...
Awesome api app render macro | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
openapi: 3.0.1 servers: - url: https://<your-ozone-connect-server> info: title: Ozone Connect - Service Initiation APIs description: | This document provides an API description in [OpenAPI](https://spec.openapis.org/oas/v3.0.1.html) for Service Initiation APIs for Ozone Connect. These APIs should be implemented by a Financial Institution so that Ozone can deliver Service Initiation capabilities to TPPs ### Changes in Release 2024.46.0 * Changed PersonalIdentifiableInformation to optional in AEPaymentRequest * Changed AERisk object to provide details of enhanced risk data encrypted as the payload of the JWE * Correct casing of properties in `post /payments` operation * Added payment file upload operation * Added file payment consent operation * Changed `tpp` property in `post /payments` to provide more information about the TPP and the Client software statement * Removed `FollowingServiceLevel` enum from `CurrencyRequest.ChargeBearer` * Removed `PaymentSequenceNumber` from `instruction.PaymentSequenceNumber` #### Changes in Release 2024.43.0 * Added `OpenFinanceBilling` object to request and response body of POST Payments and in GET Payments. #### Changes in Release 2024.37.0 * Added `default` response to each operation to aid understanding of error handling requirements. * Added missing `description` properties through the document. * Removed `additionalProperties: true` as not required and causes tooling issues #### Changes in Version 2024.34.1 * Removed propagateError field from the Error object. * Update exchangeRate and rateType properties * Refactored Security Scheme Objects to use common definitions across all API Hub APIs * Implemented the correct Security Requirements for this API description, reflecting security patterns available in API Hub #### Changes in Version 2024.34 * Introduced new endpoint Get /payment-consents/{consentId}/refund. * Cosmetic changes - Request Response Changes contact: name: Ozone Financial Technology Limited version: 2024.46.0 tags: - name: payments description: | APIs that should be implemented by Financial Institutions to expose Service Initiation capability to TPPs. security: - {} - OzoneConnectApiKey: [] - OzoneConnectClientCredentials: [ "placeholder" ] - OzoneConnectJwtAuth: [] paths: /payments: post: tags: - payments summary: Make a payment description: | This API is called by Ozone Connect to instruct a Financial Institution to initiate a payment once it has received a payment instruction from a TPP that has passed all local validations. The Financial Institution must process the payment and indicate a failure response (if the payment fails technical validation) or a success response (if the payment passess technical validation and is submitted to the payment rails for processing) The Financial Institution must generate a unique `PaymentId` that can be sent on to the TPP as a reference for the payment. If the underlying consent has been patched with a `bankConnectToken`, then the token is passed in as the authorization header. operationId: makePayment parameters: # common header parameters that set context - $ref: "#/components/parameters/providerId" - $ref: "#/components/parameters/aspspId" - $ref: "#/components/parameters/callerOrgId" - $ref: "#/components/parameters/callerClientId" - $ref: "#/components/parameters/callerSoftwareStatementId" - $ref: "#/components/parameters/apiUri" - $ref: "#/components/parameters/apiOperation" - $ref: "#/components/parameters/consentId" - $ref: "#/components/parameters/callerInteractionId" - $ref: "#/components/parameters/ozoneInteractionId" - $ref: "#/components/parameters/psuIdentifier" security: - {} - OzoneConnectApiKey: [] - OzoneConnectClientCredentials: [ "placeholder" ] - OzoneConnectJwtAuth: [] - OzoneConnectServiceInitiationToken: [] requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/PaymentPostRequest" responses: '201': description: successful operation content: application/json: schema: $ref: "#/components/schemas/AEPaymentIdResponse" '400': description: failed operation content: application/json: schema: $ref: "#/components/schemas/Error" default: $ref: "#/components/responses/Error" /payments/{paymentId}: get: operationId: getPayment tags: - payments summary: Get a payment description: | Ozone can call this API from Financial Institutions to retrieve payment information. parameters: # common header parameters that set context - $ref: "#/components/parameters/providerId" - $ref: "#/components/parameters/aspspId" - $ref: "#/components/parameters/callerOrgId" - $ref: "#/components/parameters/callerClientId" - $ref: "#/components/parameters/callerSoftwareStatementId" - $ref: "#/components/parameters/apiUri" - $ref: "#/components/parameters/apiOperation" - $ref: "#/components/parameters/consentId" - $ref: "#/components/parameters/callerInteractionId" - $ref: "#/components/parameters/ozoneInteractionId" - $ref: "#/components/parameters/psuIdentifier" - $ref: "#/components/parameters/paymentId" responses: '200': description: successful operation content: application/json: schema: $ref: "#/components/schemas/AEPaymentIdResponse" '400': description: failed operation content: application/json: schema: $ref: "#/components/schemas/Error" default: $ref: "#/components/responses/Error" /payments/{paymentId}/report-file: get: tags: - payments summary: report file for bulk payments description: | This API is called by Ozone Bank Connect to get a report file for a set of bulk payments operationId: reportFile parameters: # common header parameters that set context - $ref: "#/components/parameters/providerId" - $ref: "#/components/parameters/aspspId" - $ref: "#/components/parameters/callerOrgId" - $ref: "#/components/parameters/callerClientId" - $ref: "#/components/parameters/callerSoftwareStatementId" - $ref: "#/components/parameters/apiUri" - $ref: "#/components/parameters/apiOperation" - $ref: "#/components/parameters/consentId" - $ref: "#/components/parameters/callerInteractionId" - $ref: "#/components/parameters/ozoneInteractionId" - $ref: "#/components/parameters/psuIdentifier" - $ref: "#/components/parameters/paymentId" responses: '200': description: successful operation content: '*/*': schema: type: string description: Any content type. '400': description: failed operation content: application/json: schema: $ref: "#/components/schemas/Error" default: $ref: "#/components/responses/Error" /payment-consents: post: tags: - payments summary: Create a payment consent for file payment operations description: | This operation allows a consent to be created for Bulk/Batch payment operations **ONLY**. This is supported due to the ordering of Bulk/Batch payment instructions, where the Pushed Authorization Request is submitted and the payment file is then uploaded before Authentication and Authorization takes place. Creating the consent at the LFI allows the payment file data to be validated on receipt. Please note that the Consent Manager API continues to be the source-of-truth for all consent types. operationId: createBulkBatchPaymentConsent requestBody: description: Properties of the file payment consent. content: application/json: schema: description: The properties of a file payment consent type: object required: - consentId - request properties: consentId: $ref: "#/components/schemas/AEConsentId" request: $ref: '#/components/schemas/AEFilePaymentConsent' parameters: - $ref: "#/components/parameters/providerId" - $ref: "#/components/parameters/aspspId" - $ref: "#/components/parameters/callerOrgId" - $ref: "#/components/parameters/callerClientId" - $ref: "#/components/parameters/callerSoftwareStatementId" - $ref: "#/components/parameters/apiUri" - $ref: "#/components/parameters/apiOperation" - $ref: "#/components/parameters/consentId" - $ref: "#/components/parameters/callerInteractionId" - $ref: "#/components/parameters/ozoneInteractionId" - $ref: "#/components/parameters/psuIdentifier" responses: '201': description: File payment consent successfully created '400': description: failed operation content: application/json: schema: $ref: "#/components/schemas/Error" default: $ref: "#/components/responses/Error" /payment-consents/{consentId}/file: post: tags: - payments summary: Submit payment instruction file for bulk/batch payments description: This operation allows a Bulk/Batch payment file to be transmitted to the LFI. The data herein will be encoded according to the format already supported by the LFI, with the API Hub acting as a passthrough. operationId: createBulkBatchPaymentInstructionFile requestBody: description: File containing payment instructions in LFI prescribed format content: '*/*': schema: type: string parameters: - $ref: "#/components/parameters/providerId" - $ref: "#/components/parameters/aspspId" - $ref: "#/components/parameters/callerOrgId" - $ref: "#/components/parameters/callerClientId" - $ref: "#/components/parameters/callerSoftwareStatementId" - $ref: "#/components/parameters/apiUri" - $ref: "#/components/parameters/apiOperation" - $ref: "#/components/parameters/consentId" - $ref: "#/components/parameters/callerInteractionId" - $ref: "#/components/parameters/ozoneInteractionId" - $ref: "#/components/parameters/psuIdentifier" - name: consentId in: path schema: type: string required: true description: | Identifies the consent by an id responses: '204': description: File uploaded successfully '400': description: failed operation content: application/json: schema: $ref: "#/components/schemas/Error" default: $ref: "#/components/responses/Error" /payment-consents/{consentId}/refund: get: tags: - payments summary: Retrieve a Payment Consent description: | Ozone can call this API from Financial Institutions to retrieve payment information. operationId: getRefund parameters: # common header parameters that set context - $ref: "#/components/parameters/providerId" - $ref: "#/components/parameters/aspspId" - $ref: "#/components/parameters/callerOrgId" - $ref: "#/components/parameters/callerClientId" - $ref: "#/components/parameters/callerSoftwareStatementId" - $ref: "#/components/parameters/apiUri" - $ref: "#/components/parameters/apiOperation" - $ref: "#/components/parameters/consentId" - $ref: "#/components/parameters/callerInteractionId" - $ref: "#/components/parameters/ozoneInteractionId" - $ref: "#/components/parameters/psuIdentifier" - name: consentId in: path schema: type: string required: true description: | Identifies the consent by an id responses: '200': description: successful operation content: application/json: schema: $ref: "#/components/schemas/RefundGetResponse" '400': description: failed operation content: application/json: schema: $ref: "#/components/schemas/Error" default: $ref: "#/components/responses/Error" components: responses: Error: description: Default error response content: application/json: schema: $ref: "#/components/schemas/Error" schemas: PaymentPostRequest: description: The properties of a payment request type: object properties: requestUrl: type: string description: | The (Ozone) URL at which the TPP requested for the payment paymentType: $ref: "#/components/schemas/PaymentType" request: $ref: "#/components/schemas/AEPaymentAndFilePaymentRequest" requestHeaders: $ref: "#/components/schemas/PaymentRequestHeaders" tpp: $ref: "#/components/schemas/tpp" supplementaryInformation: $ref: "#/components/schemas/SupplementaryInformation" required: - paymentType - request - requestHeaders - tpp additionalProperties: false AEPaymentAndFilePaymentRequest: description: The payment request body as received from the TPP oneOf: - $ref: "#/components/schemas/AEPaymentRequest" - $ref: "#/components/schemas/AEFilePaymentRequest" AEPaymentRequest: description: | Payment Request Schema type: "object" additionalProperties: false required: - "Data" properties: Data: description: Primary data for the request type: "object" additionalProperties: false required: - "ConsentId" - "Instruction" - "PersonalIdentifiableInformation" - "PaymentPurposeCode" - "OpenFinanceBilling" properties: ConsentId: $ref: "#/components/schemas/AEConsentId" Instruction: type: "object" additionalProperties: false required: - "Amount" description: "The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor for a single payment." properties: Amount: description: The Currency and Amount relating to the Payment type: "object" required: - "Amount" - "Currency" properties: Amount: $ref: "#/components/schemas/AEActiveOrHistoricAmount" Currency: $ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode" CurrencyRequest: description: The details of the non-local currency or FX request that has been agreed between the User and the TPP. The requested ChargeBearer and ExchangeRateInformation are included in this object may be overwritten by the LFI in the returned Consent object. type: "object" additionalProperties: false required: - "ExtendedPurpose" - "CurrencyOfTransfer" properties: InstructionPriority: description: "Indicator of the urgency or order of importance that the instructing party would like the instructed party to apply to the processing of the instruction." type: "string" enum: - "Normal" - "Urgent" ExtendedPurpose: description: "Specifies the purpose of an international payment, when there is no corresponding 4 character code available in the ISO20022 list of Purpose Codes." type: "string" minLength: 1 maxLength: 140 ChargeBearer: $ref: "#/components/schemas/AEChargeBearerType1Code" CurrencyOfTransfer: description: "Specifies the currency of the to be transferred amount, which is different from the currency of the debtor's account." type: "string" pattern: "^[A-Z]{3,3}$" DestinationCountryCode: description: "Country in which Credit Account is domiciled. Code to identify a country, a dependency, or another area of particular geopolitical interest, on the basis of country names obtained from the United Nations (ISO 3166, Alpha-2 code)." type: "string" pattern: "[A-Z]{2,2}" ExchangeRateInformation: type: "object" additionalProperties: false required: - "UnitCurrency" - "RateType" description: "Provides details on the currency exchange rate and contract." properties: UnitCurrency: description: "Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP." type: "string" pattern: "^[A-Z]{3,3}$" ExchangeRate: description: "The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency." type: "number" RateType: description: "Specifies the type used to complete the currency exchange." type: "string" enum: - "Actual" - "Agreed" - "Indicative" ContractIdentification: description: "Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent." type: "string" minLength: 1 maxLength: 256 PersonalIdentifiableInformation: description: Personal Identifiable Information, represented in both encoded and decoded form using a `oneOf`, to help implementers readily understand both the structure and serialized form of the property. **Implementations MUST reflect the AEJWEPaymentPII Schema Object** **structure and the notes provided on implementing a JWS and JWE** **The decoded form AEPaymentPII is for guidance on content only** oneOf: - $ref: "#/components/schemas/AEJWEPaymentPII" - $ref: "#/components/schemas/AEPaymentPII" PaymentPurposeCode: $ref: "#/components/schemas/AEPaymentPurposeCode" DebtorReference: $ref: "#/components/schemas/AEStructuredDebtorReference" CreditorReference: $ref: "#/components/schemas/AEStructuredCreditorReference" OpenFinanceBilling: $ref: "#/components/schemas/AEServiceInitiationOpenFinancePaymentBilling" AEServiceInitiationOpenFinancePaymentBilling: type: object required: - Type properties: Type: enum: - Collection - LargeValueCollection - PushP2P - PullP2P - Me2Me description: The type payment for billing type: string MerchantId: description: "MerchantId" type: "string" minLength: 8 maxLength: 20 description: Billing parameters specified by the TPP for a payment initiation additionalProperties: false AEServiceInitiationOpenFinancePaymentBillingGet: type: object required: - Type properties: NumberOfSuccessfulTransactions: type: "integer" description: | Number of individual transactions successfully executed by the LFI. This is returned by the LFI after the file is fully processed. Type: enum: - Collection - LargeValueCollection - PushP2P - PullP2P - Me2Me description: The type payment for billing type: string MerchantId: description: "MerchantId" type: "string" minLength: 8 maxLength: 20 description: Billing parameters specified by the TPP for a payment initiation additionalProperties: false AEJWEPaymentPII: type: string description: |2- A JSON Web Encryption (JWE) object, which encapsulates a JWS. The value is a compact serialization of a JWE, which is a string consisting of five base64url-encoded parts joined by dots. It encapsulates encrypted content using JSON data structures. The decrypted JWS content has the structure of the AEPaymentPII schema. AEPaymentPII: type: "object" additionalProperties: false description: "Elements of Personal Identifiable Information data" properties: Initiation: type: "object" additionalProperties: false description: "The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor." properties: CreditorAgent: $ref: "#/components/schemas/AECreditorAgent" Creditor: type: "object" additionalProperties: false description: "Party to which an amount of money is due." properties: Name: description: | Name by which a party is known and which is usually used to identify that party. This may be used to identify the Creditor for international payments. type: "string" minLength: 1 maxLength: 140 PostalAddress: $ref: "#/components/schemas/AEAddress" CreditorAccount: $ref: "#/components/schemas/AECreditorAccount" ConfirmationOfPayeeResponse: $ref: "#/components/schemas/AEConfirmationOfPayeeResponse" Risk: $ref: "#/components/schemas/AERisk" AECreditorAgent: description: | Refers to the Financial Institution. type: "object" required: - "SchemeName" - "Identification" properties: SchemeName: type: "string" description: | Refers to the Identification scheme for uniquely identifying the Agent. * BICFI: The BIC/SWIFT Code * Other: The ID; A Country Code followed by a Bank Code (4 character code). The full list of LFI names and 6 digits IDs are as follows: enum: - "BICFI" - "Other" Identification: description: | The Agent is the Country Code followed by a Bank Code" type: "string" Name: description: "Name by which an agent is known and which is usually used to identify that agent." type: "string" minLength: 1 maxLength: 140 PostalAddress: $ref: "#/components/schemas/AEAddress" AECreditorAccount: description: "Unambiguous identification of the account of the creditor to which a credit entry will be posted." type: "object" additionalProperties: false required: - "SchemeName" - "Identification" - "Name" properties: SchemeName: $ref: "#/components/schemas/AECreditorExternalAccountIdentificationCode" Identification: $ref: "#/components/schemas/AEIdentification" Name: $ref: "#/components/schemas/AEName" TradingName: $ref: "#/components/schemas/AETradingName" AEAddress: description: | (Array) Address information that locates and identifes a specific address, as defined by a national or international postal service." type: "array" minItems: 1 items: type: "object" required: - "AddressType" - "Country" properties: AddressType: $ref: "#/components/schemas/AEAddressTypeCode" ShortAddress: $ref: "#/components/schemas/AEShortAddress" UnitNumber: $ref: "#/components/schemas/AEUnitNumber" FloorNumber: $ref: "#/components/schemas/AEFloorNumber" BuildingNumber: $ref: "#/components/schemas/AEBuildingNumber" StreetName: $ref: "#/components/schemas/AEStreetName" SecondaryNumber: $ref: "#/components/schemas/AESecondaryNumber" District: $ref: "#/components/schemas/AEDistrict" PostalCode: $ref: "#/components/schemas/AEPostalCode" POBox: $ref: "#/components/schemas/AEPOBox" ZipCode: $ref: "#/components/schemas/AEZipCode" City: $ref: "#/components/schemas/AECity" Region: $ref: "#/components/schemas/AERegion" Country: $ref: "#/components/schemas/AECountryCode" additionalProperties: false AEAddressTypeCode: description: "Specifies the nature of the Address." type: "string" enum: - "Business" - "Correspondence" - "Residential" example: "Residential" AEShortAddress: description: "A short address consists of four letters: region code, branch code, division code, unique code and a four-digit number for the building." type: "string" minLength: 1 maxLength: 8 example: "ABCD1234" AEUnitNumber: description: "Identifies the unit or apartment number." type: "string" minLength: 1 maxLength: 10 example: "6" AEFloorNumber: description: "Identifies the building floor number." type: "string" minLength: 1 maxLength: 10 example: "2" AEBuildingNumber: description: "Identifies the building number." type: "string" minLength: 1 maxLength: 10 example: "34" AEStreetName: description: "Identifies the street name or road." type: "string" minLength: 1 maxLength: 70 example: "Omar Bin Hassan Street" AEDistrict: description: "Identifies the district of a city." type: "string" minLength: 1 maxLength: 35 example: "Olaya Dist." AECountryCode: description: "Indicates the country code in which the address is located (References ISO 3166-1 alpha-2)." type: "string" pattern: "^[A-Z]{2,2}$" example: "SA" AEPostalCode: description: " Identifies the postal code; a unique code assigned to a specific geographic area for efficient mail sorting and delivery purposes." type: "string" minLength: 1 maxLength: 10 example: "12345" AEPOBox: description: " Identifies the POBox." type: "string" minLength: 1 maxLength: 10 example: "11562" AEZipCode: description: "Identifies the ZIP code; a unique code assigned to a specific geographic area for efficient mail sorting and delivery purposes." type: "string" minLength: 1 maxLength: 10 example: "12366" AESecondaryNumber: description: "4 numbers representing the accurate location coordinates of the address" type: "string" minLength: 4 maxLength: 4 example: "1233" AECity: description: "Identifies the name of the city or town where the address is situated." type: "string" minLength: 1 maxLength: 35 example: "Riyadh" AERegion: description: "Identifies the region." type: "string" minLength: 1 maxLength: 35 example: "North" AEDebtorIndicators: type: "object" description: | Debtor (User) Indicators properties: UserNameAuthentication: type: "object" description: "The authentication method Nameused ofby the User initiatingto access their account with the PaymentTPP" properties: enAuthenticationChannel: typedescription: "string" Channel on which the User was authenticated description: "English value of thetype: string" arenum: - App type: "string" description:- "ArabicWeb value of the string" GeoLocationPossessionFactor: type: "object" description: "GPSThe to identify and track the whereabouts of the connected electronic device."User's possession, that only the User possesses" requiredproperties: - "latitude" IsUsed: - "longitude" propertiestype: "boolean" latitude: Type: type: "string" type: "string" description: "latitude" longitudeenum: type: "string" - FIDO2SecurityKey description: "longitude" DeviceId: - Passkey type: "string" description: "IMEISV- numberOTPDevice of the connected electronic device" DeviceOperatingSystem: - OTPApp type: "string" description: "Device operating system" - SMSOTP DeviceOperatingSystemVersion: type: "string" - EmailOTP description: "Device operating system version" UserOnboardingDateTime: - PushNotification type: "string" format: "date-time" WebauthnToken description: "The exact date and time when the User account was activated- withSecureEnclaveKey the TPP." AuthenticationChannel: - description:HardwareOTPKey Channel on which the User was authenticated type: string - TrustedDevice enum: - Other App KnowledgeFactor: - Web AETransactionIndicators: type: "object" description: | description: Transaction Indicators"The User's knowledge, that only the User knows" properties: IsUsed: type: "boolean" Type: type: "string" enum: - PIN - Password - SecurityQuestion - SMSOTP - EmailOTP - OTPPush - Other InherenceFactor: type: "object" description: "The User's inherance, that is unique to the User's physical characteristics" properties: IsUsed: type: "boolean" Type: type: "string" enum: - Biometric - Fingerprint - FaceRecognition - IrisScan - VoiceRecognition - FIDOBiometric - DeviceBiometrics - Other ChallengeOutcome: type: "string" description: "The result of multi-factor authentication performed by the TPP, with NotPerformed indication the User was not required to authenticate before consenting to the requested payment" enum: - Pass - Fail - NotPerformed AuthenticationFlow: type: "string" enum: - MFA - Other AuthenticationValue: type: "string" description: "Cryptographic proof of authentication where supported by the device and protocol." ChallengeDateTime: type: "string" format: "date-time" UserName: type: "object" description: "The Name of the User initiating the Payment" properties: en: type: "string" description: "English value of the string" ar: type: "string" description: "Arabic value of the string" GeoLocation: type: "object" description: "GPS to identify and track the whereabouts of the connected electronic device." required: - Latitude - Longitude properties: Latitude: type: "string" description: "latitude" Longitude: type: "string" description: "longitude" DeviceInformation: type: "object" description: "Detailed device information" properties: DeviceId: type: "string" description: "IMEISV number of the connected electronic device" AlternativeDeviceId: type: "string" description: "Alternative identifier for the connected electronic device" DeviceOperatingSystem: type: "string" description: "Device operating system" DeviceOperatingSystemVersion: type: "string" description: "Device operating system version" DeviceBindingId: type: "string" description: "An identifier that associates a device uniquely with a specific application" LastBindingDateTime: type: "string" format: "date-time" description: "Date and time when the device was last bound to the application" BindingDuration: type: "string" format: "duration" description: "ISO 8601 duration since device was last bound (e.g., P30D for 30 days)" BindingStatus: type: "string" description: "Current status of the device binding" enum: - Active - Expired - Revoked - Suspended DeviceType: type: "string" description: "Type of device used" enum: - Mobile - Desktop - Tablet - Wearable - Other DeviceManufacturer: type: "object" properties: Model: type: "string" description: "Device model name" maxLength: 50 Manufacturer: type: "string" description: "Device manufacturer" maxLength: 50 DeviceLanguage: type: "string" description: "Device language" DeviceLocalDateTime: type: "string" description: "Device local time" ConnectionType: type: "string" description: "Type of connection to the internet" enum: - WiFi - Cellular - Other ScreenInformation: type: "object" properties: PixelDensity: type: "number" description: "Screen pixel density" Orientation: type: "string" enum: - Portrait - Landscape BatteryStatus: type: "object" properties: Level: type: "number" minimum: 0 maximum: 100 IsCharging: type: "boolean" TouchSupport: type: "object" properties: Supported: type: "boolean" MaxTouchPoints: type: "integer" minimum: 0 MotionSensors: type: "object" properties: Status: type: "string" enum: - InMotion - Stationary Accelerometer: type: "boolean" Gyroscope: type: "boolean" DeviceEnvironmentContext: type: "array" description: "List of device environment context" items: type: "string" enum: - VPNDetected - EmulatorDetected BiometricCapabilities: type: "object" description: "Device biometric capabilities" properties: SupportsBiometric: type: "boolean" description: "Whether device supports biometric authentication" BiometricTypes: type: "array" description: "Types of biometric authentication supported" items: type: "string" enum: - Fingerprint - FacialRecognition - Iris - VoicePrint - Other AppInformation: type: "object" description: "Mobile application specific information" properties: AppVersion: type: "string" description: "Version of the mobile application" PackageName: type: "string" description: "Application package identifier" BuildNumber: type: "string" description: "Application build number" BrowserInformation: type: "object" description: "Browser-specific information" properties: UserAgent: type: "string" description: "Complete browser user agent string" IsCookiesEnabled: type: "boolean" description: "Whether cookies are enabled in the browser" AvailableFonts: type: "array" description: "List of available fonts" items: type: "string" Plugins: type: "array" description: "List of installed browser plugins" items: type: "string" PixelRatio: type: "number" description: "Device pixel ratio for scaling" UserBehavior: type: "object" description: "User behavior indicators" properties: ScrollBehavior: type: "object" properties: Direction: type: "string" enum: - Up - Down - Both Speed: type: "number" description: "Average scroll speed in pixels per second" Frequency: type: "number" description: "Number of scroll events per minute" AccountRiskIndicators: type: "object" description: "Risk indicators related to the account" properties: UserOnboardingDateTime: type: "string" format: "date-time" description: "The exact date and time when the User account was activated with the TPP." LastAccountChangeDate: type: "string" format: "date" description: "Date that the User's account was last changed" LastPasswordChangeDate: type: "string" format: "date" description: "Date of the last password change by the User" SuspiciousActivity: type: "string" description: "Indicates any suspicious activity associated with the account" enum: - NoSuspiciousActivity - SuspiciousActivityDetected TransactionHistory: type: "object" properties: LastDay: type: "integer" description: "Total transactions made by the account in the last 24 hours" minimum: 0 LastYear: type: "integer" description: "Total transactions made by the account in the past year" minimum: 0 SupplementaryData: type: "object" description: | Additional information that cannot be captured in the structured fields and/or any other specific block This may include information that is not available in the structured fields, such as a user's behavioural data like their typing speed and typing patterns. properties: {} AETransactionIndicators: type: "object" description: | Transaction Indicators properties: IsCustomerPresent: description: "This field differentiates between automatic and manual payment initiation." type: boolean IsContractPresent: description: "Indicates if the Creditor has a contractual relationship with the TPP." type: boolean Channel: description: "Where the payment has been initiated from." type: "string" enum: - Web - Mobile ChannelType: type: "string" description: "The channel through which the transaction is being conducted" enum: - ECommerce - InStore - InApp - Telephone - Mail - RecurringPayment - Other SubChannelType: type: "string" description: "More specific classification of the transaction channel" enum: - WebBrowser - MobileApp - SmartTV - WearableDevice - POSTerminal - ATM - KioskTerminal - Other PaymentProcess: type: "object" description: "Metrics related to the payment process duration and attempts" properties: TotalDuration: type: "integer" description: "Total time in seconds from payment initiation to completion" minimum: 0 CurrentSessionAttempts: type: "integer" description: "Number of payment attempts in the current session" minimum: 1 CurrentSessionFailedAttempts: type: "integer" description: "Number of failed payment attempts in the current session" minimum: 0 Last24HourAttempts: type: "integer" description: "Number of payment attempts in the last 24 hours" minimum: 0 Last24HourFailedAttempts: type: "integer" description: "Number of failed payment attempts in the last 24 hours" minimum: 0 MerchantRisk: type: "object" description: "Risk indicator details provided by the merchant" properties: DeliveryTimeframe: type: "string" description: "Timeframe for the delivery of purchased items" enum: - ElectronicDelivery - SameDayShipping - OvernightShipping - MoreThan1DayShipping ReorderItemsIndicator: type: "string" description: "Indicates if the transaction is a reorder" enum: - FirstTimeOrder - Reorder PreOrderPurchaseIndicator: type: "string" description: "Indicates if this is a pre-ordered item" enum: - MerchandiseAvailable - FutureAvailability IsGiftCardPurchase: type: "boolean" description: "Indicates if the transaction includes a gift card" properties:IsDeliveryAddressMatchesBilling: IsCustomerPresent:type: "boolean" description: "ThisIndicates fieldif differentiatesdelivery betweenaddress automaticmatches andbilling manualaddress" payment initiation." typeAddressMatchLevel: boolean IsContractPresent:type: "string" description: "IndicatesLevel of ifmatch thebetween Creditordelivery hasand abilling contractualaddresses" relationship with the TPP." type: booleanenum: - FullMatch - PartialMatch - NoMatch Channel: - NotApplicable description: "Where the payment has been initiated from."SupplementaryData: type: "stringobject" enum:description: | Additional information that cannot be captured in the structured fields and/or -any "Web"other specific block - "Mobile"properties: {} AECreditorIndicators: type: "object" description: | Creditor Indicators properties: AccountType: $ref: "#/components/schemas/AEExternalAccountTypeCodeAEAccountTypeCode" IsCreditorPrePopulated: $ref: "#/components/schemas/AEIsCreditorPrePopulated" TradingName: $ref: "#/components/schemas/AETradingName" IsVerifiedByTPP: $ref: "#/components/schemas/AEIsVerifiedbyTPP" AdditionalAccountHolderIdentifiers: $ref: "#/components/schemas/AEAdditionalAccountHolderIdentifiers" MerchantDetails: type: "object" description: | Details of the Merchant involved in the transaction. Merchant Details are specified only for those merchant categories that are generally expected to originate retail financial transactions properties: MerchantId: description: "MerchantId" type: "string" minLength: 8 maxLength: 20 MerchantName: description: "Name by which the merchant is known." type: "string" minLength: 1 maxLength: 350 MerchantSICCode: description: | SIC code stands for standard industrial classification (SIC) code. This four digit-number identifies a very specific short descriptor of the type of business a company is engaged in. SIC can be obtained from the Chamber of Commerce. type: "string" minLength: 3 maxLength: 4 MerchantCategoryCode: description: > Category code values are used to enable the classification of merchants into specific categories based on the type of business, trade or services supplied. Category code conforms to ISO 18245, related to the type of services or goods the merchant provides for the transaction." type: string minLength: 3 maxLength: 4 additionalProperties: false IsCreditorConfirmed: description: Creditor account details have been confirmed successfully using Confirmation of Payee type: boolean ConfirmationOfPayeeResponse: $ref: "#/components/schemas/AEConfirmationOfPayeeResponse" SupplementaryData: AEExternalAccountTypeCode:type: "object" description: "Specifies the type of account (Retail or Corporate)." | Additional information that cannot be captured in the structured fields and/or any other specific block properties: {} AEAccountTypeCode: type: "string" enum: - "Retail"Retail - SME - "Corporate" Corporate description: Specifies the type of account (Retail, SME or Corporate). AEIsCreditorPrePopulated: description: "Is Creditor populated" type: "boolean" AEIsVerifiedbyTPP: description: "The TPP has onboarded the Creditor" type: "boolean" AEAdditionalAccountHolderIdentifiers: type: "array" items: type: "object" description: "Provides the details to identify an account." required: - "SchemeName" - "Identification" properties: SchemeName: $ref: "#/components/schemas/AERiskExternalAccountIdentificationCode" Identification: $ref: "#/components/schemas/AEIdentification" Name: $ref: "#/components/schemas/AEName" additionalProperties: false AERiskExternalAccountIdentificationCode: description: "Name of the identification scheme, in a coded form as published in an external list." type: "string" enum: - "EmiratesID" - "TradeLicenceNumber" AEConfirmationOfPayeeResponse: description: The JSON Web Signature returned by the Payee Confirmation operation at the Confirmation of Payee API. The value must be the full JWS string, including the header and signature, without decoding to an object. If Confirmation of Payee is not performed this property can be omitted type: string pattern: '^.+\..+\..+$' AECreditorExternalAccountIdentificationCode: description: "Name of the identification scheme, in a coded form as published in an external list." type: "string" enum: - "IBAN" - "AccountNumber" AEIdentification: description: | Identification for the account assigned by the LFI based on the Account Scheme Name. This identification is known by the User account owner. type: "string" minLength: 1 AETradingName: type: "object" description: | The Trading Brand Name (if applicable) for the Creditor. Applicable to Payments. properties: en: type: "string" description: "English value of the string" maxLength: 70 ar: type: "string" description: "Arabic value of the string" maxLength: 70 additionalProperties: false AERisk: additionalProperties: false description: | The Risk section is sent by the TPP to the LFI. It is used to specify additional details for risk/fraud scoring regarding Payments. type: "object" properties: DebtorIndicators: $ref: "#/components/schemas/AEDebtorIndicators" DestinationDeliveryAddress: type: "object" description: | Destination Delivery Address properties: RecipientType: type: "string" description: "The recipient of the goods whether an individual or a corporation." enum: - "Individual" - "Corporate" RecipientName: type: "object" description: "The name of the recipient of the goods, whether an individual or a corporation." properties: en: type: "string" description: "English value of the string" ar: type: "string" description: "Arabic value of the string" NationalAddress: $ref: "#/components/schemas/AEAddress" TransactionIndicators: $ref: "#/components/schemas/AETransactionIndicators" CreditorIndicators: $ref: "#/components/schemas/AECreditorIndicators" AEConsentId: type: string minLength: 1 maxLength: 128 description: >- Unique identification assigned by the TPP to identify the consent resource. AEFilePaymentRequest: description: | File Payment Request Schema type: "object" additionalProperties: false required: - "Data" properties: Data: description: Primary data for the request type: "object" additionalProperties: false required: - "ConsentId" - "PaymentPurposeCode" properties: ConsentId: $ref: "#/components/schemas/AEConsentId" Instruction: $ref: "#/components/schemas/AEFilePaymentConsent" PaymentPurposeCode: $ref: "#/components/schemas/AEPaymentPurposeCode" DebtorReference: $ref: "#/components/schemas/AEStructuredDebtorReference" AEFilePaymentConsent: type: "object" description: | A file based payment consent. A Consent definition for defining Multi Payments required: - "FileType" - "FileHash" - "NumberOfTransactions" - "ControlSum" properties: FileType: $ref: "#/components/schemas/AEFileType" FileHash: $ref: "#/components/schemas/AEFileHash" FileReference: $ref: "#/components/schemas/AEReference" NumberOfTransactions: $ref: "#/components/schemas/AEFileNumberOfTransactions" ControlSum: $ref: "#/components/schemas/AEControlSum" RequestedExecutionDate: $ref: "#/components/schemas/AERequestedExecutionDate" additionalProperties: false AERequestedExecutionDate: description: | The date when the TPP expects the LFI to execute the payment. The date must be in the future and cannot be on the same day or a day in the past. The maximum date in the future that can be specified is 1 year from the day of the consent of the User to the TPP. All dates in the JSON payloads are represented in ISO 8601 date format. type: "string" format: "date" AEFileNumberOfTransactions: type: "integer" description: | Number of individual transactions contained in the payment information group. AEControlSum: description: | Total of all individual amounts included in the group, irrespective of currencies. type: "string" pattern: "^\\d{1,16}\\.\\d{2}$" example: "100.00" AEReference: description: | A reason or reference in relation to a payment. Reason or reference for the beneficiary regarding the Payment type: "string" minLength: 1 maxLength: 120 AEFileType: type: "string" description: "Specifies the payment file type" minLength: 1 maxLength: 40 AEFileHash: type: "string" description: "A base64 encoding of a SHA256 hash of the file to be uploaded." minLength: 1 maxLength: 44 AEStructuredCreditorReference: description: | A reason or reference in relation to a payment, set to facilitate a structured Creditor reference consisting of: * TPP ID and BIC for the Debtor Account, followed by freeform text to a maximum of 120 characters. The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID. A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length. If the value of the concatenated string exceeds 120 characters, the TPP must first omit or truncate the freeform element of the reference. type: "string" minLength: 1 maxLength: 120 pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)" AEPaymentInstruction: type: "object" additionalProperties: false required: - "Amount" description: "The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor for a single payment." properties: Amount: $ref: "#/components/schemas/AEActiveCurrencyAmount" PaymentType: type: string description: | The type of the payment that is being created. Each LFI's instance may support a different set of payment types depending on the standards supported. For example, - cbuae-payment (Single Instant Payment, Multi Payment - Fixed and Variable Recurring Payment, Future Dated Payment etc) - cbuae-file-payment PaymentRequestHeaders: type: object description: | The entire set of HTTP request headers that was received by Ozone from the TPP tpp: description: The TPP record as held by Ozone. If Ozone TPP Connect has been integrated into a directory, the `directoryRecord` provides the TPP's directory record as held by Ozone in base 64 encoded format. type: object required: - clientId - orgId - softwareStatementId - tppId - tppName - decodedSsa properties: clientId: description: The client identifier for the TPP as issued by the Trust Framework type: string pattern: '^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$' tppId: description: The identifier used by the API Hub to uniquely identify the TPP type: string tppName: description: The TPP name recorded in the Trust Framework type: string obieTppId: description: The UK market TPP identifier. This property is not used for CBUAE and is therefore marked as deprecated. type: string deprecated: true softwareStatementId: description: The software statement identifier for the Client. type: string obieSoftwareStatementId: description: The UK market software statement identifier. This property is not used for CBUAE and is therefore marked as deprecated. type: string deprecated: true obieSoftwareStatementName: description: The UK market software statement name. This property is not used for CBUAE and is therefore marked as deprecated. type: string deprecated: true directoryRecord: type: string description: The latest copy of the TPP directory record retrieve from the CBUAE Trust Framework directory, encoded as a Base 64 string format: base64 ssa: description: The encoded Software Statement Assertion. This property is not used for CBUAE and is therefore marked as deprecated. type: string deprecated: true decodedSsa: $ref: "#/components/schemas/softwareStatementProperties" orgId: description: The organization identifier for the TPP type: string pattern: '^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$' softwareStatementProperties: description: | The decoded software statement retrieved from the Trust Framework that provides the properties of the Client. Please note: - The JSON payload will contain other properties in addition to those listed here. The properties listed here are considered most relevant for activities such as TPP logo retrieval and JWS verification. - The content reflects elements of discovery metadata, which in generally defined as a file rather than an API. Providing constraints such as `minLength` and `maxLength` is impractical in this context The full software statement record is also available in the Trust Framework. Please also refer the Registration Framework page in the CBUAE standards for additional guidance on these properties. type: object properties: redirect_uris: description: The redirect URIs registered by the TPP at the Trust Framework type: array items: type: string client_name: description: Name of the Client to be presented to the End-User. type: string client_uri: description: URL of the home page of the Client. type: string logo_uri: description: URL of the Client logo. type: string jwks_uri: description: URL of the Client JSON Web Key Set (JWKS) at the Trust Framework. type: string client_id: description: Unique Client Identifier. type: string roles: description: The roles under which the organization is registered at the Trust Framework. type: array items: type: string sector_identifier_uri: description: URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. Allows redirect URI values to be grouped, easing registration management. type: string application_type: description: Client application type. type: string organisation_id: description: Organization identifier for organization that owns the Client. type: string SupplementaryInformation: type: object description: | The `SupplementaryInformation` object may have arbitrary custom fields that a Financial Institution may use AEPaymentIdResponse: description: | The payment response to be passed on to the TPP. The structure of this response is aligned to the structure of the response for the CBUAE payment initiation API. type: "object" additionalProperties: false required: - "data" properties: data: type: "object" description: "Required fields are common for all the payments including file payment. Apart from that, paymentTransactionId is required for all payments except file payments" additionalProperties: false required: - "id" - "status" - "statusUpdateDateTime" - "creationDateTime" - "paymentPurposeCode" properties: id: description: An API specific unique identification as assigned by the LFI to identify the domestic Payment resource. type: string consentId: description: Unique identification assigned by the TPP to identify the consent resource. type: string paymentTransactionId: description: | This is an end-to-end identifier that is generated by the underlying payment rails when it is sent from an Originating LFI to a Receiving LFI. For IPP transactions, this is the IPP generated identifier. This property is not the same as the `transactionId` in the Bank Data Sharing Transactions API. The `paymentTransactionId` must be populated if the payment is processed by the LFI, and updated at the Consent Manager Payment Log API using the `patch` operation. type: string status: description: | Specifies the status of the payment information group * Pending: Payment initiation or individual transaction included in the payment initiation is pending. Further checks and status update will be performed. * Rejected: The payment initiation has been rejected * AcceptedSettlementCompleted: Settlement of the Debtor's account has been completed * AcceptedCreditSettlementCompleted: When the Creditor account has been credited with the funds of the payment initiated via the TPP * AcceptedWithoutPosting: When the Recipient Bank has accepted the payment but has not applied the credit to the Creditor account yet. type: string enum: - "Pending" - "AcceptedSettlementCompleted" - "AcceptedCreditSettlementCompleted" - "AcceptedWithoutPosting" - "Rejected" - "Received" statusUpdateDateTime: description: Date and time at which the resource status was updated. type: string format: date-time creationDateTime: description: Date and time at which the message was created. type: string format: date-time charges: $ref: "#/components/schemas/AECharges" exchangeRate: $ref: "#/components/schemas/AEExchangeRateInformation" currencyRequest: $ref: "#/components/schemas/AECurrencyRequest" instruction: $ref: "#/components/schemas/AEPaymentInstruction" paymentPurposeCode: $ref: "#/components/schemas/AEPaymentPurposeCode" debtorReference: $ref: "#/components/schemas/AEStructuredDebtorReference" openFinanceBilling: $ref: "#/components/schemas/AEServiceInitiationOpenFinancePaymentBillingGet" meta: $ref: "#/components/schemas/Meta" AECharges: description: List of charges associated with the payment request type: "array" items: type: "object" additionalProperties: false description: | Set of elements used to provide details of a charge for the payment initiation. * For Payments, these Charges are on the Debtor. required: - "chargeBearer" - "type" - "amount" properties: chargeBearer: $ref: "#/components/schemas/AEChargeBearerType1Code" type: $ref: "#/components/schemas/AEExternalPaymentChargeTypeCode" amount: $ref: "#/components/schemas/AEActiveCurrencyAmount" AEChargeBearerType1Code: description: "Specifies which party/parties will bear the charges associated with the processing of the payment transaction." type: "string" enum: - "BorneByCreditor" - "BorneByDebtor" - "Shared" AEExternalPaymentChargeTypeCode: description: "Charge type, in a coded form." type: "string" enum: - "VAT" - "Fees" AEActiveCurrencyAmount: description: | The Currency and Amount relating to the Payment, Refund or Request to Pay type: "object" required: - "amount" - "currency" properties: amount: $ref: "#/components/schemas/AEActiveOrHistoricAmount" currency: $ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode" AEActiveOrHistoricAmount: description: "A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217." type: "string" pattern: "^\\d{1,16}\\.\\d{2}$" example: "100.00" AEActiveOrHistoricCurrencyCode: description: "A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'." type: "string" pattern: "^[A-Z]{3,3}$" example: "AED" AEExchangeRateInformation: type: "object" additionalProperties: false required: - "unitCurrency" - "exchangeRate" - "rateType" description: "Further detailed information on the exchange rate that has been used in the payment transaction." properties: unitCurrency: description: "Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP." type: "string" pattern: "^[A-Z]{3,3}$" exchangeRate: description: "The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency." type: "number" rateType: description: "Specifies the type used to complete the currency exchange." type: "string" enum: - "Actual" - "Agreed" - "Indicative" contractIdentification: description: "Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent." type: "string" minLength: 1 maxLength: 256 expirationDateTime: description: "Specified date and time the exchange rate agreement will expire.All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00" type: "string" format: "date-time" AECurrencyRequest: description: | The details of the non-local currency or FX request that has been agreed between the User and the TPP. The requested ChargeBearer and ExchangeRateInformation are included in this object may be overwritten by the LFI in the returned Consent object. type: "object" additionalProperties: false required: - "currencyOfTransfer" properties: instructionPriority: description: "Indicator of the urgency or order of importance that the instructing party would like the instructed party to apply to the processing of the instruction." type: "string" enum: - "Normal" - "Urgent" extendedPurpose: description: "Specifies the purpose of an international payment, when there is no corresponding 4 character code available in the ISO20022 list of Purpose Codes." type: "string" minLength: 1 maxLength: 140 chargeBearer: $ref: "#/components/schemas/AEChargeBearerType1Code" currencyOfTransfer: description: "Specifies the currency of the to be transferred amount, which is different from the currency of the debtor's account." type: "string" pattern: "^[A-Z]{3,3}$" destinationCountryCode: description: "Country in which Credit Account is domiciled. Code to identify a country, a dependency, or another area of particular geopolitical interest, on the basis of country names obtained from the United Nations (ISO 3166, Alpha-2 code)." type: "string" pattern: "[A-Z]{2,2}" exchangeRateInformation: type: "object" additionalProperties: false required: - "unitCurrency" - "rateType" description: "Provides details on the currency exchange rate and contract." properties: unitCurrency: description: "Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP." type: "string" pattern: "^[A-Z]{3,3}$" exchangeRate: description: "The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency." type: "number" rateType: description: "Specifies the type used to complete the currency exchange." type: "string" enum: - "Actual" - "Agreed" - "Indicative" contractIdentification: description: "Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent." type: "string" minLength: 1 maxLength: 256 AEPaymentPurposeCode: description: A category code that relates to the type of services or goods that corresponds to the underlying purpose of the payment. The code must conform to the published AANI payment purpose code list. type: "string" minLength: 1 maxLength: 4 pattern: "^[A-Z]{3}$" AEStructuredDebtorReference: description: | A reason or reference in relation to a payment, set to facilitate a structured Debtor reference consisting of: * For payments to Merchants: TPP ID, Merchant ID, BIC for the Creditor Account, followed by freeform text to a maximum of 120 characters. * For other payments: TPP ID and BIC for the Creditor Account, followed by freeform text to a maximum of 120 characters. The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID. The Merchant ID wil be as per the existing IPP rules for the Merchant identification, and will incorporate the Trade License number for the Merchant. A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length. If the value of the concatenated string exceeds 120 characters, the TPP must omit or truncate the freeform element of the reference. type: "string" minLength: 1 maxLength: 120 pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},(Merchant=[A-Z0-9]{3}-[A-Z]{4}-TL.+-[0-9]{4},|)BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)" RefundGetResponse: description: Response to a request to the Debtor details for a given payment, in order to initiate a refund. Requires the consent of the Debtor to be retrieved, enforced at the API Hub. type: object properties: data: $ref: "#/components/schemas/RefundGetResponseBody" meta: $ref: "#/components/schemas/Meta" RefundGetResponseBody: description: Primary data for the response type: object required: - refundAccount properties: consentId: description: | Unique identification assigned by the TPP to identify the consent resource. type: "string" minLength: 1 maxLength: 128 refundAccount: $ref: "#/components/schemas/AEDebtorAccount" AEDebtorAccount: description: "Unambiguous identification of the account of the debtor to which a debit entry will be made." type: "object" required: - "schemeName" - "identification" - "name" properties: schemeName: description: "Name of the identification scheme, in a coded form as published in an external list." type: "string" enum: - "IBAN" - "AccountNumber" identification: description: | Identification for the account assigned by the LFI based on the Account Scheme Name. This identification is known by the User account owner. type: "string" minLength: 1 name: $ref: "#/components/schemas/AEName" AEName: type: "object" description: | The Account Holder Name is the name or names of the Account owner(s) represented at the account level properties: en: type: "string" description: "English value of the string" maxLength: 70 ar: type: "string" description: "Arabic value of the string" maxLength: 70 additionalProperties: false Meta: description: Metadata relevant to the resource. type: object additionalProperties: false Error: description: Default error response payload structure for Ozone Connect type: object properties: errorCode: type: string description: Error code identifying the problem that occurred errorMessage: type: string description: Message describing what problem has occurred parameters: providerId: name: o3-provider-id in: header schema: type: string required: true description: Identifier for the Financial Institution that the request is targetted to aspspId: name: o3-aspsp-id in: header schema: type: string required: true deprecated: true description: Identifier for the financial institution that the request is targetted to. This header is deprecated and will be removed in a future version of Ozone Connect. Use `o3-provider-id` instead. callerOrgId: name: o3-caller-org-id in: header schema: type: string required: true description: An identifier for the organization calling the API callerClientId: name: o3-caller-client-id in: header schema: type: string required: true description: An identifier for the OIDC clientId calling the API callerSoftwareStatementId: name: o3-caller-software-statement-id in: header schema: type: string required: true description: An identifier for the software statement calling the API apiUri: name: o3-api-uri in: header schema: type: string required: true description: The parameterised URL of the API being called by the caller apiOperation: name: o3-api-operation in: header schema: type: string required: true description: The API operation carried out by the caller (e.g. GET, POST, PUT, DELETE, PATCH) consentId: name: o3-consent-id in: header schema: type: string required: true description: The consentId for which this call is being made callerInteractionId: name: o3-caller-interaction-id in: header schema: type: string required: true description: The interaction ID passed in by the caller, if any ozoneInteractionId: name: o3-ozone-interaction-id in: header schema: type: string required: true description: An interaction ID generated by Ozone if the caller did not send in one. If the callerInteractionId is specified, this takes the same value. psuIdentifier: name: o3-psu-identifier in: header schema: type: string required: true description: A Base64 encoded representation of the psuIdentifier JSON object. paymentId: name: paymentId description: The identifier for a given payment instruction in: path required: true schema: type: string securitySchemes: OzoneConnectApiKey: description: Communications between the API Hub and the LFI Ozone Connect implementation are secured using an API Key, which is a secret shared between the API Hub and the LFI. type: apiKey in: header name: Authorization OzoneConnectClientCredentials: type: oauth2 description: | Communications between the API Hub and the LFI Ozone Connect implementation are secured using a Client Credentials grant type. LFIs must host an OAuth 2.0 Authorization Server to utilise this security pattern. Scope values are set during the onboarding process, and represented by a placeholder in this API description. flows: clientCredentials: tokenUrl: "https://example.lfi.ae/token" scopes: placeholder: Placeholder for scopes, which are set by the LFI during onboarding OzoneConnectJwtAuth: description: | Communications between the API Hub and the LFI Ozone Connect implementation are secured using the "JWT Auth" mechanism, where the Client presents a signed JSON Web Token as a credential. The Server MUST verify the signature in order to authenticate the Client. Please note that the value of the `scheme` parameter is not a registered HTTP Authentication Scheme, to indicate it is specific to Ozone Connect. Please refer to API Hub documentation for further details. type: http scheme: Ozone-Connect-JWT-Auth OzoneConnectServiceInitiationToken: description: | Communications between the API Hub and the LFI Ozone Connect implementation are secured using a Service Initiation Token. The API Hub will set an Access Token based on a value set by the LFI, which has been patched onto the associated consent. The value will be transmitted in the `Authorization` header, which is represented as a `Bearer` in this Security Scheme Object. type: http scheme: Bearer |
...