openapi: 3.0.0
info:
title: UAE Confirmation of Payee API
description: '## UAE Open Finance Confirmation of Payee API Specification'
version: v1.0-draft4
tags:
- name: Discovery
- name: Verification
paths:
/confirmation-of-payee/discovery:
post:
tags:
- Discovery
operationId: >-
ConfirmationOfPayeeDiscovery_unsignedDiscoveryRequest_ConfirmationOfPayeeDiscovery_signedDiscoveryRequest
summary: Discover the LFI that will confirm the payee attributes
description: >-
Before a Confirmation of Payee (CoP) operation takes place the TPP will
need to resolve the LFI that will service the account properties
request. This requirement is based on the separation of concerns
implemented in the OFP, which ensures that the APIs for a given LFI are
always physical seperated.
At version 1.0.0 the TPP will call this endpoint with the account IBAN,
which will be used to resolve the correct URL with which to make the CoP
operation.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/x-customer-user-agent'
- $ref: '#/components/parameters/x-fapi-auth-date'
- $ref: '#/components/parameters/x-fapi-customer-ip-address'
- $ref: '#/components/parameters/x-fapi-interaction-id'
responses:
'200':
description: The request has succeeded.
contentheaders:
application/json; charset=utf-8x-fapi-interaction-id:
schemarequired: false
$refdescription: '#/components/schemas/AEVerificationDiscoveryResponse'
An RFC4122 UID used as a correlation id.
application/json: schema:
schema: type: string
$ref: '#/components/schemas/AEVerificationDiscoveryResponse'content:
application/jwt:
schema:
$ref: >-
#/components/schemas/DiscoverVerificationSourceResponseBodySigned
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: falsetrue
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'400': description: Bad request
content:
application/json; charset=utf-8jwt:
schema:
$ref: '#/components/schemas/AEErrorResponseAEErrorSignedResponse'
'401':
application/json: description: Unauthorized
schema: headers:
$ref: '#/components/schemas/AEErrorResponse'
application/jwt:
schema:
$ref: '#/components/schemas/AEErrorSignedResponse'
headers:
x-fapi-x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'401403':
description: UnauthorizedForbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403'content:
descriptionapplication/jwt:
Forbidden content: schema:
application/json; charset=utf-8: $ref: '#/components/schemas/AEErrorSignedResponse'
'404':
schema: description: Not found
$ref: '#/components/schemas/AEErrorResponse'headers:
application/jsonx-fapi-interaction-id:
schemarequired: true
description: An $ref: '#/components/schemas/AEErrorResponse'
RFC4122 UID used as a correlation id.
application/jwt: schema:
schema: type: string
$ref: '#/components/schemas/AEErrorSignedResponse'405':
headersdescription: Method Not Allowed
x-headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'404406':
description: Not foundAcceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405415':
description: MethodUnsupported NotMedia AllowedType
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406429':
description: Too NotMany AcceptableRequests
headers:
x-fapi-interaction-idretry-after:
required: true
description: AnNumber RFC4122in UIDseconds usedto aswait
a correlation id. schema:
type: stringinteger
'415': descriptionformat: Unsupported Media Type
int64
headers: x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429500':
description: TooInternal ManyServer RequestsError
headers:
retry-afterx-fapi-interaction-id:
required: true
description: NumberAn inRFC4122 secondsUID toused waitas a correlation id.
schema:
type: integerstring
formatcontent:
int64 x-fapi-interaction-idapplication/jwt:
requiredschema:
true description$ref: An RFC4122 UID used as a correlation id.'#/components/schemas/AEErrorSignedResponse'
requestBody:
required: true
schema: content:
application/jwt:
type: string '500'schema:
description: Internal Server Error $ref: '#/components/schemas/DiscoverVerificationSourceRequestBodySigned'
contentsecurity:
application/json; charset=utf-8- TPPOAuth2Security:
- openid
schema: - confirmation-of-payee
$ref: '#/components/schemas/AEErrorResponse'/confirmation-of-payee/verification:
post:
tags:
application/json: - Verification
schemaoperationId: ConfirmationOfPayeeVerification_signedVerificationRequest
summary: Verify the account details based on the parameters supplied
$ref: '#/components/schemas/AEErrorResponse' description: >-
application/jwt: Provide the properties that can be used to verify the payee account.
schema:
At version 1.0.0 this will be the account $ref: '#/components/schemas/AEErrorSignedResponse'
name and IBAN. Future version
headers: of this API may support verification through other identifiers.
x-fapi-interaction-id parameters:
- $ref: '#/components/parameters/Authorization'
required: true - $ref: '#/components/parameters/x-customer-user-agent'
- description$ref: An RFC4122 UID used as a correlation id.
'#/components/parameters/x-fapi-auth-date'
- $ref: '#/components/parameters/x-fapi-customer-ip-address'
- schema$ref: '#/components/parameters/x-fapi-interaction-id'
responses:
type'200':
string requestBody: description: The request has succeeded.
contentheaders:
application/json; charset=utf-8: x-fapi-interaction-id:
schemarequired: false
$ref: '#/components/schemas/AEVerificationDiscoveryRequest'description: An RFC4122 UID used as a correlation id.
application/jsonschema:
schema: type: string
$refcontent: '#/components/schemas/AEVerificationDiscoveryRequest'
application/jwt:
schema:
$ref: '#/components/schemas/DiscoverVerificationSourceRequestBodySignedNameVerificationResponseBodySigned'
security '400':
- TPPOAuth2Securitydescription: Bad request
-headers:
openid x- confirmationfapi-ofinteraction-payeeid:
/confirmation-of-payee/verification: post: tagsrequired: true
- Verification operationIddescription: >-An RFC4122 UID used as a correlation id.
ConfirmationOfPayeeVerification_unsignedVerificationRequest_ConfirmationOfPayeeVerification_signedVerificationRequest summary: Verify the account details based onschema:
the parameters supplied description: >- type: string
Provide the properties that can be used to verify thecontent:
payee account. Atapplication/jwt:
version 1.0.0 this will be the account name and IBAN. Future version schema:
of this API may support verification through other identifiers. parameters:
- $ref: '#$ref: '#/components/parametersschemas/AuthorizationAEErrorSignedResponse'
- $ref: '#/components/parameters/x-customer-user-agent''401':
- $refdescription: '#/components/parameters/x-fapi-auth-date'Unauthorized
- $refheaders: '#/components/parameters/x-fapi-customer-ip-address'
- $ref: '#/components/parameters/x-fapi-interaction-id':
responses: required: '200':true
description: TheAn requestRFC4122 hasUID succeeded.used as a correlation id.
content: schema:
application/json; charset=utf-8: type: string
schema: '403':
$refdescription: '#/components/schemas/AENameVerificationResponse' Forbidden
headers:
application/json: x-fapi-interaction-id:
schema: required: true
$ref: '#/components/schemas/AENameVerificationResponse' description: An RFC4122 UID used as a application/jwt:correlation id.
schema:
$reftype: '#/components/schemas/NameVerificationSignedResponse'string
headerscontent:
x-fapi-interaction-idapplication/jwt:
requiredschema:
false description$ref: An RFC4122 UID used as a correlation id.
'#/components/schemas/AEErrorSignedResponse'
'404':
schemadescription: Not found
headers:
type: string '400':x-fapi-interaction-id:
description: Bad request required: true
content: description: An RFC4122 UID used as a application/json; charset=utf-8:correlation id.
schema:
$reftype: '#/components/schemas/AEErrorResponse' string
'405':
application/json: description: Method Not Allowed
schema: headers:
$ref: '#/components/schemas/AEErrorResponse'x-fapi-interaction-id:
application/jwt:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
$ref: '#/components/schemas/AEErrorSignedResponse'type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'401415':
description: Unsupported UnauthorizedMedia Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403429':
description: ForbiddenToo Many Requests
contentheaders:
application/json; charset=utf-8retry-after:
schemarequired: true
description: $ref: '#/components/schemas/AEErrorResponse'
application/json:Number in seconds to wait
schema:
$reftype: '#/components/schemas/AEErrorResponse'integer
application/jwt: schemaformat: int64
$ref: '#/components/schemas/AEErrorSignedResponse'
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'404500':
description: Internal NotServer foundError
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405': content:
description: Method Not Allowed application/jwt:
headers: schema:
x-fapi-interaction-id: $ref: '#/components/schemas/AEErrorSignedResponse'
requiredrequestBody:
true required: true
descriptioncontent:
An RFC4122 UID used as a correlation id. application/jwt:
schema:
type$ref: string'#/components/schemas/NameVerificationRequestBodySigned'
'406'security:
- TPPOAuth2Security:
description: Not Acceptable - headers:openid
x-fapi confirmation-interactionof-idpayee
components:
parameters:
Authorization:
requiredname: trueauthorization
in: header
descriptionrequired: Antrue
RFC4122 UID used as a correlation id.description: An authorization Token as per https://tools.ietf.org/html/rfc6750
schema:
schema: type: string
x-customer-user-agent:
typename: stringx-customer-user-agent
in: header
'415': required: false
description: Indicates Unsupportedthe Mediauser-agent Typethat the User is using.
headersschema:
type: string
x-fapi-interactionauth-iddate:
name: x-fapi-auth-date
requiredin: trueheader
required: false
description: An>-
RFC4122 UID used as a correlation id. The time when the User last logged in with the TPP.
schema: All dates in the HTTP headers are represented as type:RFC string7231 Full Dates. An
'429': example is below:
description: Too Many Requests Sun, 10 Sep headers:
2017 19:43:31 UTC
retry-afterschema:
requiredtype: truestring
descriptionpattern: Number>-
in seconds to wait ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}
schema: (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4}
type: integer \d{2}:\d{2}:\d{2} (GMT|UTC)$
x-fapi-customer-ip-address:
formatname: int64x-fapi-customer-ip-address
in: header
x-fapi-interaction-id: required: false
description: The User's IP address required:if truethe User is currently logged in with the TPP.
descriptionschema:
An RFC4122 UID used as a correlation id. type: string
x-fapi-interaction-id:
schemaname: x-fapi-interaction-id
in: header
typerequired: stringfalse
'500'description: An RFC4122 UID used as a correlation id.
description: Internal Server Error schema:
contenttype: string
schemas:
AEAccountDiscovery:
application/json; charset=utf-8: type: object
required:
schema: - IdentificationType
- Identification
$ref: '#/components/schemas/AEErrorResponse' properties:
application/jsonIdentificationType:
type: string
schema: enum:
$ref: '#/components/schemas/AEErrorResponse' - UAEOF.IBAN
application/jwtIdentification:
type: string
schema: minLength: 1
$refmaxLength: '#/components/schemas/AEErrorSignedResponse'400
headersdescription: >-
x-fapi-interaction-id:
Identification for the account assigned by the LFI based on the
required: true Account Scheme Name, and as understood description: An RFC4122 UID used as a correlation id.by the payer. This
identification is known by the User account owner. For schema:IBAN, refer
to the ISO type:Standard string13616.
requestBodyadditionalProperties: false
AEAccountNameMatchIndicators:
content type: string
enum:
application/json; charset=utf-8: - UAEOF.ConfirmationOfPayee.Yes
schema: - UAEOF.ConfirmationOfPayee.No
AEAccountVerificationProperties:
$reftype: '#/components/schemas/AENameVerificationRequest'object
required:
application/json: - IdentificationType
schema: - Identification
- Name
$ref: '#/components/schemas/AENameVerificationRequest' properties:
application/jwt: IdentificationType:
schematype: string
enum:
$ref: '#/components/schemas/NameVerificationRequestBodySigned' security: - UAEOF.IBAN
- TPPOAuth2Security: Identification:
-type: openidstring
minLength: 1
- confirmation-of-payee components: parameters: AuthorizationmaxLength: 400
name: authorization description: >-
in: header required: true Identification for the account assigned description:by Anthe authorizationLFI Tokenbased ason per https://tools.ietf.org/html/rfc6750the
schema: Account Scheme Name, and type:as stringunderstood by the payer. x-customer-user-agent:This
name: x-customer-user-agent identification is known in:by headerthe User account owner. For IBAN, refer
required: false description: Indicates the user-agent thatto the UserISO isStandard using13616.
schema Name:
type: string
x-fapi-auth-date: minLength: 1
name: x-fapi-auth-date inmaxLength: header70
required: false description: >-
description: >- The account timename whenis the Username lastor loggednames inof withthe theUser TPP. account owner(s)
All dates in therepresented HTTPat headersan areaccount representedlevel, as RFCunderstood by 7231the Fullpayer
Dates. An additionalProperties: false
example is belowAEError:
type: object
Sun, 10 Sep 2017 19:43required:31
UTC schema: - Code
type: string - Message
patternproperties:
>- ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4}
\d{2}:\d{2}:\d{2} (GMT|UTC)$
x-fapi-customer-ip-address:
name: x-fapi-customer-ip-address
in: header
required: false
description: The User's IP address if the User is currently logged in with the TPP.
schema:
type: string
x-fapi-interaction-id:
name: x-fapi-interaction-id
in: header
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
schemas:
AEAccountDiscovery:
type: object
required:
- IdentificationType
- Identification
properties:
IdentificationType:
type: string
enum:
- UAEOF.IBAN
Identification:
type: string
minLength: 1
maxLength: 400
description: >-
Identification for the account assigned by the LFI based on the
Account Scheme Name, and as understood by the payer. This
identification is known by the User account owner. For IBAN, refer
to the ISO Standard 13616.
additionalProperties: false
AEAccountVerificationProperties:
type: object
required:
- IdentificationType
- Identification
- Name
properties:
IdentificationType:
type: string
enum:
- UAEOF.IBAN
Identification:
type: string
minLength: 1
maxLength: 400
description: >-
Identification for the account assigned by the LFI based on the
Account Scheme Name, and as understood by the payer. This
identification is known by the User account owner. For IBAN, refer
to the ISO Standard 13616.
Name:
type: string
minLength: 1
maxLength: 70
description: >-
The account name is the name or names of the User account owner(s)
represented at an account level, as understood by the payer
additionalProperties: false
AEError:
type: object
required:
- Code
- Message
properties:
Code:
allOf:
- $ref: '#/components/schemas/AEErrorCode'
description: Low level textual error code, e.g., UAEOF.Field.Missing
Message:
type: string
minLength: 1
maxLength: 500
description: >-
A description of the error that occurred. e.g., 'A mandatory field
isn't supplied' or 'RequestedExecutionDateTime must be in future'
UAEOF doesn't standardise this field
Path:
type: string
Code:
minLength: 1
maxLengthallOf:
500 description: >-
Recommended but optional reference to the JSON Path of the field
with error, e.g., Data.Initiation.InstructedAmount.Currency
Url:
type: string- $ref: '#/components/schemas/AEErrorCode'
description: Low >-level textual error code, e.g., UAEOF.Field.Missing
URLMessage:
to help remediate the problem, or provide more information, or type: string
tominLength: API1
Reference, or help etc descriptionmaxLength: Error500
additionalProperties: false description: >-
AEErrorCode: type: string A description of enum:the error that occurred. e.g., 'A mandatory field
- UAEOF.AccessToken.Unauthorized - UAEOF.AccessToken.InvalidScope
isn't supplied' or 'RequestedExecutionDateTime must be in future'
- UAEOF.Consent.Revoked - UAEOF.Consent.TransientAccountAccessFailure
doesn't standardise this field
- UAEOF.Consent.AccountTemporarilyBlocked Path:
- UAEOF.Consent.PermanentAccountAccessFailure type: string
- UAEOF.Consent.Invalid minLength: 1
- UAEOF.JWS.InvalidSignature maxLength: -500
UAEOF.JWS.Malformed - UAEOF.JWS.InvalidClaim
description: >-
- UAEOF.JWS.InvalidHeader Recommended but optional reference to -the UAEOF.GenericRecoverableErrorJSON Path of the field
- UAEOF.GenericError with - UAEOF.JWE.DecryptionErrorerror, e.g., Data.Initiation.InstructedAmount.Currency
Url:
- UAEOF.JWE.InvalidHeader type: string
- UAEOF.Event.UnexpectedEvent description: >-
UAEOF.Body.InvalidFormat - UAEOF.Resource.InvalidResourceId URL to help remediate the problem, or - UAEOF.Resource.InvalidFormat
provide more information, or
- UAEOF.Consent.BusinessRuleViolation AEErrorResponse:to API Reference, or help etc
type: object description: Error
required: additionalProperties: false
- ErrorsAEErrorCode:
propertiestype: string
enum:
Errors: - UAEOF.AccessToken.Unauthorized
type: array - UAEOF.AccessToken.InvalidScope
items: - UAEOF.Consent.Revoked
$ref: '#/components/schemas/AEError' - UAEOF.Consent.TransientAccountAccessFailure
- UAEOF.Consent.AccountTemporarilyBlocked
minItems: 1 description: >- UAEOF.Consent.PermanentAccountAccessFailure
An array of detail error codes, and messages, and URLs to documentation
- UAEOF.Consent.Invalid
- UAEOF.JWS.InvalidSignature
to help- remediation.UAEOF.JWS.Malformed
additionalProperties: false- UAEOF.JWS.InvalidClaim
AEErrorSignedResponse: - UAEOF.JWS.InvalidHeader
type: object - required:UAEOF.GenericRecoverableError
- issUAEOF.GenericError
- expUAEOF.JWE.DecryptionError
- nbfUAEOF.JWE.InvalidHeader
- messageUAEOF.Event.UnexpectedEvent
properties: - UAEOF.Body.InvalidFormat
iss: - UAEOF.Resource.InvalidResourceId
type: string - UAEOF.Resource.InvalidFormat
description: >- UAEOF.Consent.BusinessRuleViolation
AEErrorResponse:
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
type: object
exprequired:
- Errors
type: number properties:
description: >- Errors:
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4) type: array
nbfitems:
type: number$ref: '#/components/schemas/AEError'
minItems: 1
description: >-
An array of detail error [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)codes, and messages, and URLs to documentation
to help remediation.
additionalProperties: false
aud: AEErrorSignedResponse:
type: object
array required:
items: - iss
- type:exp
string - nbf
description: >- - message
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)properties:
iatiss:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.61](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.61)
messageexp:
$reftype: '#/components/schemas/AEErrorResponse'number
description: Signed error response payload
additionalProperties: false description: >-
AENameVerificationRequest: type: object[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
requirednbf:
- Data type: number
properties: description: >-
Data: $ref: '#/components/schemas/AEAccountVerificationProperties'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
additionalProperties: false aud:
AENameVerificationResponse: type: objectarray
required: items:
- Data type: string
- Links properties: description: >-
Data: $ref: '#/components/schemas/AEVerifiedProperties'
Links:
$ref: '#/components/schemas/LinksSelf'
additionalProperties: false
AEOkResponse:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
typeiat:
object additionalProperties: false AEVerificationDiscoverytype: number
$ref: '#/components/schemas/AEAccountDiscovery' AEVerificationDiscoveryRequestdescription: >-
type: object required:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
-message:
Data properties: Data$ref: '#/components/schemas/AEErrorResponse'
description: $ref: '#/components/schemas/AEVerificationDiscovery'Signed error response payload
additionalProperties: false
AEVerificationDiscoveryResponseAENameVerificationRequest:
type: object
required:
- Data
- Links
properties:
Data:
$ref: '#/components/schemas/AEVerificationSourcePropertiesAEAccountVerificationProperties'
additionalProperties: false
Links: AENameVerificationResponse:
$reftype: '#/components/schemas/LinksSelf'object
additionalPropertiesrequired:
false AEVerificationSourceProperties: - Data
type: object - Links
required: - VerificationUrlMeta
properties:
VerificationUrlData:
type: string$ref: '#/components/schemas/AEVerifiedProperties'
Links:
minLength$ref: 1'#/components/schemas/LinksSelf'
Meta:
maxLength: 500 $ref: '#/components/schemas/Meta'
descriptionadditionalProperties: URLfalse
at which the Confirmation of Payee operation should be invokved AEVerificationDiscovery:
additionalProperties$ref: false'#/components/schemas/AEAccountDiscovery'
AEVerifiedPropertiesAEVerificationDiscoveryRequest:
type: object
required:
- AccountNameMatchedData
properties:
AccountNameMatchedData:
type: boolean$ref: '#/components/schemas/AEVerificationDiscovery'
additionalProperties: false
description AEVerificationDiscoveryResponse:
>- type: object
Indicator forrequired:
whether the payee name is matched with the account- Data
- Links
name held at the LFI - Meta
additionalProperties: false properties:
DiscoverVerificationSourceRequestBodySigned: typeData:
object required$ref: '#/components/schemas/AEVerificationSourceProperties'
Links:
- iss - exp$ref: '#/components/schemas/LinksSelf'
Meta:
- nbf - message$ref: '#/components/schemas/Meta'
propertiesadditionalProperties: false
AEVerificationSourceProperties:
iss: type: object
typerequired:
string - AuthorizationServerUrl
description: >- - ResourceServerUrl
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)properties:
expAuthorizationServerUrl:
type: numberstring
description: >-minLength: 1
maxLength: 500
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4) description: >-
nbf: Authorization Server type:URL numberat which an Access Token to invoke the
description: >- Confirmation of Payee operation [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)should be sought
audResourceServerUrl:
type: arraystring
itemsminLength: 1
typemaxLength: string500
description: >-
Resource Server URL at which the Confirmation of Payee operation
should [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
be invoked
additionalProperties: false
AEVerifiedProperties:
type: object
iatrequired:
- type: numberAccountNameMatchIndicator
properties:
AccountNameMatchIndicator:
descriptionallOf:
>- - [https$ref: '#//www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
components/schemas/AEAccountNameMatchIndicators'
description: >-
Indicator for whether the payee name is matched with the account
message: name held at $ref: '#/components/schemas/AEVerificationDiscoveryRequest'the LFI
additionalProperties: false
DiscoverVerificationSourceResponseBodySignedDiscoverVerificationSourceRequestBodySigned:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/AEVerificationDiscoveryResponseAEVerificationDiscoveryRequest'
additionalProperties: false
DiscoverVerificationSourceSignedRequestDiscoverVerificationSourceResponseBodySigned:
type: object
required:
- requestBodyiss
properties: - exp
requestBody: - nbf
$ref: '#/components/schemas/DiscoverVerificationSourceRequestBodySigned'
- message
additionalProperties: false properties:
DiscoverVerificationSourceSignedResponse: typeiss:
object required: type: string
- response propertiesdescription: >-
response: $ref: '#/components/schemas/DiscoverVerificationSourceResponseBodySigned'
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
allOf: exp:
- $ref: '#/components/schemas/AEOkResponse' additionalPropertiestype: falsenumber
DiscoverVerificationSourceUnsignedRequest: typedescription: object>-
required: [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
- requestBody nbf:
properties: requestBodytype: number
$refdescription: '#/components/schemas/AEVerificationDiscoveryRequest'>-
additionalProperties: false DiscoverVerificationSourceUnsignedResponse:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
type aud:
object required: type: array
- response items:
properties: response: type: string
$ref: '#/components/schemas/AEVerificationDiscoveryResponse' description: >-
allOf: - $ref: '#/components/schemas/AEOkResponse'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
additionalProperties: false iat:
LinksSelf: type: number
object required: description: >-
- Self properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
Selfmessage:
$ref: '#/components/schemas/SelfAEVerificationDiscoveryResponse'
descriptionadditionalProperties: false
Links relevant to the resourceDiscoverVerificationSourceSignedRequest:
additionalPropertiestype: falseobject
NameVerificationRequestBodySigned: required:
type: object - requestBody
required: properties:
- iss requestBody:
- exp $ref: '#/components/schemas/DiscoverVerificationSourceRequestBodySigned'
- nbf additionalProperties: false
- messageLinksSelf:
propertiestype: object
issrequired:
- Self
type: string properties:
description: >- Self:
[https$ref: '#//www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)components/schemas/Self'
description: Links exp:relevant to the resource
typeadditionalProperties: numberfalse
Meta:
description: >- type: object
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
description: Metadata relevant to the resource
nbf: additionalProperties: false
NameVerificationRequestBodySigned:
type: number type: object
description required:
>- - iss
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5) - exp
aud: - nbf
type: array - message
items: properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.31](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.31)
iatexp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.64](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.64)
messagenbf:
$reftype: '#/components/schemas/AENameVerificationRequest'number
additionalProperties: false NameVerificationResponseBodySigneddescription: >-
type: object required:
- iss
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
- exp aud:
- nbf type: array
- message properties:
items:
iss: type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.13](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.13)
expiat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.46](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.46)
nbfmessage:
type: number$ref: '#/components/schemas/AENameVerificationRequest'
additionalProperties: false
descriptionNameVerificationResponseBodySigned:
>- type: object
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)required:
- iss
- exp
aud: - nbf
type: array - message
itemsproperties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.31](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.31)
iatexp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.64](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.64)
messagenbf:
$reftype: '#/components/schemas/AENameVerificationResponse'number
additionalProperties: false NameVerificationSignedRequestdescription: >-
type: object required:
- requestBody
properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
requestBodyaud:
$reftype: '#/components/schemas/NameVerificationRequestBodySigned'array
additionalProperties: false NameVerificationSignedResponseitems:
type: object requiredtype: string
- response propertiesdescription: >-
response: $ref: '#/components/schemas/NameVerificationSignedResponse'
allOf:
- $ref: '#/components/schemas/AEOkResponse'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
additionalProperties: false iat:
NameVerificationUnsignedRequest: type: objectnumber
required: description: >-
- requestBody properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
requestBodymessage:
$ref: '#/components/schemas/AENameVerificationRequestAENameVerificationResponse'
additionalProperties: false
NameVerificationUnsignedResponseNameVerificationSignedRequest:
type: object
required:
- responserequestBody
properties:
responserequestBody:
$ref: '#/components/schemas/AENameVerificationResponse'
allOf:
- $ref: '#/components/schemas/AEOkResponseNameVerificationRequestBodySigned'
additionalProperties: false
Self:
type: string
format: uri
description: A link to the current resource
securitySchemes:
TPPOAuth2Security:
type: oauth2
description: >-
TPP confidential client authorization with the LFI to stage a consent.
**Please refer to [OpenID FAPI Security Profile 1.0 -Part 2
Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-server)
- 5.2.2 point 14 - shall authenticate the confidential client using one
of the following methods private_key_jwt and [OpenID Connect Core
1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
9. Client Authentication private_key_jwt**
flows:
clientCredentials:
tokenUrl: https://authserver.example/token
scopes:
openid: Activates OpenID Connect Support
confirmation-of-payee: Right to invoke a Confirmation of Payee operation
accounts: Ability to read Accounts Information
insurance: Right to read insurance policies
|