OnsysConnect is a secure, identity-first data-sharing platform that sits between your source systems and your consumers—web, mobile, and external REST clients. It protects every call at the edge, enforces policy at runtime, and packages datasets as subscription products with usage metering and invoicing. The result: faster integrations, stronger privacy, and new recurring revenue streams.

What OnsysConnect does

• Productizes data: Curate datasets into reusable products with versions, SLAs, and pricing.

• Controls access: Issue tokens, enforce scopes/quotas, and apply data-masking—per organisation, per subscription.

• Measures & bills: Meter usage automatically and generate invoices based on actual consumption.

• Audits everything: Capture immutable logs for compliance, analytics, and dispute resolution.

Who benefits

• Public sector (identity verification, permits, registries)

• Financial services & telco (KYC/KYB, credit & fraud checks)

• Healthcare & education (trusted exchange across institutions)

• Enterprises (partner ecosystems, supplier/retailer data feeds)

  

How it works (the flow in 8 steps)

1. Edge security: Clients hit the WAF and Reverse Proxy for threat filtering, TLS termination, and routing.

2. Authenticate: Users and service accounts sign in via Keycloak; the Identity & Access Manager resolves org, roles, and claims.

3. Discover: Providers register datasets in the Data Entity Registry and bundle them into Entity Sharing Groups.

4. Publish: Those bundles become marketable Products with terms and SLAs surfaced in the Web Application.

5. Subscribe: Consumer organisations request Subscriptions; approval issues keys/tokens, quotas, and policies.

6. Authorise at runtime: The API Authorisation & Access Manager validates tokens, scopes, rate limits, and data-access rules per call.

7. Serve data: The Custom API Manager pulls from RDBMS, existing APIs, and other sources, applying mapping, filtering, masking, and versioning.

8. Observe & bill: Audit/Logs/Analytics capture every request; Billing & Invoicing turns metered usage into subscription revenue.

Core building blocks

• Edge & Routing: WAF, Reverse Proxy (threat protection, rate limiting, routing)

• Identity & Access: Keycloak (SSO/OIDC), Identity & Access Manager (orgs, roles), API Authorisation & Access Manager (scopes, quotas, policies)

• Catalogue & Monetisation: Data Entity Registry, Entity Sharing Groups, Products, Subscriptions, Billing & Invoicing

• Integration: Custom API Manager (data mapping & masking) talking to RDBMS/APIs/other sources

• Observability: Audit, Logs & Analytics; Admin/consumer Web Application for self-service

Security & governance—by design

• Defence in depth: WAF → Proxy → Token validation → Policy checks.

• Least privilege: Org-aware roles/scopes; per-product and per-subscription policies.

• Data minimisation: Field-level masking and filtering at the integration layer.

• Proof-ready: Immutable audit trails, usage analytics, and chargeback transparency.

Business outcomes

• Faster integrations: Standardised products and self-service subscriptions cut time-to-use.

• Privacy assured: Fine-grained authorisation and masking safeguard sensitive fields.

• Revenue unlocked: Metered access + invoicing converts datasets into recurring income.

• Operational confidence: Quotas, SLAs, and analytics remove guesswork and reduce risk.

Simple scenario

A government agency publishes a Citizen Verification product sourced from its RDBMS. Banks subscribe with rate-limited, scope-bound tokens. Each API call passes the WAF/proxy, is authorised against subscription policies, and returns only the permitted fields—masked where required. Usage is logged for compliance and rolled into the bank’s monthly invoice.