This documentation is for WSO2 Open Banking version 1.4.0. View documentation for the latest release.
Skip to end of metadata
Go to start of metadata

The WSO2 Open Banking Business Intelligence(WSO2 OB BI) component enables monitoring and recording of API-level usage activity to ensure that the API owners have full awareness of the APIs, applications, and subscriptions. It generates alerts by analyzing the risk involved in transactions and fraudulent activities. It also generates statistics using the data collected from WSO2 Open Banking Key Manager and API Manager. WSO2 Open Banking Business Intelligence contains the following features: 

API Analytics

Provides reports, statistics and graphs on the APIs deployed in WSO2 Open Banking API Manager. Helps Third-party providers (TPP) to monitor how their applications perform while banks can analyze how the bank APIs perform.

Transaction Risk Analysis

Enables analyzing the risk level based on predefined rules and exempt the user from having to provide the second factor.

Fraud Detection

For transaction monitoring mechanisms to detect unauthorized or fraudulent transactions and generate alerts. It also exempts the security requirements of strong customer authentication based on the identified level of risk and recurrence of the payment transaction. 

Data Reporting

The WSO2 Open Banking Business Intelligence captures data published in WSO2 Open Banking API Manager and WSO2 Open Banking Key Manager. Data Reporting is the process of processing and summarizing these data. 

It also supports business key performance indicator (KPI) dashboards with business intelligence and insights on usage trends as well as custom business insights on the account and payment flows. The decision makers of banks can use these statistics to align the business to better suit the customer needs and ultimately increase profits.  The configurable alerting module enables informing the necessary parties of abnormal behavior, e.g., API failures, a sudden increase in the response time of APIs, and a change in the API resource access pattern.

The placement of the WSO2 OB BI component is as follows:

Before you begin

Download Open Banking Business Intelligence and unzip the file, or add it through WUM using the following commands:

  1. Add the wso2-obbi WUM pack.

    wum add wso2-obbi-<version>
  2. Update the wso2-obbi product pack using WUM.

    wum update wso2-obbi-<version>

    WSO2 Updates Manager (WUM) is deprecated and will be unavailable from July 2021 onwards. WSO2 Updates is the new tool to include the solution and security improvements that are released by WSO2 Open Banking, on top of a released version. For more information, see WSO2 Updates.

     Click here to see how to update the solution via WSO2 Update tool...

    The WSO2 Update tool delivers hotfixes and updates seamlessly on top of products as WSO2 Updates. They include improvements that are released by WSO2. You need to update the product using the relevant script.

    • Go to <WSO2_OB_BI_HOME>/bin and run the WSO2 Update tool: 

      ./wso2update_linux 
      ./wso2update_darwin
      ./wso2update_windows.exe
  3. Copy <WSO2_OB_BI_HOME>/resources/finance/scripts/wso2-obbi-conf/deployment.yaml to the <WSO2_OB_BI_HOME>/conf/worker directory and replace the existing deployment.yaml file.

The WSO2 Open Banking Business Intelligence server uses the worker and dashboard profiles for the above mentioned features. In a production deployment, the worker and dashboard profiles should run in two different JVMs. You need to enable the below ports, in order to publish data to these two nodes.

The worker node has a port offset of 1 and it opens the following ports.

HTTPS requests

9444, 8006, 8007
Thrift transport 7612, 7712

The dashboard node has a port offset of 6 and it opens the following port.

HTTPS requests

9449

Configuring databases

The following is a list of database versions that are compatible with the WSO2 API Manager Analytics.

  • MySQL 5.7 
  • MS SQL Server 2016 
  • Oracle 12c


To configure the databases, follow the steps below:

  1. The WSO2 Open Banking Business Intelligence will be using the following databases. Make sure you have created them in your database server.

    • openbank_apimgt_statsdb 

    • openbank_openbankingdb 

    • openbank_geolocationdb

    • openbank_ob_reporting_statsdb

    • openbank_ob_reporting_summarizeddb

  2. Update the  <WSO2_OB_BI_HOME>/conf/worker/deployment.yaml  file. Modify the datasources below by pointing them to the databases you created in the above step. 

    • APIM_ANALYTICS_DB

    • OPEN_BANKING_DB

    • GEO_LOCATION_DATA

    • OB_REPORTING_DB  

    • OB_REPORTING_SUMMARIZED_DB

    Update the datasource entry in the deployment.yaml with your database configurations.

    PropertyDescription
    jdbcUrl

    This is the port to connect to on database server

    The jdbcUrl property expects the JDBC driver connection string. A sample jdbcUrl:

    'jdbc:mysql://localhost:3306/openbank_ob_reporting_summarizeddb?autoReconnect=true&useSSL=false'

    username

    The database user

    password

    Password set for the database connection

    driverClassName

    The JDBC driver name

    Mysql JDBC Driver : com.mysql.jdbc.Driver
    MSSQL JDBC Driver : com.microsoft.sqlserver.jdbc.SQLServerDriver
    Oracle JDBC Driver : oracle.jdbc.driver.OracleDriver

    If you are using Oracle, update the connectionTestQuery in each datasource with the following value.

    connectionTestQuery: SELECT 1 FROM DUAL
        - name: GEO_LOCATION_DATA
          description: "The data source used for geo location database"
          jndiConfig:
            name: jdbc/GEO_LOCATION_DATA
          definition:
            type: RDBMS
            configuration:
              jdbcUrl: 'DB_GEO_LOCATION_URL'
              username: 'DB_USER'
              password: 'DB_PASS'
              driverClassName: 'DB_DRIVER'
              maxPoolSize: 50
              idleTimeout: 60000
              connectionTestQuery: SELECT 1
              # Use below for oracle database
              # connectionTestQuery: SELECT 1 FROM DUAL
              validationTimeout: 30000
              isAutoCommit: false
    
        - name: APIM_ANALYTICS_DB
          description: "The datasource used for APIM statistics aggregated data."
          jndiConfig:
            name: jdbc/APIM_ANALYTICS_DB
          definition:
            type: RDBMS
            configuration:
              jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_apimgt_statsdb?autoReconnect=true&useSSL=false'
              username: root
              password: root
              driverClassName: com.mysql.jdbc.Driver
              maxPoolSize: 50
              idleTimeout: 60000
              connectionTestQuery: SELECT 1
              validationTimeout: 30000
              isAutoCommit: false
    
        - name: OPEN_BANKING_DB
          description: "The datasource used to store payment consents"
          jndiConfig:
            name: jdbc/OPEN_BANKING_DB
          definition:
            type: RDBMS
            configuration:
              jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_openbankingdb?autoReconnect=true&useSSL=false'
              username: root
              password: root
              driverClassName: com.mysql.jdbc.Driver 
              maxPoolSize: 50
              idleTimeout: 60000
              connectionTestQuery: SELECT 1
              validationTimeout: 30000
              isAutoCommit: false
    
        - name: OB_REPORTING_DB
          description: The datasource used to store statistics for OB Reporting module
          jndiConfig:
            name: jdbc/OB_REPORTING_DB
          definition:
            type: RDBMS
            configuration:
              jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_statsdb?autoReconnect=true&useSSL=false'
              username: root
              password: root
              driverClassName: com.mysql.jdbc.Driver 
              maxPoolSize: 20
              idleTimeout: 60000
              connectionTestQuery: SELECT 1
              validationTimeout: 30000
              isAutoCommit: false
    
        - name: OB_REPORTING_SUMMARIZED_DB
          description: The datasource used to store statistics for OB Reporting module
          jndiConfig:
            name: jdbc/OB_REPORTING_SUMMARIZED_DB
          definition:
            type: RDBMS
            configuration:
              jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_summarizeddb?autoReconnect=true&useSSL=false'
              username: root
              password: root
              driverClassName: com.mysql.jdbc.Driver 
              maxPoolSize: 20
              idleTimeout: 60000
              connectionTestQuery: SELECT 1
              validationTimeout: 30000
              isAutoCommit: false       
  3. Modify the OB_REPORTING_DB and OB_REPORTING_SUMMARIZED_DB datasources in the <WSO2_OB_BI_HOME>/conf/dashboard/deployment.yaml file.                                                          

    Use your database configurations and update the datasource properties as follows: 

        - name: OB_REPORTING_DB
          description: The datasource used to store statistics for OB Reporting module
          jndiConfig:
            name: jdbc/OB_REPORTING_DB
          definition:
            type: RDBMS
            configuration:
              jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_statsdb?autoReconnect=true&useSSL=false'
              username: 'root'
              password: 'root'
              driverClassName: 'com.mysql.jdbc.Driver'
              maxPoolSize: 20
              idleTimeout: 60000
              connectionTestQuery: SELECT 1
              # Use below for oracle database
              # connectionTestQuery: SELECT 1 FROM DUAL
              validationTimeout: 30000
              isAutoCommit: false
    
        - name: OB_REPORTING_SUMMARIZED_DB
          description: The datasource used to store statistics for OB Reporting module
          jndiConfig:
            name: jdbc/OB_REPORTING_SUMMARIZED_DB
          definition:
            type: RDBMS
            configuration:
              jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_summarizeddb?autoReconnect=true&useSSL=false'
              username: 'root'
              password: 'root'
              driverClassName: 'com.mysql.jdbc.Driver'
              maxPoolSize: 20
              idleTimeout: 60000
              connectionTestQuery: SELECT 1
              # Use below for oracle database
              # connectionTestQuery: SELECT 1 FROM DUAL
              validationTimeout: 30000
              isAutoCommit: false

    You need to follow the steps below when you are using Oracle or MS SQL database servers.

    You need to include the database driver corresponding to the database for the WSO2 Open Banking Business Intelligence server to communicate with the database. The WSO2 Open Banking Business Intelligence is an OSGi-based product. Therefore, when you integrate third party products such as Oracle and MS SQL with WSO2 OB BI, you need to check whether the libraries you need to add are OSGi based. If they are not, you need to convert them to OSGi bundles before adding them to the <WSO2_OB_BI_HOME>/lib directory.

    To convert the jar files to OSGi bundles, follow the steps below.

    1. Download the non-OSGi jar for the required third party product, and save it in a preferred directory in your machine.

    2. Go to the <WSO2_OB_BI_HOME>/bin directory. Run the command given below to generate the converted file in the <WSO2_OB_BI_HOME>/lib directory.

    ./jartobundle.sh <PATH_TO_NON-OSGi_JAR> ../lib

Configuring WSO2 OB BI worker 

Update listenerConfigurations in the <WSO2_OB_BI_HOME>/wso2/worker/conf/transports/netty-transports.yml as follows:

Note that keyStorePass: wso2carbon needs to be changed as keyStorePassword: wso2carbon.

listenerConfigurations:
 -
  id: "default"
  host: "0.0.0.0"
  port: 9090
  messageProcessorId: "MSF4J-CM-PROCESSOR"

 -
  id: "https"
  host: "0.0.0.0"
  port: 9443
  scheme: https
  keyStoreFile: ${carbon.home}/resources/security/wso2carbon.jks
  keyStorePassword: wso2carbon
  certPass: wso2carbon
  messageProcessorId: "MSF4J-CM-PROCESSOR"

Configuring keystores

In the SSL handshake between the Open Banking API Manager and Open Banking Business Intelligence servers, the client (i.e. Open Banking API Manager) needs to verify the certificate presented by the server (i.e. Open Banking Business Intelligence). For this purpose, the client stores the trusted certificate of the server in the client-truststore.jks keystore.

If you use a custom keystore in Open Banking API Manager and/or Open Banking Business Intelligence, import the public key certificate of Open Banking Business Intelligence into the client-truststore.jks file of the Open Banking API Manager. To export the public key from the server and import it into the client's trust store, follow the steps given in Adding CA-signed certificates to keystores in the Administration Guide.

Enabling data publishing in API Manager

Follow the instructions below to configure the WSO2 Open Banking API Manager to publish statistics. 

  1. Open the <WSO2_OB_APIM_HOME>/repository/conf/api-manager.xml file

  2. Configure the properties under the <Analytics> sub element.

    <Analytics>
            <!-- Enable Analytics for API Manager -->
            <Enabled>true</Enabled>
     
            <!-- Server URL of the remote StreamProcessor server used to collect statistics. Must
                be specified in protocol://hostname:port/ format.
     
                An event can also be published to multiple Receiver Groups each having 1 or more receivers. Receiver
                Groups are delimited by curly braces whereas receivers are delimited by commas.
                Ex - Multiple Receivers within a single group
                tcp://localhost:7612/,tcp://localhost:7613/,tcp://localhost:7614/
     
                Ex - Multiple Receiver Groups with two receivers each
                {tcp://localhost:7612/,tcp://localhost:7613},{tcp://localhost:7712/,tcp://localhost:7713/} -->
            <StreamProcessorServerURL>{tcp://<WSO2_OB_BI_HOST>:7612}</StreamProcessorServerURL>
    </Analytics>

    Enable alerts:

    If you are using Open Banking Business Intelligence for Analytics, follow the steps below to enable alerts:

    • Open the <WSO2_OB_BI_HOME>/conf/worker/deployment.yaml file.
    • Update the file as follows: 

      analytics.solutions:
        APIM-alerts.enabled: true 
        APIM-analytics.enabled: true
    • See Managing Alerts for more information.
  3. Save the changes and restart the WSO2 Open Banking API Manager server.

Enabling Open Banking Data Publishing

Follow the steps below to enable Data Reporting. 

  1. Open  <WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml and  <WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml  files.
  2. Under the <DataPublishing> sub-element set the <Enabled> parameter to true to enable the feature. 
  3. Replace the <WSO2_OB_BI_HOST> placeholder with the hostname of your WSO2 OB BI server and configure the other parameters accordingly.  
<BIServer>
   <DataPublishing>
      <!-- Include all configurations related to Data publishing -->
      <!-- Enable data publishing in WSO2 Open Banking-->
      <Enabled>true</Enabled>
      <!-- Server URL of the remote BI server used to collect statistics. Must
            be specified in protocol://hostname:port/ format. -->
      <ServerURL>{tcp://<WSO2_OB_BI_HOST>:7612}</ServerURL>
      <!-- Administrator username to login to the BI server for data publishing. -->
      <Username>[email protected]@carbon.super</Username>
      <!-- Administrator password to login to the BI server for data publishing. -->
      <Password>wso2123</Password>
   </DataPublishing>
</BIServer>

The Key Manager Extension is upgraded for Data Reporting.

If you have customized the default WSO2 Open Banking Key Manager extension:

  • Extend it from the WSO2 Open Banking Keymanger extension.
  • Set the authentication steps according to the WSO2 Open Banking Keymanger extension.

For more information see,  Customising Key Manager extension.

Enabling Transaction Risk Analysis (TRA) 

  1. Open the <WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml and <WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml files to enable Transaction Risk Analysis (TRA):
    1. Set the <IsEnabled> property under <TRA> to true to enable the TRA feature.
    2. Replace the <WSO2_OB_BI_HOST>  place holder with the hostname of Business Intelligence server.
    3. To enable TRA for: 
      • payments set the <PaymentValidationEnabled> property to true
      • accounts set the <AccountValidationEnabled> property to true
    4. The configurations related to TRA Receivers are under the <Receivers> property. You may use the default WSO2 Open Banking Business Intelligence server username and password. Replace the placeholders in  <TRAAccountValidationURL> and <TRAPaymentValidationURL> properties to set the Account and Payment validation URLs respectively.

      <BIServer>
          <!-- Include all configurations related to OBBI component -->
          <TRA>
              <!-- Include all configurations related to Transaction Risk Analysis -->
      
              <!-- Enable TRA in WSO2 Open Banking-->
              <IsEnabled>true</IsEnabled>
              <!-- following configurations are used to enable TRA for specific flows only-->
              <!-- Enable TRA for Payments-->
              <PaymentValidationEnabled>true</PaymentValidationEnabled>
              <!-- Enable TRA for Accounts-->
              <AccountValidationEnabled>true</AccountValidationEnabled>
              <!-- Configurations related to TRA Receivers-->
              <Receivers>
                  <!-- Administrator username to login to the remote BI server. -->
                  <Username>[email protected]@carbon.super</Username>
                  <!-- Administrator password to login to the remote BI server. -->
                  <Password>wso2123</Password>
                  <!-- Receiver URLs of the Siddhi Apps used to validate for TRA.-->
                  <TRAAccountValidationURL>http://<WSO2_OB_BI_HOST>:8007/TRAAccountValidationApp/TRAValidationStream</TRAAccountValidationURL>
                  <TRAPaymentValidationURL>http://<WSO2_OB_BI_HOST>:8007/TRAPaymentValidationApp/TRAValidationStream</TRAPaymentValidationURL>
              </Receivers>
              <TimePeriodOfRecurringPayment>90</TimePeriodOfRecurringPayment>
              <MaxFrequencyOfTransactionsWithoutSCA>5</MaxFrequencyOfTransactionsWithoutSCA>
              <TotalAmountLimitOfTransactionsWithoutSCA>100</TotalAmountLimitOfTransactionsWithoutSCA>
              <LastSCATimeLimit>90</LastSCATimeLimit>
              <TransactionAmountLimit>30</TransactionAmountLimit>
          </TRA>
      </BIServer>
  2. Make the following changes to the files given below.

    1. Open the <WSO2_OB_BI_HOME>/deployment/siddhi-files/TRAAccountValidationApp.siddhi file.

      • Update the <WSO2_OB_BI_HOST> placeholder in the receiver URL, with the hostname of your WSO2 OB BI server. 

        receiver.url='http://<WSO2_OB_BI_HOST>:8007/TRAAccountValidationApp/TRAValidationStream'
    2. Open the <WSO2_OB_BI_HOME>/deployment/siddhi-files/TRAPaymentValidationApp.siddhi file.

      • Update the <WSO2_OB_BI_HOSTNAME> placeholder in the receiver URL, with the hostname of your WSO2 OB BI server. 

        receiver.url='http://<WSO2_OB_BI_HOST>:8007/TRAPaymentValidationApp/TRAValidationStream',

Enabling Fraud Detection 

Open the <WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml and <WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml files to enable Fraud Detection: 

  1. Set the <IsEnabled> property under <FraudDetection> to true to enable the feature.

  2. Replace the <WSO2_OB_BI_HOST>  place holder with the hostname of Business Intelligence server.

    <BIServer>
        <!-- Include all configurations related to OBBI component -->
        <FraudDetection>
            <!-- Include all configurations related to Fraud Detection -->
    
            <!-- Enable FD in WSO2 Open Banking-->
            <IsEnabled>true</IsEnabled>
            <!-- Configurations related to FD Receivers-->
            <Receivers>
                <!-- Administrator username to login to the remote BI server. -->
                <Username>[email protected]@carbon.super</Username>
                <!-- Administrator password to login to the remote BI server. -->
                <Password>wso2123</Password>
                <!-- Receiver URLs of the Siddhi Apps used to validate for FD.-->
                <FraudDetectionURL>http://<WSO2_OB_BI_HOST>:8007/FraudDetectionApp/FraudDetectionStream</FraudDetectionURL>
                <InvalidSubmissionURL>http://<WSO2_OB_BI_HOST>:8006/InvalidSubmissionsApp/InvalidSubmissionsStream</InvalidSubmissionURL>
            </Receivers>
        </FraudDetection>
    </BIServer>
  3. Open the <WSO2_OB_BI_HOME>/deployment/siddhi-files/FraudStatusUpdaterApp.siddhi file and update <localhost> in the receiver URL with the hostname of your WSO2 OB BI server.

  4. Open the <WSO2_OB_BI_HOME>/conf/dashboard/deployment.yaml.  Add the APIM-alerts.enabled and wso2-is-analytics configurations under analytics.solutions and set as false. Once you add the configurations, the deployment.yaml file should be as follows:

    analytics.solutions:
      IS-analytics.enabled: false
      APIM-analytics.enabled: true
      EI-analytics.enabled: false
      APIM-alerts.enabled: false
      wso2-is-analytics: false
  5. Open the <WSO2_OB_BI_HOME>/conf/worker/deployment.yaml file and configure auth.configs:

    • username: [email protected]@carbon.super

    • password: d3NvMjEyMw== ( Password is wso2123. Make sure you encode the password with Base64).

      auth.configs:
      	type: 'local'
      	userManager:
      		adminRole: admin
      		userStore:
        			users:
         			-
           			user:
             				username: [email protected]@carbon.super
             				password: d3NvMjEyMw==
      	       			roles: 1
        			roles:
         			-
           			role:
             				id: 1
             				displayName: admin
  6. Once you configure the TRA and FD modules, start the servers in the order of:

1. Dashboard profile in WSO2 OB BI

2. Worker profile in WSO2 OB BI

3. WSO2 OB KM

4. WSO2 OB APIM

Enabling performance tuning and starting the servers

  1. You can enable performance tuning by adding configurations, as described in Performance Tuning in the WSO2 Stream Processor documentation.
  2. Navigate to the <WSO2_OB_BI_HOME>/bin directory, and give execution permissions to the dashboard.sh file.
  3. Run the API-M Analytics dashboard.sh as follows: 

    ./dashboard.sh
  4. Navigate to the <WSO2_OB_BI_HOME>/bin directory and give execute permissions to the worker.sh file.

  5. Run the following command and start the WSO2 Open Banking Business Intelligence in worker profile.

    ./worker.sh 
  6. Restart the Key Manager and API Manager servers in the mentioned order.

  7. The Fraud Detection dashboards are accessible on https://<WSO2_OB_BI_HOST>:9643/portal/dashboards/frauddetectiondashboard/home

  8. You can view API analytics data as described below:
    • Log in to the API Store or API Publisher.
    • Click the Analytics tab.
    • You can view API Usage, Top Users and Faulty Invocations details through the subtopics.
  9. To observe data analysis based on geographical locations, see Configuring Geolocation Based Statistics.

The WSO2 Open Banking Business Intelligence captures data published in WSO2 Open Banking API Manager and WSO2 Open Banking Key Manager. Data Reporting is the process of processing and summarizing these data. Click here for more details on Data Reporting.




  • No labels