Skip to main content

Prerequisites

Before initiating the configuration, ensure you have the following credentials and connectivity in place:
KeyDescription
sftp-host-nameOracle SFTP hostname to connect
sftp-port-numberOracle SFTP port number to connect
sftp-usernameOracle SFTP username to authenticate
sftp-destination-directoryOracle OBPM destination directory to send initiated payments files
sftp-monitor-directoryOracle OBPM monitor directory to check payment status files
sftp-private-keyOracle SFTP private key for authentication
file-encryption-keyOptional: Encryption key if the file needs to be encrypted before sending
file-encryption-algorithmOptional: Encryption algorithm for the file to be encrypted before sending
file-encryption-buffer-sizeOptional: Buffer size of encryption algorithm for the file to be encrypted before sending

Configuration guide

Follow these steps to initialize and authorize your OBPM batch connector.

1. Establish connectivity

Share the following details with the Grand Central team to establish secure connectivity between Grand Central and OBPM:
  • Environment details: baseUrl, ipaddress, and subnet of the OBPM application.
Share the following details with the OBPM team to establish secure connectivity between Grand Central and OBPM:
  • Environment details: ipaddress of Grand Central.
  • Shared key: PSK from the Grand Central team.

2. Environment configuration

You must set up the Azure Blob component. See Azure Blob. The Azure Blob variables below come from configuring Azure Blob, which is a mandatory component for this functionality.
You must set up the SFTP component. See SFTP. Use the environment keys defined in the prerequisites for configuring SFTP, which is a mandatory component for this functionality.
You must set up the Sync Hub component. See Sync Hub. The ASB variables below come from configuring Sync Hub, which is a mandatory component for this functionality.
To initialize the OBPM batch connector, define specific environment variables within your gc-applications-live repository. Store these variables in batch-payment-v0-values.yaml for the outbound batch connector to send files from Grand Central to Azure Blob, and in batch-inbound-payment-v0-values.yaml for the inbound batch connector to fetch files from Azure Blob to Grand Central.

Define outbound parameters

The following table shows variables used for connecting Grand Central to Azure Blob for sending the file:
KeyDescription
azure.storage.account.nameAzure Blob storage account name
azure.storage.container.metadata.nameAzure Blob storage metadata folder name
azure.storage.container.aggregated.nameAzure Blob storage aggregation folder name
asb.event.versionVersion of the Async Service Bridge (ASB) schema.
asb.producer.apiUriThe ASB URI to send confirmation to send chunks of data.
asb.event.topicThe ASB topic to send messages.
asb.event.typeThe ASB event type to send messages.
asb.event.sourceThe ASB source to send messages.
Below is a sample batch-payment-v0-values.yaml: 
# Sample OBPM batch payment connector 
connector:
  properties:

    # Azure Storage configuration
    azure.storage.account.name: stecos463testsynchub
    azure.storage.container.metadata.name: payment-batch-temp
    azure.storage.container.aggregated.name: payment-batch

    # ASB configuration
    asb.event.type: com.backbase.paymentbatchintegration.event.spec.v1.BatchStatusUpdateV1Event
    asb.event.source: com.backbase.payments
    asb.event.version: 1.0.0
    asb.batch.status.update.event.topic: batch-orders
    asb.producer.apiUri: http://asb-producer-v0.synchub-producer.svc.cluster.local

  accessControl:
    enabled: true
    permissionScopes:
      - roleDefinitionName: "storage_blob_data_contributor"
        resourceName: "storage-blob-container-payment-batch-temp"
      - roleDefinitionName: "storage_blob_data_contributor"
        resourceName: "storage-blob-container-payment-batch"

  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 3
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the batch-payment-v0-values.yaml file needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── batch-payment-v0-values.yaml

Define inbound parameters

The following table shows variables used for connecting Grand Central to Azure Blob for monitoring the file and sending payment status to Sync Hub:
KeyDescription
azure.storage.account.nameAzure Blob storage account name
azure.storage.container.metadata.nameAzure Blob storage metadata folder name
azure.storage.container.aggregated.nameAzure Blob storage aggregation folder name
asb.event.versionVersion of the Async Service Bridge (ASB) schema.
asb.producer.apiUriThe ASB URI to send confirmation to send chunks of data.
asb.event.topicThe ASB topic to send messages.
asb.event.typeThe ASB event type to send messages.
asb.event.sourceThe ASB source to send messages.
Below is a sample batch-inbound-payment-v0-values.yaml: 
# Sample OBPM batch payment connector 
connector:
  properties:

    # Azure Storage configuration
    azure.storage.account.name: stecos463testsynchub
    azure.storage.container.metadata.name: payment-batch-temp
    azure.storage.container.aggregated.name: payment-batch

    # ASB configuration
    asb.event.type: com.backbase.paymentbatchintegration.event.spec.v1.BatchStatusUpdateV1Event
    asb.event.source: com.backbase.payments
    asb.event.version: 1.0.0
    asb.batch.status.update.event.topic: batch-orders
    asb.producer.apiUri: http://asb-producer-v0.synchub-producer.svc.cluster.local

  accessControl:
    enabled: true
    permissionScopes:
      - roleDefinitionName: "storage_blob_data_contributor"
        resourceName: "storage-blob-container-payment-batch-temp"
      - roleDefinitionName: "storage_blob_data_contributor"
        resourceName: "storage-blob-container-payment-batch"

  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 3
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the batch-inbound-payment-v0-values.yaml file needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── batch-inbound-payment-v0-values.yaml

Define gc-obpm-payment-connector parameters

The following table shows variables used to make outbound connections for all payments from Grand Central to OBPM:
KeyDescription
retryFlagSet to true to enable automatic request retries if any failure in connection.
cxf.client.ssl.ca.cert.pathOptional: Server certificate path for mTLS.
cxf.client.ssl.keystore.pathOptional: Client certificate path for mTLS.
cxf.client.ssl.keystore.typeOptional: Client keystore certificate type.
http.client.ssl.ca.cert.pathOptional: Certificate for SSL pinning for REST services.
Below is a sample payments-v0.values.yaml: 
# Sample OBPM all payment environment configuration
connector:
  existingSecretName: obpm-outbound-secrets
  properties:
    retryFlag: false
    # SOAP service configuration for additional security
    cxf.client.ssl.ca.cert.path: /etc/camel/conf.d/_secrets/obpm-outbound-secrets/server.crt
    cxf.client.ssl.keystore.path: /etc/camel/conf.d/_secrets/obpm-outbound-secrets/client.p12
    cxf.client.ssl.keystore.type: PKCS12

    # OBPM REST API configuration
    obpm.rest.fetchBankDetailsByIBANApiUri: /api-gateway/api/s2/obpmrest/payments/IbanValidationService
        
    # HTTP configurations for REST service security
    http.client.ssl.ca.cert.path: /etc/camel/conf.d/_secrets/obpm-jetbank-secrets/server.crt

  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 3
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the payments-v0.values.yaml file needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── payments-v0.values.yaml

Define inbound/webhook gc-obpm-payment-inbound-connector parameters

Configure how Grand Central receives asynchronous updates from OBPM to GC. The following table shows the inbound payment connector parameters:
KeyDescriptionEnvironment key
jmsFlexCubeUrlThe JMS URL to connect to OBPM.jms-obpm-url
payment.status.update.queue.nameThe queue name for JMS to connect.jms-queue-name
jms.connection.factoryThe JMS connection factory name.jms-connection-factory
jms.ssl.enableOptional: Enable if SSL trust required for JMS connection.N/A
jms.ssl.trustStoreOptional: Trust certificate if SSL trust to take place.N/A
jms.ssl.trustStorePasswordOptional: Trust certificate password if SSL trust to take place.N/A
asb.event.versionVersion of the Async Service Bridge (ASB) schema.N/A
asb.producer.apiUriThe callback URI for receiving incoming events.N/A
asb.event.topicThe ASB topic to send messages.N/A
asb.event.typeThe ASB event type to send messages.N/A
asb.event.sourceThe ASB source to send messages.N/A
retryFlagRetry flag to retry for any technical issues connecting ASB.N/A
jms.recover.exception.http.enableRetry flag to retry for JMS connection technical issues.N/A
Below is a sample inbound-payments-v0.values.yaml: 
connector:
  existingSecretName: obpm-inbound-secrets
  properties:
    retryFlag: false
    
    # ASB configuration
    asb.event.type: com.backbase.payment.event.spec.v1.PaymentOrderStatusEvent
    asb.event.source: com.backbase.payments
    asb.event.version: 1.0.0
    asb.event.topic: payment-status
    asb.producer.apiUri: http://asb-producer-v0.synchub-producer.svc.cluster.local
    
    # OBPM JMS configuration
    jmsFlexCubeUrl: http://wiremock-obpm-jms-payments.gc-obpm.svc.cluster.local:9021
    payment.status.update.queue.name: NOTIFOUTQ_EXT
    jms.connection.factory: NotifQCF
    jms.recover.exception.http.enable: true
    jms.recover.exception.http.statuses: 429,500,502,503,504

    # Added security configuration
    jms.ssl.enable: true
    jms.ssl.trustStore: /etc/camel/conf.d/_secrets/obpm-inbound-secret/obpm-ssl-truststore-secret.jks

  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 0
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the inbound-payments-v0.values.yaml file needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── inbound-payments-v0.values.yaml

Define gc-obpm-direct-debit-mandate-connector parameters

The following table shows variables used to make direct debit mandate outbound connections from Grand Central to OBPM:
KeyDescription
retryFlagSet to true to enable automatic request retries if any failure in connection.
Below is a sample ddmandate-payment-v0.values.yaml: 
# Sample OBPM direct debit mandate payment environment configuration
connector:
  properties:
    retryFlag: false
    
  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 0
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the ddmandate-payment-v0.values.yaml file needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── ddmandate-payment-v0.values.yaml

Define gc-flexcube-foreign-exchange-connector parameters

The following table shows variables used to make foreign exchange payment outbound connections from Grand Central to OBPM:
KeyDescription
retryFlagSet to true to enable automatic request retries if any failure in connection.
Below is a sample foreignexchange-payment-v0.values.yaml: 
# Sample OBPM foreign exchange payment environment configuration
connector:
  properties:
    retryFlag: false
    
  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 0
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the foreignexchange-payment-v0.values.yaml file needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── foreignexchange-payment-v0.values.yaml

Testing your integration

To access the Payments Unified API, you must include your Grand Central subscription key in the request header. If you do not have a key, contact the Grand Central Support Team to have one provisioned.
KeyValue
api-key<your_subscription_key>
Test the API using the Postman Collection.

Troubleshooting

If your connector isn’t responding as expected, check these common scenarios.
Cause: The Grand Central (GC) gateway cannot establish a handshake with the OBPM endpoint. This typically indicates an upstream service outage at Oracle or a network routing failure.Solution: Verify the operational status of the OBPM environment with Oracle. If the service is operational, contact GC Support.
Cause: The Grand Central (GC) gateway cannot establish a handshake with the OBPM endpoint. This typically indicates an upstream service outage at Oracle or a network routing failure.Solution: Verify the operational status of the OBPM environment with Oracle. If the service is operational, contact GC Support.
Cause: The client_id or client_secret provided during setup is incorrect.Solution: Re-verify your credentials with the Oracle portal and contact the GC team to update the connection.
Cause: The number of incoming requests has exceeded the defined threshold for your subscription tier. This “429 Too Many Requests” response is a protective measure to ensure the stability of the Grand Central and Core Banking infrastructure.Solution: Review your application’s request patterns to identify unexpected spikes. If your business requirements have evolved and you require a higher throughput, contact the Grand Central Team to request an adjustment to your APIM rate limit policy.

Need more help?

Contact support

Reach out to the Grand Central team for assistance with environment setup or rate limit increases.