Add-on

Is it necessary to purchase the Consent Manager along with the Open Insurance Add-on?

No. If you already have an internal solution to manage consent, you can use it and provide an integration with the Open Insurance Add-on in order to use our Authorization Server.

Is it possible to use the Open Insurance solution in hybrid environments?

No. At this first moment, Open Insurance is available only for the SaaS model.

When I activate the Add-on, do all incoming requests go through the Open Insurance Authorization Server?

No. For an incoming connection to go through the Open Insurance authorization mechanism, the API that receives the request must be deployed to an environment associated with an Open Insurance inbound address (host). It’s through the inbound address that we identify whether a connection is for Open Insurance and route the call to the correct authorization mechanism. See more about the creation of an inbound address for Open Insurance.

Does the Authorization Server handle the end users data transmitted between institutions participating in Open Insurance?

No. The data of end users are stored in the databases of the financial institutions and are never handled by Sensedia. When the institutions connect to each other using our Authorization Server, we validate the access tokens and authorization scopes, but never access the databases. The client is in charge of the exchange of information and lets us know if the sharing was successful or not.

What requirements do I need to attend to be able to contract the Open Insurance solution?

Firstly, your version of Sensedia API Platform should be 4.5.0.0 or higher (if you are using an earlier version, you will need to request an update).
In addition, mTLS certificates must be provided.
* For Sandbox: root-ca and issuer-ca from the Sandbox PKI; Server Certificate; Transport Certificate (brcac type Transport Certificate, also known as Client Certificate); Signature Certificate (brseal type Signature Certificate).

  • For Production:

    • Certification Authorities authorized to issue signing certificates for Open Insurance

      • root-ca and issuer-ca of the Certification Authority that generated the signing certificate;

    • Server Certificate;

    • Transport Certificate (brcac type Transport Certificate, also known as Client Certificate);

    • Signature Certificate (Signature Certificate of type brseal).

You will also need the SoftwareId (contained in the software statement) and the CertificateKeyId.

  • For Sandbox: the central directory provides these values in the certificate generation interface.

  • For Production: you need to check if the certificate authority provides this with BACEN.

Finally, for the Consent Engine it is important to inform the following addresses related to the Open Insurance journey:

  • For Sandbox (for example):

    • TLS: https://auth-sandbox-sandbox.clientdomain.com.br

    • mTLS https://matls-auth-sandbox.clientdomain.com.br.

  • For Production (for example):

    • TLS: https://auth-sandbox.clientdomain.com.br

    • mTLS https://matls-auth.clientdomain.com.br.

  • URL for deploying Open Insurance regulatory APIs in api-gateway.

  • URL of the end-user login that has access to the Bank/Fintech.

  • Internal Resources URL.

  • Internal Data Permission, Finalities and Deadlines URL (the URL must be unique for the three services).

Thanks for your feedback!
EDIT
How useful was this article to you?