-
Notifications
You must be signed in to change notification settings - Fork 430
Security
We use Liftweb, a highly secure web framework written in Scala: liftweb security
For authentication options see here
TESOBE and the community provide Apache / MIT style OAuth ready client SDKs
In production, OBP storage can be separated from the API layer using AKKA. A message queue (e.g. Kafka) typically sits between OBP and the Core Banking system: Deployment scenario, security separation
Users gain access to Accounts and Transactions through being an "owner" of one or more accounts or by having access to one or more Views. See here
Users gain access to other API Endpoints via Roles which are granted via Entitlements. See here
Consumers (Apps) are managed by a set of API calls e.g. Enable Disable Consumers
The OBP API Manager is used by bank staff to manage the API and uses OBP API calls under the hood.