{"id":15019335,"url":"https://github.com/adorsys/xs2a-adapter","last_synced_at":"2025-04-09T12:08:26.963Z","repository":{"id":33506883,"uuid":"178830383","full_name":"adorsys/xs2a-adapter","owner":"adorsys","description":null,"archived":false,"fork":false,"pushed_at":"2024-03-09T08:27:14.000Z","size":11988,"stargazers_count":37,"open_issues_count":6,"forks_count":27,"subscribers_count":14,"default_branch":"develop","last_synced_at":"2025-04-02T10:13:38.433Z","etag":null,"topics":["berlin-group","fintech","multibanking","open-banking","psd2","spring-boot","tpp","xs2a","xs2a-adapter"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adorsys.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"docs/roadmap.adoc","authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-04-01T09:31:44.000Z","updated_at":"2025-01-25T09:28:14.000Z","dependencies_parsed_at":"2024-10-10T05:31:37.686Z","dependency_job_id":"e375e6c6-52a6-406b-b8dc-6581409ad970","html_url":"https://github.com/adorsys/xs2a-adapter","commit_stats":{"total_commits":1142,"total_committers":25,"mean_commits":45.68,"dds":0.7661996497373029,"last_synced_commit":"4831bd9892c03d95beb56840d31bcd866bb317ea"},"previous_names":["adorsys/xs2a-gateway"],"tags_count":31,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adorsys%2Fxs2a-adapter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adorsys%2Fxs2a-adapter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adorsys%2Fxs2a-adapter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adorsys%2Fxs2a-adapter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adorsys","download_url":"https://codeload.github.com/adorsys/xs2a-adapter/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248036067,"owners_count":21037092,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["berlin-group","fintech","multibanking","open-banking","psd2","spring-boot","tpp","xs2a","xs2a-adapter"],"created_at":"2024-09-24T19:53:21.238Z","updated_at":"2025-04-09T12:08:26.945Z","avatar_url":"https://github.com/adorsys.png","language":"Java","funding_links":[],"categories":["Payments and Banking"],"sub_categories":[],"readme":"# XS2A Adapter\n[![Build Status](https://github.com/adorsys/xs2a-adapter/workflows/Develop%20CI/badge.svg)](https://github.com/adorsys/xs2a-adapter/actions)\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=adorsys_xs2a-adapter\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=adorsys_xs2a-adapter)\n\nThere are various ways for a bank to implement a PSD2 compliant XS2A interface. Don’t waste time in connecting different banks with different approaches into your application. Use the free of charge XS2A adapter and concentrate on your true value proposition!\n\n## Changes in OSS release policy\n\nFor the time being, version 0.1.17 will be the current try-out version of XS2A-adapter that adorsys publishes on GitHub.\nWith PSD2 standards and our solutions having grown to maturity in production, our continuous investment in development and maintenance\nof our XS2A projects forces us to focus on our commercial engagements.\nWe are committed to continuous active development of our XS2A solutions to ensure constant adherence to the latest Berlin Group\nspecifications and to support OpenFinance initiatives.\nExisting published versions will remain available under their respective open-source licenses.\nIf you are a user of our XS2A solutions and would like to either start or extend cooperation, please contact us under psd2@adorsys.com.\n\n## Licensing model change to dual license: AGPL v.3 or commercial license\n\n**Attention: this open-source project will change its licensing model as of 01.01.2022!**\n\nConstantly evolving and extending scope, production traffic and support in open banking\nworld call for high maintenance and service investments on our part.\n\nHenceforth, adorsys will offer all versions higher than v.0.1.16 of Adapter under a\ndual-license model. Thus, this repository will be available either under Affero GNU General\nPublic License v.3 (AGPL v.3) or alternatively under a commercial license agreement.\n\nWe would like to thank all our users for their trust so far and are convinced that we will be\nable to provide an even better service going forward.\n\nFor more information, advice for your implementation project or if your use case requires\nmore time to adapt this change, please contact us at psd2@adorsys.com .\n\nFor additional details please see the section [FAQ on Licensing Change](https://github.com/adorsys/xs2a-adapter#faq-on-licensing-change).\n\n## Who we are\n\n[adorsys](https://adorsys.de/en/index.html) is a company who works ever since the very beginning of PSD2 with its requirements and implicit tasks.\nWe help banks to be PSD2 complaint (technical and legal terms). To speed up the process we provide this open source XS2A interface,\nthat can be connected to your middleware system.\nYou can check your readiness for PSD2 Compliance and other information via [our Web-site](https://adorsys.de/en/psd2).\n\n## What this Project is about\n\n### Key Challenge for a TPP in Europe\n\nPSD2 as the first regulatory driven Open Banking initiative offers many opportunities for both Banks and Third Party Providers. TPPs can use the account information and payment services provided by the banks in order to offer new innovative services to the end users. The more banks a TPP can interact with the more users it can reach with its application, which in consequence raises the value of the application itself.\nHowever, being able to interact with many banks can be a time and cost consuming challenge when developing and maintaining an application. Even though PSD2 sets a standard for bank interfaces, much space for implementation options remains. A bank, therefore, can have an own PSD2 compliant solution or have implemented one of the mayor PSD2 standards, like Open Banking UK, Berlin Group or STET. A PSD2 adapter must be able to process the different messages correctly and react fast to changes on the XS2A interfaces.\n\n\n### High level architecture\n\n![High level architecture](docs/img/high%20level%20architecture.png)\n\n## Running the XS2A Adapter\n\n[The developer guide](docs/developer_guide.md) contains information necessary for launching the XS2A Adapter.\n\n## How to write your own bank adapter\n\nRead this short [guideline](docs/Adapter.md) to get more details\n\n## Routing and ASPSP Registry\n\nASPSP Registry loads data from [aspsp-adapter-config](docs/aspsp_adapter_config_csv.md) file,\nthat contains all information necessary for XS2A Adapter to communicate with banks (Sandboxes only).\n`xs2a-adapter` relies on presence of `X-GTW-ASPSP-ID` or `X-GTW-Bank-Code` request header for routing.\nThe former uniquely identifies an XS2A API provider in the `aspsp-registry`.\nThe later is a shorthand for performing a lookup in the registry using a bank code.\nNote that the `aspsp-registry` supports lookup by attributes other than bank code including full-text search by name,\nbut only as a pre-request.\nIf you need details about managing ASPSP Registry please refer to this [document](docs/aspsp_registry.md).\n\n## Testing API with Postman json collections\n\n For testing API of xs2a it is used Postman https://www.getpostman.com/\n Environment jsons with global parameter’s sets and Collections of jsons for imitation of processes flows are stored in /postman folder.\n To import Postman collections and environments follow next steps:\n 1. Download Postman jsons with collections and environments to your local machine.\n 2. Open Postman, press button “Import”.\n 3. Choose “Import file” to import one json or “Import folder” to import all jsons within the folder, then press button “Choose Files” or “Choose Folders” and open necessary files/folders.\n 4. To change settings of environments - go to “Manage Environments”, press the environment name and change variables.\n\n To start testing with Postman collections it is necessary to have all services running.\n\nYou may run postman tests from the command line\n\n```bash\n\u003e newman run postman/xs2a\\ adapter.postman_collection.json \\\n        -d postman/adapters.postman_data.json \\\n        --globals postman/postman_globals_local.json \\\n        --folder AIS \\\n        --folder sepa-credit-transfers \\\n        --folder pain.001-sepa-credit-transfers \\\n        --timeout-request 3000\n```\n\n## HttpLogSanitizer Whitelist\n\nXS2A Adapter has a feature that masks sensitive data in logs, e.g. PSU-ID, ConsentId, Location, etc. By default, it veils\nall data, but starting from version 0.1.5 Adapter user will be able to partially configure HttpLogSanitizer behavior\nby providing a list of request/response body fields (Whitelist) that will not be hidden.\n\nThere are two ways of setting up Whitelist depending on how a user utilizes the XS2A Adapter:\n* As standalone application: a user will want to add field names separated by a comma on `xs2a-adapter.sanitizer.whitelist`\nproperty under `application.yml`. Examples are already put in Adapter YAML.\n* As library: a user will want to provide a java.util.List of type String into default HttpLogSanitizer implementation - `Xs2aHttpLogSanitizer`.\n\n__Note__: field names must be Berlin Group specification compliant, otherwise there will be no effect and data will still be masked.\n\n## Non-XS2A Interfaces\n\nThe Adapter also covers non-PSD2 XS2A interfaces and contain services that handles such cases.\nThese are OAuth2 and EmbeddedPreStep services. Please check out Swagger JSONs for details:\n[OAuth2 API](xs2a-adapter-rest-impl/src/main/resources/static/oauthapi.json)\nand [EmbeddedPreStep API](xs2a-adapter-rest-impl/src/main/resources/static/embeddedpreauthapi.json) respectively.\n\n**EmbeddedPreStep** interface is a specific Crealogix solution that resembles OAuth2 protocol but may have no interaction with\nIDP Server, also user credentials are passed between a TPP, and an ASPSP as it would be a usual Embedded approach.\n\nMore details are on the [Crealogix API Store](https://preview.wso2-clx.crealogix-online.com/store/apis/info?name=PSD2Pre-StepAuthorizationAPI\u0026version=1.0.6\u0026provider=admin).\n\nCrealogix solution is used by DKB.\n\n## WireMock Mode\n\nXS2A Adapter has a feature for testing a bank connection without actually communicating with a bank. We have written stubs\nof real bank responses so you can give a try for your solution. This feature is called a `WireMock Mode`.\n\nTo activate it, a user will need to set `sa2a-adapter:wire-mock:mode` to `true` within the `application.yml` file. It will\nstart a WiremockHttpClient, with a build in WireMock server, instead of a default ApacheHttpClient.\n\nNot all adapters have written stubs though. Responses available for the next adapters:\n- adorsys-adapter\n- deutsche-bank-adapter\n- fiducia-adapter\n- ing-adapter\n- sparkasse-adapter\n- verlag-adapter\n- santander-adapter\n- unicredit-adapter\n- commerzbank-adapter\n- comdirect-adapter\n\nNew stubs will be added in time.\n\nThe XS2A Adapter also provides an easy way to connect to a standalone WireMock server in case a user will want to have\none running separately. For connecting with a standalone WireMock you will want to have a `WireMock Mode` on and provide\na URL to the server as a value of `sa2a-adapter:wire-mock:standalone:url` property.\n\nMore details on the `WireMock Mode` can be found [here](https://adorsys.github.io/xs2a-adapter/wiremock-mode).\n\n## Examples of XS2A flows\n\nIn case you are not very comfortable with how all communication between a TPP and a bank is performed,\nplease take a look at [these examples](https://adorsys.github.io/xs2a-adapter/xs2a-flows) in a form of sequence diagrams.\n\nFor full description, please refer to the official Berlin Group PSD2 specification - \u003chttps://www.berlin-group.org/nextgenpsd2-downloads\u003e\n\n## Technical Details\n\nWe have provided technical description in the [arc42 document](https://adorsys.github.io/xs2a-adapter/).\n\n## Banks peculiarities\n\nThere are some specific cases in communication with banks that an XS2A Adapter user must be aware of.\n\nFor example, `Sparkasse` and `Fiducia` always return a list of transactions in XML format, thus triggering\n\n```bash\nResponse\u003cTransactionsResponse200Json\u003e getTransactionList(String accountId,\n                                                         RequestHeaders requestHeaders,\n                                                         RequestParams requestParams);\n```\n\nor calling `getTransactionList` endpoint with specified `Accept: application/json` header on these banks\nwill throw `NotAcceptableException`, due to format mismatching.\n\n## Releases and versions\n\n All released features, fixes, details, etc. can be found\n  within the Release Notes under the [Releases](https://github.com/adorsys/xs2a-adapter/releases) section\n  on GitHub.\n\n* [Release Notes](https://github.com/adorsys/xs2a-adapter/tags)\n\n* [Roadmap for next features development](docs/roadmap.adoc)\n\n## Authors \u0026 Contact\n\n* **[Francis Pouatcha](mailto:fpo@adorsys.de)** - *Initial work* - [adorsys](https://www.adorsys.de)\n\nSee also the list of [contributors](https://github.com/adorsys/xs2a-adapter/graphs/contributors) who participated in this project.\n\nFor commercial support please contact **[adorsys Team](https://adorsys.de/en/psd2)**.\n\nIf you have any technical questions you can ask them in our [gitter](https://gitter.im/adorsys/xs2a-adapter) or via the [e-mail](mailto:xs2adapter@adorsys.de)\n\n## License\n\nThis project is dual licensed under Affero GNU General Public License v.3 (AGPL v.3) or alternatively under a commercial license agreement - see the [LICENSE](LICENSE) file for details.\n\nFor commercial inquiries please contact us at psd2@adorsys.com.\n\nFor additional details please see the section: FAQ on Licensing Change.\n\n## FAQ on Licensing Change\n\n**What is a dual-licensing model?**\n\nUnder a dual-licensing model, our product is available under two licenses:\n\n1. [The Affero GNU General Public License v3 (AGPL v3)](https://www.gnu.org/licenses/agpl-3.0.en.html)\n2. A proprietary commercial license\n\nIf you are a developer or business that would like to review our products in detail, test and implement in your open-source projects and share the changes back to the community, the product repository is freely available under AGPL v3.\n\nIf you are a business that would like to implement our products in a commercial setting and would like to protect your individual changes, we offer the option to license our products under a commercial license.\n\nThis change will still allow free access and ensure openness under AGPL v3 but with assurance of committing any alterations or extensions back to the project and preventing redistribution of such implementations under commercial license.\n\n**Will there be any differences between the open-source and commercially licensed versions of your products?**\n\nOur public release frequency will be reduced as our focus shifts towards the continuous maintenance of the commercial version. Nevertheless, we are committed to also provide open-source releases of our products on a regular basis as per our release policy.\n\nFor customers with a commercial license, we will offer new intermediate releases in a more frequent pace.\n\n**Does this mean that this product is no longer open source?**\n\nNo, the product will still be published and available on GitHub under an OSI-approved open-source license (AGPL v3).\n\n**What about adorsys’ commitment to open source? Will adorsys provide future product releases on GitHub?**\n\nWe at adorsys are committed to continue actively participating in the open-source community. Our products remain licensed under OSI-approved open-source licenses, and we are looking forward to expanding our product portfolio on GitHub even further.\n\n**How does the change impact me if I already use the open-source edition of your product?**\n\nAll currently published versions until v1.0 will remain under their current Apache 2.0 license and its respective requirements and you may continue using it as-is. To upgrade to future versions, you will be required to either abide by the requirements of AGPL v3, including documenting and sharing your implemented changes to the product when distributing, or alternatively approach us to obtain a commercial license.\n\n**What if I cannot adjust to the new licensing model until 01.01.2022? Can I extend the deadline?**\n\nWe understand that adjustment to licensing changes can take time and therefore are open to discuss extension options on an individual basis. For inquiries please contact us at psd2@adorsys.com.\n\n**Which versions of the product are affected?**\n\nAll versions of Open Banking Gateway after v1.0 will be affected by the licensing changes and move to a dual-licensing model.\n\n**What will happen to older, Apache 2.0 licensed product versions?**\n\nAll older Apache 2.0 licensed versions prior and including v1.0 will remain available under their existing license.\n\n**What open-source products from Adorsys are affected by the licensing change?**\n\nThe following products are affected:\n\n- [XS2A Core](https://github.com/adorsys/xs2a)\n- [XS2A Sandbox \u0026 ModelBank](https://github.com/adorsys/XS2A-Sandbox)\n- [Open Banking Gateway](https://github.com/adorsys/open-banking-gateway) incl. [XS2A Adapters](https://github.com/adorsys/xs2a-adapter)\n- [SmartAnalytics](https://github.com/adorsys/smartanalytics)\n- [Datasafe](https://github.com/adorsys/datasafe)\n\n**I’m using one of these products indirectly via some software integrator. How does the licensing change affect me?**\n\nThe licensing change does not affect you as user, but it is relevant to your provider who has used our product in their solution implementation. In case of uncertainty please contact your service provider or approach us at psd2@adorsys.com.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadorsys%2Fxs2a-adapter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadorsys%2Fxs2a-adapter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadorsys%2Fxs2a-adapter/lists"}