Platform

3 mins read

Open Finance Sandbox Environment

Get familiar with Open Finance initiatives with a hands-on experience of the Open Finance Sandbox environment. Learn the Open Finance flows and understand the requirements.

Open Finance Quickstart

Cloudentity has created a reference Open Finance Quickstart GitHub project that helps to understand different Open Finance actors and workflows and how all these are integrated with the Cloudentity platform.

This quickstart allows you to either quickly spin up a local dockerized version of Cloudentity solution or connect to a SaaS tenant. You may choose and proceed with one of the option for quick verification of the platform capabilities.

Open Finance Sandbox

Generic Open Banking Workspace

To allow financial institutions to explore Open Finance more, or to enable ecosystem designers to experience Open Finance flows themselves, Cloudentity provides a Generic Open Banking workspace based on the Financial-Grade API (FAPI) profile. If your country has yet to define Open Finance specification, or if you’re in the process of evaluating various authorization servers for constructing your own Open Finance solution, this workspace is tailored to your needs.

How Generic Open Banking Sandbox Works

In the integration pattern we are proposing to customers interested in building an Open Banking solution, a key architectural advantage lies in the loose coupling between our FAPI-certified authorization server and consent storage.

The below sequence diagram illustrates the authorization flow, detailing the interactions between TPPs, the Authorization Server, the Consent Page, and the Consent Storage.

[mermaid-begin]
sequenceDiagram autoNumber participant TPP as TPP box transparent Cloudentity participant as as Authorization Server end box Financial Institution participant cp as Consent Page participant cs as Consent Storage participant aa as Bank API end TPP ->> as: Registration as -->> TPP: client_id TPP ->> as: Request authorization as -> as: Authentication (out of scope) as ->> cp: Redirect to consent page cp -> aa: Fetch transaction details aa -->> cp: details cp -> cp: Render consent screen cp ->> cs: Store consent in external system cs -->> cp: consent_id cp -->> as: Accept scope grant (granted_scopes, consent_id) as -->> TPP: Redirect (authorization_code) TPP ->> as: Exchange code POST /oauth2/token as -->> TPP: Access Token TPP -> aa: GET /transactions (access token) aa -->> TPP: transaction data

  1. Request authorization: This step is done using either lodging intent pattern or TPP passing data directly in the flow using various techniques such as: essential claims / dynamic scopes / RAR.

  2. Authentication: This is out of scope but various IDPs can be configured using identity hub and SCA can be enforced.

  3. Consent Page: After authentication, the user is redirected to external Consent Page configured in the authorization server.

  4. Consent Storage: Upon consent approval, the consent record is created in an external system the of your choice. The unique consent id is passed back to authorization server to issue access token bound to the consent.

What You Get with Generic Open Finance Sandbox

Once you decide to explore the Open Finance Sandbox, two workspaces are created for you within your tenant for mocked financial institutions – GO Bank and Hyperscale Bank. You can explore the Open Finance flows using the sandbox as well as experience how consent storage works – to that end, Cloudentity utilized Identity Pools as a data store.

Updated: Sep 28, 2023