Versions Compared

Version Old Version 14 New Version 15
Changes made by

Isla Humphreys

Isla Humphreys

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Expand
titleMENU
Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printabletrue

1. Introduction

This document describes the different components involved in delivering the integration between the API Hub and a LFI. The goal is to give a clear picture of which components exist, how they are used and what is expected to be delivered by each party.

2. Open Finance Authorisation Flow

As defined in the CBUAE Open Finance Standards, the Authorisation flow is the process that a User undergoes to authorise consent for a TPP to access account(s) held at an LFI.

...

For a visualisation of this flow please see this figma presentation

3. The API Hub

The API Hub is a fully featured Open API platform, developed and maintained by Ozone, which sits between each LFI’s network and the TPPs. It includes a number of components or modules which work together to take away all the complexity from the LFIs in providing an Open Finance API.

3.1 API Hub Network Diagram

Screenshot 2024-07-09 at 09.42.17.png

3.2 Infrastructure

Each LFI will have two environments that will be integrated with the API Hub, Pre-Production and Production.

All two-way traffic between the API Hub and the LFI environments will be secured using MTLS. Certificates will be issued by the OFTF, and Ozone will provide one-on-one guidance throughout this process.

3.3 Role of the API Hub

The API Hub will:

  1. Provide a single industry sandbox which simulates a single LFI, with rich synthetic data and a postman collection for each API request/response defined in the Open Finance Standard.

  2. Provide each LFI with dedicated Pre-Production and Production API gateways accessible to TPPs.

  3. Ensure that the externally facing API adheres strictly to the Open Finance Standard, including the FAPI security profile, data model, and API operations for each endpoint.

  4. Integrate with the Open Finance Trust Framework (OFTF) to ensure that ONLY licensed TPPs can access the APIs and that they can ONLY access API sets within the scope of their licensed role(s).

  5. Manage the User’s consent, to act as the single source of truth regarding this consent and to ensure that the TPP can only access APIs (for data sharing, service initiation or insurance) within the parameters of this consent.

  6. Provide the CBUAE with all required reporting regarding usage, availability and performance.

As a result, LFIs are not required to provide an externally facing API, manage TPP identities or permissions, or handle consent parameters for each API request.

3.4 Sequence Diagrams

The following sequence diagrams explain the interactions between the User, the TPP, the API Hub and the LFI.

...

3.5 Key API Hub Components

In order to deliver the end to end journey for the User, the following APIs will be deployed.

...

Component

Provider

Consumer

Interface

Description

Connection

Usage

Authorisation Server

API Hub

LFI

API

  • Swagger specification will be made available.

  • Exposes endpoints to the LFI to support:

    • Consent Authorisation.

    • Access token issuing.

MTLS

Authorisation Flow

Consent Manager

API Hub

LFI

API

  • Swagger specification will be made available.

  • TPPs do not connect to the consent manager directly.

  • Exposes endpoints to the LFI to support:

    • Consent Authorisation.

    • Consent management and reporting.

MTLS

Authorisation Flow

Consent Dashboard

Ozone Connect

LFI

API Hub

API

  • Swagger specification will be made available for Data Sharing, Service Initiation and Insurance.

  • TPPs do not connect to the Ozone Connect API directly.

  • The Ozone Connect API is an interface on top of the LFI core banking system. LFIs will be responsible for the mapping between their core banking system and the Ozone Connect API specification.

  • LFIs only implement the Ozone Connect API endpoints to support their existing offering i.e:
    Data Sharing: Accounts, Balance, Transactions etc.

    Service Initiation: Domestic payment, Standing Orders, International Payments etc.
    Insurance: Motor insurance quotes.

MTLS

Data Sharing

Service Initiation

Insurance

Health Check API APIs

LFI

API HUB

API

  • Swagger specification will be made available.

  • These APIs should be implemented by the LFI so that the API Hub can ensure that the institution's Ozone Connect implementation is up and running.

  • Integration testing and verifications.

  • Health checks.

MTLS

Service Availability

Health Checks

Integration QA

Consent Event & Action APIs

LFI

API HUB

API

  • Swagger specification will be made available.

  • Optional. Used by financial institution to get a notification for updated consent.

  • Optional. Consent augmentation for LFIs to add additional information for some use cases.

  • Optional. Consent validation for LFI to apply additional validation before the consent is created.

MTLS

Event notifications

Action calls

4. LFI Integration Guide

4.1 LFI Responsibilities

In summary, LFIs need to do three things:

  1. Provide a connection from their own Pre-Production and Production systems into the API Hub’s Pre-Production and Production environments. These connections will be secured using MTLS.

  2. Build an integration into the API Hub based on the Ozone Connect API specification.

  3. Adapt their own existing web and mobile apps to:

    1. accept a redirection from the User into their web/mobile app.

    2. provide consent authorisation screen(s) to enable the User to authorise each relevant API request.

    3. provide a consent dashboard to allow Users to view or revoke consents.

4.2 LFI and API Hub Integration Lifecycle

  1. LFI and Ozone each deploy environment infrastructure for Pre-Production and Production.

  2. LFI creates certificates using the OFTF - Ozone to provide guidance.

  3. LFI and Ozone verifies MTLS connectivity in both directions:

    1. LFI to the Consent Manager and Authorisation server.

    2. Ozone to the LFI Ozone Connect server.

  4. LFI builds the Consent Authorisation flows by adapting their existing mobile and/or web apps.

  5. LFI builds the Ozone Connect API integrated with their Core Banking systems.

  6. Testing, CX certification.

  7. Go live.

4.3 API Hub User Guide

The API Hub Software Development Kit (SDK) will include:

  1. API Hub Integration Overview for LFIs

  2. https://openfinanceuae.atlassian.net/wiki/spaces/APIHubDocsv3/pages/edit-v2/134938667#3.4-Sequence-Diagrams

  3. API Hub LFI Implementation Plan

  4. API Hub Consent Manager API Specification

  5. API Hub Authorisation Server API Specification

  6. API Hub Ozone Connect API Specification - Bank Data Sharing

  7. API Hub Ozone Connect API Specification - Bank Service Initiation

  8. API Hub LFI Admin Portal - LFI User Guide

  9. API Hub Reporting Datasets (to be deleted)

  10. Postman collection to simulate TPP journey and LFI / Ozone integration.

  11. Supporting documentation - FAQs, video tutorials, data mapping.

...

4.4 Support for LFIs

Ozone will engage with LFIs who are onboarding onto the OFP via a series of open engagement sessions. These will be technically focused session and should be attended by the LFI’s technical teams. They will run from to . Ozone will then conduct bilateral sessions providing one-to-one support and guidance to LFIs through the integration lifecycle. These will start from the week commencing .

...