This documentation is for WSO2 Open Banking version 1.5.0. View documentation for the latest release.
Skip to end of metadata
Go to start of metadata

The WSO2 Open Banking Business Intelligence(WSO2 OB BI) component enables monitoring and recording of API-level usage activity to ensure that the API owners have full awareness of the APIs, applications, and subscriptions. It generates alerts by analyzing the risk involved in transactions and fraudulent activities. It also generates statistics using the data collected from WSO2 Open Banking Key Manager and API Manager. WSO2 Open Banking Business Intelligence contains the following features: 

API Analytics

Provides reports, statistics and graphs on the APIs deployed in WSO2 Open Banking API Manager. Helps Third-party providers (TPP) to monitor how their applications perform while banks can analyze how the bank APIs perform.

Transaction Risk Analysis

Enables analyzing the risk level based on predefined rules and exempt the user from having to provide the second factor.

Fraud Detection

For transaction monitoring mechanisms to detect unauthorized or fraudulent transactions and generate alerts. It also exempts the security requirements of strong customer authentication based on the identified level of risk and recurrence of the payment transaction. 

Data Reporting

The WSO2 Open Banking Business Intelligence captures data published in WSO2 Open Banking API Manager and WSO2 Open Banking Key Manager. Data Reporting is the process of processing and summarizing these data. 

It also supports business Key Performance Indicator (KPI) dashboards with business intelligence and insights on usage trends as well as custom business insights on the account and payment flows. The decision makers of banks can use these statistics to align the business to better suit the customer needs and ultimately increase profits.  The configurable alerting module enables informing the necessary parties of abnormal behavior, e.g., API failures, a sudden increase in the response time of APIs, and a change in the API resource access pattern.

The placement of the WSO2 OB BI component is as follows:

Before you begin

Download Open Banking Business Intelligence and unzip the file, or add it through WUM using the following commands:

  1. Add the wso2-obbi WUM pack.

    wum add wso2-obbi-<version>
  2. Update the wso2-obbi product pack using WUM.

    wum update wso2-obbi-<version>

    WSO2 Updates Manager (WUM) is deprecated and will be unavailable from July 2021 onwards. WSO2 Updates is the new tool to include the solution and security improvements that are released by WSO2 Open Banking, on top of a released version. For more information, see WSO2 Updates.

     Click here to see how to update the solution via WSO2 Update tool...

    The WSO2 Update tool delivers hotfixes and updates seamlessly on top of products as WSO2 Updates. They include improvements that are released by WSO2. You need to update the product using the relevant script.

    • Go to <WSO2_OB_BI_HOME>/bin and run the WSO2 Update tool: 

      ./wso2update_linux 
      ./wso2update_darwin
      ./wso2update_windows.exe
  3. Copy <WSO2_OB_BI_HOME>/resources/finance/scripts/wso2-obbi-conf/deployment.yaml to the <WSO2_OB_BI_HOME>/conf/worker directory and replace the existing deployment.yaml file.

The WSO2 Open Banking Business Intelligence server uses the worker and dashboard profiles for the above-mentioned features. In a production deployment, the worker and dashboard profiles should run in two different JVMs. You need to enable the below ports, in order to publish data to these two nodes.

You can find the configurations for worker and dashboard profiles respectively in the following locations:

  • <WSO2_OB_BI_HOME>/conf/worker/deployment.yaml 
  • <WSO2_OB_BI_HOME>/conf/dashboard/deployment.yaml 

The worker node has a port offset of 1 and it opens the following ports.

HTTPS requests

9444, 8006, 8007
Thrift transport 7612, 7712

The dashboard node has a port offset of 6 and it opens the following port.

HTTPS requests

9449

Configuring databases

The following is a list of database versions that are compatible with the WSO2 API Manager Analytics.

  • MySQL 5.7 
  • MS SQL Server 2016 
  • Oracle 12c
  1. Make sure the following databases are created in your database server, if not create them:  

    If you are setting up WSO2 OB BI and MySQL database in a local environment, 

    • Configure your database details in the <WSO2_OB_BI_HOME>/resources/finance/scripts/startup.properties file.
    • Go to the <WSO2_OB_BI_HOME>/resources/finance/scripts directory and execute the following command: 

      ./configure-bi.sh
    • openbank_apimgt_statsdb 

    • openbank_openbankingdb 

    • openbank_geolocationdb

    • openbank_ob_reporting_statsdb

    • openbank_ob_reporting_summarizeddb

  2. Update the  <WSO2_OB_BI_HOME>/conf/worker/deployment.yaml  file. Modify the datasources below by pointing them to the databases you created in the above step (in the given order). 

    • APIM_ANALYTICS_DB

    • OPEN_BANKING_DB

    • GEO_LOCATION_DATA

    • OB_REPORTING_DB  

    • OB_REPORTING_SUMMARIZED_DBUpdate the datasource entry in the deployment.yaml with your database configurations.


      PropertyDescription
      jdbcUrl

      This is the port to connect to on database server

      The jdbcUrl property expects the JDBC driver connection string. A sample jdbcUrl:

      'jdbc:mysql://localhost:3306/openbank_ob_reporting_summarizeddb?autoReconnect=true&useSSL=false'

      username

      The database user

      password

      Password set for the database connection

      driverClassName

      The JDBC driver name

      Mysql JDBC Driver : com.mysql.jdbc.Driver
      MSSQL JDBC Driver : com.microsoft.sqlserver.jdbc.SQLServerDriver
      Oracle JDBC Driver : oracle.jdbc.driver.OracleDriver

      If you are using Oracle, update the connectionTestQuery in each datasource with the following value.

      connectionTestQuery: SELECT 1 FROM DUAL
          - name: GEO_LOCATION_DATA
            description: "The data source used for geo location database"
            jndiConfig:
              name: jdbc/GEO_LOCATION_DATA
            definition:
              type: RDBMS
              configuration:
                jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_geolocationdb?autoReconnect=true&useSSL=false'
                username: root
                password: root
                driverClassName: com.mysql.jdbc.Driver
                maxPoolSize: 50
                idleTimeout: 60000
                connectionTestQuery: SELECT 1
                # Use below for oracle database
                # connectionTestQuery: SELECT 1 FROM DUAL
                validationTimeout: 30000
                isAutoCommit: false
      
          - name: APIM_ANALYTICS_DB
            description: "The datasource used for APIM statistics aggregated data."
            jndiConfig:
              name: jdbc/APIM_ANALYTICS_DB
            definition:
              type: RDBMS
              configuration:
                jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_apimgt_statsdb?autoReconnect=true&useSSL=false'
                username: root
                password: root
                driverClassName: com.mysql.jdbc.Driver
                maxPoolSize: 50
                idleTimeout: 60000
                connectionTestQuery: SELECT 1
                validationTimeout: 30000
                isAutoCommit: false
      
          - name: OPEN_BANKING_DB
            description: "The datasource used to store payment consents"
            jndiConfig:
              name: jdbc/OPEN_BANKING_DB
            definition:
              type: RDBMS
              configuration:
                jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_openbankingdb?autoReconnect=true&useSSL=false'
                username: root
                password: root
                driverClassName: com.mysql.jdbc.Driver 
                maxPoolSize: 50
                idleTimeout: 60000
                connectionTestQuery: SELECT 1
                validationTimeout: 30000
                isAutoCommit: false
      
          - name: OB_REPORTING_DB
            description: The datasource used to store statistics for OB Reporting module
            jndiConfig:
              name: jdbc/OB_REPORTING_DB
            definition:
              type: RDBMS
              configuration:
                jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_statsdb?autoReconnect=true&useSSL=false'
                username: root
                password: root
                driverClassName: com.mysql.jdbc.Driver 
                maxPoolSize: 20
                idleTimeout: 60000
                connectionTestQuery: SELECT 1
                validationTimeout: 30000
                isAutoCommit: false
      
          - name: OB_REPORTING_SUMMARIZED_DB
            description: The datasource used to store statistics for OB Reporting module
            jndiConfig:
              name: jdbc/OB_REPORTING_SUMMARIZED_DB
            definition:
              type: RDBMS
              configuration:
                jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_summarizeddb?autoReconnect=true&useSSL=false'
                username: root
                password: root
                driverClassName: com.mysql.jdbc.Driver 
                maxPoolSize: 20
                idleTimeout: 60000
                connectionTestQuery: SELECT 1
                validationTimeout: 30000
                isAutoCommit: false       

      Modify the datasources of OB_REPORTING_DB  in the <WSO2_OB_BI_HOME>/conf/dashboard/deployment.yaml file.                                                          

      Use your database configurations and update the datasource properties as follows: 

          - name: OB_REPORTING_DB
            description: The datasource used to store statistics for OB Reporting module
            jndiConfig:
              name: jdbc/OB_REPORTING_DB
            definition:
              type: RDBMS
              configuration:
                jdbcUrl: 'jdbc:mysql://localhost:3306/openbank_ob_reporting_statsdb?autoReconnect=true&useSSL=false'
                username: root
                password: root
                driverClassName: 'com.mysql.jdbc.Driver'
                maxPoolSize: 20
                idleTimeout: 60000
                connectionTestQuery: SELECT 1
                # Use below for oracle database
                # connectionTestQuery: SELECT 1 FROM DUAL
                validationTimeout: 30000
                isAutoCommit: false
  3. This is available only as a WUM update and is effective from January 08, 2021 (01-08-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

    Copy the following widgets for your database type in the <WSO2_OB_BI_HOME>/resources/finance/dashboard/widgets/<DATABASE_TYPE> directory and replace those widgets in the <WSO2_OB_BI_HOME>/wso2/dashboard/deployment/web-ui-apps/portal/extensions/widgets directory:

    • AverageTransactionAmount
    • AverageTransactionAmountGraph
    • FraudGraph
    • TransactionGraph
    • TotalFraudulentTransactions
    • TotalPaymentTransactions
    • TransactionHistoryAnalyser
    • DateTimeRangePicker

You need to follow the steps below when you are using Oracle or MS SQL database servers.

  1. You need to include the database driver corresponding to the database for the WSO2 Open Banking Business Intelligence server to communicate with the database. The WSO2 Open Banking Business Intelligence is an OSGi-based product. Therefore, when you integrate third party products such as Oracle and MS SQL with WSO2 OB BI, you need to check whether the libraries you need to add are OSGi based. If they are not, you need to convert them to OSGi bundles before adding them to the <WSO2_OB_BI_HOME>/lib directory. To convert the jar files to OSGi bundles, follow the steps below.
    1. Download the non-OSGi jar for the required third party product, and save it in a preferred directory in your machine.

    2. Go to the <WSO2_OB_BI_HOME>/bin directory. Run the command given below to generate the converted file in the <WSO2_OB_BI_HOME>/lib directory.

      ./jartobundle.sh <PATH_TO_NON-OSGi_JAR> ../lib
    3. In order to make sure that the schema name is based on your database structures, follow the below instructions:

      This is available only as a WUM update and is effective from January 08, 2021 (01-08-2021). For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

      1. Go to the <WSO2_OB_BI_HOME>/wso2/dashboard/deployment/web-ui-apps/portal/extensions/widgets directory and open the widgetConf.json file of each of the below dashboard widgets:
        1. AverageTransactionAmount
        2. AverageTransactionAmountGraph
        3. FraudGraph
        4. TransactionGraph
        5. TotalFraudulentTransactions
        6. TotalPaymentTransactions
        7. TransactionHistoryAnalyser
      2. Add the following configuration under "currency":"£" of  the metadata attribute:

        Make sure you map to the correct schema name of OPENBANK_OB_REPORTING_STATSDB.

        "schemaName": "<SCHEMA_NAME_FOR_OPENBANK_OB_REPORTING_STATSDB>"

        Once updated, it must look as follows:

        "metadata": {
                    "currency":"£"
        			"schemaName": "<SCHEMA_NAME_FOR_OPENBANK_OB_REPORTING_STATSDB>"
        }

Configuring WSO2 OB BI worker 

Update listenerConfigurations in the <WSO2_OB_BI_HOME>/wso2/worker/conf/transports/netty-transports.yml as follows:

Note that keyStorePass: wso2carbon needs to be changed as keyStorePassword: wso2carbon.

listenerConfigurations:
 -
  id: "default"
  host: "0.0.0.0"
  port: 9090
  messageProcessorId: "MSF4J-CM-PROCESSOR"

 -
  id: "https"
  host: "0.0.0.0"
  port: 9443
  scheme: https
  keyStoreFile: ${carbon.home}/resources/security/wso2carbon.jks
  keyStorePassword: wso2carbon
  certPass: wso2carbon
  messageProcessorId: "MSF4J-CM-PROCESSOR"

Configuring keystores

In the SSL handshake between the Open Banking API Manager and Open Banking Business Intelligence servers, the client (i.e. Open Banking API Manager) needs to verify the certificate presented by the server (i.e. Open Banking Business Intelligence). For this purpose, the client stores the trusted certificate of the server in the client-truststore.jks keystore.

If you use a custom keystore in Open Banking API Manager and/or Open Banking Business Intelligence, import the public key certificate of Open Banking Business Intelligence into the client-truststore.jks file of the Open Banking API Manager. To export the public key from the server and import it into the client's trust store, follow the steps given in Adding CA-signed certificates to keystores in the Administration Guide.

Enabling data publishing in API Manager

Follow the instructions below to configure the WSO2 Open Banking API Manager to publish statistics. 

  1. Open the <WSO2_OB_APIM_HOME>/repository/conf/api-manager.xml file

  2. Configure the properties under the <Analytics> sub element.

    <Analytics>
            <!-- Enable Analytics for API Manager -->
            <Enabled>true</Enabled>
     
            <!-- Server URL of the remote StreamProcessor server used to collect statistics. Must
                be specified in protocol://hostname:port/ format.
     
                An event can also be published to multiple Receiver Groups each having 1 or more receivers. Receiver
                Groups are delimited by curly braces whereas receivers are delimited by commas.
                Ex - Multiple Receivers within a single group
                tcp://localhost:7612/,tcp://localhost:7613/,tcp://localhost:7614/
     
                Ex - Multiple Receiver Groups with two receivers each
                {tcp://localhost:7612/,tcp://localhost:7613},{tcp://localhost:7712/,tcp://localhost:7713/} -->
            <StreamProcessorServerURL>{tcp://<WSO2_OB_BI_HOST>:7612}</StreamProcessorServerURL>
    </Analytics>

    Enable alerts:

    If you are using Open Banking Business Intelligence for Analytics, follow the steps below to enable alerts:

    • Open the <WSO2_OB_BI_HOME>/conf/worker/deployment.yaml file.
    • Update the file as follows: 

      analytics.solutions:
        APIM-alerts.enabled: true 
        APIM-analytics.enabled: true
    • See Managing Alerts for more information.
  3. Save the changes and restart the WSO2 Open Banking API Manager server.

Enabling Open Banking Data Publishing

Follow the steps below to enable Data Reporting. 

  1. Open  <WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml and  <WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml  files.
  2. Under the <DataPublishing> sub-element set the <Enabled> parameter to true to enable the feature. 
  3. Replace the <WSO2_OB_BI_HOST> placeholder with the hostname of your WSO2 OB BI server and configure the other parameters accordingly.  

    <BIServer>
       <DataPublishing>
          <!-- Include all configurations related to Data publishing -->
          <!-- Enable data publishing in WSO2 Open Banking-->
          <Enabled>true</Enabled>
          <!-- Server URL of the remote BI server used to collect statistics. Must
                be specified in protocol://hostname:port/ format. -->
          <ServerURL>{tcp://<WSO2_OB_BI_HOST>:7612}</ServerURL>
          <!-- Administrator username to login to the BI server for data publishing. -->
          <Username>admin@wso2.com@carbon.super</Username>
          <!-- Administrator password to login to the BI server for data publishing. -->
          <Password>wso2123</Password>
       </DataPublishing>
    </BIServer>
  4. This step is required only if you're setting up Open Banking for AU:

    1. Go to the <WSO2_OB_BI_HOME>/resources/finance/cds-siddhi-files directory.
    2. Copy and paste the following to the <WSO2_OB_BI_HOME>/deployment/siddhi-files directory.
      1. CDSInvocationMetricsApp.siddhi
      2. CDSSessionMetricsApp.siddhi

The Key Manager Extension is upgraded for Data Reporting.

If you have customized the default WSO2 Open Banking Key Manager extension:

  • Extend it from the WSO2 Open Banking Keymanger extension.
  • Set the authentication steps according to the WSO2 Open Banking Keymanger extension.

For more information see,  Customising Key Manager extension.

Enabling Transaction Risk Analysis (TRA) 

Open the <WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml and <WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml files to enable Transaction Risk Analysis (TRA):

  1. Set the <IsEnabled> property under <TRA> to true to enable the TRA feature.
  2. Replace the <WSO2_OB_BI_HOST>  place holder with the hostname of Business Intelligence server.
  3. To enable TRA for: 
    • payments set the <PaymentValidationEnabled> property to true
    • accounts set the <AccountValidationEnabled>  property to true
  4. The configurations related to TRA Receivers are under the <Receivers> property. You may use the default WSO2 Open Banking Business Intelligence server username and password. Replace the placeholders in  <TRAAccountValidationURL> and <TRAPaymentValidationURL> properties to set the Account and Payment validation URLs respectively.

    <BIServer>
        <!-- Include all configurations related to OBBI component -->
        <TRA>
            <!-- Include all configurations related to Transaction Risk Analysis -->
    
            <!-- Enable TRA in WSO2 Open Banking-->
            <IsEnabled>true</IsEnabled>
            <!-- following configurations are used to enable TRA for specific flows only-->
            <!-- Enable TRA for Payments-->
            <PaymentValidationEnabled>true</PaymentValidationEnabled>
            <!-- Enable TRA for Accounts-->
            <AccountValidationEnabled>true</AccountValidationEnabled>
            <!-- Configurations related to TRA Receivers-->
            <Receivers>
                <!-- Administrator username to login to the remote BI server. -->
                <Username>admin@wso2.com@carbon.super</Username>
                <!-- Administrator password to login to the remote BI server. -->
                <Password>wso2123</Password>
                <!-- Receiver URLs of the Siddhi Apps used to validate for TRA.-->
                <TRAAccountValidationURL>http://<WSO2_OB_BI_HOST>:8007/TRAAccountValidationApp/TRAValidationStream</TRAAccountValidationURL>
                <TRAPaymentValidationURL>http://<WSO2_OB_BI_HOST>:8007/TRAPaymentValidationApp/TRAValidationStream</TRAPaymentValidationURL>
            </Receivers>
            <TimePeriodOfRecurringPayment>90</TimePeriodOfRecurringPayment>
            <MaxFrequencyOfTransactionsWithoutSCA>5</MaxFrequencyOfTransactionsWithoutSCA>
            <TotalAmountLimitOfTransactionsWithoutSCA>100</TotalAmountLimitOfTransactionsWithoutSCA>
            <LastSCATimeLimit>90</LastSCATimeLimit>
            <TransactionAmountLimit>30</TransactionAmountLimit>
        </TRA>
    </BIServer>
  1. Make the following changes to the files given below.

    1. Open the <WSO2_OB_BI_HOME>/deployment/siddhi-files/TRAAccountValidationApp.siddhi file.

      • Update the <WSO2_OB_BI_HOST> placeholder in the receiver URL, with the hostname of your WSO2 OB BI server. 

        receiver.url='http://<WSO2_OB_BI_HOST>:8007/TRAAccountValidationApp/TRAValidationStream'
    2. Open the <WSO2_OB_BI_HOME>/deployment/siddhi-files/TRAPaymentValidationApp.siddhi file.

      • Update the <WSO2_OB_BI_HOSTNAME> placeholder in the receiver URL, with the hostname of your WSO2 OB BI server. 

        receiver.url='http://<WSO2_OB_BI_HOST>:8007/TRAPaymentValidationApp/TRAValidationStream',

Enabling Fraud Detection

Open the <WSO2_OB_KM_HOME>/repository/conf/finance/open-banking.xml and <WSO2_OB_APIM_HOME>/repository/conf/finance/open-banking.xml files to enable Fraud Detection: 

  1. Set the <IsEnabled> property under <FraudDetection> to true to enable the feature.

  2. Replace the <WSO2_OB_BI_HOST>  place holder with the hostname of Business Intelligence server.

    <BIServer>
        <!-- Include all configurations related to OBBI component -->
        <FraudDetection>
            <!-- Include all configurations related to Fraud Detection -->
    
            <!-- Enable FD in WSO2 Open Banking-->
            <IsEnabled>true</IsEnabled>
            <!-- Configurations related to FD Receivers-->
            <Receivers>
                <!-- Administrator username to login to the remote BI server. -->
                <Username>admin@wso2.com@carbon.super</Username>
                <!-- Administrator password to login to the remote BI server. -->
                <Password>wso2123</Password>
                <!-- Receiver URLs of the Siddhi Apps used to validate for FD.-->
                <FraudDetectionURL>http://<WSO2_OB_BI_HOST>:8007/FraudDetectionApp/FraudDetectionStream</FraudDetectionURL>
                <InvalidSubmissionURL>http://<WSO2_OB_BI_HOST>:8006/InvalidSubmissionsApp/InvalidSubmissionsStream</InvalidSubmissionURL>
            </Receivers>
        </FraudDetection>
    </BIServer>
  3. Open the <WSO2_OB_BI_HOME>/deployment/siddhi-files/FraudStatusUpdaterApp.siddhi file and update <localhost> in the receiver URL with the hostname of your WSO2 OB BI server.

Once you configure the TRA and FD modules, start the servers in the order of:

1. Dashboard profile in <WSO2_OB_BI_HOME>/bin

2. Worker profile in <WSO2_OB_BI_HOME>/bin

3. WSO2 OB KM

4. WSO2 OB APIM

Enabling performance tuning and starting the servers

You can enable performance tuning by adding configurations, as described in Performance Tuning in the WSO2 Stream Processor documentation.

Navigate to the <WSO2_OB_BI_HOME>/bin directory, and give execution permissions to the dashboard.sh file.

Run the API Manager Analytics dashboard.sh as follows: 

./dashboard.sh


Navigate to the <WSO2_OB_BI_HOME>/bin directory and give execute permissions to the worker.sh file.

Run the following command and start the WSO2 Open Banking Business Intelligence in worker profile.

./worker.sh 


Restart the Key Manager and API Manager servers in the mentioned order.

The Fraud Detection dashboards are accessible on https://<WSO2_OB_BI_HOST>:9643/portal/dashboards/frauddetectiondashboard/home


You can view API analytics data as described below:

  • Log in to the API Store or API Publisher.
  • Click the Analytics tab.
  • You can view API Usage, Top Users and Faulty Invocations details through the subtopics.

To observe data analysis based on geographical locations, see Configuring Geolocation Based Statistics.

The WSO2 Open Banking Business Intelligence captures data published in WSO2 Open Banking API Manager and WSO2 Open Banking Key Manager. Data Reporting is the process of processing and summarizing these data. Click here for more details on Data Reporting.



  • No labels