Skip to main content

Prerequisites

Before initiating the configuration, ensure you have the following credentials and connectivity in place:
  • Make sure that you have followed Get started with connectors and Sync Hub.
  • OBPM access: An active account in the Oracle Open Banking Payment Manager environment and wlthint3client license for connecting to JMS Server.
  • Network connectivity: Confirmed routing between the Oracle environment and the Grand Central (GC) iPaaS. See Network connectivity for supported options.
  • Environment details: The following table shows the environment variables you need from Oracle to configure the connector:
KeyDescription
soap-obpm-urlThe SOAP service URL to access the OBPM environment
soap-flexcube-urlThe SOAP service URL to access the Flexcube environment
obpm-sourceThe unique identifier assigned to the client by OBPM
obpm-userIdUser ID of the client who is making the connection to OBPM
flexcube-sourceThe unique identifier assigned to the client by Flexcube
flexcube-userIdUser ID of the client who is making the connection to Flexcube
rest-obpm-urlThe REST service URL to access the OBPM environment
jms-obpm-urlJMS connection URL to OBPM environment
jms-queue-nameJMS queue name
jms-connection-factoryJMS connection factory

Configuration guide

Follow these steps to initialize and authorize your OBPM connector.

1. Establish connectivity

Share the following details with the Grand Central team to establish secure connectivity between Grand Central and OBPM:
  • Environment details: baseUrl, ipaddress, and subnet of the OBPM application.
Share the following details with the OBPM team to establish secure connectivity between Grand Central and OBPM:
  • Environment details: ipaddress of Grand Central.
  • Shared key: PSK from the Grand Central team.

2. OBPM service authentication and authorization

The connector supports the following authentication and authorization mechanisms, which you can configure based on your security requirements:
  • mTLS for SOAP OBPM services
  • WS-Security for Flexcube services
  • OBPM authorization for REST services
  • SSL server certificate verification for REST services
  • SSL server certificate trust for JMS connection
Certificates and credentials security: To configure all certificates and credentials, create SOPS secrets. See Configure a connector for instructions. For sharing credentials between OBPM and Grand Central, we recommend using 1Password.

3. Environment configuration

To initialize the OBPM connector, define specific environment variables within your gc-applications-live repository. Store common variables in values.yaml and connector-specific variables in the files listed in the following table:
connectorProperty fileDescription
gc-obpm-payment-connectorpayments-v0.values.yamlOutbound payment connector for all payments
gc-obpm-payment-inbound-connectorinbound-payments-v0.values.yamlInbound payment connector to receive inbound payment status
gc-obpm-direct-debit-mandate-connectorddmandate-payment-v0.values.yamlOutbound payment connector for direct debit mandate creation
gc-flexcube-foreign-exchange-connectorforeignexchange-payment-v0.values.yamlOutbound payment connector for foreign exchange creation

Define common parameters

The following table shows variables used across all connectors connecting Grand Central to OBPM and OBPM to Grand Central:
KeyDescriptionEnvironment key
obpm.baseUrlTarget API endpoint for the OBPM gateway.soap-obpm-url
flexcube.baseUrlTarget API endpoint for the Flexcube gateway.soap-flexcube-url
obpm.sourceUnique organizational identifier assigned by OBPM.obpm-source
obpm.userIdUser ID of the client who is making the connection to OBPM.obpm-userId
obpm.branchSpecific OBPM branch or default to 001.N/A
flexcube.sourceUnique organizational identifier assigned by Flexcube.flexcube-source
flexcube.userIdUser ID of the client who is making the connection to Flexcube.flexcube-userId
flexcube.branchSpecific Flexcube branch or default to 001.N/A
Below is a sample values.yaml: 
# Sample OBPM environment configuration
connector:
  properties:
    obpm.baseUrl: "http://wiremock-obpm-payments.gc-obpm.svc.cluster.local:9021"
    obpm.source: BACKBASE
    obpm.ubsComp: FCUBS
    obpm.userId: BACKBASE
    obpm.branch: "001"

    flexcube.baseUrl: "http://wiremock-flexcube-payments.gc-flexcube.svc.cluster.local:9021"
    flexcube.source: BACKBASE
    flexcube.ubsComp: FCUBS
    flexcube.userId: BACKBASE
    flexcube.branch: "001"

    # OBPM REST API configuration
    obpm.rest.baseUrl: "http://wiremock-obpm-rest-payments.gc-obpm.svc.cluster.local:9021"
Below is the path where the values.yaml file needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── values.yaml

Define gc-obpm-payment-connector parameters

The following table shows variables used to make outbound connections for all payments from Grand Central to OBPM:
KeyDescription
retryFlagSet to true to enable automatic request retries if any failure in connection.
cxf.client.ssl.ca.cert.pathOptional: Server certificate path for mTLS.
cxf.client.ssl.keystore.pathOptional: Client certificate path for mTLS.
cxf.client.ssl.keystore.typeOptional: Client keystore certificate type.
http.client.ssl.ca.cert.pathOptional: Certificate for SSL pinning for REST services.
Below is a sample payments-v0.values.yaml: 
# Sample OBPM all payment environment configuration
connector:
  existingSecretName: obpm-outbound-secrets
  properties:
    retryFlag: false
    # SOAP service configuration for additional security
    cxf.client.ssl.ca.cert.path: /etc/camel/conf.d/_secrets/obpm-outbound-secrets/server.crt
    cxf.client.ssl.keystore.path: /etc/camel/conf.d/_secrets/obpm-outbound-secrets/client.p12
    cxf.client.ssl.keystore.type: PKCS12

    # OBPM REST API configuration
    obpm.rest.fetchBankDetailsByIBANApiUri: /api-gateway/api/s2/obpmrest/payments/IbanValidationService
        
    # HTTP configurations for REST service security
    http.client.ssl.ca.cert.path: /etc/camel/conf.d/_secrets/obpm-jetbank-secrets/server.crt

  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 0
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the payments-v0.values.yaml file needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── payments-v0.values.yaml

Define inbound/webhook gc-obpm-payment-inbound-connector parameters

Configure how Grand Central receives asynchronous updates from OBPM to GC.
You must set up the Sync Hub component. See Sync Hub. The ASB variables below come from configuring Sync Hub, which is a mandatory component for inbound connectivity.
The following table shows the inbound payment connector parameters:
KeyDescriptionEnvironment key
jmsFlexCubeUrlThe JMS URL to connect to OBPM.jms-obpm-url
payment.status.update.queue.nameThe queue name for JMS to connect.jms-queue-name
jms.connection.factoryThe JMS connection factory name.jms-connection-factory
jms.ssl.enableOptional: Enable if SSL trust required for JMS connection.N/A
jms.ssl.trustStoreOptional: Trust certificate if SSL trust to take place.N/A
jms.ssl.trustStorePasswordOptional: Trust certificate password if SSL trust to take place.N/A
asb.event.versionVersion of the Async Service Bridge (ASB) schema.N/A
asb.producer.apiUriThe callback URI for receiving incoming events.N/A
asb.event.topicThe ASB topic to send messages.N/A
asb.event.typeThe ASB event type to send messages.N/A
asb.event.sourceThe ASB source to send messages.N/A
retryFlagRetry flag to retry for any technical issues connecting ASB.N/A
jms.recover.exception.http.enableRetry flag to retry for JMS connection technical issues.N/A
Below is a sample inbound-payments-v0.values.yaml: 
connector:
  existingSecretName: obpm-inbound-secrets
  properties:
    retryFlag: false
    
    # ASB configuration
    asb.event.type: com.backbase.payment.event.spec.v1.PaymentOrderStatusEvent
    asb.event.source: com.backbase.payments
    asb.event.version: 1.0.0
    asb.event.topic: payment-status
    asb.producer.apiUri: http://asb-producer-v0.synchub-producer.svc.cluster.local
    
    # OBPM JMS configuration
    jmsFlexCubeUrl: http://wiremock-obpm-jms-payments.gc-obpm.svc.cluster.local:9021
    payment.status.update.queue.name: NOTIFOUTQ_EXT
    jms.connection.factory: NotifQCF
    jms.recover.exception.http.enable: true
    jms.recover.exception.http.statuses: 429,500,502,503,504

    # Added security configuration
    jms.ssl.enable: true
    jms.ssl.trustStore: /etc/camel/conf.d/_secrets/obpm-inbound-secret/obpm-ssl-truststore-secret.jks

  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 0
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the inbound-payments-v0.values.yaml file needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── inbound-payments-v0.values.yaml

Define gc-obpm-direct-debit-mandate-connector parameters

The following table shows variables used to make direct debit mandate outbound connections from Grand Central to OBPM:
KeyDescription
retryFlagSet to true to enable automatic request retries if any failure in connection.
Below is a sample ddmandate-payment-v0.values.yaml: 
# Sample OBPM direct debit mandate payment environment configuration
connector:
  properties:
    retryFlag: false
    
  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 0
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the ddmandate-payment-v0.values.yaml file needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── ddmandate-payment-v0.values.yaml

Define gc-flexcube-foreign-exchange-connector parameters

The following table shows variables used to make foreign exchange payment outbound connections from Grand Central to OBPM:
KeyDescription
retryFlagSet to true to enable automatic request retries if any failure in connection.
Below is a sample foreignexchange-payment-v0.values.yaml: 
# Sample OBPM foreign exchange payment environment configuration
connector:
  properties:
    retryFlag: false
    
  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 0
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the foreignexchange-payment-v0.values.yaml file needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── foreignexchange-payment-v0.values.yaml

Testing your integration

To access the Payments Unified API, you must include your Grand Central subscription key in the request header. If you do not have a key, contact the Grand Central Support Team to have one provisioned.
KeyValue
api-key<your_subscription_key>
Test the API using the Postman Collection.

Troubleshooting

If your connector isn’t responding as expected, check these common scenarios.
Cause: The Grand Central (GC) gateway cannot establish a handshake with the OBPM endpoint. This typically indicates an upstream service outage at Oracle or a network routing failure.Solution: Verify the operational status of the OBPM environment with Oracle. If the service is operational, contact GC Support.
Cause: The Grand Central (GC) gateway cannot establish a handshake with the OBPM endpoint. This typically indicates an upstream service outage at Oracle or a network routing failure.Solution: Verify the operational status of the OBPM environment with Oracle. If the service is operational, contact GC Support.
Cause: The client_id or client_secret provided during setup is incorrect.Solution: Re-verify your credentials with the Oracle portal and contact the GC team to update the connection.
Cause: The number of incoming requests has exceeded the defined threshold for your subscription tier. This “429 Too Many Requests” response is a protective measure to ensure the stability of the Grand Central and Core Banking infrastructure.Solution: Review your application’s request patterns to identify unexpected spikes. If your business requirements have evolved and you require a higher throughput, contact the Grand Central Team to request an adjustment to your APIM rate limit policy.

Need more help?

Contact support

Reach out to the Grand Central team for assistance with environment setup or rate limit increases.