This space is deprecated and no longer supported. Please use the latest available version here.
API Hub Admin Portal - LFI User Guide
- Chris Michael
- David Plews
1. Purpose
This manual is designed to guide administrators in effectively using the Ozone Admin Portal. It offers step-by-step instructions and practices for managing the API Hub, reporting, logging, user accounts and monitoring. By following this guide, administrators can optimise their use of the admin portal for streamlined administrative tasks and improved system performance.
2. Scope
This manual delves into the functional aspects of the Ozone Admin Portal, an internal web tool designed specifically for Licensed Financial Institutions (LFIs) to manage the API Hub. This manual includes comprehensive coverage of the following topics:
Sign-in mechanisms | Instructions on the various methods available for securely accessing the Ozone Admin Portal. |
Overview of the portal | Provides an introductory overview of the Ozone Admin Portal, highlighting its key features and functionalities. |
Navigation through the portal menu | Structure and navigation of the portal menu, guiding users on how to efficiently locate and access different sections and functionalities. |
Detailed usage instructions | Step-by-step instructions and best practices for utilising the different features and functionalities of the Ozone Admin Portal effectively. |
3. Audience
This manual is designed for:
System Administrators | Responsible for overall system configuration, user management and system maintenance. |
Technical Support Teams | Engaged in providing assistance and troubleshooting for Third Party Providers (TPPs) encountering issues with the API Hub. |
Reporting Analysts | Utilise the portal's reporting functionalities to generate, analyse, and interpret data for various reporting needs. |
Integration Specialists | Manage LFI integrations and configurations within the API Hub. |
4. Overview
The Ozone Admin Portal serves as an internal web tool exclusively available to LFIs for managing the API Hub. Designed to streamline administrative tasks and enhance operational efficiency. The portal features a user-friendly menu structure, providing quick access to essential functionalities. Sections include:
Menu Name | Page Description |
|---|---|
Manage Section | |
Bank | Provides oversight of the LFI's API Hub configuration and grants access to the Platform Key Performance Indicators dashboard. Administrators can configure various components such as banks. |
TPPs | Facilitates the management of TPPs registered in the API Hub. |
Software Statements | Offers the ability to manage TPPs' software statements. |
Clients | Allows management of TPPs' clients registered under software statements. |
API Logs Section | |
Search by Interaction ID | Enables searching of API Hub logs using an API call's Interaction ID. |
Query API Logs | Provides the capability to query API Logs using a wide range of call parameters. |
Reports Section | |
Reports | Offers a comprehensive set of predefined reports containing data on the platform’s availability, performance, and API volumes and usage. |
Outage Reports Section | |
List Outage Reports | Allows viewing of a list of previously registered outage reports. |
Publish Outage | Enables registration of new planned or unplanned outages. |
Resources Section | |
Postman Collection | Allows downloading of the Postman collection with exposed Open Finance standards. |
User Section | |
Logout | Provides the option to sign out from the Ozone Admin Portal. |
Key Considerations | |
|---|---|
Environments | Each environment available to the LFI (including Staging, and Production) is equipped with its own dedicated Ozone Admin Portal supplied with unique access URL. |
5. Portal Sign-in
The default sign-in method for the Ozone Admin Portal is governed via email one-time passwords (OTPs). When a registered user enters their email on the sign-in page, a unique OTP is sent to the provided email address. Upon entering the correct OTP, users gain access to the portal.
Please find screens showing example of Sign-in process below:
Key Considerations | |
|---|---|
OPT Code validity | Each OTP code generated is valid for 5 minutes. If needed, users of the Ozone Admin Portal should reinitiate the sign-in process to receive a new OTP code or use the 'Resend code' button on the OTP Code form page. |
Sign-in timeout | If a new OTP code is requested, a 30-second timeout will be applied to prevent further attempts, enhancing security measures. |
Configuration | |
Access via Single Sign-On (SSO) | This configuration, available outside the Ozone Admin Portal, allows FIs to enable Single Sign-On (SSO) access upon request. To initiate SSO integration through the SAML protocol, LFIs should contact Ozone for further assistance. |
6. Admin Portal Menu
6.1 Bank
The bank menu allows access to the bank configuration page, which displays the settings applied to the FI’s API Hub, and to the dashboard page, which features widgets that showcase the platform's Key Performance Indicators.
6.1.1 Bank Configuration Page
The bank configuration page can be accessed by clicking on the bank name within the bank configuration menu on the bank page:
The bank configuration page provides a view on configuration parameters. Below you can find parameters which might be useful for a LFI. Introspection endpoint URL exposed to TPPs.
Overview | |
|---|---|
Bank Name | Name of the Financial Institution. |
Participant Id | Financial Institution’s technical id. |
BIC | Financial Institution’s Bank Identifier Code/ |
Numbering Scheme | Banking identifiers used by Financial institution. Can be IBAN or SWIFT. |
Heimdall Config Urls | |
Token EndPoint | Token endpoint URL exposed to TPPs. |
Authorisation EndPoint | Authorisation endpoint URL exposed to TPPs. |
WellKnown EndPoint | OpenID well-known endpoint URL exposed to TPPs. |
Registration EndPoint | DCR endpoint URL exposed to TPPs. |
JWKS EndPoint | Financial Institution’s JWKS URL. |
CIBA EndPoint | CIBA endpoint URL exposed to TPPs. |
User Info EndPoint | User Info endpoint URL exposed to TPPs. |
Introspection EndPoint | Introspection endpoint URL exposed to TPPs. |
Revoke EndPoint | Revoke endpoint URL exposed to TPPs. |
Configuration | |
Configuration Change | Configuration changes can be made by submitting a Change Request through the Service Desk. |
6.1.2 Dashboard and Widgets Page
The portal dashboard allows users to monitor service activity across different environments by providing various metrics for regulatory requirements and Open Finance services. Users can specify a custom date range from several years to the current day to analyse platform performance and identify areas for improvement. Additionally, a refresh button is available for each metric, allowing users to see the most recent updates.
Widget Name | Description |
Usage Volume | Average Transactions Per Minute (TPM): Displays the average number of transactions processed per minute. Maximum TPM: Shows the highest transaction volume recorded over the last 10 days. |
Response Time | Average Response Time: Measures and displays the average response time in milliseconds (ms) for API calls. |
By API Group | API Breakdown: Provides a breakdown of the different API sets, distinguishing between Account Information Service Providers (AISP) and other API categories. |
Error Rates | Error Breakdown: Analyses error rates from API calls, categorised by status codes 200, 4xx, and 5xx. It presents this data over periods of 1 day, 5 days, and 10 days, helping users differentiate between system errors and client errors. |
Daily Stats |
|
Total APIs Consumption | API Call Breakdown: Offers a breakdown of total API calls, distinguishing between AISP and other API categories. Users can specify a custom date range from several years to the current day. |
Total TPP Consumption | TPP Breakdown: Provides a breakdown of different TPPs consuming the platform's APIs. Users can specify a custom date range from several years to the current day. |
6.2 TPP Management
6.2.1 TPP Page
The TPP Page lists TPPs onboarded onto the API Hub
Usage | |
View TPP Details | By clicking on a TPP name from the TPP list, the Portal Administrator can view detailed onboarding information for each TPP. This includes:
Additionally, a list of the TPP’s Software Statements is available on the same page. |
6.2.2 Software Statements Page
The software statement page contains list of TPP’s software statements and information around them, namely:
Name | Name of the software statement. |
TPP | Name of the TPP who owns software statement. |
Permitted Redirect URIs | List of Redirect URI’s which were registered during TPP onboarding. |
Certificate DN | DN from TPP’s certificate which was registered during TPP onboarding. |
Usage | |
View Software Statement | By clicking on the software statement name, the Portal Administrator will have the possibility to view the selected software statement details. |
The software statement details page contain list of clients registered under selected software statement and next information:
Software Statement Name | Name of the software statement. |
Software Statement ID | ID of the software statement. |
TPP | Name of TPP who owns software statement. |
Roles | Roles which were registered during TPP onboarding:
|
Redirect URLs | List of redirect URI’s which were registered during TPP onboarding. |
JWKS URL | JSON Web Key Sets URL which was registered during TPP onboarding. |
Subject DN | DN from TPP’s certificate which was registered during TPP onboarding. |
6.2.3 Clients Page
The Client page contains list of TPP’s Clients and information around them, namely:
Client Name | Name of the Client. |
Client ID | ID of the Client. |
TPP Name | Name of TPP who owns Client. |
Active | Information on whether the Client is active or not:
|
Usage | |
View Client | By clicking on the Client name, the Portal Administrator can view detailed information about the selected client. Additionally, the Client Details. |
Client Details Page contains next information:
Client Overview | |
Client Name | Name of the TPP’s Client. |
Client ID | ID of the TPP’s Client. |
Client Secret | Secret which should be used by TPP in event of interaction with the Platform. |
TPP Name | Name of the owning TPP. |
Software Statement Name | Name of the Software Statement used for Client registration. |
Software Statement ID | ID of the Software Statement used for Client registration. |
Bank | Name of the LFI. |
Bearer Token | Bearer Token which should be used by TPP in event of interaction with the Platform. |
OIDC Server Config | |
Authorisation End-Point | Platform’s Authorisation End-Point URL. |
Token Server Config | Platform’s Token End-Point URL. |
Additional Information | |
Scopes | Specific configuration information for the Authorisation Server. |
Redirect URIs | |
Certificate DN | |
Token Endpoint Auth Method | |
Response Types | |
ID Token Signed Response Alg | |
Request Object Signing Alg | |
Token Endpoint Signing Alg | |
JWKS URI | |
6.3 API Logs
The 'Logging' section of the Admin Portal provides customers with the ability to query API logs using a variety of filters. This feature is designed to help troubleshoot issues by offering detailed insights into each individual API call. It enables administrators to effectively troubleshoot by identifying and analysing relevant API calls, monitor and audit API usage across different environments, and quickly resolve errors by examining detailed request and response data. This enhances system management and streamlines issue resolution.
6.3.1 Search by Interaction ID Page
The 'Search by Interaction ID' page enables the Administrator to locate specific log records by using the API call interaction ID. This feature provides detailed information about the requested API call.
Key Considerations | |
|---|---|
Interaction ID | The "Interaction ID" is a unique identifier found in the headers of API calls. It is used to ensure traceability of API calls by maintaining the same interaction ID across both the initial TPP call and subsequent calls to the Local Financial Institution (LFI). This continuity allows for effective tracing of the API calls from start to finish.
|
Usage | |
Search | By inputing Interaction ID in Search bar, provide possibility to locate related log record and provide Detailed View on related API call. |
Detailed View | The Detail View offers comprehensive insights into each API call record, covering several key pieces of information:
|
Information in the Detail View presented in JSON format and sets of next data:
Group | Data |
|---|---|
Request |
|
Logs |
|
Context |
|
Response |
|
6.3.2 Query API Logs Page
The 'Query API Logs Page' provides customers with the ability to query API logs using a variety of filters. This feature is designed to help troubleshoot issues by offering detailed insights into each individual API call.
Usage | |
Apply / Remove Filters | Enables the addition or removal of specific filters. |
Apply Filtering Conditions | Allows the application of specific “and” and “or” conditions to multiple filters as well as “greater”, “equal“, “less”, “greater or equal“, “less or equal“, “not equal“, “in array“, “not in array“ conditions and wether filter is “string“, “number“ or “date“. |
Search API Logs | Enables the execution of queries based on selected filters. |
Reset | Clears current filters, allowing for a fresh start on new queries. |
Limit Results | Limits the number of output records. |
The following filters can be applied for querying purposes:
Filter | Description |
General Parameters | |
ID | Log record ID. |
startTime | Start time of API call. |
endTime | End time of API call. |
Request Headers | |
request.headers.host | API call host URL. |
request.headers.x-cert-dn | TPP’s certificate DN subject. |
request.headers.x-cert-fingerprint | TPP’s certificate fingerprint. |
request.headers.connection | API call connection state. |
request.headers.content-length | API call content length. |
request.headers.x-b3-traceid | Specific b3 header. |
request.headers.x-b3-spanid | Specific b3 header. |
request.headers.x-b3-parentspanid | Specific b3 header. |
request.headers.x-b3-sampled | Specific b3 header. |
request.headers.accept | Accept header. |
request.headers.user-agent | API call user agent. |
request.headers.accept-encoding | API call encoding. |
Request | |
request.url | URL used in API call. |
request.method | HTTP method used for API call. |
Context | |
context.userId | User id user in API call interaction. |
context.consentType | Consent type user in API call interaction. |
Provider Context | |
Provider ID used in API call interaction. | |
API Context | |
context.apiContext.urlTemplate | URL used in API call. |
context.apiContext.operation | HTTP method used for API call. |
context.apiContext.apiSet | Open Banking API set used for API call. E.g. OBIE, Berlin Group, etc. |
context.apiContext.apiSubSet | Open Banking API sub set used for API call. |
context.apiContext.resourceGroup | Open Banking API resource group used for API call. E.g. accounts. |
context.apiContext.resource | Open Banking API resource used for API call. E.g. balances. |
context.apiContext.version | Open Banking API version used for API call. |
Interaction ID | |
context.interactionId.ozoneInteractionId | API call interaction ID. |
Response | |
response.status | API call response status code. E.g. 200. |
response.body | API call response body. |
response.type | API call response type. E.g. no error. |
response.statusGroup | API call response group. E.g. 2xx. |
The log records returned from the queries are presented in a table with next information:
Date Time | The timestamp of when the API call was made. |
Interaction ID | A unique identifier for each interaction, which helps in tracing and troubleshooting specific transactions. |
Request URL | The URL of the API endpoint that was called. |
Request Method | The HTTP method used for the request (e.g., GET, POST, PUT, DELETE). |
Response Status | The HTTP status code returned by the API call, indicating success or type of error. |
6.4 Reports
6.5 Outage Reports
The Outage Reports Menu provide the possibility to register planned and/or unplanned outage and view previously registered outages. This functionality is available through two pages - ‘List Outage Reports' and 'Publish Outage’.
6.5.1 List Outage Reports
List of Outage Reports Page provide possibility to manage Outrage Reports.
Usage | |
View List of Outage Reports | By accessing the List Outage Reports Page, the Administrator can view a comprehensive list of all registered Outage Reports. |
View Outage Report Details | Clicking the ‘three dots’ button to the right of the Outage Report record and selecting 'View Report' will allow you to view the details of the report. |
Delete Outage Report | Clicking the ‘three dots’ button to the right of the Outage Report record and selecting 'Delete Report' will allow you to delete the report. |
6.5.2 Publish Outage
There are two types of Outages which can be registered:
Planned Outages | The Administrator can schedule planned maintenance or downtime for specific LFI instances. When a planned outage occurs, the system logs the downtime duration and publishes this information on the Developer portal. The Administrator has the option to register a report detailing the scheduled downtime, including the planned start and end times, affected services, and any additional relevant information. |
Unplanned Outages | In the event of an unplanned outage or system failure, the system automatically logs the downtime and publishes this information on the Developer portal. The Administrator can generate a report to document the unplanned outage, capturing details such as the start and end times, root cause analysis, impact assessment, and any remedial actions taken. |
Outage can be registered through dedicated Outage Report Registration form and require next information:
Bank | Name of the Financial Institution. |
Outage Time | Date and time when outage started. |
Duration | Duration of outage. |
Explanation | Reason for outage |
Type | Planned or Unplanned outage. |
Authentication Type | Authenticated or Unauthenticated type. |
Endpoints | Endpoints affected by outage. |
As soon as the information is provided, the Administrator can register outage by clicking on 'Save' button.
6.6 Resources
The Resource Menu includes a Postman collection aligned with the relevant Open Banking standard. This collection can be downloaded and imported into Postman software, facilitating testing of the Platform's Open Banking interface.
© Ozone Financial Technology Limited 2024
Ozone Non Commercial Software EULA
Please try out our Advanced Search function.