Getting Started
Architecture Overview
The Open Innovation platform allows a contributor to build and embed plugins into Central 1’s online banking and public website platforms. Because the platform is technology agnostic, you can develop plugins using your existing or favored technology stack. And as a contributor, you will be responsible for developing, hosting, and maintaining your plugin’s frontend and backend code.
The platform provides interfaces to enable seamless integration of plugins, including:
- Preferences & Configuration
- Theming
- Single Sign-On
- System-to-System Data Exchange
A secure backchannel API enables single sign-on and data exchange from the online banking platform to the contributor’s backend system through a tokenbased mechanism. Data shared through the backchannel API is tied to the specific user’s online banking session. By calling the API, the contributors backend system can identify the user and tenant in question. Account and contact information are also available through the API. For particulars, see the single sign-on sequence diagram.
Only authenticated users can access pages containing plugins on online banking platforms. Unauthenticated users can access plugins on public websites, but single sign-on and secure data exchange are not supported on the public website platform.
Forge Community Contributor Requirements
Central 1 continues to refine the set of minimum requirements needed to contribute to the Forge Community. Broadly put, as long as contributors meet the Canadian regulatory requirements, and Central 1 code structure guidelines then your creation will qualify for the Forge Community.
Plugins can be developed in any programming language.
UX plugins must be developed to ensure inheritance of theming standards. Furthermore, the use of specific client brands (fonts, logos, colours) which cannot be configured is not permitted.
Plugins that store or access tenant data must support multitenancy. Furthermore, they must not be used to export Personal Identifiable Information (PII) and must meet the Payment Card Industry Data Security Standard (PCI DSS). Any data access must do so via declared Capability Data Contracts.
All contributors to the Forge Community must complete a self-assessment of the security of their Plugin according to a process determined by Central 1, which may include such items as code scan reports (for code quality and security) and penetration testing reports that will be prepared by the Contributor and submitted to Central 1 on a periodic basis. In addition, Central 1 uses a third party tool to monitor security risks to Digital Banking on a continuous basis.
All contributions to the Forge Community must meet the Web Content Accessibility Guidelines (WCAG) 2.0 AA standards (https://www.w3.org/WAI/tutorials).
All contributions to the Forge Community must be built in such a way that is contained within a single plugin. Adverse effects on other plugins or on the digital platform (both functional and cosmetic) will not be permitted.