Skip to main content
Before you configure the Fiserv DNA Connector, make sure you have the following credentials and connectivity:
  • Follow the steps in Getting started.
  • Fiserv DNA access: An active account in the Fiserv DNA production or test environment with necessary permissions.
  • Network connectivity: Verify that your network routes traffic between the Fiserv DNA environment and Grand Central iPaaS. For supported options, see Network connectivity.
  • Environment details: You need the following environment details from Fiserv DNA to configure the connector:
ParameterDescription
fiservdna-base-urlThe API endpoint URL for the Fiserv DNA environment
fiservdna-hostThe hostname for Fiserv DNA services
device-idDevice identifier for DirectSignOn authentication
user-idUsername for DirectSignOn authentication
passwordPassword for DirectSignOn authentication
app-idApplication identifier for core API requests

Configuration guide

Follow these steps to initialize and authorize your Fiserv DNA Connector.

1. Establish connectivity

Share connectivity details between Grand Central and Fiserv DNA as described in Network connectivity.

2. Fiserv DNA authentication

The Fiserv DNA Connector uses SingleSignOn (SSO) authentication for API access. This two-step authentication process generates secure tokens for all API requests.
The SSO authentication process consists of two steps: DirectSignOn (to obtain an SSOTicket) and WhoIs (to validate the ticket and obtain session credentials).

Authentication flow

Step 1: DirectSignOn Request The connector uses DeviceId, UserId, and Password to generate an SSOTicket: 
<DirectSSORequest>
  <DeviceId>{device-id}</DeviceId>
  <UserId>{user-id}</UserId>
  <Password>{password}</Password>
  <ProdEnvCd>PRODUCTION</ProdEnvCd>
  <ProdDefCd>SAF2006</ProdDefCd>
</DirectSSORequest>
The response contains an SSOTicket that is extracted from the DirectSignonResult tag. Step 2: WhoIs Request The connector uses the SSOTicket to obtain a WhoIsResult token with session credentials: 
<WhoIsRequest SSOTicket="{ssoTicket}">
  <LookupSSOTicket>{ssoTicket}</LookupSSOTicket>
</WhoIsRequest>
The WhoIsResult contains authentication details including an ExpirationDate for token caching and a Signature for API requests. Step 3: API Requests All API requests use the WhoIsResult, NetworkNodeName, and AppId: 
<UserAuthentication>
  <ApplID>{app-id}</ApplID>
  <AuthorizationType>SingleSignOn</AuthorizationType>
  <NetworkNodeName>{network-node-name}</NetworkNodeName>
  <Password>{WhoIsResult}</Password>
</UserAuthentication>
The connector automatically manages token lifecycle, including caching and renewal based on expiration dates. To configure authentication, create a Secrets Operations (SOPS) secret. For more information, see How to create SOPS.
To share credentials between Fiserv DNA and Grand Central, consider using 1Password.

3. Environment configuration

To initialize the Fiserv DNA Connector, define the required environment variables in your gc-applications-live repository. These variables are stored in values.yaml for common configuration across all connectors and in the following files for connector-specific configuration:
ConnectorPropertyDescription
gc-fiservdna-deposit-connectordeposit-v0.values.yamlOutbound deposit connector for deposit account operations
gc-fiservdna-deposit-transaction-connectordeposit-transaction-v0.values.yamlOutbound deposit transactions connector for transaction operations
gc-fiservdna-loan-connectorloan-v0.values.yamlOutbound loan connector for loan account operations
gc-fiservdna-loan-transaction-connectorloan-transaction-v0.values.yamlOutbound loan transactions connector for transaction operations
gc-fiservdna-party-connectorparty-v0.values.yamlOutbound party connector for party management operations
gc-fiservdna-party-access-entitlement-connectorparty-access-entitlement-v0.values.yamlOutbound party access entitlement connector
gc-fiservdna-payment-connectorpayment-v0.values.yamlOutbound payment connector for payment operations

Define common parameters

These variables are stored in values.yaml and are used across all Fiserv DNA connectors:
ParameterDescriptionExample value
fiservdna.baseUrlTarget API endpoint for the Fiserv DNA environment.https://fiservdna-api.yourbank.com/Extensions/DNA.CoreApiService/CoreApiService.svc/Soap11
fiservdna.hostHostname for Fiserv DNA services.fiservdna-api.yourbank.com
fiservdna.appIdApplication identifier for core API requests.your-app-id-uuid
fiservdna.networkNodeNameNetwork node identifier for core API requests.YOUR_NODE_NAME
fiservdna.cashBoxNumberCash box number for payment operations.1001
The following example shows the values.yaml configuration: 
# Common Fiserv DNA Configuration
# Place this in: values.yaml
connector:
  properties:
    # SSL/TLS Configuration
    cxf.client.ssl.ca.cert.path: /etc/camel/conf.d/_secrets/fiservdna-secret/tls.crt
    cxf.loggingFeatureEnabled: true
    
    # Fiserv DNA Connection Settings
    fiservdna.baseUrl: "https://fiservdna-api.yourbank.com/Extensions/DNA.CoreApiService/CoreApiService.svc/Soap11"
    fiservdna.host: "fiservdna-api.yourbank.com"
    fiservdna.appId: "your-app-id-uuid"
    fiservdna.networkNodeName: "YOUR_NODE_NAME"
    fiservdna.cashBoxNumber: 1001
    
    # Type conversion - attributes to skip during processing
    typeConversion.skipAttributes: address,addressLine,birthDate,buildingNumber,country,countryCode,countryIsoCode,countrySubDivision,demographics,driversLicenseNumber,education,educationLevel,electronicAddress,emails,employer,employerIdentificationNumber,employment,establishmentDate,expiryDate,familyName,firstName,identificationNumber,identificationType,issueDate,issuingCountry,key,legalStructure,memberNumber,middleName,name,nationalIdentityNumber,number,occupation,organisationIdentifications,organisationName,partyId,partyPartyRelationships,partyRole,partyType,passportNumber,personIdentification,personName,phoneAddresses,postalAddresses,postalCode,preferredLanguage,roleEndDate,roleStartDate,sector,status,streetName,subDepartment,subType,taxIdentificationNumber,townName,type,yearOfPassing,id,depositId,accountId,checkSerialNumber,branchId,loanId
    
    # Namespace URIs for SOAP messages
    # namespaceURI.MajorAccountType: http://schemas.datacontract.org/2004/07/OpenSolutions.CoreApiService.Services.Messages
    # namespaceURI.MinorAccountType: http://schemas.datacontract.org/2004/07/OpenSolutions.CoreApiService.Services.Messages
    
    # Mapping field configuration
    # mappingField.MajorAccountType: MajorAccountTypeCode
    # mappingField.MinorAccountType: MinorAccountTypeCode
    
    # Account Type Mappings - Single field replacement
    # fieldsToBeReplaced: MajorAccountType,MinorAccountType
    # MajorAccountTypeCode.<Major>: <GC_ProductId>
    # MinorAccountTypeCode.<Minor>: <GC_SecondaryProductId>
    
    # Account Type Mappings - Combined field replacement
    # fieldsToBeReplaced: MajorAccountType@MinorAccountType
    # MajorAccountTypeCode.<Major>@MinorAccountTypeCode.<Minor>: <GC_ProductId>@<GC_SecondaryProductId>
    
    # Party name search configuration
    # For partyName search with partyType PERSON, partyName format is: <firstName><partyNameDelimiter><lastName>
    # Default partyNameDelimiter is SPACE (" "). Configure a custom delimiter:
    # partyNameDelimiter: <delimiter>
    
    # Product type categories
    # deposit.productTypes: <DepositProductType1>,<DepositProductType2>,...
    # loan.productTypes: <LoanProductType1>,<LoanProductType2>,...
    
    # Account role codes
    # fiserv.accountRoleCodes: <RoleCode1>,<RoleCode2>,...
  traits:
    knativeservice:
      minScale: 0
    logging:
      level: INFO
    pdb:
      enabled: false
Account type mapping patterns:
PatternDescription
MajorAccountTypeCode.<Major>Single field mapping for major account type
MinorAccountTypeCode.<Minor>Single field mapping for minor account type
MajorAccountTypeCode.<Major>@MinorAccountTypeCode.<Minor>Combined mapping for both major and minor types
<GC_ProductId>@<GC_SecondaryProductId>Grand Central product ID and secondary product ID
Configure the account type mappings based on your Fiserv DNA environment’s product configuration. Contact your Fiserv DNA administrator to obtain the full list of MajorAccountTypeCode and MinorAccountTypeCode values.
Place the values files at the following paths: 
iPaaS/azure/runtimes/{runtime}/values/gc-fiservdna/
├── values.yaml
├── deposit-v0.values.yaml
├── deposit-transaction-v0.values.yaml
├── loan-v0.values.yaml
├── loan-transaction-v0.values.yaml
├── party-v0.values.yaml
├── party-access-entitlement-v0.values.yaml
└── payment-v0.values.yaml

Define deposit connector parameters

The deposit-v0.values.yaml file contains configuration for deposit account operations. 
connector:
  properties:
    # Bank organization number
    # fiserv.bankOrgNumber: <BankOrgNumber>
  traits:
    knativeservice:
      minScale: 0
    logging:
      level: INFO

Define deposit-transaction connector parameters

The deposit-transaction-v0.values.yaml file contains configuration for deposit transaction operations including transaction type mappings. 
connector:
  properties:
    # Transaction type mappings
    # fieldsToBeReplaced: type
    # type.<CoreTransactionType>: <GC_TransactionType>
  traits:
    knativeservice:
      minScale: 0
    logging:
      level: INFO

Define loan connector parameters

The loan-v0.values.yaml file contains configuration for loan account operations. 
connector:
  properties:
    # Bank organization number
    # fiserv.bankOrgNumber: <BankOrgNumber>
  traits:
    knativeservice:
      minScale: 0
    logging:
      level: INFO

Define loan-transaction connector parameters

The loan-transaction-v0.values.yaml file contains configuration for loan transaction operations including transaction type mappings. 
connector:
  properties:
    # Transaction type mappings
    # fieldsToBeReplaced: type
    # type.<CoreTransactionType>: <GC_TransactionType>
  traits:
    knativeservice:
      minScale: 0
    logging:
      level: INFO

Define party connector parameters

The party-v0.values.yaml file contains configuration for party management operations. 
connector:
  customLabels:
    camel.apache.org/integration: "party-v0"
  properties:
    # Product Config for getAccountsByPartyId
    # deposit.productTypes: <DepositProductType1>,<DepositProductType2>,...
    # loan.productTypes: <LoanProductType1>,<LoanProductType2>,...
    # fiserv.accountRoleCodes: <RoleCode1>,<RoleCode2>,...
  traits:
    knativeservice:
      minScale: 0
      autoscalingTarget: 100
    logging:
      level: INFO

Define party-access-entitlement connector parameters

The party-access-entitlement-v0.values.yaml file contains configuration for party access entitlement operations. 
connector:
  traits:
    knativeservice:
      minScale: 0
    logging:
      level: INFO

Define payment connector parameters

The payment-v0.values.yaml file contains configuration for payment operations. 
connector:
  traits:
    knativeservice:
      minScale: 0
    logging:
      level: INFO

Testing your integration

To access the Unified API, include your Grand Central subscription key in the request header. If you don’t have a key, contact the Grand Central Support Team to request one.
HeaderValue
api-key<your_subscription_key>
Test the API using the Postman Collection.

Troubleshooting

If your connector isn’t responding as expected, check these common scenarios.
Cause: The Grand Central gateway cannot establish a handshake with the Fiserv DNA endpoint. This typically indicates an upstream service outage at Fiserv or a network routing failure.Solution: Verify the operational status of the Fiserv DNA environment. Check the Fiserv status page or contact Fiserv support. If the service is operational, contact Grand Central Support.
Cause: The request to Fiserv DNA exceeded the configured timeout period. This may indicate performance issues at Fiserv or network latency problems.Solution: Verify the operational status of the Fiserv DNA environment and check for any performance degradation. If the service is operational and performing normally, contact Grand Central Support.
Cause: The DirectSignOn credentials provided during setup are incorrect, expired, or the user lacks the required permissions in Fiserv DNA.Solution: Re-verify your credentials with your Fiserv DNA administrator and ensure the user has the required permissions. Contact the Grand Central team to update the connection credentials if needed.
Cause: The SSOTicket or WhoIsResult token has expired based on the ExpirationDate field.Solution: The connector automatically refreshes tokens. If you continue to see errors, verify that the system clock is synchronized and contact Grand Central Support.
Cause: The number of incoming requests exceeds the defined threshold for your subscription tier. This “429 Too Many Requests” response protects the stability of the Grand Central and Fiserv DNA infrastructure.Solution: Review your app’s request patterns to identify unexpected spikes. If you need higher throughput, contact the Grand Central Team to request a higher rate limit.

Need more help?

Contact support

Contact the Grand Central team for help with environment setup or rate limit increases.