Polski
Eventy
Eventy w których uczestniczymy
INTERNATIONAL USER GROUPS CONFERENCE
Termin: 3-7 Czerwiec, 2019
Miejsce: Ryga, Łotwa
Learn from your peers—
Join the conference by customers for customers
Dear Members and Customers,
In two months, IT and business professionals from 40+ countries will converge in Latvia to talk about software—their experiences, lessons learned and plans to use software to spark their next great business innovation. Make sure you’re there!
Join the Software AG International User Groups Conference June 3-7. You’ll be able to network with your peers and get inspired by best practices from innovators like AAFMAA, the Atlanta Hawks, the European Commission, ING, John Lewis Partnership, Kiabi, UBS, Siemens, Deutsche Telekom and many more.
We know you’re keen to learn what the agenda has in store for you. Well, we’ve been shaping an interactive and educational program with an even blend of customer presentations and the latest news on everything from Adabas & Natural, Alfabet, ARIS to Cumulocity IoT & webMethods. Check out the agenda and stay tuned for regular updates.
Eventy
Eventy w których uczestniczymy
INTERNATIONAL USER GROUPS CONFERENCE
Termin: 3-7 Czerwiec, 2019
Miejsce: Ryga, Łotwa
Learn from your peers—
Join the conference by customers for customers
Dear Members and Customers,
In two months, IT and business professionals from 40+ countries will converge in Latvia to talk about software—their experiences, lessons learned and plans to use software to spark their next great business innovation. Make sure you’re there!
Join the Software AG International User Groups Conference June 3-7. You’ll be able to network with your peers and get inspired by best practices from innovators like AAFMAA, the Atlanta Hawks, the European Commission, ING, John Lewis Partnership, Kiabi, UBS, Siemens, Deutsche Telekom and many more.
We know you’re keen to learn what the agenda has in store for you. Well, we’ve been shaping an interactive and educational program with an even blend of customer presentations and the latest news on everything from Adabas & Natural, Alfabet, ARIS to Cumulocity IoT & webMethods. Check out the agenda and stay tuned for regular updates.
Eventy
Eventy w których uczestniczymy
INTERNATIONAL USER GROUPS CONFERENCE
Termin: 3-7 Czerwiec, 2019
Miejsce: Ryga, Łotwa
Learn from your peers—
Join the conference by customers for customers
Dear Members and Customers,
In two months, IT and business professionals from 40+ countries will converge in Latvia to talk about software—their experiences, lessons learned and plans to use software to spark their next great business innovation. Make sure you’re there!
Join the Software AG International User Groups Conference June 3-7. You’ll be able to network with your peers and get inspired by best practices from innovators like AAFMAA, the Atlanta Hawks, the European Commission, ING, John Lewis Partnership, Kiabi, UBS, Siemens, Deutsche Telekom and many more.
We know you’re keen to learn what the agenda has in store for you. Well, we’ve been shaping an interactive and educational program with an even blend of customer presentations and the latest news on everything from Adabas & Natural, Alfabet, ARIS to Cumulocity IoT & webMethods. Check out the agenda and stay tuned for regular updates.
Eventy
Events where you can find us
INTERNATIONAL USER GROUPS CONFERENCE 2020
Date: June 17-19, 2019
Miejsce: The Hague, The Netherlands
CONNECT 2020
INTERNATIONAL USER GROUPS CONFERENCE
We live in a truly connected world that connects every “thing” from apps and systems to clouds and even cars. What remains our most essential connection? People. That’s why human connections reign at the Software AG International User Groups (IUG) Conference 2020 in The Netherlands. The IUG meeting is a conference by customers for customers.
TestMonitoring EN
What is Test & Monitoring?
The European Union directive PSD2 (Payment Service Directive 2) announced in 2016 implements an open banking API on European market, enabling third parties to initiate payments and access to the client’s bank accounts.
APILogic Test & Monitoring consist of three services:
1. Performing integration tests of the dedicated PSD2 interface, including services:
- PIS - Payment Initation Service
- AIS - Account Information Service
- CoF - Confirmation of Funds
2. Constant 24/7 monitoring of the dedicated PSD2 interface on production environment in accordance with the requirements of RTS and FSA (in Poland: KNF) .
3. Support for performing functional tests using APILogic HUB
ARE YOU INTERESTED IN TEST & MONITORING SOLUTIONS?
SCOPE OF THE SERVICE - APILOGIC TEST & MONITORING
The following goals will be achieved performing integration tests:
- Confirmation of the possibility of calling services from an external TPP PSD2 client.
- Confirmation of the correctness of data transferred or received as part of called services
- Confirmation of compliance with the PolishAPI specification as part of integrating test cases.
The following goals will be achieved performing functional test support service:
- Cost reduction of verifying implementation of PSD2 services thanks to the APILogic Hub functionalities.
- Shortening the time of functional tests.
- Automation of regression tests.
As part of the production monitoring of the dedicated PSD2 interface, the following objectives will be achieved:
- Monitoring of the availability of the AIS, PIS, and COF services by use of external Third Party Provider (TPP) - the external client to ASPSP.
- Monitoring of the efficiency of the AIS, PIS, and COF services by use of TPP
- Gathering and publishing the key performance indicators in accordance with the requirements of RTS and FSA (Polish KNF) .
DESCRIPTION OF THE APILOGIC TEST & MONITORING SERVICE
PSD2 directive requires that ASPSP (eg. banks) enable the availability of PIS, AIS and CoF services to external TPP by mean of a dedicated interface. TPP are those entities that have obtained a special licence for become payment institution and perform defined by their business model services.
The PSD2 directive and the Regulatory Technical Standards (RTS) impose on the ASPSP numerous duties related to the dedicated interface, including:
- RTS Article 32 point 1: High availability of a dedicated interface and the services
- RTS Article 32 point 2: Creation and reporting of performance indicators for the interface and services in accordance with the requirements of RTS.
- RTS Article 33 point 1: Activation of the emergency means in case of responses longer than 30 seconds for the 5 following TPP requests.
The proposed solution APILogic Test&Monitoring supports the implementation of the above mentioned requirements by the following components:
- Integration tests
- Production monitoring of the dedicated PSD2 interface
- Support for performing functional tests
INTEGRATION TESTS
As part of this service, Inteca by use of a TPP client named APILogic Hub will conduct integration tests of all functionalities offered in the dedicated PSD2 interface . The tests will be carried out within the PolishAPI specification for:
- TPP client registration
- Validation of EIDAS certificates (SSL and stamp)
- AIS (Account Information Service)
- PIS (Payment Initiation Service)
- CoF (Confirmation of Funds)
- AS Callback
- PIS Callback
- AIS Callback
Performing integration tests by use of an external tool (APILogic Hub) will allow to:
- Confirm the proper operation of services in the external to the Bank environment.
- Prepare the solution for functional tests.
- Confirm that the solution complies with the requirements of the PolishAPI and RTS standards.
- Prepare solutions for the issues not regulated in the standards.
PRODUCTION MONITORING OF THE DEDICATED PSD2 INTERFACE
As part of this component, Inteca in continuous mode 24/7 will monitor the availability and efficiency of production services dedicated to the PSD2 interface. The monitoring will be carried out by mean the external APILogic Hub tool from the server room located in Poland and France or Germany.
- On a monthly basis, the efficiency indicators will be transferred to the Bank, that can be used for the required reporting to the FSA (Polish KNF)
- In case of lack of availability to the dedicated interface or if the response time of 5 following requests will be longer than 30 seconds, the information will be communicated to the Bank in immediate mode
The monitoring will cover all services offered as part of the dedicated PSD2 interface:
- TP customer registration
- Validation of EIDAS certificates (SSL and stamp)
- AIS (Account Information Service)
- PIS (Payment Initiation Service)
- CoF (Confirmation of Funds)
- AS Callback
- PIS Callback
- AIS Callback
SUPPORT FOR FUNCTIONAL TESTS USING THE APILOGIC HUB
As part of this service, we use the APILogic Hub tool to support the process of functional testing. The execution time and the cost of testing are reduced thanks to APILogic Hub functionalities. All APILogic Hub functionalities are offered through user screens. By means of mentioned before, testing PSD2 services does not require technological expertise from the test team.
Performing functional tests using an external tool (APILogic Hub) will allow:
- Automate and improve the testing process
- Conduct tests using standard team of testers and methods used in the bank without the need to engage specialized development resources
- Confirm that the solution complies with the requirements for the AIS, PIS and CoF services
- Automate regression tests.
ARE YOU INTERESTED IN APILOGIC TEST & MONITORING SOLUTIONS?
TPP Validator
What is APILogic TPP Validator?
The European Union Directive PSD2 (Payment Service Directive 2) announced in 2016 implements an open banking API on European market, enabling third parties to initiate payments and access to the client’s bank accounts. The directive and regulatory standards require that all transactions should be processed via secure channels and that all the data should be protected in terms of authenticity and integrity.
Qualified certificates supporting PSD2
To meet security requirements, banks (or generally the account servicing payment service provider – ASPSP) and external PSD2 service providers (Third Party Provider, TPP) will use qualified certificates for websites (QWAC) and qualified certificates for electronic seal (QSealC). These certificates will be issued by qualified trust service providers (QTSP) based on the new technical standard ETSI TS 119 495, which was published in May, 2018.
Validation of a qualified EIDAS certificate
The QWAC and QSealC certificates described above must be qualified in accordance with the EIDAS Regulation. In order to validate the qualified EIDAS certificate, the validating entities must significantly extend the validation tools. Among others, following challenges must be addressed:
- The list of PSP certificates for validation is not known and it is variable over time.
- PSP certificates can be issued by QTSP throughout the European Union.
- The number of CA Root certificates used by QSTP is not known and it is variable over time (currently there are more than 200).
- Attributes necessary for validation (eg. link to the CRL list) may be outside of the certificate (eg. on TSL lists).
Considering mentioned above, it is not possible to use standard tools to validate the certificate, based on hardware solutions such as NetScaler or F5.
Register of payment and credit institutions
Besides certificates validation, before transaction ASPSP must confirm that TPP:
- is authorized by the competent national authority
- is approved for performing PSP role that is compatible with its API request
- owns "passportization" to perform services in a specific country.
Verification of the above mentioned requirements is possible by confirming the actual state in the registers kept by the competent national authority. The option it is to query the EBA register which needs to be updated on a regular basis by the competent national authority due to the PSD2 directive.
Requirements
In order to meet the RTS requirements (article 33 and 34) beneath there are requirements that ASPSP should implement:
- Validation of the qualified EIDAS website authentication certificate (QWAC) in real time
- Validation of the qualified seal EIDAS certificate (QSealC) in real time
- Validation of the actual state of the license / entry in the register in real time
The APILogic TPP Validator through the provided functionality supports the implementation of the requirements described in Article 33 and 34 of Commission delegated regulation 2018/389 (RTS)
SCOPE OF THE SERVICE - APILogic TPP Validator
APILogic TPP Validator is a software for checking certificates and the status of a license or entry in the register of payment institutions. APILogic Validator performs its services in accordance with European legislation. In particular APILogic TPP Validator supports the eIDAS Regulation, the PSD2 Directive and other related standards.
The scope of the APILogic TPP Validator service:
- support for TPP identity verification by validation of qualified authentication certificate QWAC
- support to confirm the integrity and authenticity of documents sent by TPP by validating the qualified seal certificate (QSealC).
- confirmation of the current status of the license and entry in the PSP register by querying the EBA register for the actual state.
APILogic TPP Validator can be implemented in two models:
- as a PROXY component with validation function
- as REST validation services
PROXY COMPONENT WITH VALIDATION FUNCTION
APILogic TPP Validator has a PROXY module that validates the certificate before forwarding the request to the emergency interface. Thus, it provides the requirements of article 33 and 34 of the RTS standard.
REST VALIDATION SERVICES
In this model, APILogic TPP Validator provides REST services that validate PSP requests forwarded to the API Gateway. The API Gateway calls the APILogic TPP Validator to validate the certificate and the PSP license before passing the request to the actual PSD2 services.
The solution provides the following REST services:
- validatePSD2certificate
- validatePSD2license
validatePSD2license
The second service at the entrance receives the TPP license number and returns information about:
- license status
- PSD2 roles assigned to TPP
- the status of passportization
validatePSD2certificate
The first of services receives the TPP certificate at the entrance and validates it in accordance with the requirements of the EIDAS Regulation and EBA requirements. In response the service returns information about:
- certificate status
- PSD2 roles in which TPP may occur (AISP, PISP)
- the number of TPP license
- type of certificate: QWAC, QSealC
ARE YOU INTERESTED IN APILOGIC TPP VALIDATOR SOLUTIONS?
Partner Manager
IT ECOSYSTEM OF AN INSURANCE COMPANY
Challenges in maintaining and developing a digital cooperation platform with insurance company partners
Key challenges:
Security
Ensuring the safety of communication with the external ecosystem.
Onboarding new partners
Time and work required for getting new partners integrated (including availability of internal IT department)
Channel management
Providing SLA. Handling exceptions, errors and questions. Communication.
Monitoring
SLA monitoring, errors handling.. Ensuring the availability of key services.
Partner Manager
Key features of the solution
The Gateway for Insurance World
Virtualization of current APIs and services. External partners integrate and communicate only through the gateway. Increased security.
Fast Time to Market
Flexible configuration and on-boarding of partners with minimal involvement of the IT ddepartment. Access to test environments.
Partner channel management
Portal for partners. Access to the documentation for partners. Communication, handling partner questions. Partner SLA configuration.
Quick implementation
The deployment has little impact on the current architecture of Insurance Company. The functioning of the gateway is transparent for the partners of Insurance Companies
Monitoring KPIs
Predefined analytics views allow real-time monitoring.
A flexible business analytics console
Flexible, configurable analytics based on business data sent through the gateway. Real-time stream & events processing. Real-time views & dashboards of business data.
ARE YOU INTERESTED IN PARTNER MANAGER SOLUTIONS?
API Gateway
The gate for partners through which they integrate with Insurance Companies systems
Virtualization of the current APIs and services, ensuring information security, monitoring and managing integration with the partners. The implementation does not involve any changes neither on Partners side nor for the Insurance Company IT systems.
Visual configuration of security policies, routing, monitoring and resource control policies
Wide spectrum of security scenarios WS-Security, OAuth2, OpenID Connect, 2-Way TLS, (JWT to SAML), eIDAS signatures
A solution based on the open source WSO2 API Management technology
Partner Portal
A layer of documentation and API tests for partners
Specification and API documentation for partners. Compliance with the Open API or SOAP / WSDL standard
The ability to test the API (test environment)
Monitoring and statistics of API for Partners
Self-service scenarios for partners. Fast on-boarding for partners.
Full customization of the appearance according to the company's branding
Visual API Modeler
A tool for visual design of the APIs
Visual modeling and documentation of API
Automatic generation of API specifications and documentation for partners based on the visual model.
Support for XML and JSON as well as SOAP, OpenAPI and ISO20022 standards for financial institutions
Support for versioning of API models and parallel work in many projects.
A tool for analysts and power-users, allowing quick design of new APIs or changes to existing versions
ANALYTICS AND KPIs MONITORING
Predefined dashboards and reports for key KPIs
Predefined Dashboards
Ready, pre-defined analytic views that are suited to monitor the current situation in the integration channels.
Analysis per SLA packages
KPI analysis in terms of tariff plans and SLA packages.
Analysis per Partner
Analysis of activities, exceptions (breaking configured policies) of partner applications. Event monitoring per partner.
Trend analysis
Information on the trends of events used in the API. Utilization level, error trends. Levels of failure vs. success.
Security events console
Analysis of events related to security threats, that are monitored based on configured policies.
Audit console
An audit log showing events on the platform (eg. partner registration, access acceptance, etc.)
Business Activity Monitoring
A visual report and dashboard editor for the business data sent through the API Gateway
The ability to collect business transaction data passing through the gateway
BigData technology enabling the collection of a wide spectrum of data
A visual tool for building reports and business dashboards
Real-time monitoring with the history of time. SQL-Like stream processing tool for building event processing logic (extraction, enrichment, joining)
Tool for business users. Real-time ad-hoc analysis / construction of dashboards from any data flowing through the gateway
ARE YOU INTERESTED IN PARTNER MANAGER SOLUTIONS?
Apilogic EN
WHAT IS APILOGIC HUB?
The EU directive PSD2 (Payment Service Directive 2) announced in 2016 implements an open banking API on the European market, enabling third parties’ providers to initiate transfers and access to the client’s bank accounts.
APILogic Hub is an IT solution that aggregates interactions with PSD2 services in one place:
- PIS - Payment Initation Service
- AIS - Account Information Service
- CoF - Confirmation of Funds
provided by all banks in the European Union.
Description of the solution
Prepared by an experienced team of architects and specialists from the financial market, the APILogic Hub solution enables integration with multiple Banks through an unified API. The APILogic Hub user does not have to worry about the implementation differences of PSD2 services that occur between individual banks.
ARE YOU INTERESTED IN APILOGIC HUB SOLUTIONS?
ACCESS TO CUSTOMER ACCOUNT - AIS / COF
Two services defined by the PSD2 directive – Account Information Service (AIS) and checking funds on the account (CoF) – are implemented by APILogic Hub, providing information on bank accounts and their history.
- APILogic Hub collects transaction history and bank account information from many banks. The service is designed for individual and company accounts.
- Before receiving the information, the client gives consent by APILOGIC Hub to access to the accounts and transaction history in the bank.
- The client authenticates to the selected bank and authorizes APILogic Hub access to the selected payment accounts.
- APILogic Hub receives a Token from a financial entity, which is used to collect account information and account history.
- All received information from many banks are aggregated in one place and can be used to perform business analytics, e.g. for up / cross-selling processes or customer need’s research.
USAGE OF THE AIS SERVICE
The AIS service is the opportunity to implement significant improvements in processes related to the sale of services and products. APILogic Hub by AIS service provides automation of many time consuming activities in those processes.
INITIATING PIS PAYMENTS
The payment initiation (Payment Initiation Services – PIS) is he second of the services defined by the PSD2 directive. APILogic Hub implements the PIS service enabling the creation of payments and then its monitoring.
- APILogic Hub enables creating a payment and monitoring it. The service operates for individual and company accounts.
- Before creating a payment, the client via APILogic Hub gives consent to its execution and indicates the bank where his account is located.
- The client authenticates to the selected bank and authorizes the APILogic Hub in order to create and monitor the payment status.
- APiLogic Hub receives a Token from the financial entity, which is used to initiate the payment.
- After the payment has been initiated, APILogic Hub periodically polls the bank for payment status until it is completed.
THE USAGE OF THE PIS SERVICE
The PIS service is the opportunity to implement significant improvements in processes related to payments for services and products. APILogic Hub by PIS service provides automation of many time-consuming activities in these processes
ARE YOU INTERESTED IN SOLUTIONS related to APILOGIC HUB?
Apilogic - strona główna EN
How is APILOGIC supporting your bank?
A ready-made solution, compliant with the PSD2 Directive and Open Banking Standards
Best-in-class components from top-of-the-line technology partners
Built on experience in financial sector software development
Support and education regarding open banking API and API Management
PSD2 directive changes everything
The update of the previous EU PSD Directive opens banking institutions even more for cooperation with external service providers (including other banks) and the wide fintech ecosystem. From January 2018, PSD2 Directive gives the right to entities other than banks to enter the role of payment operators or to manage information on customer accounts. At the same time PSD2 Directive regulates the security and authentication aspects of the client in the payment process.
The entry of open banking is a real revolution when it comes to banks infrastructure. They must provide data from their systems through open APIs. External entities (TPP) will connect to this data securely, creating new business values and innovative services or products.
What else is the PSD2 Directive changing? Probably, it will soon eliminate the passwords and text messages codes used to confirm payment transactions. The Directive will move standard towards much safer biometric solutions. PSD2 Directive will be also a great opportunity for many start-ups, technology companies with a financial profile and not only – using open banking data, these entities will be able to make a complete transformation of the market – European and global.
Get ready for digital transformation.
The PSD2 Directive enters into force in:
000 days 00 hours 00 minutes 00 seconds
Open Banking API
We have designed a smart solution, so you can adapt to the open banking and PSD2 faster. Save your organisation's time and resources – enhance your infrastructure today.
![[:pl]Zgodnie z finalnym RTS do dyrektywy PSD2, SMS nie będzie mógł służyć jako faktor uwierzytelniania w procesie SCA (Strong Customer Authentication)[:]](https://apilogic.pro/wp-content/uploads/2018/02/SMS-silne-uwierzytelnianie-RTS-PSD2-uai-258x172.jpg)
