apigee / openbank Goto Github PK

There should be a field in the payment transaction that indicates if the transaction is a debit / credit type. However currently the API that makes a transaction entry is the payment API which will make only a debit transaction - so the use case needs to be discussed further.

Reference : https://community.apigee.com/questions/39727/open-banking-identify-the-transaction-is-a-debit-o.html?childToView=39875#comment-39875

I finally able to deploy to Apigee Edge. However, there are 3 proxies that are consistently getting errors.

• Locations Proxy
• Product Proxy
• OAuth Proxy

Here's the part of the log:
[08:48:16] error deploying proxy locations
[08:48:16] Error: Error uploading target: 400
[08:48:17] error deploying proxy products
[08:48:17] Error: Error uploading target: 400
[08:48:28] error deploying proxy oauth
[08:48:28] Error: Error uploading target: 400

The SMS token proxy has the basepath: /internal/apis...
The Consent App proxy has the basepath: /apis/interal...

it would be good to be consistent.

@mukundha FYI

Some customers may not have access to a BaaS instance. We can create static mocks for these customers.

Each API Proxy should have a /ping and /status to allow monitoring tools, such as Apigee Test to check if the proxies and their dependencies are deployed:

https://community.apigee.com/articles/17862/forming-an-api-monitoring-strategy-where-to-start.html

The /balance API also works when called as /balancexyz etc.
This should not work and should throw appropriate errors.

In order to protect the APIs from traffic spikes, we should add Spike Arrests to the PreFlow of each API Proxy.

We can have a KVM called 'TrafficLimits' where...
Key = API Proxy name
Value = Spike Arrest Rate.

This way, customers can configure the spike arrest just by changing the KVM value. By default we can set the values to 9999tps.

Hi Team,
If provided redirect url as mobile app "deep link" url then after popup getting error on redirect url "deep link" i.e. ://
But It seems to be working perfect for urls starting with http or https

Is it supported by open bank to give proper status back to Mobile App redirect url.

When i try to create its give error

Failed to provision trial organization, please contact Apigee Support. Status: 400, Message: {"error":"bad_request","error_description":"Unable to create trial org at this time."}```

In Accounts / Accounts-Connector APIs

I tried to get consent-app nodejs log with apigeetool, however I could not retrieve logs.
I checked and changed a following codes, it is available.

app.js
// development error handler
// will print stacktrace
//if (app.get('env') === 'development') {
if (app.get('env') === 'test') {
  app.use(function(err, req, res, next) {
    res.status(err.status || 500);
    res.render('error', {
      message: err.message,
      error: err
    });
  });
}

It would be good to document in the README how often we will update this Accelerator to the latest version of the Open Banking specs, and how users can upgrade. Even if there is no SLA, this should be documented.

It would be a good idea to include a short README on how to use the android app.

When you go to checkout you are shown a form from apigee to enter a customer number and password. Where are those coming from? Where are those set?

It is also not clear what to set in the configuration screen.

There are a few complex javascript callouts, e.g. https://github.com/apigee/openbank/blob/master/src/gateway/oauth/apiproxy/resources/jsc/ValidateRequestJWT.js

We should unit test these as shown in https://community.apigee.com/articles/3964/unit-testing-javascript-code-with-mocha-sinon-and.html

In OAuth API there is a scope verification. This uses access entity to get the scopes from the product. However in case case API key has multiple products, this doesn't work always.

#Issue/Request:
Cannot deploy openbank to Apigee Edge with the following npm and gulp versions. Below are the errors from gulp openbankdeploy:

[12:02:09] deploying proxy products
[12:02:10] error deploying proxy locations
[12:02:10] Error: Error uploading target: 400
[12:02:10] error deploying proxy products
[12:02:10] Error: Error uploading target: 400
[12:02:14] error deploying proxy oauth
[12:02:14] Error: Error uploading target: 400
[12:02:19] deployed proxy payments

$ npm -v
5.6.0
$ gulp -v
[23:35:17] CLI version 2.0.1
[23:35:17] Local version 3.9.1

When running the "gulp test" command some of the tests open a chrome browser and when entering the username to log in the username string appears duplicated, and the test fails.

The BDD test coverage for Account APIs is excellent. It would be great to also do this for Payment APIs.

• currently we are using local version of edge-launchpad, present at src/common/deploy/launchpad-1.0.7
• need to remove src/common/deploy folder and update package.json to point to edge-launchpad npm

don't throw so much log info during setup
just tell what is happening (steps)
write rest to a log file

If a conditional flow is not found in the Proxy Endpoint, we should return a 404 instead of a TargetEndpoint not found error.

We could either give an example or write in the README how to do add Logging to this solution.

A good code example is here: https://github.com/seymen/accelerator-ci-maven/blob/master/currency-v1/apiproxy/resources/jsc/LogToLoggly.js

There is a hardcoded value in the openbank/src/gateway/oauth/apiproxy/policies/Assign-ID-Token-Payload-authorization_code-flow.xml

    <AssignVariable>
        <Name>iss</Name>
        <Value>http://demo38-prod.apigee.net</Value>
    </AssignVariable>

This becomes the issuer in the JWT created as part of the OAuth token flow

Hi,

I'm using my Apigee evaluation to try OpenBank API Gateway. I was able to use my GCP Datastore and authenticate to my Apigee Edge. However, I got the following errors in the latter part of the deployment:

• Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443

• {{ apiKey_AISP }} not found in context

• {{ apiKey_PISP }} not found in context

• {{ apiKey_IA }} not found in context

Here's the part of the log where it fails...

[13:30:24] deployed proxy locations-connector
[13:30:29] deployed proxy user-management
[13:30:31] deployed proxy sms-token
[13:30:33] deployed proxy apisbank-connector
[13:30:33] deployed proxy consent-management
[13:30:34] deployed proxy customer-management
[13:30:35] deployed proxy products-connector
[13:30:58] error deploying proxy payments-connector
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] error deploying proxy accounts-connector
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] deploying product resources
[13:30:58] error creating product internal_apisv1.0.1
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] deploying app resources
[13:30:58] error creating app internal_appv101
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] deploying config substitution
[13:30:58] {{apiKey_IA}} not found in context
[13:30:58] deploying proxy
[13:30:58] deploying proxy oauth
[13:30:58] deploying proxy login-app
[13:30:58] deploying proxy consent-app
[13:30:58] deploying proxy accounts
[13:30:58] deploying proxy payments
[13:30:58] deploying proxy locations
[13:30:58] deploying proxy products
[13:30:58] error deploying proxy oauth
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] error deploying proxy login-app
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] error deploying proxy consent-app
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] error deploying proxy accounts
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] error deploying proxy payments
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] error deploying proxy locations
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] error deploying proxy products
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] deploying product resources
[13:30:58] error creating product account_apisv1.0.1
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] error creating product payment_apisv1.0.1
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] deploying app resources
[13:30:58] error creating app AISP_Appv101
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] error creating app PISP_Appv101
[13:30:58] Error: getaddrinfo ENOTFOUND api.enterprise.apigee.com api.enterprise.apigee.com:443
[13:30:58] deploying util resources
[13:30:58] deploying config substitution
[13:30:58] {{ apiKey_AISP }} not found in context
[13:30:58] {{ apiKey_PISP }} not found in context
[13:30:58] {{ apiKey_IA }} not found in context
[13:30:58] Finished 'deploy' after 1.93 min
[13:30:58] Finished 'openbankdeploy' after 9.57 min

I retrieve an access token using oauth app with the type of "code id_token" with payments scope

The payload is:
{
"ClientId": "t2GAyc1RM9tAr4PBeswlD1NG6pi00ILH",
"ResponseType": "code id_token",
"ResponseTypeToken": "true",
"ResponseTypeCode": "false",
"ResponseTypeIdToken": "false",
"Scope": "openid payments",
"RedirectUri": "http://localhost/",
"RequestId": "1001",
"RequestState": "af0ifjsldkj",
"ApplicationName": "AISP_App_v2",
"CustomerId": "10203040",
"Nonce": "n-0S6_WzA2Mj",
"TppId": "12345"
}

After that, I used the responded access token within Authorization header with Bearer and could get /accounts response with that token.

All success and error responses should follow the same schema.

We should investigate the possibility of using Travis CI to display the latest build status.

I am not sure what the current branching strategy is, as some branches are prefixed with rev and some with feat.

We should document the branching approach in CONTRIBUTING.md

replace gulp deployopenbank with gulp openbankdeploy

changes with reference to -request/request#2772

In many places, we aren't catching unhandled errors. We can follow these steps: https://community.apigee.com/articles/23724/an-error-handling-pattern-for-apigee-proxies.html

Ext-Validate-request-parameters validates JWT payload & the claims (to, amount, currency, etc.) but these values don't seem to be set in Create-Application-Session. Is that for a reason?

when you do sh setup/setup.sh it fails ./cache.sh: No such file or directory

Could give a link on where to start
Some sample postman scripts
etc.

Many PSPs will only support Basic Authentication for the Client Credentials grant type /token call, instead of a client assertion.

Could we support this too? Currently if I pass a normal /token request with client credentials, the refresh token policy is hit instead of an error.

currently the tests pop open the chrome browser for automation. In the last few months, it has been possible to use headless chrome: https://developers.google.com/web/updates/2017/04/headless-chrome

Hi
I receive the following error on running gulp. Can someone please help with this?

$ node -v
v8.9.4

$ gulp openbankdeploy --env test
[13:28:05] Using gulpfile /openbank/gulpfile.js
[13:28:05] Starting 'openbankdeploy'...
[13:28:05] 'openbankdeploy' errored after 2.84 ms
[13:28:05] TypeError: gulp.on(...).on(...).on(...).on(...).start is not a function
at /openbank/node_modules/gulp-sequence/index.js:66:12
at apply (/openbank/node_modules/thunks/index.js:354:38)
at tryRun (/openbank/node_modules/thunks/index.js:224:19)
at runThunk (/openbank/node_modules/thunks/index.js:217:15)
at /openbank/node_modules/thunks/index.js:314:49
at apply (/openbank/node_modules/thunks/index.js:354:38)
at tryRun (/openbank/node_modules/thunks/index.js:224:19)
at runThunk (/openbank/node_modules/thunks/index.js:217:15)
at continuation (/openbank/node_modules/thunks/index.js:164:10)
at child (/openbank/node_modules/thunks/index.js:155:24)
at thunkFunction (/openbank/node_modules/thunks/index.js:145:14)
at gulpSequence (****/openbank/node_modules/gulp-sequence/index.js:70:19)
at /openbank/gulpfile.js:128:3
at taskWrapper (/openbank/node_modules/undertaker/lib/set-task.js:13:15)
at bound (domain.js:301:14)
at runBound (domain.js:314:12)

New entries created with each new deploy when option to use datastore is selected.

could make this easier
import models directly
or point to URLs from where we can import

A frequently asked question is 'When will Registry validation/integration happen?'

It would be good to document this in the README