Page Comparison

...

1. A User will initiate a consent from a TPP's mobile or web app.
   

2. The User will be redirected to the LFI's mobile or web app to authorise the consent.

   1. The LFI need needs to adapt their mobile and/or web app to receive the redirect and parameters passed over from the TPP.

   2. The LFI will use the API Hub Authorisation Server to verify the request and the parameters.
      

3. The User will go through SCA (Strong Customer Authentication), review the consent, and authorise/reject it.

   1. The LFI needs to adapt their mobile and/or web app to display the consent authorisation screens.

   2. Each consent type will have different information to display to the user.

   3. All screens and the required UX guideline will be provided as part of the Open Finance Standards.

   4. The LFI will use the Consent Manager and the Authorisation Server to communicate the outcome of the consent authorisation.

   5. The User will be redirected back to the TPP's mobile or web app.

   6. The API Hub will generate the redirect url & access token.
      

4. The TPP will receive an access token to allow appropriate actions under the conditions of the consent on the User's account(s).

   1. The Ozone Connect API will be responsible for serving data for action service initiation.

For a visualisation of this flow please see this figma presentation

...

1. Provide a connection from their own Pre-Production and Production systems into the API Hub’s Pre-Production and Production environments. These connections will be secured using MTLS.

2. Build an integration into the API Hub based on the Ozone Connect API specification.

3. Adapt their own existing web and mobile apps to:

   1. accept a redirection from the User into their web/mobile app.

   2. provide consent authorisation screen(s) to enable the User to authorise each relevant API request.

   3. provide a consent dashboard to allow Users to view or revoke consents.

4.2 LFI and API Hub Integration Lifecycle

1. LFI and Ozone each deploy environment infrastructure for Pre-Production and Production.

2. LFI creates certificates using the OFTF - Ozone to provide guidance.

3. LFI and Ozone verifies MTLS connectivity in both directions:

   1. LFI to the Consent Manager and Authorisation server.

   2. Ozone to the LFI Ozone Connect server.

4. LFI builds the Consent Authorisation flows by adapting their existing mobile and/or web apps.

5. LFI builds the Ozone Connect API integrated with their Core Banking systems.

6. Testing, CX certification.

7. Go live.

4.3 API Hub User Guide

The API Hub Software Development Kit (SDK) will include:

1. API Hub Integration Overview for LFIs

2. https://openfinanceuae.atlassian.net/wiki/spaces/APIHubDocsv3/pages/edit-v2/134938667#3.4-Sequence-Diagrams

3. API Hub LFI Implementation Plan

4. API Hub Consent Manager API Specification

5. API Hub Authorisation Server API Specification

6. API Hub Ozone Connect API Specification - Bank Data Sharing

7. API Hub Ozone Connect API Specification - Bank Service Initiation

8. API Hub Admin Portal - LFI User Guide

9. API Hub Reporting Datasets

10. Postman collection to simulate TPP journey and LFI / Ozone integration.

11. Supporting documentation - FAQs, video tutorials, data mapping.

Additionally the Open Finance Standards will define the required UX for Consent Authorisation including:

• https://openfinanceuae.atlassian.net/wiki/x/VoncBQ

• Bank Service Initiation

• Insurance

...