This repo intends to demonstrate how an environment with the Open Banking mock API's can work in AWS using mTLS.
Make sure Docker is running. During the deploy we will use Docker to create the container that will be used to run NGINX.
After Docker is running, execute the following commands:
git clone <REPO_URL>
cd <REPO_NAME>/
./proxy/generate-certs.sh
npm install
cdk bootstrap
cdk synth
cdk deploy
This will clone this repo, then install all packages required. CDK will then bootstrap a deploy environment in your account. You will then synthetize a cloudformation template and finally deploy it. The end result will be the following architecture:
There are two options for tests:
- Postman
- Terminal
Before moving on, make sure you have in hand the your Network Load Balancer (NLB) URL. CDK shows you an output with the created assets and you should look for a name similar to "OpenBankingBrazil.ProxyProxyServiceLoadBalancerDNSE4FAFBA0". Copy the value of this key as it is the URL for your NLB.
Follow these steps to prepare your setup:
Set the following env variables:
| Key | Value |
|---|---|
| host | YOUR-NLB-DNS |
| version | v1 |
The configuration file location:
proxy/client/OpenBankingBrazil.postman_collection.json
Use the following:
proxy/client/ssl/client.crt,proxy/client/ssl/client.key.- The host is your NLB DNS.
Finally you can run any of the requests and you should be able to see the response as the picture below:
To test the mTLS connection, use terminal to run the following commands:
cd proxy/client/ssl
HOST='YOUR-NLB-DNS-HERE'
VERSION='v1'
There are the following paths available for tests:
$HOST/discovery/$VERSION/status
$HOST/discovery/$VERSION/outstage
$HOST/channels/$VERSION/branches
$HOST/channels/$VERSION/electronic-channels
$HOST/channels/$VERSION/phone-channels
$HOST/channels/$VERSION/banking-agents
$HOST/products-services/$VERSION/personal-accounts
$HOST/products-services/$VERSION/business-accounts
$HOST/products-services/$VERSION/personal-loans
$HOST/products-services/$VERSION/business-loans
$HOST/products-services/$VERSION/personal-financings
$HOST/products-services/$VERSION/personal-invoice-financings
$HOST/products-services/$VERSION/personal-credit-cards
$HOST/products-services/$VERSION/business-credit-cards
$HOST/admin/$VERSION/metrics
To test any of these paths, run the following command:
curl --key client.key --cert client.crt -k COMMAND
For example:
★ ssl [docs] ♡ curl --key client.key --cert client.crt -k $HOST/channels/$VERSION/electronic-channels
{
"data": {
"brand": {
"name": "Organização A",
"companies": [
{
"name": "Empresa A1",
"cnpjNumber": "45086338000178",
"urlComplementaryList": "https://empresaa1.com/branches-banking",
"channels": [
{
"identification": {
"type": "INTERNET_BANKING",
"additionalInfo": "NA",
"url": "https://empresaa1.com/internet-banking"
},
"service": {
"codes": [
"ABERTURA_CONTA",
"RECEBIMENTOS_PAGAMENTOS_TRANSFERENCIAS_ELETRONICAS",
"OPERACOES_CREDITO",
"CARTAO_CREDITO",
"OPERACOES_CAMBIO",
"INVESTIMENTOS",
"SEGUROS",
"OUTROS"
],
"additionalInfo": "Previdência Complementar"
}
}
]
}
]
}
},
"links": {
"self": "https://api.banco.com.br/open-banking/channels/v1/electronic-channels",
"first": "https://api.banco.com.br/open-banking/channels/v1/electronic-channels",
"prev": "null",
"next": "null",
"last": "https://api.banco.com.br/open-banking/channels/v1/electronic-channels"
},
"meta": {
"totalRecords": 1,
"totalPages": 1
}
}
Run the following command:
cdk destroy
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.