Solution Blueprint SandboxV3 DeveloperPortal v1.0

SandboxV3 – Developer Portal
Document Version: 1.0
Classification: Red – Confidential
Copyright © 2018 Capgemini. All rights reserved.
The information contained in this document is proprietary and confidential and is the property of the Capgemini
Group. It is intended only for the person or organization to whom it is shared with. No part of this document may
be modified, deleted or expanded by any process or means without prior written permission from Capgemini. You
are not authorized to print, copy, disseminate, distribute this document or any part thereof without prior written
permission from Capgemini.
Table of Contents
1 DOCUMENT INFORMATION...........................................................................................................................................3
1.1 VERSION HISTORY............................................................................................................................................................. 3

1.2 DOCUMENT SIGNOFF ........................................................................................................................................................ 3
1.3 REFERENCE DOCUMENTS ................................................................................................................................................... 3
2 INTRODUCTION .............................................................................................................................................................4
2.1 PURPOSE OF THE DOCUMENT .............................................................................................................................................. 4

2.2 OVERVIEW ...................................................................................................................................................................... 4
2.3 SCOPE ............................................................................................................................................................................ 4
2.3.1 In – Scope ................................................................................................................................................................ 4
2.3.2 Out of Scope ............................................................................................................................................................ 5
3 FUNCTIONAL DETAILS ....................................................................................................................................................6
3.1 SANDBOX FUNCTIONAL OVERVIEW ...................................................................................................................................... 6

3.1.1 Key Features ............................................................................................................................................................ 6
3.1.2 Application URLs...................................................................................................................................................... 7
3.2 CAPGEMINI DEVELOPER PORTAL FUNCTIONALITY .................................................................................................................... 7
3.2.1 Functional Flows ...................................................................................................................................................... 8
3.2.2 Validations & Errors .............................................................................................................................................. 27
3.2.3 Emails .................................................................................................................................................................... 29
3.2.4 JavaScript Support ................................................................................................................................................. 29
3.2.5 Configurations ....................................................................................................................................................... 29
3.2.6 Visual Design ......................................................................................................................................................... 30
3.2.7 Static Content ........................................................................................................................................................ 30
3.2.8 General Website Maintenance .............................................................................................................................. 30
3.3 CAPGEMINI DEVELOPER PORTAL ADMINISTRATION ............................................................................................................... 31
3.3.1 Block Developer ..................................................................................................................................................... 31
1 Document Information
1.1 Version History
Version Date Author(s) Revision Notes
0.1 10-01-2019 Abhijeet Aitavade Initial Draft
0.2 14-01-2019 Abhijeet Aitavade Updates based on review comments
1.0 22-01-2019 Alok Singh Review and updates
1.2 Document Signoff

Version Date Name Organization - Role/Position/Designation
1.0 23-01-2019 Mohit Madan Portfolio Manager
1.3 Reference Documents

# Document Version
1. PSD2 Directive - Directive on payment services in the internal market DIRECTIVE (EU) 2015/2366
25 November 2015
2. PSD2 RTS - Final Report - Draft Regulatory Technical Standards on EBA/RTS/2017/02
Strong Customer Authentication and common and secure
communication 23 February 2017
SandboxV3 Page 3 of 32
2 Introduction
2.1 Purpose of the document
This document provides the brief description of Sandbox and provides functional details of the Developer Portal
provided by Capgemini API Platform.
2.2 Overview
The Revised Payments Services Directive (PSD2) mandates banks to provide access to account (XS2A) facilities to
licensed Third Party Providers (TPPs). There are three types of Third party providers:
1. Account Information Service Providers (AISP)

 AISP APIs are for access to customer online payment account data via TPP.
2. Payment Initiation Service Provider (PISP)
 PISP APIs are for the initiation payments from an online payment account via TPP.
3. Payment Service Providers Issuing Card-based Payments Instruments Issuers (CISP)
 CISP APIs are to provide a true/false response to confirm availability of funds on an online
payment account.
PSD2 prescribes the business requirements that must be met by the XS2A facilities and provides for the
establishment of further Regulatory Technical Standards (RTS) to be met by banks in the future.
API Platform is hosted on a cloud-based environment and Amazon Web Services (AWS) is the cloud service
provider. Platform has two modes:
1. Production-Mode
In Production-Mode, the platform provides its complete functionality and is fully connected with Bank’s
Foundation Services and other components.
2. Sandbox-Mode
In Sandbox-Mode, the platform provides a Developer portal, API documentation and disconnected
testing environment which could be used by developers to understand the APIs and is used for
developing and testing client applications. In this mode, there is no connectivity with Bank’s Foundation
Services.
2.3 Scope
2.3.1 In – Scope
1. Capgemini Developer Portal
a. Developer Registration
b. Change Password
c. View/Edit Profile
d. Forgot Password
e. Login
f. Developer Overview Page
g. Test Data Download
h. Static content in Capgemini Developer Portal
2. Single-Sign On between Capgemini Developer Portal and MuleSoft Developer Portal
3. Static Content in MuleSoft Developer Portal (API Documentation)
4. Block Developer APIs
5. Sandbox APIs configured as per the Test Data
2.3.2 Out of Scope

 Responsive UI Design (The Capgemini Developer Portal is not designed and developed with responsive UI
design). Being a developer portal, its main users are expected to be developers who would be using
Laptops and Desktops to access the portal.
 Mule Developer Portal Responsive UI (Capgemini Developer Portal only provides redirection to MuleSoft
Developer Portal, it is hosted and managed by MuleSoft)
3 Functional Details
3.1 Sandbox Functional Overview
A sandbox is a type of software testing environment that enables the isolated execution of software programs
(APIs in our case) for understanding, independent evaluation, testing and integrating with other software
programs (application clients).
The API Sandbox is an environment that different parties can use to mimic the characteristics of the production-
mode environment and create simulated responses from APIs.
The API sandbox makes it possible to
 Reduce the cost and risk associated with calling the APIs.
 Allow for concurrent testing and development to fast-track app development cycles and reduce time-to-
market.
 Simulate error scenarios with APIs
 Sandbox can also provide preview of new APIs or upcoming versions of the existing APIs
3.1.1 Key Features

Sandbox provides external developers with
 Capgemini Developer Portal provides user/developer life cycle management options and an overview of
the Sandbox
 API Specifications and Documentation through MuleSoft Developer Portal
 Environment to simulate and test individual APIs in Sandbox-mode
3.1.1.1 External Developer Functionality

External developer is a thirty party or partner developer who intends to understand and test the APIs. Through
the Developer Portal, external developer will be provided all the information required to invoke bank’s APIs in
Sandbox mode.
1.1 Registration 1.2 Send Activation Link
2.1 Credential Management

Forgot Password / Change Password
3.1 Login Identity Federation and SSO 2.2 Send Reset Link Email Service
3.2 SSO and Identify Federation to

Capgemini and API Portal
3.3 Capgemini Developer Capgemini

Portal – Link to MuleSoft API Portal Developer Portal
Developer
3.4 SSO into API Portal

MuleSoft Developer Portal
4.1 APIs Documentation Review and
Application Registration
Mocked
5.1 Test APIs
APIs
Note: The number (before decimal point) indicates a separate interaction flow like “Registration”, “Credential Management”, “Login” etc. The number after the decimal
point indicates the sequence within the interaction flow.
3.1.1.2 API Testing
External developers will be able to test the APIs provided by the platform using the test data provided by
Capgemini Developer Portal.
Using the test data, external developers will be able to use the API Platform in “Sandbox-Mode” same as the
“Production-Mode”. API and Security Profile specifications remain same for both the modes.
3.1.1.2.1 PSU/Customer Data

PSU data will contain the preconfigured PSUID (login id for SCA), mock account information for multiple customer
accounts and related dummy data. All the data will be dummy and not related with bank’s production/sensitive
data
3.1.1.2.2 Sandbox Mocking Information

MuleSoft Developer Portal will have the steps and mocking information required to invoke the APIs with the help
of test data provided by Capgemini Developer Portal.
3.1.2 Application URLs

Below is the list of external facing URLs. Bank has to decide about the <Bank Domain> they would like to use.
URL Type Details Proposed DNS/URL
Capgemini This URL would be used to launch the developer.<Bank Domain>

Developer Portal Capgemini Developer Portal.
URL (Portal URL)
Login/Authorization User would be redirected to this URL federation.<Bank Domain>

Service for registration, logging-in (SSO) and
(PingFederate) credential management
API URL These are the URLs of APIs for direct api-sandbox.<Bank Domain>/*
invocation of APIs in Sandbox-Mode
OIDC Provider URL OIDC Provider(OP) URL to support auth-sandbox.<Bank Domain>/*

security profile
MuleSoft CloudHub This would be the URL of MuleSoft eu1.anypoint.mulesoft.com/<orgname_crea

URL CloudHub Console and the Mule ted_in_mule_cloudhub_account>
Developer Portal (which would also
be hosted at the same location)
(This URL is for reference only. For

developers, this URL would be
available from within in the
Capgemini Developer Portal.)
3.2 Capgemini Developer Portal Functionality

Capgemini Developer Portal provides functionality for external developers to register, learn and understand
about the API’s and request API access for testing.
For a developer to be able to gain access to APIs, they need to go through the following steps:
a) Register and Activate: During this step, platform requires minimal user information to create an account on
the developer portal. Information such as, First Name, Last Name, Organization (optional), Email which is
going to be used as the username to allow log in and password. Once this information is captured, platform
sends an email that contains an instruction for the developer to activate their account
b) Overview Page: This is the page default landing page as “Overview” Page. The developer will have an option
to API Documentation, FAQ, Help and Login through the top navigation menu and buttons/links are available
on overview page.
Once the developer has activated their account, they will use their email and password to log into the
"Capgemini Developer Portal”. Once logged-in, developer will have options to “Change Password” and “View
Profile” through the top navigation menu. On the page, buttons/links are available to download test data and
navigate to Mule Developer Portal.
c) MuleSoft Developer Portal: Once the developer is in the Capgemini Developer Portal, by click of a
button/link they will be redirected to MuleSoft Developer Portal. Through the portal they can access API
documentation and all the information required to execute APIs in Sandbox mode.
Note: MuleSoft Developer Portal is a managed service provided by MuleSoft. While navigating from Capgemini
Developer Portal to MuleSoft Developer Portal, the developer would be able to see different URLs in the browser.
3.2.1 Functional Flows

This section describes all the Cross Functional Flows for Capgemini Developer Portal and wherever necessary it
has required references
 Error Mapping (refer section 3.2.2.3) references are given with “Error ID” column of the appended sheet.
Ex. ERROR01, ERROR02 etc.
 Emails (refer section 3.2.3) references are given with “Mail ID” column of the given table. Ex. MAIL01,
MAIL02 etc.
Please note that the document covers all major functional flows for Capgemini Developer Portal but does not
cover every clickable link on the page.
3.2.1.1 External Developer Registration and Activation

This is the step that an external developer must perform to sign up in Capgemini Developer Portal.
3.2.1.1.1 Standard Flow (Flow: External Developer Registration and Activation)

The following flow covers the standard registration and account activation process for the external developer.
External Developer Registration & Activation (Standard Flow)
LDAP Directory
External Developer Capgemini Developer Portal (Sandbox)
(Sandbox)
1 Capture Developer Details 2

Request Registration
& Login Credentials
 First Name
 Last Name
 Email (will also be used as login username)
 Confirm email
 Password
 Confirm Password
 Organization (optional)
 Terms of use
4
Validate input form fields
5
6
Submit Request Validate Email ID (username) is unique
7
Create Developer Account Developer Account
State: Pending Activation Data
8
Email with Activation Link Send Activation Link in Email
Confirm Email ID by 9 10
Activate Developer
clicking link received in email Activation Success Page
Account
(Valid Link)
11
Login Page
1. Developer navigates to the registration page on Capgemini Developer Portal

2. Provides all details and login credentials for registration
3. Fields are First Name, Last Name, Email, Confirm Email, Password, Confirm Password, Organization (optional)
and checkbox for accepting “Terms of use”.
4. All the fields will be validated as per Section 3.2.2
5. User submits the form once all mandatory requirements are satisfied.
6. If the user (identified by email id) is previously registered, Capgemini Developer Portal implements a
validation and gives an error message (ERROR12)
7. Developer’s account is created with Capgemini Developer Portal but in “Pending Activation” or locked state
8. User will be shown the success message and mail (MAIL01) will be sent with the activation link to registered
email id.
9. Developer clicks on the received activation link to confirm identity. Alternatively, developer can copy/paste
the link from email to browser and confirm the identity.
10. Developer will be redirected to success page
11. Developer will be redirected to Login Page on click of “OK” button
Activation link:
 One-time link – can be used only once
 Max Link Validity = 24 Hours
 If resent within 60 seconds, same link is sent again (OTP life is defined in SSAM/ Ping Directory and can be
updated)
 Resending activation link invalidates the previous link (mail)
3.2.1.1.2 Alternate Flow (Flow: External Developer Registration and Activation)

3.2.1.1.2.1 Activation Link Expired (Flow: External Developer Registration and Activation)
The following flow covers the scenario where developer has registered but is trying to activate the account, but
the activation link has expired.
External Developer Registration (Activation Link Expired)
LDAP Directory
(Sandbox)
1 Capture Developer Details 2

Request Registration
& Login Credentials
 First Name
 Last Name
 Email (will also be used as login username)
 Confirm email
 Password
 Confirm Password
 Organization (optional)
 Terms of use
4
5
6
Submit Request Validate Email ID (username) is unique
7
Create Developer Account Developer Account
State: Pending Activation Data
8
Email with Activation Link Send Activation Link in Email
Confirm Email ID by 9 10
clicking link received in email Error Page (Link Expired)
(Expired Link)
11
Resend Activation Page
12 13
Input Email ID Validate Email ID is not activated
14
Email with Activation Link Resend Activation Link
1. Developer navigates to the registration page of Capgemini Developer Portal

2. Provides all details and login credentials for registration
3. Fields are First Name, Last Name, Email, Confirm Email, Password, Confirm Password, Organization and
checkbox for accepting “Terms of use”.
4. All the fields will be validated as per Section 3.2.2
5. User submits the form once all mandatory requirements are satisfied.
6. If the user (identified by email id) is previously registered, Capgemini Developer Portal implements a
validation and gives an error message (ERROR12)
7. Developer’s account is created with Capgemini Developer Portal but in “Pending Activation” or locked state
email id. The email will contain the link expiry timestamp as well. The format of the email is included in the
attachment in the Section 3.2.3 Emails.
9. Developer clicks on the expired activation link to confirm identity. Alternatively, developer can copy/paste
the link from email to browser and confirm the identity.
10. Developer will be redirected to error page with ERROR25 with button to resend activation link.
11. Developer proceeds to resend activation page
12. Developer submits email id
13. Capgemini Developer Portal will validate that account with email is in state “pending activation/locked”. If
not, then it will display error
o Not Registered = ERROR29
o Already Active = ERROR30
email id.
Developer will continue with “Standard Flow” after this.
3.2.1.2 Login
Once external developer is registered on Capgemini Developer Portal, he can choose to login and access
Capgemini Developer Portal features.
3.2.1.2.1 Standard Flow (Flow: Login)

The following flow covers the standard login process.
External Developer Login
Mule
(Sandbox)
1 2
Login Credentials
Login Page
(Developer not part of blocked group)
Is Account Active(Enabled)?
YES
Launch MuleSoft 4
Developer Portal Overview Page
Download Test Data
Change Password UI Options
View Profile
Logout
1. Developer navigates to Login Page of “Capgemini Developer Portal”.

2. Developer attempts to login with valid credentials (Developer not part of blocked group)
3. Developer should be in active state
4. Developer is displayed the “Overview” page
3.2.1.2.2 Alternate Flow (Flow: Login)

3.2.1.2.2.1 External Developer Login - Account not activated (Flow: Login)
The following flow covers the scenario where developer has registered but has not activated the account and is
trying to login.
External Developer Login – Account not activated
Mule
(Sandbox)
1 2
Login Credentials
Login Page
No
5 4
Request Activation Link Account Locked Notification
6 7
Input Email ID Validate Email ID is not activated
8
Email with Activation Link Resend Activation Link

2. Developer attempts to login with required credentials
3. Developer account in not in active state.
4. Developer will be displayed an error message (ERROR02)
5. Developer chooses to request new “Activation Link” by clicking the hyperlink available with error message
(ERROR02)
6. Developer will navigate to “Resend Activation Link” page and submits email id
7. Capgemini Developer Portal will validate that account with email is in state “pending activation/locked”. If
not, then it will display error
a. Not Registered = ERROR29
b. Already Active = ERROR30
8. User will be shown the success message and mail (MAIL01) containing the activation link will be sent to the
registered email id.
Developer will continue with “Standard Flow” of “Register and Activate” (Refer section 3.2.1.1).
3.2.1.2.2.2 External Developer Login - Account locking (Flow: Login)

External developer will be locked out of the Capgemini Developer Portal after configured number of failed
attempts to login.
External Developer Login – Account Locking
1 2
Login Credentails
Login Page
Is credential valid? Yes Display Getting Started page
No
No Failed Attempts>=MAX
Yes
5
Account Locked Notification

2. Developer attempts to login with registered email and a password.
3. Developer provided credentials are not valid.
4. System checks if the developer has failed to login for allowed attempts
5. If all attempts are exhausted, developer will be displayed account locked error message on login screen
(ERROR02). (Refer section 3.1). Error message must be updated to cover both the account locking scenarios.
 Account not activated after registration or
 Account locked due to multiple failed login attempts
3.2.1.2.2.3 External Developer Login - Account blocked (Flow: Login)

Bank can block a developer account through backend process. Once user is moved to blocked group by back,
developer will not be able to login to “Capgemini Developer Portal”
External Developer Login – User in Blocked Group
LDAP Directory
(Sandbox)
1 2
Login Page Login Credentials
Is in Blocked Group? Developer Account Data
Yes
4
Invalid Credentials Error
2. Developer attempts to login with valid credentials
3. Developer is part of blocked group i.e. “cn=blockedDevelopers, ou=blockedDevelopers, ou=groups,
dc=<bank>, dc=co.uk, dc=capgeminibank, dc=com”
4. Developer is displayed error message for invalid credentials.
Note: Developer is not explicitly notified that his/her account is blocked by bank.
3.2.1.3 External Developer Change Password

After external developer can login to Capgemini Developer Portal, Developer will be allowed to update the
password for Capgemini Developer Portal though option available in navigation bar.
3.2.1.3.1 Standard Flow (Flow: External Developer Change Password)

The following flow covers the standard process for changing the password by providing current password.
External Developer Change Password
LDAP Directory
(Sandbox)
1 2
Access Change Password from
navigation after Login Submit Old & New Passwords
3
Validate password Developer Account Data
4
Email with Change Password
Update Developer Data Developer Account Data
Success notification
5
Login Page
1. After login, developer clicks on “Welcome <UserName>” through top navigation bar and accesses the
“Change password” link. This opens “Change Password” page
2. Developer enters the current password and new password. New password should be different from current
password.
3. System will validate the current password
4. Valid new password will be updated in backend system (LDAP Directory) and developer will be notified
through MAIL05.
5. Developer will be displayed success message and on click of “OK” button will be redirected to “Login Page”.
(After successful change password. User is displayed success message in popup. On click of ‘OK’ user is logged
out. i.e. SLO initiated)
3.2.1.4 External Developer View/Edit Profile
External developer has an option to update “Capgemini Developer Portal” profile.
3.2.1.4.1 Standard Flow (Flow: External Developer View/Edit Profile

The following flow covers the scenario for viewing developer profile and updating the details.
External Developer View/Edit Password
LDAP Directory
(Sandbox)
View existing profile details 2

1
- First Name
Access View Profile from
- Last Name Developer Account Data
navigation after Login
- Email
- Organisation
4
3 Edit existing profile details except Email
- First Name
Edit profile - Last Name
- Organisation
5
7
6 Update and display updated profile details
- First Name Developer Account Data
Submit Request - Last Name
- Email
- Organisation
1. After login, developer clicks on “Welcome <UserName>” through top navigation bar and accesses the “View
Profile” link.
2. Developer can view the profile information and will get “Edit” option.
3. User can click on the edit link to modify the details.
4. Developer can update the profile information excluding email.
5. System will validate the updated profile information.
6. Valid new profile information will be submitted to backend and success message will be displayed to user.
7. Updated profile will not be available on “View Profile” page.
3.2.1.5 External Developer Forgot Password

External developer has an option to reset “Capgemini Developer Portal” password in case the Developer forgets
the password. Developer will be sent an email to confirm the request and reset the password.
3.2.1.5.1 Standard Flow (Flow: External Developer Forgot Password)

The following flow covers the scenario for creating a new password by invoking the forgot password flow.
Developer will get a link to reset their password
External Developer Forgot Password (Standard Flow)
LDAP Directory
(Sandbox)
1 2
From Login Page click on Enter registered email
Forgot password (Developer not part of blocked group)
4 3
Email with Reset password link Success Message
5 6
Developer clicks on a valid reset
Enter and confirm new password
password link
YES
8
9
Email with Password Reset Validate password & Confirm password
Success Notification Developer Account Data
change
1. Developer lands on the login page and navigates to “Forgot password” page
2. Developer enters the registered email id
3. Developer is displayed success message
4. Developer receives email with link (MAIL02). The email will also provide the details of the validity of the link.
5. Developer clicks on the available link. Alternatively, developer can copy/paste the link.
6. Developer will be redirected to Developer Portal page to enter new password
7. After submission system checks that account is already active
8. Developer will be shown the success message
9. Developer receives the mail notifying successful update of password (MAIL03)
Reset Password link:

 One-time link – can be used only once
 Max Link Validity = 16 Hours
 Retrying reset password – always sends a new link every time, even when trying immediately
 All the links may remain active and allow user to reset password
3.2.1.5.2 Alternate Flow (Flow: External Developer Forgot Password)

3.2.1.5.2.1 Link Expired (Flow: External Developer Forgot Password)
The following flow covers the scenario where developer has successfully invoked the forgot password flow and has
received a password reset link but is using the link post its validity period.
External Developer Forgot Password (Link Expired)
LDAP Directory
(Sandbox)
1 2
4 3
5 6
Developer clicks on an expired
Error Page (Link Expired)
Reset Password link
7
Login Page
4. Developer receives email with link (MAIL02)
5. Developer clicks on the expired link. Alternatively, developer can copy/paste the link.
6. Developer is redirected to an error page with ERROR27
Note: The current out of the box functionality does not include a link for "resend link". The user would need to
invoke the reset password functionality again from the beginning. The error provides information on why the
reset has failed, and the pop-up provides instructions on what to do.
3.2.1.5.2.2 Account not available (Flow: External Developer Forgot Password)

The following flow covers the scenario where developer is invoking forgot password but the email they have
specified is not registered.
External Developer Forgot Password (Account not available)
LDAP Directory
(Sandbox)
1 2
From Login Page click on Enter an email which is not registered or is
Forgot password part of blocked group
3
Success Message
2. Developer enters the email id which is not registered
Note: Developer is not notified if the entered email id is not registered or if the registered user is blocked by
bank.
3.2.1.5.2.3 Account not activated (Flow: External Developer Forgot Password)

This flow covers the condition where the external developer has gone through the registration submission but
has not activated their account. But is trying to use Forgot Password option.
Forgot Password will not work till the time account is not active.
External Developer Forgot Password (Not Activated)
1 2
4 3
5 6
password link Enter and confirm new password
7
Is Account Locked?
Is Account Not Activated?
No
8
9
Email with Password Reset
Failure Notification Error Message
4. Developer receives email with link (MAIL02)
5. Developer clicks on the available link. Alternatively, developer can copy/paste the link.
6. Developer will be redirected to Developer Portal page to enter new password
7. On form submission, system identifies that account is locked.
a. Account not activated after registration or
b. Account locked due to multiple failed login attempts
8. System displays an error message (ERROR28). The error message will have a link to go to the “Resend
Activation Link” page. (Step 6 onward of section "3.2.1.2.2.1 External Developer Login - Account not
activated")
9. Capgemini Developer Portal sends an email notifying that password reset failed (MAIL04).
3.2.1.5.2.4 Account locked (Flow: External Developer Forgot Password)

Same as account not activated flow, if the account is locked (due to maximum password retries), when the
external developer uses the forgot password flow, they will get a password reset email (as usual) when they click
on this password reset email, they would be asked to enter a new password (as usual), but on submission on new
password, they will get an error message that the account is locked.
External Developer Forgot Password Flow for a Locked User
1 2
4 3
5 6
password link Enter and confirm new password
7
Is Account Locked?
Is Account Not Activated?
Yes
8
9
Email with Password Reset
Failure Notification Error Message
1. Developer navigates to the login page on Capgemini Developer Portal, clicks on 'Forgot Password?' link.
2. Developer enters their registered email id on Forgot Password page and submits it.
3. Developer will be redirected to success page.
4. Developer receives email with link (MAIL02) to the registered email id. The email will also provide details of
validity of the link.
5. Developer clicks on the link.
6. Developer will be redirected to a page to enter new password.
7. On form submission, system identifies that account is locked.
a. Account not activated after registration or
b. Account locked due to multiple failed login attempts
8. System displays an error message (ERROR28).
9. Capgemini Developer Portal sends an email notifying that password reset failed (MAIL04).
3.2.1.6 Single Logout (SLO)
Capgemini Developer Portal supports single logout(SLO) with MuleSoft Developer Portal. SLO helps developer to
logout from both portals simultaneously. Developer does not need to logout from both applications to end the
session. If a developer logs out from our portal, he/she is automatically logged out from other portal as well.
During session timeout on any of the portals, session on the other portal will not be terminated. Example: When
session times out on Capgemini Developer Portal, session on MuleSoft Developer Portal will not be terminated
and developer can continue to work on MuleSoft Developer Portal.
3.2.1.6.1 Developer initiates logout from MuleSoft Developer Portal (Flow: Single Logout)
The following flow covers the scenario of logging out from MuleSoft Developer Portal.
External Developer SLO (MuleSoft Developer Portal initiated)

Mule
(Sandbox)
1 2 3
Login Overview Page
(Auto logged in)
[Browser Tab-1] [Browser Tab-1]
[Browser Tab-2]
Logout from MuleSoft Developer 4 5

Portal Click Logout
6
Login Page
[Browser Tab-2]
7
Switch to Browser Tab-1
8 9
Logout / Change Password Session Timed Out Message
10
Login Page
1. [Browser Tab-1] Developer logs into Capgemini Developer Portal

2. [Browser Tab-1] Developer lands on “Overview” page
3. [Browser Tab-2] Developer loads MuleSoft Developer Portal by clicking on button “Access API
Documentation”
Developer has both applications open in two different tabs of a browser
4. [Browser Tab-2] Developer clicks logout on MuleSoft Developer Portal
5. [Browser Tab-2] Developer is logged out from MuleSoft Developer Portal and shared session is killed. The
implication of the shared session being killed is that the user when user does an activity on MuleSoft
Developer Portal or Capgemini Developer Portal user will be notified that session is timed out and will be
redirected to Capgemini Developer Portal URL.
6. [Browser Tab-2] Developer is redirected to “Login Page”.
7. Developer switches back to “Browser Tab-1” having “Overview” page. Shared session is already killed.
8. [Browser Tab-1] Developer clicks on any link from “Overview” page
9. [Browser Tab-1] As session does not exists, developer will be displayed session timeout message.
10. [Browser Tab-1] On click of “OK”, Developer will be redirected to “Login Page”.
3.2.1.6.2 Developer initiates logout from Capgemini Developer Portal (Flow: Single Logout)
The following flow covers the scenario of logging out from Capgemini Developer Portal. The flow also covers the
behavior of MuleSoft developer portal post the user has log out from Capgemini Developer Portal.
External Developer SLO (Capgemini Developer Portal initiated)

Mule
(Sandbox)
1 2 MuleSoft Developer Portal 3
Login Overview Page (Auto logged in)
[Browser Tab-1] [Browser Tab-1] [Browser Tab-2]
Switch to Browser Tab-1 4
5
6
Logout from Capgemini Portal Logout
Login Page 7
[Browser Tab-1]
9 10
Browse API Catalogue Click API Link
11
Session Timed Out Message
With Login Again Option
[Browser Tab-2]
12
Login Page
[Browser Tab-2]
Alternate flow on MuleSoft Developer Portal

13
Logout from MuleSoft Developer 14
Portal Logout
15
Login Page
[Browser Tab-2]
1. [Browser Tab-1] Developer logs into Capgemini Developer Portal

2. [Browser Tab-1] Developer lands on “Overview” page
3. [Browser Tab-2] Developer loads MuleSoft Developer Portal by clicking on button “Access API
Documentation”
Developer has both applications open in two different tabs of a browser
4. Developer switches to “Browser Tab-1”
5. [Browser Tab-1] Developer clicks on logout link from “Overview” page
6. [Browser Tab-1] Developer is logged out and shared session is killed. The implication of the shared session
being killed is that the user when user does an activity on MuleSoft Developer Portal or Capgemini Developer
Portal user will be notified that session is timed out and will be redirected to Capgemini Developer Portal
URL.
7. [Browser Tab-1] Developer is redirected to “Login Page”.
8. Developer switches to “Browser Tab-2”
9. [Browser Tab-2] Developer browse through the list of API Portals. Or if API Portal is open, then the API
documentation.
10. [Browser Tab-2] Developer clicks an API link in MuleSoft Developer Portal (clicks an API link available in
MuleSoft Developer Portal. Or if a particular API Portal is already open, then any of the links available in the
API Portal (API documentation))
11. [Browser Tab-2] Developer is displayed session timed out message by MuleSoft Developer Portal
12. [Browser Tab-2] Developer is redirected to “Login Page”
Alternate flow on MuleSoft Developer Portal

13. [Browser Tab-2] Developer clicks on logout link in MuleSoft Developer Portal. (This step refers to the action of
the user performing the log out)
14. [Browser Tab-2] Logout is performed in the MuleSoft Developer Portal.
15. [Browser Tab-2] Developer is redirected to “Login Page”
3.2.1.6.3 Simple Logout from Capgemini Developer Portal (Flow: Single Logout)
The following flow covers the scenario of logging out from Capgemini Developer Portal.
External Developer SLO (Standard Flow)

Mule
(Sandbox)
1 2
Login Page Overview Page
Logout from Capgemini 3

Developer Portal
4
Login Page
1. Developer logs into Capgemini Developer Portal

2. Developer lands on “Overview” page
3. Developer clicks on logout link from top navigation bar
4. Developer is redirected to “Login Page”.
3.2.1.7 Session Timeout

“Capgemini Developer Portal” and “MuleSoft Developer Portal” developer portal maintains their own individual
sessions along with common session managed by PingFederate.
The session of individual portal is used while the user is working on these portals. The session of PingFederate
comes into picture when the developer is using SSO to log in to Mule Portal from Capgemini portal. So, if the user
is using Capgemini Developer Portal and the session in PingFederate expires, the user would be able to continue
to use the Capgemini Developer Portal. But if they click on the link to go to Mule Developer Portal, they would be
asked to log-in.
Section 3.2.5.1 Cookies & Session Management describes more about session management.
The sessions are maintained only on the server side. Session is reset or verified only when a server-side
communication is performed. If the user does not perform an action which include a server communication
within a pre-configured time duration, then the user session is timed-out and user would need to re-login. In case
the user performs any action, which involves a servicer side communication, the session timeout is reset, and the
session will not timeout till the configured timeout value.
Certain actions like clicking on a notification dialog box or pop-up box will not involve any server-side
communication and will not resent the session timeout.
Note: During session timeout on any of the portals, session on the other portal will not be terminated. Example:
When session times out on Capgemini Developer Portal, session on MuleSoft Developer Portal will not be
terminated and developer can continue to work on MuleSoft Developer Portal.
3.2.1.7.1 Session Timeout in Capgemini Developer Portal

The following flow covers the scenario of Capgemini Developer portal timing out.
Capgemini Developer Portal – Session Timeout

Mule
(Sandbox)
1 2
Login Page Login
3
Overview Page
Timeout
4
5
Click on 6
Logout/Change Password/ Timeout Popup
View Profile etc.
7
Login Page
1. Developer navigate to “Login Page”

2. Developer logs into Capgemini Developer Portal
3. Developer is redirected to “Overview” page
4. Developer remains inactive for more that the allowed duration for session. Developer’s session is killed after
timeout period.
5. Developer clicks on any link on the Capgemini Developer Portal (Change Password, View Profile etc)
6. Developer is displayed session timeout popup
7. On click of ‘OK’, Developer is redirected to “Login Page” for re-login.
If a session is timeout in Capgemini Developer Portal, the session in MuleSoft Developer portal is not
automatically timed out and would continue till its timeout duration.
3.2.1.7.2 Session Timeout in MuleSoft Developer Portal
The following flow covers the scenario of MuleSoft Developer portal timing out.
MuleSoft Developer Portal – Session Timeout
Mule
(Sandbox)
1 2
Login Page Login
3 4
Overview Page
(Auto logged in)
[Browser Tab-1]
[Browser Tab-2]
Timeout 5
6
7
Click on API Link on Developer Portal) Click Link
or API documentation link [Browser Tab-2]
(on API Portal)
8
Session Timed Out Message
With Login Again Option
9 [Browser Tab-2]
Login Page
[Browser Tab-2]
10 11
Click Logout from MuleSoft
Logout
Developer Portal
[Browser Tab-2]
[Browser Tab-2] 12
Login Page
[Browser Tab-2]
1. Developer navigates to “Login Page” [TAB 1]

2. Developer logs into Capgemini Developer Portal [TAB 1]
3. Developer is redirected and arrive to “Overview” page (in the same browser tab or window) [TAB 1]
4. Developer SSO into MuleSoft Developer Portal [TAB 2]
5. In MuleSoft Developer Portal, if the developer remains inactive for more that the allowed duration for
session. Developer’s session is killed after timeout period. [TAB 2]
6. Developer clicks API Link or any link in API documentation within MuleSoft Developer Portal (except for
Logout link) [TAB 2]
7. Developer clicks on any link on the MuleSoft Developer Portal (except for Logout link) [TAB 2]
8. Developer is displayed session timeout message [TAB 2]
9. On click of link, Developer is redirected to “Login Page” for re-login. [TAB 2]
Alternate flow where developer clocks logout link in Mule Developer Portal
10. Developer clicks on logout link in MuleSoft Developer Portal. [TAB 2]
11. Logout happens in MuleSoft Developer Portal. [TAB 2]
12. Developer is redirected to “Login Page” for re-login. [TAB 2]
3.2.2 Validations & Errors
3.2.2.1 Validation Rules
The validations listed below are applicable to the input fields on Capgemini Developer Portal (with exception of
Login Page)
Field Applicable Validations
First Name Field level validation of First Name

i.e., Only below characters are allowed:
Lowercase a-z
Uppercase A-Z
Number 0-9
" "(Space)
"-"(Hyphen)
"’"(apostrophe)
Max length 50 Chars allowed.
Last Name Field level validation of Last Name
i.e., Only below characters are allowed:
Lowercase a-z
Uppercase A-Z
Number 0-9
" "(Space)
"-"(Hyphen)
"’"(apostrophe)
Email Email addresses consist of a local part, the "@" symbol, and
the domain with extension
Neither the local part nor the domain may be empty.
local part:
Upper and lowercase letters A-Z and a-z allowed
Digits 0 to 9 allowed
Special Characters allowed - !#$%&'*+-/=?^_`{|}~
Dot . allowed, if it is not the first or last character unless
quoted and provided also that it does not appear
consecutively
Domain:
Upper and lowercase letters A-Z and a-z allowed
Digits 0 to 9 (All numeric domains are also allowed)
Hyphen -, if it is not the first or last character.
Extension:
Upper and lowercase letters A-Z and a-z allowed (Minimum

length is 2)
Confirm Email Validate match with Email Field ignoring upper/lower case
Password/New Password Minimum 8 characters
Combination of uppercase and lowercase letters
At least one numeric character
At least one special character
Confirm password/ Confirm New Validate match with Password Field
Password Max length 50 Chars allowed.
Current Password Max length 50 Chars allowed.
Organization Allowed Characters:

Lowercase a-z
Uppercase A-Z
Number 0-9
" "(Space)
"-"(Hyphen)
"’"(apostrophe)
3.2.2.2 Form Validations

This section defines how the user inputs will be validated across Capgemini Portal.
3.2.2.2.1 Login Page

Developer login will be validated differently from all other screens. Below are specific validations for the Login
Page:
 Enable Login button if the Email and Password textboxes contains at least 1 character each.
 Upon user hitting the login button. Form validations will be performed.
 If the email structure is invalid then display a generic page/form level error that, credentials are invalid.
 No inline validations will be available to Developer
3.2.2.2.2 Single/Multi Value Forms

All other screens except “Login” will follow below rules:
 Once user is moving from field A to field B, field A will be validated, and inline error will be displayed if
required.
 Once user moves to the invalid field having inline error displayed, the inline error will disappear.
 Submit button will be enabled, if user has moved to the last required form field.
 If user leaves the last required(mandatory) field as blank/invalid, after clicking on the submit button the field
will be validate and will display inline error. At the same time the submit button will be disabled, until user
visits the invalid field.
Note: User entries will be trimmed before any processing of form input fields (except password for login). As max
length is calculated during user input itself, it considers all the spaces (” “) entered by the Developer.
Example: If user enters space at the end or start of email id during registration; system will trim (remove) the
spaces.
3.2.2.3 Error Mapping
Please refer the attached sheet for all the errors. (Developer Onboarding Error scenarios_v1.23)
Developer
Onboarding Error scenarios_v1.23.xlsx
3.2.3 Emails
Capgemini Developer Portal sends out email notifications as per the Cross functional design (Refer Section 3.2.1).
Mail ID Mail Description Applic Available Dynamic Expiration Time

ation Content
MAIL01 Activation Contains one-time SSAM 1. First Name 24 Hours

activation link for 2. Activation Link
the registered user 3. Expiration Time
MAIL02 Reset Contains one time PingFe 1. First Name 16 Hours
Password reset password derate 2. Confirmation Link [Max possible is
confirmation link 16 Hours]
for registered user
MAIL03 Reset Notification for PingFe 1. First Name Not Applicable
Password – successful derate
Success password reset
MAIL04 Reset Notification for PingFe 1. First Name Not Applicable

Password – password reset derate
Failure failure
MAIL05 Change Notification for Devel 1. First Name Not Applicable

Password – successful oper
Success password change Portal
3.2.4 JavaScript Support

JavaScript is required to use any feature of Capgemini Developer Portal. Developer will be notified in case they
are blocked by the browser.
Along with “Capgemini Developer Portal”, PingFederate also displays static message in case JavaScript is not
allowed on browser.
3.2.5 Configurations
3.2.5.1 Cookies & Session Management
Cookies are required to use any feature of Capgemini Developer Portal.
“Capgemini Developer Portal” and “MuleSoft Developer Portal” developer portal maintains their own individual
sessions along with common session managed by PingFederate.
To end the session user should explicitly logout from any of the portals. In case user deletes or disables cookies
after logging in, user’s session will be timed out as developer’s session is dependent on browser’s cookie settings.
The table below indicates each portal’s current time out settings.
Name of Portal Session Default Time out Max/PingFederate

Session Time
Capgemini Developer Portal Y 30 minutes 60 minutes
MuleSoft Developer Portal Y 30 minutes 60 minutes
Visual design has specific details of how the session timeout would be displayed to developer for the Capgemini
Developer portal related functionality.
3.2.5.2 Account Locking

Lock/Unlock Configuration Description Value
Number of attempts for After the configured number of failed login 5

User lockout attempts, system locks the user
Duration of User lockout User is locked out of the system for the 1 Hour
configured duration. After the lockout
duration lock is removed by system
Ignore Duplicate Password If enabled, failed login attempts with same False
Failures password value are counted only once
3.2.6 Visual Design

Visual Design for the Capgemini Developer Portal will be shared separately as per the required branding for the
bank.
3.2.7 Static Content

3.2.7.1 Static Content in Capgemini Developer Portal
Capgemini Developer Portal contains static content in the form of logo image URL, portal title, labels, external
URLs, static headings and paragraphs, table headings, tool tips, web accessibility content, error messages and
notifications. All the static content would be pre-configured and cannot be updated dynamically.
Header & Footer: Capgemini Developer Portal’s header & footer are defined in Visual Design document.
3.2.8 General Website Maintenance

3.2.8.1 Notification of Planned Outages
Bank can dynamically configure the planned outage message on the Capgemini Developer Portal. This will help
the bank to notify the external developers about the planned outage of the Capgemini Developer Portal.
3.2.8.2 Portal Downtime Notification
Once any of the portals are down due to a planned outage or an unplanned incident, a screen will be setup to
inform the users about the current state of the portal. For the detailed look and feel of this page, please refer the
Visual Design (VD).
3.3 Capgemini Developer Portal Administration

3.3.1 Block Developer
Bank can control the “External Developer” access to the Capgemini Developer Portal. Through the technical
support team bank can choose to block a developer.
Through the backend console via “Deactivate Developer API”, external developer will be added to a “blocked”
group. i.e. “cn=blockedDevelopers, ou=blockedDevelopers, ou=groups, dc=<bank>, dc=co.uk, dc=capgeminibank,
dc=com”.
Once an external developer is added to blocked group, developer will not be able to login to Capgemini
Developer Portal.
Note: Test Data is common for all the developers and it is not impacted by the “Deactivate Developer API”.
About Capgemini
A global leader in consulting, technology services and digital transformation,
Capgemini is at the forefront of innovation to address the entire breadth of clients’
opportunities in the evolving world of cloud, digital and platforms. Building on its
strong 50-year heritage and deep industry-specific expertise, Capgemini enables
organizations to realize their business ambitions through an array of services from
strategy to operations. Capgemini is driven by the conviction that the business
value of technology comes from and through people. It is a multicultural company
of 200,000 team members in over 40 countries. The Group reported 2016 global
revenues of EUR 12.5 billion.
Learn more about us at www.capgemini.com
This document contains information that may be privileged or

confidential and is the property of the Capgemini Group.
Copyright © 2018 Capgemini. All rights reserved.

Solution Blueprint SandboxV3 DeveloperPortal v1.0

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Solution Blueprint SandboxV3 DeveloperPortal v1.0

Hochgeladen von

Copyright:

Verfügbare Formate

SandboxV3 – Developer Portal

Document Version: 1.0

Classification: Red – Confidential

Copyright © 2018 Capgemini. All rights reserved.

1.1 VERSION HISTORY............................................................................................................................................................. 3

2.1 PURPOSE OF THE DOCUMENT .............................................................................................................................................. 4

3 FUNCTIONAL DETAILS ....................................................................................................................................................6

3.1 SANDBOX FUNCTIONAL OVERVIEW ...................................................................................................................................... 6

1.2 Document Signoff

1.3 Reference Documents

1. Account Information Service Providers (AISP)

2.3.2 Out of Scope

The API sandbox makes it possible to

3.1.1 Key Features

3.1.1.1 External Developer Functionality

1.1 Registration 1.2 Send Activation Link

2.1 Credential Management

3.2 SSO and Identify Federation to

3.3 Capgemini Developer Capgemini

3.4 SSO into API Portal

3.1.1.2.1 PSU/Customer Data

3.1.1.2.2 Sandbox Mocking Information

3.1.2 Application URLs

URL Type Details Proposed DNS/URL

Capgemini This URL would be used to launch the developer.<Bank Domain>

Login/Authorization User would be redirected to this URL federation.<Bank Domain>

OIDC Provider URL OIDC Provider(OP) URL to support auth-sandbox.<Bank Domain>/*

MuleSoft CloudHub This would be the URL of MuleSoft eu1.anypoint.mulesoft.com/<orgname_crea

(This URL is for reference only. For

3.2 Capgemini Developer Portal Functionality

3.2.1 Functional Flows

3.2.1.1 External Developer Registration and Activation

3.2.1.1.1 Standard Flow (Flow: External Developer Registration and Activation)

1 Capture Developer Details 2

1. Developer navigates to the registration page on Capgemini Developer Portal

3.2.1.1.2 Alternate Flow (Flow: External Developer Registration and Activation)

1 Capture Developer Details 2

1. Developer navigates to the registration page of Capgemini Developer Portal

Developer will continue with “Standard Flow” after this.

3.2.1.2.1 Standard Flow (Flow: Login)

Download Test Data

Change Password UI Options

1. Developer navigates to Login Page of “Capgemini Developer Portal”.

3.2.1.2.2 Alternate Flow (Flow: Login)

1. Developer navigates to Login Page of “Capgemini Developer Portal”.

3.2.1.2.2.2 External Developer Login - Account locking (Flow: Login)

External Developer Capgemini Developer Portal (Sandbox)

Is credential valid? Yes Display Getting Started page

1. Developer navigates to Login Page of “Capgemini Developer Portal”.

3.2.1.2.2.3 External Developer Login - Account blocked (Flow: Login)

External Developer Login – User in Blocked Group

Is in Blocked Group? Developer Account Data

3.2.1.3 External Developer Change Password

3.2.1.3.1 Standard Flow (Flow: External Developer Change Password)

External Developer Change Password

3.2.1.4.1 Standard Flow (Flow: External Developer View/Edit Profile

External Developer View/Edit Password

View existing profile details 2

3.2.1.5 External Developer Forgot Password

3.2.1.5.1 Standard Flow (Flow: External Developer Forgot Password)

Reset Password link:

3.2.1.5.2 Alternate Flow (Flow: External Developer Forgot Password)

3.2.1.5.2.2 Account not available (Flow: External Developer Forgot Password)