Digital Banking Potal | Akana by Perforce

Consumer Data Standards Banking API - Test Guide

This document provides a summary overview of the steps that need to be executed in order to send a valid request to the implemented API endpoints.

The following operations (API resources) have been implemented on this API (the remaining resources may provide a static mock response and/or may have limited security configuration in place):

GET /banking/accounts
GET /banking/accounts/balances
POST /banking/accounts/balances

These resources represent the three endpoints of the Banking API offered by the Australian Consumer Data Standards. When an AISP requests account information, (s)he will first have to create a consents resource using POST /v1/consents. Note that the Sandbox implementations offered here provide mock responses that demonstrate the expected functionality without actually creating or deleting data.

More and actual details can be found on the Consumer Data Standards web site.

Executing a test on GET /banking/accounts (happy flow)

This Digital Banking Portal provides a convenient Test Client for effective API testing. Please note that this Test Client allows for configuration settings that are needed to satisfy any security policies that have been implemented on the API endpoint (for example validation of the input request headers and payload body).

Test Client can be accessed through the ‘Test Client’ button in the left navigation bar when viewing the API.

Accessing the Test Client will show details of the API about to be tested as shown in the screen capture below:

The section shows the available API Implementations (in this case, Sandbox only), available API operations, Endpoints on which the API is available (in this case, https and mutual-https); the Path field shows the path associated with the selected Operation.

Essentially, Test Client automatically shows all details as they are laid down in the API interface (Swagger/OAS). Selecting an Operation will automatically populate relevant other sections, for example Headers, Parameters and Access URL.

Steps to execute for a successful test are:

Provide valid values to any required request header and/or parameter (required elements are marked with a *);
Provide a valid request body (JSON object), if applicable;
Select a valid client (using Test Client’s ‘Setup’ function). The client is an App that has been generated for you specifically as part of your registration. This consuming App represents a client identity that is subject to authentication, authorization and, potentially, additional security constraints;
Provide any configuration values that are required to satisfy security policies associated with the API resource (using Test Client’s ‘Security’ function).

Request headers:

Accept	application/json	Pre-populated
Content-Type	None	Pre-populated

Required parameters: none.

Request body: not applicable.

Client: a sample client can be selected from Test Client ‘Setup’ function. The client is an App that has been generated for you specifically as part of your registration;

Security policies: in accordance with the Banking API'S security profile, several security policies must be adhered to. For example:

OAuth2.0: client authorization is done using OAuth2.0. A request must present a valid OAuth Bearer Access Token through its Authorization header. Have the Test Client generate this token for you: hit ‘Security’ and ensure values as shown below are present:

Result:

Note:

With these steps configured as documented above, the request should be accepted and return an http 200 with a generated JSON mock response. Some request and response details can be reviewed in Test Client. In addition, the 'Trace' tab (under Response) shows elements automatically added by Test Client, based on your Setup and Security configuration.
Further details of the transaction, including operational metrics and details on the generated request message and returned response can be reviewed under the 'Logs' menu item.