finAPI Mock bank

Owned by Wolfram Stacklies
Last updated: May 06, 2024
2 min read

Background: The finAPI mock bank is a development feature and must be configured in the backend. Also, the staging system allows for the configuration of mock banks. Sandbox and Production do however not allow mock bank configuration.

Glossary

2FA - Two factor authentication

TAN - Transaction authentication number; often required as 2FA

Where is the code?

The mock bank is defined in FinApiBankConnectionMockingService.

How do I configure a mock bank?

The Grails app provides the http://localhost:8080/apiTest/mockBankingApi endpoint. This endpoint allows to link a filename containing mock data with a BIC (identifying a bank). The files are stored in main-app/src/main/resources/testSupport/fixtures. For each bank, we have the files

  • {filename}Accounts.json: All accounts and depots

  • {filename}Securities.json: All investments

  • {filename}Transactions.json: All cash transactions

Note that there may be more than one set of files per bank / BIC. When configuring the mock bank, the file format should match the bank. This is because transaction purpose formats are different for every bank.

How do I use the mock bank?

The mock bank will react to certain username / password configurations. Depending on what is entered, it will

  • successfully import data

  • request a 2FA via photo-TAN

  • request a 2FA via SMS-TAN / an APP tan (there really is no difference, you must input a number)

  • request a decoupled 2FA - it will then succeed automatically after a little while

  • request a redirect

  • fail

Steps to do an import which is successful or simulates error cases

  • Logging in:

    • username / login: use whatever you want (???)

    • use PIN 1234567 to trigger a 2FA

    • use PIN 1 to import successfully without 2FA

    • use PIN 2 to simulate an import with stored credentials triggering an error

    • use any other input to trigger a credentials error

  • Confirming challenges (2FA):

    • use Challenge response code 1234567 to successfully pass the 2FA challenge

    • use Challenge response code 7654321 to pass the challenge and trigger a second 2FA challenge

    • use any other input to trigger a challenge error

  • Doing a redirect approach

    • The application will redirect to the mock redirect page http://localhost:8080/apiTest/mockXs2aForm/e3d7d20f-2ee6-407f-ae68-8988a680d2a0?scope=AIS%3A1585056242-ba7acd8

    • From there you can click on “success” or “fail”. Note that this will not work well in current E2E tests for react. We should move this page to react to be able to run E2E tests on it.

    • If the redirect URL contains error=access_denied then the mock bank will consider this a failure and raise an according access denied exception. This can be used to simulate cases where the redirect consent fails.

  • Special case comdirect XS2A

    • user ID correctUserId will trigger a decouple auth which will succeed after a few seconds

    • any other user ID will trigger a redirect (yes, that’s how they implemented it, WTF…)