This documentation is for WSO2 Open Banking version 1.3.0. View documentation for the latest release.
WUM Updates - WSO2 Open Banking 1.3.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

The improvements (e.g.,bug fixes, security fixes) for the lately released WSO2 Open Banking v1.3.0 are documented here. You can download WSO2 Update Manager (WUM) and update the existing product. WUM is a command-line utility that is used to distribute improvements that are released by WSO2 Open Banking on top of a released version. With WUM updates, you can get the fixes you want without waiting for the next release of the product. WUM is accessible via a subscription, but you can try the 15-day trial here.

 Click here to start downloading the updated WSO2 Open Banking solution

In order to download the latest version of WSO2 Open Banking, you need to use WUM. Following are the instructions on how to use WUM for downloading the product and its updates.

Set up the WSO2 Update Manager (WUM). 

  • WUM is a simple command-line tool that connects to the WSO2 update service, determines which updates are new and relevant, and downloads them. You can get the latest version of the WSO2 Open Banking product packs through WUM.

    You need a WSO2 subscription to start using the WSO2 Update Manager.

  • Follow the guidelines provided in the Download WUM page to download, and install WUM in your environment. For more information on how to use WUM, see the WUM documentation.

      1. Add the necessary product packs using the commands given below:

        wum add wso2-obam-1.3.0              		 	                	     
        wum add wso2-obkm-1.3.0 
      2. Update the product packs using the commands given below:

        wum update wso2-obam-1.3.0	                	     
        wum update wso2-obkm-1.3.0               	     
      3. Additionally, download and update the other instances of WSO2 Open Banking product.

        wum add wso2ei-6.4.0
        wum update wso2ei-6.4.0
        wum add wso2am-analytics-2.6.0    
        wum update wso2am-analytics-2.6.0 
        wum add wso2-obbi-1.3.0
        wum update wso2-obbi-1.3.0
  • The product packs reside in the <WUM_HOME>/products/<Product_Name>/<version>/full directory as <Product_name-<version>+<timestamp> Copy the product packs to a preferred location in each node, and extract them.

    This document refers to the file paths of the product packs for the Key Manager, API Manager, API Manager Analytics, and Enterprise Integrator as <wso2-obkm>, <wso2-obam>, <wso2am-analytics, and <wso2ei> respectively.

Following are the updates for WSO2 Open Banking 1.3.0 version.

Released DateUpdate Description

According to the OBIE the Account Servicing Payment Service Providers (ASPSPs) need to make sure that the TPPs can be registered in a seamless, ideally a fully automated process. The Dynamic Client Registration(DCR) endpoint is capable of dynamically registering the clients with the ASPSP when the client sends a registration request with its metadata. Click here to see how to deploy DCR v3.2 API.

An improvement for Berlin specification compliant solution in WSO2 Open Banking. Verifies if an account-id sent within the account-consents resource that is sent by TPP, is valid from the bank back-end. For the required configurations, see here.

Allows users to validate the incoming request to APIs, based on any customizations done to a swagger definition. Follow the instructions given below to apply the update:

  • Add changes to the API-Manager management console.
 Click here to see the steps...
  1. Go to the API-manager management console at https://<WSO2_OB_APIM_HOST>/9443/carbon.
  2. Navigate to the Extensions tab and click lifecycles.
  3. Select View/Edit of APILifeCycle.
  4. Add the following changes to the XML file, under the respective tabs. This change will enable to publish the swagger as a local entry when publishing an API.

    • Add a new execution element under transitionExecution data with the properties below:

      <state id="Published">
             <data name="transitionExecution">
             <execution forEvent="Publish" 
    • Replace the default execution forEvent="Publish" class value with as follows:

      <state id="Created">
           <data name="transitionExecution">
            <execution forEvent="Publish"
 Click here to see the steps...

You need to re-publish the API to apply the swagger based validations. Therefore, Sign in to the API Publisher at https://<WSO2_OB_API-M_HOST>/9443/publisher using the credentials of a user, whose role is an API Publisher. For more information on users and roles, see here.

  1. Select the respective API and click Edit API.
  2. Navigate to the Design tab.
  3. Under API Definition, click Import and upload the respective swagger file.
  4. Click Next: Implement > Next: Manage and Save and Publish.

WSO2 Open Banking improved UK specific payment swagger files of version-3 APIs as its existing data definitions do not allow swagger-based validations. Following are the improved swagger files:

Make sure you add required customizations to the swagger file and upload the updated swagger file before re-publishing the API.


Validates PSD2 roles in the eiDAS QWAC (Transport Layer Certificate) during Berlin API Calls and restrict TPP accessing APIs if the required roles are not available in the certificate.


Allows the use of the DCR software_id as the application name. Therefore, removes the native naming limitation set in place by WSO2 products. Add the following changes for this update;


Improved the solution by validating the TPP when retrieving a payment submission. This validation confirms whether it is the same TPP that submitted the consent, is viewing the payment submission.


Separates the redirect URI validation and the hostname validation for all the URIs in the request and changes the consumer_key and the consumer_secret in the response as client_id and client_secret with compliance to the Open Banking Implementation Entity (OBIE) specification. Click here for more information.


Restricts RS256 signed messages from TPP. OBIE (Open Banking Implementation Entity) allowed both RS256 in addition to PS256 as the signature for signing JSON Web Signature (JWS). When market adopts RS256 sufficiently, RS256 has to be deprecated from signing JWS. As WSO2 Open Banking is an OBIE compliant solutions, this WUM update was released to deprecate the use of RS256. It includes the following changes:

  • No labels