/
Admin Portal User Guide

This space is deprecated and no longer supported. Please use the latest available version here.

Admin Portal User Guide

1. Purpose

This manual is designed to guide administrators in effectively using the Ozone Admin Portal. It offers step-by-step instructions and practices for managing the API Hub, reporting, logging, user accounts and monitoring. By following this guide, administrators can optimise their use of the admin portal for streamlined administrative tasks and improved system performance.

2. Scope

This manual delves into the functional aspects of the Ozone Admin Portal, an internal web tool designed specifically for Licensed Financial Institutions (LFIs) to manage the API Hub. This manual includes comprehensive coverage of the following topics:

Sign-in mechanisms

Instructions on the various methods available for securely accessing the Ozone Admin Portal.

Overview of the portal

Provides an introductory overview of the Ozone Admin Portal, highlighting its key features and functionalities.

Navigation through the portal menu

Structure and navigation of the portal menu, guiding users on how to efficiently locate and access different sections and functionalities.

Detailed usage instructions

Step-by-step instructions and best practices for utilising the different features and functionalities of the Ozone Admin Portal effectively.

3. Audience

This manual is designed for:

System Administrators

Responsible for overall system configuration, user management and system maintenance.

Technical Support Teams

Engaged in providing assistance and troubleshooting for Third Party Providers (TPPs) encountering issues with the API Hub.

Reporting Analysts

Utilise the portal's reporting functionalities to generate, analyse, and interpret data for various reporting needs.

Integration Specialists

Manage LFI integrations and configurations within the API Hub.

4. Overview

The Ozone Admin Portal serves as an internal web tool exclusively available to LFIs for managing the API Hub. Designed to streamline administrative tasks and enhance operational efficiency. The portal features a user-friendly menu structure, providing quick access to essential functionalities. Sections include:

Menu Name

Page Description

Menu Name

Page Description

Manage Section

Bank

Provides oversight of the LFI's API Hub configuration and grants access to the Platform Key Performance Indicators dashboard. Administrators can configure various components such as banks.

TPPs

Facilitates the management of TPPs registered in the API Hub.

Software Statements

Offers the ability to manage TPPs' software statements.

Clients

Allows management of TPPs' clients registered under software statements.

API Logs Section

Search by Interaction ID

Enables searching of API Hub logs using an API call's Interaction ID.

Query API Logs

Provides the capability to query API Logs using a wide range of call parameters.

Reports Section

Reports

Offers a comprehensive set of predefined reports containing data on the platform’s availability, performance, and API volumes and usage.

Outage Reports Section

List Outage Reports

Allows viewing of a list of previously registered outage reports.

Publish Outage

Enables registration of new planned or unplanned outages.

Resources Section

Postman Collection

Allows downloading of the Postman collection with exposed Open Finance standards.

User Section

Logout

Provides the option to sign out from the Ozone Admin Portal.

 

Screenshot 2024-06-08 at 13.27.16-20240608-122723.png

 

 

Key Considerations

Key Considerations

Environments

Each environment available to the LFI (including Staging, and Production) is equipped with its own dedicated Ozone Admin Portal supplied with unique access URL.

5. Portal Sign-in

The default sign-in method for the Ozone Admin Portal is governed via email one-time passwords (OTPs). When a registered user enters their email on the sign-in page, a unique OTP is sent to the provided email address. Upon entering the correct OTP, users gain access to the portal.

Please find screens showing example of Sign-in process below:

 

Screenshot 2024-06-08 at 16.40.31-20240608-154039.png

 

 

 

 

 

 

Key Considerations

Key Considerations

OPT Code validity

Each OTP code generated is valid for 5 minutes. If needed, users of the Ozone Admin Portal should reinitiate the sign-in process to receive a new OTP code or use the 'Resend code' button on the OTP Code form page.

Sign-in timeout

If a new OTP code is requested, a 30-second timeout will be applied to prevent further attempts, enhancing security measures.

 

Configuration

Access via Single Sign-On (SSO)

This configuration, available outside the Ozone Admin Portal, allows FIs to enable Single Sign-On (SSO) access upon request. To initiate SSO integration through the SAML protocol, LFIs should contact Ozone for further assistance.

6. Admin Portal Menu

6.1 Bank

The bank menu allows access to the bank configuration page, which displays the settings applied to the FI’s API Hub, and to the dashboard page, which features widgets that showcase the platform's Key Performance Indicators.

6.1.1 Bank Configuration Page

The bank configuration page can be accessed by clicking on the bank name within the bank configuration menu on the bank page:

 

 

 

The bank configuration page provides a view on configuration parameters. Below you can find parameters which might be useful for a LFI. Introspection endpoint URL exposed to TPPs.

Overview

Overview

Bank Name

Name of the Financial Institution.

Participant Id

Financial Institution’s technical id.

BIC

Financial Institution’s Bank Identifier Code/

Numbering Scheme

Banking identifiers used by Financial institution. Can be IBAN or SWIFT.

Heimdall Config Urls

Token EndPoint

Token endpoint URL exposed to TPPs.

Authorisation EndPoint

Authorisation endpoint URL exposed to TPPs.

WellKnown EndPoint

OpenID well-known endpoint URL exposed to TPPs.

Registration EndPoint

DCR endpoint URL exposed to TPPs.

JWKS EndPoint

Financial Institution’s JWKS URL.

CIBA EndPoint

CIBA endpoint URL exposed to TPPs.

User Info EndPoint

User Info endpoint URL exposed to TPPs.

Introspection EndPoint

Introspection endpoint URL exposed to TPPs.

Revoke EndPoint

Revoke endpoint URL exposed to TPPs.

 

 

 

Configuration

Configuration Change

Configuration changes can be made by submitting a Change Request through the Service Desk.

6.1.2 Dashboard and Widgets Page

The portal dashboard allows users to monitor service activity across different environments by providing various metrics for regulatory requirements and Open Finance services. Users can specify a custom date range from several years to the current day to analyse platform performance and identify areas for improvement. Additionally, a refresh button is available for each metric, allowing users to see the most recent updates.

Widget Name

Description

Usage Volume

Average Transactions Per Minute (TPM): Displays the average number of transactions processed per minute.

Maximum TPM: Shows the highest transaction volume recorded over the last 10 days.

Response Time

Average Response Time: Measures and displays the average response time in milliseconds (ms) for API calls.

By API Group

API Breakdown: Provides a breakdown of the different API sets, distinguishing between Account Information Service Providers (AISP) and other API categories.

Error Rates

Error Breakdown: Analyses error rates from API calls, categorised by status codes 200, 4xx, and 5xx. It presents this data over periods of 1 day, 5 days, and 10 days, helping users differentiate between system errors and client errors.

Daily Stats

  • Average Response Time: Displays the average response time for API calls.

  • Total API Calls: Shows the total number of API calls made.

  • Successful API Calls: Counts the number of successful API calls.

  • Client Errors (4xx): Counts the API calls that resulted in client errors.

  • System Errors (5xx): Counts the API calls that resulted in system errors.

  • Error Rate Percentage: Provides the percentage of API calls that resulted in errors.

Total APIs Consumption

API Call Breakdown: Offers a breakdown of total API calls, distinguishing between AISP and other API categories. Users can specify a custom date range from several years to the current day.

Total TPP Consumption

TPP Breakdown: Provides a breakdown of different TPPs consuming the platform's APIs. Users can specify a custom date range from several years to the current day.

 

 

 

 

6.2 TPP Management

6.2.1 TPP Page

The TPP Page lists TPPs onboarded onto the API Hub

Usage

View TPP Details

By clicking on a TPP name from the TPP list, the Portal Administrator can view detailed onboarding information for each TPP. This includes:

  • TPP Name: Specified during the onboarding process.

  • Organisation ID: Automatically generated during onboarding.

  • Roles: Defined roles such as AIS (Account Information Provider) and/or PIS (Payment Initiation Provider), specified during onboarding.

  • JWKS URL: Provided during onboarding.

  • Active: Current status of the TPP.

Additionally, a list of the TPP’s Software Statements is available on the same page.

 

 

 

 

 

 

 

 

6.2.2 Software Statements Page

The software statement page contains list of TPP’s software statements and information around them, namely:

Name

Name of the software statement.

TPP

Name of the TPP who owns software statement.

Permitted Redirect URIs

List of Redirect URI’s which were registered during TPP onboarding.

Certificate DN

DN from TPP’s certificate which was registered during TPP onboarding.

 

Usage

View Software Statement

By clicking on the software statement name, the Portal Administrator will have the possibility to view the selected software statement details.

 

The software statement details page contain list of clients registered under selected software statement and next information:

Software Statement Name

Name of the software statement.

Software Statement ID

ID of the software statement.

TPP

Name of TPP who owns software statement.

Roles

Roles which were registered during TPP onboarding:

  • AIS - Account Information Provider.

  • PIS - Payment Initiation Provider.

Redirect URLs

List of redirect URI’s which were registered during TPP onboarding.

JWKS URL

JSON Web Key Sets URL which was registered during TPP onboarding.

Subject DN

DN from TPP’s certificate which was registered during TPP onboarding.

 

 

 

 

 

 

 

6.2.3 Clients Page

The Client page contains list of TPP’s Clients and information around them, namely:

Client Name

Name of the Client.

Client ID

ID of the Client.

TPP Name

Name of TPP who owns Client.

Active

Information on whether the Client is active or not:

  • true - client is Active and can be used by TPP to connect to API Hub APIs.

  • false - client is Blocked and can’t be used.

 

Usage

View Client

By clicking on the Client name, the Portal Administrator can view detailed information about the selected client. Additionally, the Client Details.

 

Client Details Page contains next information:

Client Overview

Client Name

Name of the TPP’s Client.

Client ID

ID of the TPP’s Client.

Client Secret

Secret which should be used by TPP in event of interaction with the Platform.

TPP Name

Name of the owning TPP.

Software Statement Name

Name of the Software Statement used for Client registration.

Software Statement ID

ID of the Software Statement used for Client registration.

Bank

Name of the LFI.

Bearer Token

Bearer Token which should be used by TPP in event of interaction with the Platform.

OIDC Server Config

Authorisation End-Point

Platform’s Authorisation End-Point URL.

Token Server Config

Platform’s Token End-Point URL.

Additional Information

Scopes

Specific configuration information for the Authorisation Server.

Redirect URIs

Certificate DN

Token Endpoint Auth Method

Response Types

ID Token Signed Response Alg

Request Object Signing Alg

Token Endpoint Signing Alg

JWKS URI

 

 

 

 

 

 

 

 

6.3 API Logs

The 'Logging' section of the Admin Portal provides customers with the ability to query API logs using a variety of filters. This feature is designed to help troubleshoot issues by offering detailed insights into each individual API call. It enables administrators to effectively troubleshoot by identifying and analysing relevant API calls, monitor and audit API usage across different environments, and quickly resolve errors by examining detailed request and response data. This enhances system management and streamlines issue resolution.

6.3.1 Search by Interaction ID Page

The 'Search by Interaction ID' page enables the Administrator to locate specific log records by using the API call interaction ID. This feature provides detailed information about the requested API call.

Key Considerations

Key Considerations

Interaction ID

The "Interaction ID" is a unique identifier found in the headers of API calls. It is used to ensure traceability of API calls by maintaining the same interaction ID across both the initial TPP call and subsequent calls to the Local Financial Institution (LFI). This continuity allows for effective tracing of the API calls from start to finish.

  • At the TPP side: The interaction ID can typically be found in the API interface under the header 'x-fapi-interaction-id'.

  • At the Ozone Connect end: The interaction ID is likely listed under 'o3-ozone-interaction-id'.

 

Usage

Search

By inputing Interaction ID in Search bar, provide possibility to locate related log record and provide Detailed View on related API call.

Detailed View

The Detail View offers comprehensive insights into each API call record, covering several key pieces of information:

  • startTime, endTime - The start and end times of the API call.

  • id - The unique identifier for the log record.

  • request group- Detailed information about the received API call, including all headers and the body.

  • logs group - All checks performed by the platform to validate the API call, along with details of subsequent API calls.

  • context group - Contextual information related to the API call.

  • response group - Detailed information about the response to the specified API call.

 

 

Information in the Detail View presented in JSON format and sets of next data:

Group

Data

Group

Data

Request

  • Headers. 

  • Body.

  • Query -  query parameters indicated in API call.

  • URL - URL called during API request.

  • Method - API method used for API call (e.g. GET).

Logs

  • Headers, body and other API call parameters validation.

  • Tokens validations.

  • TPP and TPP certificate validation.

  • Specific OB/OF business logic validations.

  • Subsequent API calls records (e.g. call from the Platform to LFI and response).

Context

  • Ozone and client interaction IDs. 

  • apiContext - information about URL, API operation, API set, sub-set, resource group, resource and version.

  • TPP’s client Id and client information.

  • Claims and scopes of selected API call.

Response

  • Response status (e.g. 200).

  • Type (e.g. no error).

  • Body.

  • Headers.

  • Status group (e.g. 2xx).

 

 

 

 

 

6.3.2 Query API Logs Page

The 'Query API Logs Page' provides customers with the ability to query API logs using a variety of filters. This feature is designed to help troubleshoot issues by offering detailed insights into each individual API call. 

Usage

Apply / Remove Filters

Enables the addition or removal of specific filters.

Apply Filtering Conditions

Allows the application of specific “and” and “or” conditions to multiple filters as well as “greater”, “equal“, “less”, “greater or equal“, “less or equal“, “not equal“, “in array“, “not in array“ conditions and wether filter is “string“, “number“ or “date“.

Search API Logs

Enables the execution of queries based on selected filters.

Reset

Clears current filters, allowing for a fresh start on new queries.

Limit Results

Limits the number of output records.

 

 

The following filters can be applied for querying purposes:

Filter

Description

General Parameters

ID

Log record ID.

startTime

Start time of API call.

endTime

End time of API call.

Request Headers

request.headers.host

API call host URL.

request.headers.x-cert-dn

TPP’s certificate DN subject.

request.headers.x-cert-fingerprint

TPP’s certificate fingerprint.

request.headers.connection

API call connection state.

request.headers.content-length

API call content length.

request.headers.x-b3-traceid

Specific b3 header.

request.headers.x-b3-spanid

Specific b3 header.

request.headers.x-b3-parentspanid

Specific b3 header.

request.headers.x-b3-sampled

Specific b3 header.

request.headers.accept

Accept header.

request.headers.user-agent

API call user agent.

request.headers.accept-encoding

API call encoding.

Request

request.url

URL used in API call.

request.method

HTTP method used for API call.

Context

context.userId

User id user in API call interaction.

context.consentType

Consent type user in API call interaction.

Provider Context

context.providerContext.id

Provider ID used in API call interaction.

API Context

context.apiContext.urlTemplate

URL used in API call.

context.apiContext.operation

HTTP method used for API call.

context.apiContext.apiSet

Open Banking API set used for API call. E.g. OBIE, Berlin Group, etc.

context.apiContext.apiSubSet

Open Banking API sub set used for API call.

context.apiContext.resourceGroup

Open Banking API resource group used for API call. E.g. accounts.

context.apiContext.resource

Open Banking API resource used for API call. E.g. balances.

context.apiContext.version

Open Banking API version used for API call.

Interaction ID

context.interactionId.ozoneInteractionId

API call interaction ID.

Response

response.status

API call response status code. E.g. 200.

response.body

API call response body.

response.type

API call response type. E.g. no error.

response.statusGroup

API call response group. E.g. 2xx.

 

 

The log records returned from the queries are presented in a table with next information:

Date Time

The timestamp of when the API call was made.

Interaction ID

A unique identifier for each interaction, which helps in tracing and troubleshooting specific transactions.

Request URL

The URL of the API endpoint that was called.

Request Method

The HTTP method used for the request (e.g., GET, POST, PUT, DELETE).

Response Status

The HTTP status code returned by the API call, indicating success or type of error.

 

 

 

 

6.4 Reports

The Admin Portal is equipped with reporting tools designed to assist Financial Institutions in complying with regional regulations and technical standards. These tools allow clients to download a variety of reports, each tailored to specific regulatory requirements and operational needs.

Usage

Data Querying

The Reports Page provides Administrator with the flexibility to query metrics from the reports within various date ranges:

  • Today.

  • Yesterday.

  • Last 7 days.

  • Last 30 days.

  • This month.

  • Last month.

  • Last 6 months.

Data Export

Administrator can export the queried data in different formats for further processing and sharing:

  • XLSX (Excel).

  • CSV (Comma-separated values).

  • HML (HTML format).

 

Key Considerations

Key Considerations

Regional Specific Reports

Please note that the list of reports may vary by region where the Platform is provided and may include specific reports required by local regulations.

 

Below is the default set of reports available on the Platform:

OFP Availability

This report provides statistics on the time that the OFP was available for use and functioning correctly, including planned/unplanned downtime and providing a percentage figure.

LFI Availability

This report provides statistics on the time that the Ozone Connect implementation at LFI end was available for use and functioning correctly, including planned/unplanned downtime and providing a percentage figure.

OFP Performance

This report provides statistics on the response time used by the OFP to respond to TPP requests for the API, including minimum, maximum and average to monitor performance.

LFI Performance

This report provides statistics on the response time used by the Ozone Connect implementation at LFI end to respond to OFP requests for the API, including minimum, maximum and average to monitor performance.

API Call Volume & Billing

This report provides statistics on API volumes that can be used for billing, statistics also show a breakdown of methods and response code groups.

Consent Authorisation

This report provides statistics on the life-cycle of a consent and information on successful and unsuccessful authorisation requests.

Consent Status

This report provides statistics on the number of consents in the given consent state.

Consent Revocation

This report provides statistics on the number of consent revocations and the reasoning.

Consent Users

This report provides statistics on the number of unique users at the start/end of the reporting period with Authorised consents.

Bank Data

This report provides statistics on the number of API Bank requests including a breakdown of the resource name, e.g. Balance, Transactions etc.

Insurance Data

This report provides statistics on the number of API Insurance requests including a breakdown of the resource name, e.g. Motor, House etc.

Payment Volume

This report provides statistics on the number of payment API requests, including payments that have settled or failed.

Payments Value

This report provides statistics on the value of payments that have been settled or failed.

Payments Performance

This report provides statistics on the time in ms taken between the creation of the payment record on the OFP and the receipt of the final settlement confirmation or failure event from the LFI.

Events Notification

This report provides statistics on the event name sent to the TPP.

 

For report details LFIs should refer to this

https://openfinanceuae.atlassian.net/wiki/spaces/APIHubDocsv3/pages/149815438

6.5 Outage Reports

The Outage Reports Menu provide the possibility to register planned and/or unplanned outage and view previously registered outages. This functionality is available through two pages - ‘List Outage Reports' and 'Publish Outage’.

6.5.1 List Outage Reports

List of Outage Reports Page provide possibility to manage Outrage Reports.

Usage

View List of Outage Reports

By accessing the List Outage Reports Page, the Administrator can view a comprehensive list of all registered Outage Reports.

View Outage Report Details

Clicking the ‘three dots’ button to the right of the Outage Report record and selecting 'View Report' will allow you to view the details of the report.

Delete Outage Report

Clicking the ‘three dots’ button to the right of the Outage Report record and selecting 'Delete Report' will allow you to delete the report.

 

 

 

 

 

 

6.5.2 Publish Outage

There are two types of Outages which can be registered:

Planned Outages

The Administrator can schedule planned maintenance or downtime for specific LFI instances.

When a planned outage occurs, the system logs the downtime duration and publishes this information on the Developer portal.

The Administrator has the option to register a report detailing the scheduled downtime, including the planned start and end times, affected services, and any additional relevant information.

Unplanned Outages

In the event of an unplanned outage or system failure, the system automatically logs the downtime and publishes this information on the Developer portal.

The Administrator can generate a report to document the unplanned outage, capturing details such as the start and end times, root cause analysis, impact assessment, and any remedial actions taken.

 

 

Outage can be registered through dedicated Outage Report Registration form and require next information:

Bank

Name of the Financial Institution.

Outage Time

Date and time when outage started.

Duration

Duration of outage.

Explanation

Reason for outage

Type

Planned or Unplanned outage.

Authentication Type

Authenticated or Unauthenticated type.

Endpoints

Endpoints affected by outage.

As soon as the information is provided, the Administrator can register outage by clicking on 'Save' button.

 

 

 

 

6.6 Resources

The Resource Menu includes a Postman collection aligned with the relevant Open Banking standard. This collection can be downloaded and imported into Postman software, facilitating testing of the Platform's Open Banking interface.

© Ozone Financial Technology Limited 2024
Ozone Non Commercial Software EULA