Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Docsity AI
Docsity AI
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search for your university

Find the specific documents for your university's exams

Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

DETAIL ENVIRONMENT ARCHITETCURE OF WSO2, Study Guides, Projects, Research of Banking and Finance

Punjab University (PU)Banking and Finance

ITS ALL ABOUT DIGITAL BANKING. R&D ON MAJOR COMPONENTS, PAYMENT FLOWS, MESSAGE TYPES, SYNC / ASYNC PROCESS, API MANAGEMENT, IDENTITY & ACCESS MANAGEMENT, ENTERPRISE INTEGRATORS, STREAMING INTEGRATORS, KUBERNETES, CLUSTERS, CHANNEL IDENTIFICATION, ERROR HANDLING....

Typology: Study Guides, Projects, Research

Pre 2010

Uploaded on 04/07/2026

aasim-aslam
aasim-aslam 🇵🇰

1 document

1 / 23

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CHANNEL LAYER
Mobile App / JazzCash / Corporate / APIs / QR
API GATEWAY
WSO2 APIM- Auth / Throttle / OAuth
INTEGRATION LAYER (WSO2 EI)
-------------------------------------------
Incoming BL / Outgoing BL
ISO-20022 Transformation (MX)
Routing (FNRT / SNRT / INRT)
Orchestration & Mediation
Retry / Error Handling / DLQ
Scheduler / R1R5 Processing
MESSAGING LAYER
-------------------------------------------
AMQ1 → Transactional MQ
AMQ2 → Logging / Reporting MQ
Kafka (streaming)
Redis → Cache / Idempotency / Limits
BUSINESS LAYER (BL / CPS)
-------------------------------------------
Debit / Credit Processing
Limits / AML / Validation
Product Logic (Wallet / Account)
R1R5 Processing
CORE SYSTEMS & NETWORKS
-------------------------------------------
CPS (Huawei Core Payment System)
IRIS (Store & Forward SAF Module)
1LINK (ISO-8583 Switch
SBP RAAST (ISO-20022 Switch)
Introduction
Raast (Pakistan's Instant Payment
System) operates as a centralized,
interoperable payment infrastructure
governed by the State Bank of Pakistan
(SBP). The architecture follows aHub-
and-Spoke model, where the SBP
operates the central Raast switch, and
all financial institutions (Banks, EMIs,
PSOs/PSPs like JazzCash) connect via a
standardized gateway (WSO2).
The system is built to processISO
20022messages (PACS, PAIN, CAMT,
ADMI) in real-time, supporting Person-
to-Person (P2P), Person-to-Merchant
(P2M), Government-to-Person (G2P),
and Request-to-Pay (RTP) use cases.
WSO2 Sub-Components
WSO2 EI (Enterprise
Integrator):Handles the
orchestration, Mediation, and
transformation of ISO 20022
messages (PACS.008 to internal
formats).
WSO2 APIM:Exposes REST APIs for
JazzCash, Banks, and Merchants (QR,
RTP).
AMQ1 (Transactional):Handles
real-time ISO messages, SAF (Store
and Forward) recovery, and dead-
letter queues (DLQ).
AMQ2 (Logging &
Reporting):Handles audit trails,
settlement reports, and CAMT
messages.
Redis Cluster:Stores transient data
such as user sessions, API rate-
limiting counters, and distributed
locks.
Business Logic (BL) Modules
Incoming BL
(Credit/Debit):Processes incoming
credit transfers (e.g., P2P Receive).
Handles "Credit Advise" logic.
Outgoing BL:Processes debit
requests (e.g., P2M Payment).
BREAK MX & Verify:Parses the ISO
20022 XML (MX) messages, validates
UETR, Instruction ID, and schema
compliance against SBP schemas
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17

Partial preview of the text

Download DETAIL ENVIRONMENT ARCHITETCURE OF WSO2 and more Study Guides, Projects, Research Banking and Finance in PDF only on Docsity!

CHANNEL LAYER

Mobile App / JazzCash / Corporate / APIs / QR API GATEWAY WSO2 APIM- Auth / Throttle / OAuth INTEGRATION LAYER (WSO2 EI)

Incoming BL / Outgoing BL ISO-20022 Transformation (MX) Routing (FNRT / SNRT / INRT) Orchestration & Mediation Retry / Error Handling / DLQ Scheduler / R1R5 Processing MESSAGING LAYER

AMQ1 → Transactional MQ AMQ2 → Logging / Reporting MQ Kafka (streaming) Redis → Cache / Idempotency / Limits BUSINESS LAYER (BL / CPS)

Debit / Credit Processing Limits / AML / Validation Product Logic (Wallet / Account) R1R5 Processing CORE SYSTEMS & NETWORKS

CPS (Huawei Core Payment System) IRIS (Store & Forward SAF Module) 1LINK (ISO-8583 Switch SBP RAAST (ISO-20022 Switch)

Introduction

Raast (Pakistan's Instant Payment

System) operates as a centralized,

interoperable payment infrastructure

governed by the State Bank of Pakistan

(SBP). The architecture follows a Hub-

and-Spoke model, where the SBP

operates the central Raast switch, and

all financial institutions (Banks, EMIs,

PSOs/PSPs like JazzCash) connect via a

standardized gateway (WSO2).

The system is built to process ISO

20022 messages (PACS, PAIN, CAMT,

ADMI) in real-time, supporting Person-

to-Person (P2P), Person-to-Merchant

(P2M), Government-to-Person (G2P),

WSO2 Sub-Components^ and Request-to-Pay (RTP) use cases.

WSO2 EI (Enterprise

Integrator): Handles the

orchestration, Mediation, and

transformation of ISO 20022

messages (PACS.008 to internal

formats).

WSO2 APIM: Exposes REST APIs for

JazzCash, Banks, and Merchants (QR,

RTP).

AMQ1 (Transactional): Handles

real-time ISO messages, SAF (Store

and Forward) recovery, and dead-

letter queues (DLQ).

AMQ2 (Logging &

Reporting): Handles audit trails,

settlement reports, and CAMT

messages.

Redis Cluster: Stores transient data

such as user sessions, API rate-

limiting counters, and distributed

locks.

Business Logic (BL) Modules

Incoming BL

(Credit/Debit): Processes incoming

credit transfers (e.g., P2P Receive).

Handles "Credit Advise" logic.

Outgoing BL: Processes debit

requests (e.g., P2M Payment).

BREAK MX & Verify: Parses the ISO

20022 XML (MX) messages, validates

UETR, Instruction ID, and schema

compliance against SBP schemas

compliance against SBP schemas.

R1/R5 CPS: Routing logic to

determine if the transaction is On-Us

(R1), Off-Us Raast (R5), or Off-Us 1-

Link.

APP/CHANNEL

CPS

DEBIT

SBP

ENDPOINT

WSO2 APIM

TRANSFORM

PACS 008

RIR

WSO2 EI

OUTGOING BL

RESPONSE

PACS 002 ASYNC

JAZZCASH

P2P

- INCOMING BTC

- OUTGOING CTB

P2M

- STATIC QR

- DYNAMIC QR

- TILL PAYMENTS

- REQUEST TO PAY (RTP)

RTP FLOWS

- REQUEST (PAIN.013) → RESPONSE → PAYMENT EXECUTION

ONUS

- INTERNAL CPS PROCESSING (NO SBP HIT)

CATEGORY USE CASE DIRECTION FLOW PATH

P2P Peer-to-Peer Transfer (BTC) INCOMING JazzCash -> SBP -> BL (Credit) -> R5 -> CPS P2P Peer-to-Per Transfer (CTB) OUTGOING App -> EI -> CPS -> SBP -> JazzCash P2M Static / Dynamic QR / Till Payment INCOMING Merchant App -> WSO2 -> BL -> R1/R5 -> SBP P2M Static / Dynamic QR / Till Payment OUTGOING Consumer App -> EI -> CPS -> SBP -> Merchant Bank RTP Request to Pay (Bill/Invoice) OUTGOING Biller -> SBP -> WSO2 -> Consumer App B2B Bulk Disbursement (G2P/ITPS) INCOMING Corporate -> IBFT -> CPS -> IRIS -> 1Link

WSO2 EI

→ SEND PACS.

→ STORE IN MQ (CORRELATION ID)

SBP

→ PROCESS

→ SEND PACS.002 (ASYNC CALLBACK)

WSO2 EI

→ CORRELATE RESPONSE

→ UPDATE CPS

IRIS SAF

PIN

INITIATE

CPS

RETRY ENGINE

SBP 1LINK

FEATURES GUARANTEED DELIVERY RETRY WITH EXPONENTIAL BACKOFF OFFLINE HANDLING

  • PIN (Persist): Transaction logged to IRIS Store Module.
  • Initiate: WSO2 sends to CPS.
  • CPS: Processes.
  • IRIS (Store Module): If downstream (1Link/Member Bank) is down, message is queued (AMQ1) and retried.

WSO2 EI

├── RETRY QUEUE (AMQ1)

├── DEAD LETTER QUEUE (DLQ)

├── IDEMPOTENCY CHECK (REDIS)

└── ALERTING (ELK / GRAFANA)

RETRY STRATEGY

├──IMMEDIATE RETRY (X3)

├──DELAYED RETRY

└──MANUAL REPLAY FROM DLQ

  • Retry Policy: Exponential backoff (3-5 retries).
  • DLQ (Dead Letter Queue): Failed transactions after max retries (requires manual intervention or CAMT.028 rejection).
  • Async Handling: PACS.002 sent immediately for acceptance; PACS.008 processed async.

EACH ENVIRONMENT

WSO2 APIM CLUSTER

WSO2 EI CLUSTER

AMQ CLUSTER (2 LAYERS)

REDIS CLUSTER

DB CLUSTER (ORACLE / MYSQL)

ELK STACK

LOAD BALANCER (F5 / NGINX)

ACTIVE - ACTIVE CLUSTERS

MULTI - AZ DEPLOYMENT

HA DESIGN

DR STRATEGY

ACTIVE-PASSIVE OR ACTIVE-ACTIVE

DATA REPLICATION (DB + REDIS)

RPO ≈ 0 / RTO < FEW MINUTES

Middleware Topology (WSO2 Infrastructure) A highly redundant, enterprise-grade middleware setup operating across 34 machines per environment. Environments: Production (34 Nodes) | Disaster Recovery (34 Nodes) | High Availability (34 Nodes) Component Breakdown: WSO2 EI (Enterprise Integrator): Manages Non-functional APIs/CAS/TF, Logging & Reporting, Incoming/Outgoing Business Logic, Break MX & Verify Logic, Schedulers, and R1R5 integration. WSO2 APIM: Dedicated API Gateway for Raast API Management. WSO2 AMQ1: Message Queue dedicated to Transactional data. WSO2 AMQ2: Message Queue dedicated to Logging & Reporting. Redis Cluster: In-memory data store for caching, rate limiting, and session management. SBP Endpoint Server: A dedicated WSO2 server block handling Non-functional APIs, In/Out Business Logic, and Schedulers directly interacting with the State Bank. WSO2 CLUSTER PR / DR / HA

WSO2 EI 6.5.

NON-FUNCTIONAL APIs - CAS / TF ICOMING BL - CREDIT / DEBIT LOGIC OUTGOING BL - CONNECT / TRANSFORM / ROUTE BREAK MX & VERIFY - PARSER LOGGING AND REPORTING - AMQ2 CONNECTED SCHEDULARS NON-FUNCTIONAL - APIs/CAS/TF

SBP GATEWAY

→ WSO2 (DEDICATED NODE)

- NON-FUNCTIONAL APIS

- INCOMING BL

- OUTGOING BL

- SCHEDULER

LEGACY/ADJACENGT

SYSTEMS PURPOSE^ FLOWS^ TRANSACTION TYPES

1-Link (IBFT - ISO

Credit Advice for Bank Transfers (Fallback when member not on Raast or for specific use cases). Inquiry: Title Fetch + Beneficiary Limit Check. Payment: App -> CPS -> IRIS -> (SAF) -> 1-Link -> Member Bank. RAAST Bank Transfer / Other Wallet 1LINK Bank Transfer / Other Transfer RAAST G2P (Disbursement / ITPS) Bulk payments (Salaries, Dividends, Social Welfare). Corporate Client -> IBFT -> CPS -> IRIS -> 1Link (Beneficiary Bank). RAAST LMS (Lending & Scoring) Credit scoring based on transactional history.^ Whitelisting customers for overdrafts or loans against Raast cashflows.

INHOUSE MMBL

REQUEST

CPS

RESPONSE

IRIS

CORPORATE

CPS

1LINK

BENEFICIARY BANK

METRIC EXAMPLE

TPS 2000 - 5000

FTPS 500 - 1500

TPS PLANNING

COMPONENT NODES

WSO2 EI 8 - 12

APIM 4 - 6

AMQ 4 - 6

REDIS 6 (CLUSTER)

INFRASTRUCTURE

MEMORY

EI NODE: 8–16 GB

APIM NODE: 8 GB

REDIS: HIGH RAM (IN-MEMORY)

PREREQUISITES Truststore /repository/resources/security/client-truststore.jks Default password wso2carbon Certificates provided by SBP / 1LINK snrt_root.cer snrt_intermediate.cer snrt_server.cer (sometimes optional) Import Certificates Import Root CA keytool -importcert -alias snrt-root-ca -file snrt_root.cer -keystore client-truststore.jks -storepass wso2carbon -noprompt Import Intermediate CA keytool -importcert -alias snrt-intermediate-ca -file snrt_intermediate.cer -keystore client-truststore.jks -storepass wso2carbon -noprompt Import Server Certificate keytool -importcert -alias snrt-server-cert -file snrt_server.cer -keystore client-truststore.jks -storepass wso2carbon -noprompt Verify Certificates keytool -list -v -keystore client-truststore.jks -storepass wso2carbon Alias names (snrt-root-ca, etc.) Validity dates Issuer chain Verify Specific Alias keytool -list -v -keystore client-truststore.jks -storepass wso2carbon -alias snrt-root-ca Certificate Already Exists Delete old entry first keytool -delete -alias snrt-root-ca -keystore client-truststore.jks -storepass wso2carbon Then import again. If You Are Using Your Backup File client-truststore.jks.bak-SNRT OPTION A cp client-truststore.jks.bak-SNRT client-truststore.jks OPTION B Use import commands above on active truststore HA Deployment Run on ALL nodes : scp client-truststore.jks node2://repository/resources/security/ scp client-truststore.jks node3://repository/resources/security/ Restart WSO sh wso2server.sh restart or systemctl if service-based TROUBLESHOOTING COMMANDS Check SSL handshake (^) openssl s_client -connect :443 -showcerts If alias conflict: (^) keytool -list -keystore client-truststore.jks | grep snrt FINAL BEST PRACTICE Use clear alias naming: snrt-root-ca snrt int ca