7CP0Q4loyzxehDgvKktKf%0AKDwFPYbvUG%2FrSdoqxSKMIR7HZ7P4ruVRYGZ%2BN3IpjZ1u4cYtjBmWwiJ6NaljC4LG%0AX2mb7g%2Ff3sX2S48FryCv5eeMUXDHoAylb2RH%2FhbA%2BPvfbYpX5aPjw1OJqdc7LOC4%0AL6J341zcL2HlYJoMo%2FCKrvWRPzm4ExSSN%2FJlHgnFgzFs8ZsYzDBCPjlq%2BfIgl984%0Azddd%0A-----END%20CERTIFICATE-----%0A", + "type": "string" + }, + { + "key": "exp", + "value": "" + }, + { + "key": "request_token", + "value": "" + }, + { + "key": "request_uri", + "value": "" + }, + { + "key": "code", + "value": "" + }, + { + "key": "access_token", + "value": "" + }, + { + "key": "refresh_token", + "value": "" + }, + { + "key": "consentId", + "value": "" + }, + { + "key": "accountId", + "value": "" + }, + { + "key": "code_verifier", + "value": "" + }, + { + "key": "code_challenge", + "value": "" + }, + { + "key": "login_url", + "value": "" + } + ] +} \ No newline at end of file diff --git a/static/postman-collection/FDX-Demo-postman-environment.json b/static/postman-collection/FDX-Demo-postman-environment.json new file mode 100644 index 00000000..aa62f92e --- /dev/null +++ b/static/postman-collection/FDX-Demo-postman-environment.json @@ -0,0 +1,27 @@ +{ + "id": "007f105e-5f27-4e12-9857-a66de46b5e91", + "name": "FDX Demo", + "values": [ + { + "key": "baseUrl", + "value": "https://:", + "type": "default", + "enabled": true + }, + { + "key": "clientId", + "value": "", + "type": "default", + "enabled": true + }, + { + "key": "privateKey", + "value": "", + "type": "default", + "enabled": true + } + ], + "_postman_variable_scope": "environment", + "_postman_exported_at": "2024-09-27T09:55:20.746Z", + "_postman_exported_using": "Postman/11.13.1" +} \ No newline at end of file diff --git a/static/sample-files/tpp1.cnf b/static/sample-files/tpp1.cnf deleted file mode 100644 index 596d346a..00000000 --- a/static/sample-files/tpp1.cnf +++ /dev/null @@ -1,29 +0,0 @@ -[req] -default_bits = 2048 -default_md = sha256 -encrypt_key = yes -prompt = no -string_mask = utf8only -distinguished_name = client_distinguished_name -req_extensions = req_cert_extensions - -[ client_distinguished_name ] -businessCategory = Third Party Provider 1 -jurisdictionCountryName = BR -serialNumber = 18505934000140 -countryName = BR -organizationName = AXWAY -stateOrProvinceName = SP -localityName = São Paulo -organizationalUnitName = 00000000-0000-0000-0000-000000000002 -UID = 00000000-0000-0000-0000-000000000002 -commonName = tpp1.demo.axway.com - -[ req_cert_extensions ] -basicConstraints = CA:FALSE -subjectAltName = @alt_name -keyUsage = critical,digitalSignature,keyEncipherment -extendedKeyUsage = clientAuth - -[ alt_name ] -DNS = tpp1.demo.axway.com \ No newline at end of file diff --git a/static/sample-files/tpp2.cnf b/static/sample-files/tpp2.cnf deleted file mode 100644 index cc5b2628..00000000 --- a/static/sample-files/tpp2.cnf +++ /dev/null @@ -1,29 +0,0 @@ -[req] -default_bits = 2048 -default_md = sha256 -encrypt_key = yes -prompt = no -string_mask = utf8only -distinguished_name = client_distinguished_name -req_extensions = req_cert_extensions - -[ client_distinguished_name ] -businessCategory = Third Party Provider 2 -jurisdictionCountryName = BR -serialNumber = 18505934000140 -countryName = BR -organizationName = AXWAY -stateOrProvinceName = SP -localityName = São Paulo -organizationalUnitName = 00000000-0000-0000-0000-000000000002 -UID = 00000000-0000-0000-0000-000000000002 -commonName = tpp2.demo.axway.com - -[ req_cert_extensions ] -basicConstraints = CA:FALSE -subjectAltName = @alt_name -keyUsage = critical,digitalSignature,keyEncipherment -extendedKeyUsage = clientAuth - -[ alt_name ] -DNS = tpp2.demo.axway.com \ No newline at end of file