Project Idea: Open Banking/PISP Fintech App Framework
The primary goal of this project is to develop a stand-alone reference PISP app that leverages Mojaloop 3PPI APIs, in alignment with Mifos's vision of promoting financial innovation and enabling third-party fintechs to utilize Open Banking for a diverse range of financial services. The PISP app will demonstrate the use of these APIs whereby a user could authorize and establish consent across any bank participating in a Mojaloop switch to the fintech to initiate transactions through Mojaloop via their accounts managed in Mifos/Fineract.
PISP Role:
- Non-fund holding participant
- Initiates transfers on the user's behalf
- Assumes delegated permissions from user
Terms PISP - Payment Initiation Service Provider 3PPI - 3rd Party Payment Initiator DFSP - Digital Financial Services Provider Consent - An agreement between the DFSP, PISP and User FIDO - Fast IDentity Online PSD2- Revised Payment Services Directive
Initially, I started migrating our old open banking app codebase. However, we realized that the Mojaloop 3PPI API use case is quite different. After thorough discussions with my mentor Rajan Maurya and Ed Cable, we decided to publish a new repository and focus on developing the PISP App. PISP app is a cross-platform app developed using Kotlin Multiplatform (KMP) and Compose Multiplatform.
To ensure a seamless deployment of the Mojaloop environment with third-party support, we built a Microsoft Azure Ubuntu 22 Server VM. Then I deployed the Mojaloop helm chart release (Version v15.0.0) on a cloud server using Miniloop v5.0. To facilitate this deployment, I familiarized myself with Kubernetes and Docker, essential tools for managing containerized applications.
To ensure the reliability and functionality of our Mojaloop Hub deployments, I started the testing process by utilizing the Mojaloop Testing Toolkit (TTK). This allowed me to identify and address some pod and service issues before moving forward.
I've successfully set up the Mojaloop Third-Party SDK on our Ubuntu Server and run the Inbound and Outbound API services listening on localhost. Since our deployment is hosted on a VM, I created an Ingress for the third-party SDK, enabling access directly from local devices.
To consume the Mojaloop 3PPI SDK endpoints we require a dedicated backend server. Currently, our backend isn't ready. In response to this situation, Rajan, my mentor, recommended moving forward with the 3PPI API integration.
This decision allowed me to proceed with the development of the app's network component, utilizing the Kotlin Ktor library for efficient data handling, even without a fully functional backend server.
I created a mock network data layer to simulate the network part of the app. This layer mimicked the responses of the 3ppi API, but it is a temporary solution until our backend server is ready. This ensured a smooth transition once the real backend became available.
PispRepository.kt class handles API calls for the Linking and Transfer phases of the 3PPI API. It uses LinkingApi.kt and TransferApi.kt for making these calls and a FakeNetworkDataSource.kt for mocking up API responses. In the class, I've implemented various functions to manage the interactions between our app and the Mojaloop API. These functions are designed to work efficiently with Asynchronous Flows and handle potential errors by falling back to the fake network data source. The repository leverages the Kotlin Ktor library for network calls and employs CoroutineDispatcher for efficient thread management.
There are two key phases in the implementation of 3PPI APIs: Linking and Transfer.
LinkingApi.kt This phase establishes trust between all parties involved, including PISP, User, and DFSP. It involves six steps: Pre-linking, Discovery, Request consent, Authentication, Grant consent, and Credential Registration. Most steps involve making calls to the Mojaloop API, except for Credential Registration which requires FIDO registration (biometrics and One Time PINs).
TransferApi.kt This is the final step of performing a transaction. It involves three key steps: Discovery (party lookup), Agreement, and Transfer.
3ppiApi.kt This file stores server URL and third-party endpoint paths in variables and functions used to generate full endpoints. This is a single place to update API endpoints or URL structures making it easier to adapt to changes.
Some of the challenges which I faced, and how I got through them. Our old open banking app was 3 years old and had outdated and unavailable libraries. I tried to upgrade it, but it was not feasible. This led us to opt for a complete rewrite, necessitating a shift in our development approach. Another obstacle arose when I faced difficulties in accessing third-party ingress. After discussions and diagnostics, we pinpointed the issue to our VM's limited CPU resources. Upgrading to a 4CPU machine resolved this problem, enabling successful deployment of the Mojaloop environment. Additionally, the absence of a ready backend server for 3ppi outbound API necessitated a workaround. To continue progress, I implemented a mockup API with mock network data responses to bridge the gap.
Our journey doesn't end here; we still have a lot to do:
- UI Design: Following the Google Whitepaper, I created Figma Mocups prototype to develop UI screens and components for both Android and iOS platforms.
- Backend Development: Based on available resources, the immediate priority is to create a robust backend system capable of seamlessly consuming Mojaloop 3PPI SDK endpoints.
- Transitioning to Real-Time Data: We will replace the temporary mock data layer with a production-ready API and refactor any shortcomings to ensure real-time data interaction.
- Documentation: Documentation will include reference guides for the 3PPI API specifically for PISP participants as well as diagrams illustrating the system architecture.
Being a part of the Mifos Initiative which focuses on financial inclusion has been both an exciting and challenging experience, I have learned a lot from the Fineract and Mojaloop communities and have improved my technical skills by working on the Kotlin Multiplatform (KMP) app.
I would like to thank the Mifos Initiative for giving me this opportunity.
I would like to thank Edward Cable (President, Mifos Initiative) for being of great help during the whole internship period, and my project mentors Rajan Maurya (Senior Android Developer, MiKashBoks) and Karim Jindani (CEO, Paysys Labs) who have guided me through till the end of this summer internship.
Special thanks to Didier Ngabo Uwayo (CyLab-Africa), Tom Daly (Mojaloop Developer), Miguel de Barros (Principal Architect, INFITX), Elijah Okello (Mifos Intern) , and the whole team of Mojaloop Foundation for all their help and guidance.
I'm looking forward to contributing to the Mifos Initiative, especially bringing the PISP App to a release version (something I want to accomplish to my own satisfaction).