/
API Hub Admin Portal - LFI User Guide

This space is deprecated and no longer supported. Please use the latest available version here.

API Hub Admin Portal - LFI User Guide

1. Purpose

This manual is designed to guide administrators in effectively using the Ozone Admin Portal. It offers step-by-step instructions and practices for managing the API Hub, reporting, logging, user accounts and monitoring. By following this guide, administrators can optimise their use of the admin portal for streamlined administrative tasks and improved system performance.

2. Scope

This manual delves into the functional aspects of the Ozone Admin Portal, an internal web tool designed specifically for Licensed Financial Institutions (LFIs) to manage the API Hub. This manual includes comprehensive coverage of the following topics:

Sign-in mechanisms

Instructions on the various methods available for securely accessing the Ozone Admin Portal.

Overview of the portal

Provides an introductory overview of the Ozone Admin Portal, highlighting its key features and functionalities.

Navigation through the portal menu

Structure and navigation of the portal menu, guiding users on how to efficiently locate and access different sections and functionalities.

Detailed usage instructions

Step-by-step instructions and best practices for utilising the different features and functionalities of the Ozone Admin Portal effectively.

3. Audience

This manual is designed for:

System Administrators

Responsible for overall system configuration, user management and system maintenance.

Technical Support Teams

Engaged in providing assistance and troubleshooting for Third Party Providers (TPPs) encountering issues with the API Hub.

Reporting Analysts

Utilise the portal's reporting functionalities to generate, analyse, and interpret data for various reporting needs.

Integration Specialists

Manage LFI integrations and configurations within the API Hub.

4. Overview

The Ozone Admin Portal serves as an internal web tool exclusively available to LFIs for managing the API Hub. Designed to streamline administrative tasks and enhance operational efficiency. The portal features a user-friendly menu structure, providing quick access to essential functionalities. Sections include:

Menu Name

Page Description

Menu Name

Page Description

Manage Section

Bank

Provides oversight of the LFI's API Hub configuration and grants access to the Platform Key Performance Indicators dashboard. Administrators can configure various components such as banks.

TPPs

Facilitates the management of TPPs registered in the API Hub.

Software Statements

Offers the ability to manage TPPs' software statements.

Clients

Allows management of TPPs' clients registered under software statements.

API Logs Section

Search by Interaction ID

Enables searching of API Hub logs using an API call's Interaction ID.

Query API Logs

Provides the capability to query API Logs using a wide range of call parameters.

Reports Section

Reports

Offers a comprehensive set of predefined reports containing data on the platform’s availability, performance, and API volumes and usage.

Outage Reports Section

List Outage Reports

Allows viewing of a list of previously registered outage reports.

Publish Outage

Enables registration of new planned or unplanned outages.

Resources Section

Postman Collection

Allows downloading of the Postman collection with exposed Open Finance standards.

User Section

Logout

Provides the option to sign out from the Ozone Admin Portal.

 

Screenshot 2024-06-08 at 13.27.16-20240608-122723.png

 

 

Key Considerations

Key Considerations

Environments

Each environment available to the LFI (including Staging, and Production) is equipped with its own dedicated Ozone Admin Portal supplied with unique access URL.

5. Portal Sign-in

The default sign-in method for the Ozone Admin Portal is governed via email one-time passwords (OTPs). When a registered user enters their email on the sign-in page, a unique OTP is sent to the provided email address. Upon entering the correct OTP, users gain access to the portal.

Please find screens showing example of Sign-in process below:

 

Screenshot 2024-06-08 at 16.40.31-20240608-154039.png

 

 

 

 

 

 

Key Considerations

Key Considerations

OPT Code validity

Each OTP code generated is valid for 5 minutes. If needed, users of the Ozone Admin Portal should reinitiate the sign-in process to receive a new OTP code or use the 'Resend code' button on the OTP Code form page.

Sign-in timeout

If a new OTP code is requested, a 30-second timeout will be applied to prevent further attempts, enhancing security measures.

 

Configuration

Access via Single Sign-On (SSO)

This configuration, available outside the Ozone Admin Portal, allows FIs to enable Single Sign-On (SSO) access upon request. To initiate SSO integration through the SAML protocol, LFIs should contact Ozone for further assistance.

6. Admin Portal Menu

6.1 Bank

The bank menu allows access to the bank configuration page, which displays the settings applied to the FI’s API Hub, and to the dashboard page, which features widgets that showcase the platform's Key Performance Indicators.

6.1.1 Bank Configuration Page

The bank configuration page can be accessed by clicking on the bank name within the bank configuration menu on the bank page:

 

 

 

The bank configuration page provides a view on configuration parameters. Below you can find parameters which might be useful for a LFI. Introspection endpoint URL exposed to TPPs.

Overview

Overview

Bank Name

Name of the Financial Institution.

Participant Id

Financial Institution’s technical id.

BIC

Financial Institution’s Bank Identifier Code/

Numbering Scheme

Banking identifiers used by Financial institution. Can be IBAN or SWIFT.

Heimdall Config Urls

Token EndPoint

Token endpoint URL exposed to TPPs.

Authorisation EndPoint

Authorisation endpoint URL exposed to TPPs.

WellKnown EndPoint

OpenID well-known endpoint URL exposed to TPPs.

Registration EndPoint

DCR endpoint URL exposed to TPPs.

JWKS EndPoint

Financial Institution’s JWKS URL.

CIBA EndPoint

CIBA endpoint URL exposed to TPPs.

User Info EndPoint

User Info endpoint URL exposed to TPPs.

Introspection EndPoint

Introspection endpoint URL exposed to TPPs.

Revoke EndPoint

Revoke endpoint URL exposed to TPPs.

 

 

 

Configuration

Configuration Change

Configuration changes can be made by submitting a Change Request through the Service Desk.

6.1.2 Dashboard and Widgets Page

The portal dashboard allows users to monitor service activity across different environments by providing various metrics for regulatory requirements and Open Finance services. Users can specify a custom date range from several years to the current day to analyse platform performance and identify areas for improvement. Additionally, a refresh button is available for each metric, allowing users to see the most recent updates.

Widget Name

Description

Usage Volume

Average Transactions Per Minute (TPM): Displays the average number of transactions processed per minute.

Maximum TPM: Shows the highest transaction volume recorded over the last 10 days.

Response Time

Average Response Time: Measures and displays the average response time in milliseconds (ms) for API calls.

By API Group

API Breakdown: Provides a breakdown of the different API sets, distinguishing between Account Information Service Providers (AISP) and other API categories.

Error Rates

Error Breakdown: Analyses error rates from API calls, categorised by status codes 200, 4xx, and 5xx. It presents this data over periods of 1 day, 5 days, and 10 days, helping users differentiate between system errors and client errors.

Daily Stats

  • Average Response Time: Displays the average response time for API calls.

  • Total API Calls: Shows the total number of API calls made.

  • Successful API Calls: Counts the number of successful API calls.

  • Client Errors (4xx): Counts the API calls that resulted in client errors.

  • System Errors (5xx): Counts the API calls that resulted in system errors.

  • Error Rate Percentage: Provides the percentage of API calls that resulted in errors.

Total APIs Consumption

API Call Breakdown: Offers a breakdown of total API calls, distinguishing between AISP and other API categories. Users can specify a custom date range from several years to the current day.

Total TPP Consumption

TPP Breakdown: Provides a breakdown of different TPPs consuming the platform's APIs. Users can specify a custom date range from several years to the current day.

 

 

 

 

6.2 TPP Management

6.2.1 TPP Page

The TPP Page lists TPPs onboarded onto the API Hub

Usage

View TPP Details

By clicking on a TPP name from the TPP list, the Portal Administrator can view detailed onboarding information for each TPP. This includes:

  • TPP Name: Specified during the onboarding process.

  • Organisation ID: Automatically generated during onboarding.

  • Roles: Defined roles such as AIS (Account Information Provider) and/or PIS (Payment Initiation Provider), specified during onboarding.

  • JWKS URL: Provided during onboarding.

  • Active: Current status of the TPP.

Additionally, a list of the TPP’s Software Statements is available on the same page.

 

 

 

 

 

 

 

 

6.2.2 Software Statements Page

The software statement page contains list of TPP’s software statements and information around them, namely:

Name

Name of the software statement.

TPP

Name of the TPP who owns software statement.

Permitted Redirect URIs

List of Redirect URI’s which were registered during TPP onboarding.

Certificate DN

DN from TPP’s certificate which was registered during TPP onboarding.

 

Usage

View Software Statement

By clicking on the software statement name, the Portal Administrator will have the possibility to view the selected software statement details.

 

The software statement details page contain list of clients registered under selected software statement and next information:

Software Statement Name

Name of the software statement.

Software Statement ID

ID of the software statement.

TPP

Name of TPP who owns software statement.

Roles

Roles which were registered during TPP onboarding:

  • AIS - Account Information Provider.

  • PIS - Payment Initiation Provider.

Redirect URLs

List of redirect URI’s which were registered during TPP onboarding.

JWKS URL

JSON Web Key Sets URL which was registered during TPP onboarding.

Subject DN

DN from TPP’s certificate which was registered during TPP onboarding.

 

 

 

 

 

 

 

6.2.3 Clients Page

The Client page contains list of TPP’s Clients and information around them, namely:

Client Name

Name of the Client.

Client ID

ID of the Client.

TPP Name

Name of TPP who owns Client.

Active

Information on whether the Client is active or not:

  • true - client is Active and can be used by TPP to connect to API Hub APIs.

  • false - client is Blocked and can’t be used.

 

Usage

View Client

By clicking on the Client name, the Portal Administrator can view detailed information about the selected client. Additionally, the Client Details.

 

Client Details Page contains next information:

Client Overview

Client Name

Name of the TPP’s Client.

Client ID

ID of the TPP’s Client.

Client Secret

Secret which should be used by TPP in event of interaction with the Platform.

TPP Name

Name of the owning TPP.

Software Statement Name

Name of the Software Statement used for Client registration.

Software Statement ID

ID of the Software Statement used for Client registration.

Bank

Name of the LFI.

Bearer Token

Bearer Token which should be used by TPP in event of interaction with the Platform.

OIDC Server Config

Authorisation End-Point

Platform’s Authorisation End-Point URL.

Token Server Config

Platform’s Token End-Point URL.

Additional Information

Scopes

Specific configuration information for the Authorisation Server.

Redirect URIs

Certificate DN

Token Endpoint Auth Method

Response Types

ID Token Signed Response Alg

Request Object Signing Alg

Token Endpoint Signing Alg

JWKS URI

 

 

 

 

 

 

 

 

6.3 API Logs

The 'Logging' section of the Admin Portal provides customers with the ability to query API logs using a variety of filters. This feature is designed to help troubleshoot issues by offering detailed insights into each individual API call. It enables administrators to effectively troubleshoot by identifying and analysing relevant API calls, monitor and audit API usage across different environments, and quickly resolve errors by examining detailed request and response data. This enhances system management and streamlines issue resolution.

6.3.1 Search by Interaction ID Page

The 'Search by Interaction ID' page enables the Administrator to locate specific log records by using the API call interaction ID. This feature provides detailed information about the requested API call.

Key Considerations

Key Considerations

Interaction ID

The "Interaction ID" is a unique identifier found in the headers of API calls. It is used to ensure traceability of API calls by maintaining the same interaction ID across both the initial TPP call and subsequent calls to the Local Financial Institution (LFI). This continuity allows for effective tracing of the API calls from start to finish.

  • At the TPP side: The interaction ID can typically be found in the API interface under the header 'x-fapi-interaction-id'.

  • At the Ozone Connect end: The interaction ID is likely listed under 'o3-ozone-interaction-id'.

 

Usage

Search

By inputing Interaction ID in Search bar, provide possibility to locate related log record and provide Detailed View on related API call.

Detailed View

The Detail View offers comprehensive insights into each API call record, covering several key pieces of information:

  • startTime, endTime - The start and end times of the API call.

  • id - The unique identifier for the log record.

  • request group- Detailed information about the received API call, including all headers and the body.

  • logs group - All checks performed by the platform to validate the API call, along with details of subsequent API calls.

  • context group - Contextual information related to the API call.

  • response group - Detailed information about the response to the specified API call.

 

 

Information in the Detail View presented in JSON format and sets of next data:

Group

Data

Group

Data

Request

  • Headers. 

  • Body.

  • Query -  query parameters indicated in API call.

  • URL - URL called during API request.

  • Method - API method used for API call (e.g. GET).

Logs

  • Headers, body and other API call parameters validation.

  • Tokens validations.

  • TPP and TPP certificate validation.

  • Specific OB/OF business logic validations.

  • Subsequent API calls records (e.g. call from the Platform to LFI and response).

Context

  • Ozone and client interaction IDs. 

  • apiContext - information about URL, API operation, API set, sub-set, resource group, resource and version.

  • TPP’s client Id and client information.

  • Claims and scopes of selected API call.

Response

  • Response status (e.g. 200).

  • Type (e.g. no error).

  • Body.

  • Headers.

  • Status group (e.g. 2xx).

 

 

 

 

 

6.3.2 Query API Logs Page

The 'Query API Logs Page' provides customers with the ability to query API logs using a variety of filters. This feature is designed to help troubleshoot issues by offering detailed insights into each individual API call. 

Usage

Apply / Remove Filters

Enables the addition or removal of specific filters.

Apply Filtering Conditions

Allows the application of specific “and” and “or” conditions to multiple filters as well as “greater”, “equal“, “less”, “greater or equal“, “less or equal“, “not equal“, “in array“, “not in array“ conditions and wether filter is “string“, “number“ or “date“.

Search API Logs

Enables the execution of queries based on selected filters.

Reset

Clears current filters, allowing for a fresh start on new queries.

Limit Results

Limits the number of output records.

 

 

The following filters can be applied for querying purposes:

Filter

Description

General Parameters

ID

Log record ID.

startTime

Start time of API call.

endTime

End time of API call.

Request Headers

request.headers.host

API call host URL.

request.headers.x-cert-dn

TPP’s certificate DN subject.

request.headers.x-cert-fingerprint

TPP’s certificate fingerprint.

request.headers.connection

API call connection state.

request.headers.content-length

API call content length.

request.headers.x-b3-traceid

Specific b3 header.

request.headers.x-b3-spanid

Specific b3 header.

request.headers.x-b3-parentspanid

Specific b3 header.

request.headers.x-b3-sampled

Specific b3 header.

request.headers.accept

Accept header.

request.headers.user-agent

API call user agent.

request.headers.accept-encoding

API call encoding.

Request

request.url

URL used in API call.

request.method

HTTP method used for API call.

Context

context.userId

User id user in API call interaction.

context.consentType

Consent type user in API call interaction.

Provider Context

context.providerContext.id

Provider ID used in API call interaction.

API Context

context.apiContext.urlTemplate

URL used in API call.

context.apiContext.operation

HTTP method used for API call.

context.apiContext.apiSet

Open Banking API set used for API call. E.g. OBIE, Berlin Group, etc.

context.apiContext.apiSubSet

Open Banking API sub set used for API call.

context.apiContext.resourceGroup

Open Banking API resource group used for API call. E.g. accounts.

context.apiContext.resource

Open Banking API resource used for API call. E.g. balances.

context.apiContext.version

Open Banking API version used for API call.

Interaction ID

context.interactionId.ozoneInteractionId

API call interaction ID.

Response

response.status

API call response status code. E.g. 200.

response.body

API call response body.

response.type

API call response type. E.g. no error.

response.statusGroup

API call response group. E.g. 2xx.

 

 

The log records returned from the queries are presented in a table with next information:

Date Time

The timestamp of when the API call was made.

Interaction ID

A unique identifier for each interaction, which helps in tracing and troubleshooting specific transactions.

Request URL

The URL of the API endpoint that was called.

Request Method

The HTTP method used for the request (e.g., GET, POST, PUT, DELETE).

Response Status

The HTTP status code returned by the API call, indicating success or type of error.

 

 

 

 

6.4 Reports

https://openfinanceuae.atlassian.net/wiki/spaces/APIHubDocsv2/pages/124322144

6.5 Outage Reports

The Outage Reports Menu provide the possibility to register planned and/or unplanned outage and view previously registered outages. This functionality is available through two pages - ‘List Outage Reports' and 'Publish Outage’.

6.5.1 List Outage Reports

List of Outage Reports Page provide possibility to manage Outrage Reports.

Usage

View List of Outage Reports

By accessing the List Outage Reports Page, the Administrator can view a comprehensive list of all registered Outage Reports.

View Outage Report Details

Clicking the ‘three dots’ button to the right of the Outage Report record and selecting 'View Report' will allow you to view the details of the report.

Delete Outage Report

Clicking the ‘three dots’ button to the right of the Outage Report record and selecting 'Delete Report' will allow you to delete the report.

 

 

 

 

 

 

6.5.2 Publish Outage

There are two types of Outages which can be registered:

Planned Outages

The Administrator can schedule planned maintenance or downtime for specific LFI instances.

When a planned outage occurs, the system logs the downtime duration and publishes this information on the Developer portal.

The Administrator has the option to register a report detailing the scheduled downtime, including the planned start and end times, affected services, and any additional relevant information.

Unplanned Outages

In the event of an unplanned outage or system failure, the system automatically logs the downtime and publishes this information on the Developer portal.

The Administrator can generate a report to document the unplanned outage, capturing details such as the start and end times, root cause analysis, impact assessment, and any remedial actions taken.

 

 

Outage can be registered through dedicated Outage Report Registration form and require next information:

Bank

Name of the Financial Institution.

Outage Time

Date and time when outage started.

Duration

Duration of outage.

Explanation

Reason for outage

Type

Planned or Unplanned outage.

Authentication Type

Authenticated or Unauthenticated type.

Endpoints

Endpoints affected by outage.

As soon as the information is provided, the Administrator can register outage by clicking on 'Save' button.

 

 

 

 

6.6 Resources

The Resource Menu includes a Postman collection aligned with the relevant Open Banking standard. This collection can be downloaded and imported into Postman software, facilitating testing of the Platform's Open Banking interface.

© Ozone Financial Technology Limited 2024
Ozone Non Commercial Software EULA