Skip to main content
Before initiating the configuration, ensure you have the following credentials and connectivity in place:
  • Make sure that you have followed Get started with connectors and Sync Hub.
  • OBPM access: An active account in the Oracle Open Banking Payment Manager environment and proprietary wlthint3client.jar license for connecting to JMS Server.
  • Network connectivity: Confirmed routing between the Oracle environment and the Grand Central (GC) iPaaS. We support these Network Connectivities.
  • Environment details: The following environment variables are needed from Oracle to configure the connector:
For OBPM Services
Environmental KeyDescription
soap-obpm-urlThe Soap Service URL to access the obpm environment
obpm-sourceThe unique identifier assigned to the client by obpm
obpm-userIdUserId of the client who is making the connection to obpm
rest-obpm-urlThe Rest Service URL to access the obpm environment
jms-obpm-urlJMS Connection URL to obpm environment
jms-queue-nameJMS Queue name
jms-connection-factoryJMS Connection Factory
jms-security-principalJMS username to authenticate
jms-security-credentialsJMS password for the username to authenticate
For Flexcube Services
Environmental KeyDescription
soap-flexcube-urlThe Soap Service URL to access the flexcube environment
flexcube-sourceThe unique identifier assigned to the client by flexcube
flexcube-userIdUserId of the client who is making the connection to flexcube

Configuration guide

Follow these steps to initialize and authorize your OBPM connector.

1. Establishing connectivity

Share the details to and from Grand Central and OBPM as mentioned on the Network connectivity page for your chosen network connection.

2. OBPM service authentication and authorization mechanisms

The following authentication and authorization mechanisms are supported and can be configured based on your security requirements:
  • mTLS for soap obpm services
  • ws-security for flexcube services
  • obpm authorization for REST Services
  • SSL Server Certificate verification for REST services
  • Trusting SSL Server Certificate for JMS Connection
Certificates/Credentials Security: To configure all certificates and credentials, create a SOPs secret mechanism. For more information, see How to create SOPS. For sharing credentials between OBPM and Grand Central, we recommend using 1Password.

3. Environment configuration

To initialize the OBPM connector, you must define specific environment variables within your gc-applications-live repository. These variables are stored in values.yaml for common across connector and in the below files for each connector specific
ConnectorpropertyDescription
gc-obpm-payment-connectorpayments-v0.values.yamloutbound payment connector for all payments
gc-obpm-payment-inbound-connectorinbound-payments-v0.values.yamlinbound payment connector to receive inbound payment status
gc-obpm-direct-debit-mandate-connectorddmandate-payment-v0.values.yamloutbound payment connector for direct debit mandate creation
gc-flexcube-foreign-exchange-connectorforeignexchange-payment-v0.values.yamloutbound payment connector for foreign exchange creation

Define common parameters

These variables are used across all connectors connecting Grand Central to OBPM and OBPM to Grand Central.
values.yamlDescriptionEnvironmental Key
obpm.baseUrlTarget API endpoint for the OBPM gateway.soap-obpm-url
obpm.sourceUnique organizational identifier assigned by obpm.obpm-source
obpm.userIdUserId of the client who is making the connection to OBPM.obpm-userId
obpm.branchSpecific obpm branch or default to 001
flexcube.baseUrlTarget API endpoint for the Flexcube gateway.soap-flexcube-url
flexcube.sourceUnique organizational identifier assigned by flexcube.flexcube-source
flexcube.userIdUserId of the client who is making the connection to flexcube.flexcube-userId
flexcube.branchSpecific flexcube branch or default to 001
Either flexcube or obpm properties alone required for some connectors. eg: direct debit required obpm properties alone. please skip those properties if its not required for those connectors and in each connector the requirments are mentioned
Below is a sample values.yaml: 
# Sample OBPM Environment Configuration
connector:
  properties:
    obpm.baseUrl: "http://wiremock-obpm-payments.gc-obpm.svc.cluster.local:9021"
    obpm.source: BACKBASE
    obpm.ubsComp: FCUBS
    obpm.userId: BACKBASE
    obpm.branch: "001"

    flexcube.baseUrl: "http://wiremock-flexcube-payments.gc-     
    flexcube.svc.cluster.local:9021"
    flexcube.source: BACKBASE
    flexcube.ubsComp: FCUBS
    flexcube.userId: BACKBASE
    flexcube.branch: "001"

    #OBPM Rest Api Configuration
    obpm.rest.baseUrl: "http://wiremock-obpm-rest-payments.gc-obpm.svc.cluster.local:9021"
Below is the path where the values.yaml needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── values.yaml

Define gc-obpm-payment-connector parameters

These variables, along with the common parameters mentioned above, are used to make outbound connections for all payments from Grand Central to OBPM.
paymentsv01.values.yamlDescription
retryFlagSet to true to enable automatic request retries if any failure in connection.
cxf.client.ssl.ca.cert.path**Optional:** set server certificate path for mTLS
cxf.client.ssl.keystore.path**Optional:** set client certificate path for mTLS
cxf.client.ssl.keystore.type**Optional: **set client keystore certificate type
http.client.ssl.ca.cert.path**Optional: **certificate for SSL Pinning for REST Services
Create SOPs secret for the below variables*
obpm-outbound-secretsDescription
server.crtOptional: load server certificate from obpm to SOPs if mTLS or http trust required for REST service .
client.p12Optional: load Grand Central certificate to SOPs if mTLS is required for Soap service`
cxf.client.wsse.passwordOptional: Soap WSSE security password`
cxf.client.ssl.keystore.password**Optional: **Server certificate keystore password for mTLS`
*Follow how to create SOPS to create new SOPS secret for the above mentioned variables
Below is a sample payments-v0.values.yaml: 
# Sample OBPM all payment Environment Configuration
connector:
  existingSecretName: obpm-outbound-secrets
  properties:
    retryFlag: false
    #Soap Service configuration for additional security
    cxf.client.ssl.ca.cert.path: /etc/camel/conf.d/_secrets/obpm-outbound-secrets/server.crt
    cxf.client.ssl.keystore.path: /etc/camel/conf.d/_secrets/obpm-outbound-secrets/client.p12
    cxf.client.ssl.keystore.type: PKCS12

    #OBPM Rest Api Configuration
    obpm.rest.fetchBankDetailsByIBANApiUri: /api-gateway/api/s2/obpmrest/payments/IbanValidationService
        
    #Http Configurations for REST Service security
    http.client.ssl.ca.cert.path: /etc/camel/conf.d/_secrets/obpm-outbound-secrets/server.crt


  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 0
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the payments-v0.values.yaml needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── payments-v0.values.yaml

Define inbound/webhook gc-obpm-payment-inbound-connector parameters

Configure how Grand Central receives asynchronous updates from OBPM to GC.
Set up the sync-hub component as described in Sync Hub. You can obtain the ASB variables by configuring Sync Hub. This is a mandatory component for inbound connectivity.
inbound-payments-v0.values.yamlDescriptionEnvironmental Key
jmsFlexCubeUrlThe JMS URL to connect to OBPMjms-obpm-url
payment.status.update.queue.nameThe Queue name for JMS to connect.jms-queue-name
jms.connection.factoryThe JMS Connection Factory name.jms-connection-factory
jms.ssl.enableOptional: Enable if SSL Trust required for JMS Connection.
jms.ssl.trustStoreOptional: Trust Certificate if SSL trust to take place.
asb.event.versionVersion of the Async Service Bridge (ASB) schema.
asb.producer.apiUriThe callback URI for receiving incoming events.
asb.event.topicThe ASB topic to send messages.
asb.event.typeThe ASB event type to send messages.
asb.event.sourceThe ASB source to send messages.
retryFlagRetry flag to retry for any technical issues connecting ASB.
jms.recover.exception.http.enableRetry flag to retry for JMS connection technical issues.
values.yaml common parameters are not required for inbound connectors
Create SOPs secret for the below variables*
obpm-inbound-secretsDescriptionEnvironmental Key
jms.ssl.trustStorePasswordOptional: Trust Certificate password if SSL trust to take place.
flexcube.jms.security.principalJMS server username to authenticatejms-security-principal
flexcube.jms.security.credentialsJMS server password to authenticatejms-security-credentials
Follow How to create SOPS to create a new SOPS secret for the variables mentioned above.
Below is a sampleinbound-payments-v0.values.yaml: 
connector:
  existingSecretName: obpm-inbound-secrets
  properties:
    retryFlag: false
    
    # ASB Configuration
    asb.event.type: com.backbase.payment.event.spec.v1.PaymentOrderStatusEvent
    asb.event.source: com.backbase.payments
    asb.event.version: 1.0.0
    asb.event.topic: payment-status
    asb.producer.apiUri: http://asb-producer-v0.synchub-producer.svc.cluster.local
    
    # obpm jms Configuration
    jmsFlexCubeUrl: http://wiremock-obpm-jms-payments.gc-obpm.svc.cluster.local:9021
    payment.status.update.queue.name: NOTIFOUTQ_EXT
    jms.connection.factory: NotifQCF
	jms.recover.exception.http.enable: true
    jms.recover.exception.http.statuses: 429,500,502,503,504

    # Added Security configuration
    jms.ssl.enable: true
    jms.ssl.trustStore: /etc/camel/conf.d/_secrets/obpm-inbound-secret/obpm-ssl-truststore-secret.jks

  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 0 #Minscale set to 0 as there is not connectivity from test to flexcube
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the inbound-payments-v0.values.yaml needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── inbound-payments-v0.values.yaml

Define gc-obpm-direct-debit-mandate-connector parameters

These variables along with common parameters in values.yaml are used to make direct debit mandate outbound connections from Grand Central to OBPM.
For the direct debit mandate connector, the Flexcube URLs mentioned in the common parameter section under values.yaml are not required.
ddmandate-payment-v0.values.yamlDescription
retryFlagSet to true to enable automatic request retries if any failure in connection.
Below is a sample ddmandate-payment-v0.values.yaml: 
# Sample OBPM direct debit mandate payment Environment Configuration
connector:
  properties:
    retryFlag: false
    
  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 0
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the paymentsv01.values.yaml needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── ddmandate-payment-v0.values.yaml

Define gc-flexcube-foreign-exchange-connector parameters

These variables along with common parameters in values.yamlare used to make foreign exchange outbound connections from Grand Central to OBPM.
For foreign exchange connector, obpm urls mentioned in comon parameter section under values.yaml are not required
foreignexchange-payment-v0.values.yamlDescription
retryFlagSet to true to enable automatic request retries if any failure in connection.
Below is a sample foreignexchange-payment-v0.values.yaml: 
# Sample OBPM foreign exchange Environment Configuration
connector:
  properties:
    retryFlag: false
    
  traits:
    knativeservice:
      # IMPORTANT: Cost-related. Keeping minScale >0 causes continuous cost even when idle.
      # With minScale: 0, each request grants 30 min uptime (extended if new requests arrive).
      # Use >0 only if hot start is required, and reset to 0 afterward to avoid unnecessary cost.
      minScale: 0
    logging:
      # DEBUG adds significant log output during startup and runtime.
      # This can noticeably slow down starts due to extra logging work and I/O.
      # Use only for troubleshooting and disable when not needed.
      level: INFO
Below is the path where the foreignexchange-payment-v0.values.yaml needs to be placed: 
├── iPaaS
└── azure/runtimes
    ├── dev
    └── test
        └── values
            ├── gc-obpm
                └── foreignexchange-payment-v0.values.yaml

Testing your integration

To access the Payments Unified API, you must include your Grand Central subscription key in the request header. If you do not have a key, please contact the Grand Central Support Team to have one provisioned.
KeyValue
api-key<your_subscription_key>
Inbound Status Testing: The inbound connector automatically fetches the payment status, and no external trigger is required.
Test the API using the Postman Collection.

Troubleshooting

If your connector isn’t responding as expected, check these common scenarios.
Cause: The Grand Central (GC) gateway cannot establish a handshake with the OBPM endpoint. This typically indicates an upstream service outage at Oracle or a network routing failure.Solution: Verify the operational status of the OBPM environment with Oracle. If the service is operational, contact GC Support.
Cause: The Grand Central (GC) gateway cannot establish a handshake with the OBPM endpoint. This typically indicates an upstream service outage at Oracle or a network routing failure.Solution: Verify the operational status of the OBPM environment with Oracle. If the service is operational, contact GC Support.
Cause: The client_id or client_secret provided during setup is incorrect.Solution: Re-verify your credentials with the Oracle portal and contact the GC team to update the connection.
Cause: The number of incoming requests has exceeded the defined threshold for your subscription tier. This “429 Too Many Requests” response is a protective measure to ensure the stability of the Grand Central and Core Banking infrastructure.Solution: Review your application’s request patterns to identify unexpected spikes. If your business requirements have evolved and you require a higher throughput, contact the Grand Central Team to request an adjustment to your APIM rate limit policy.

Need more help?

Contact support

Reach out to the Grand Central team for assistance with environment setup or rate limit increases.