...
| Code Block |
|---|
{
"typ": "JWT",
"alg": "PS256",
"kid": "e4ce77c498e77000a25aa7b40e4a83f9"
}
.
{
"iss": "s6BhdRkqt3",
"aud": "https://server.example.com",
"response_type": "code",
"redirect_uri": "https://openbanking.tpp1.ae/simple-redirect-url",
"scope": "openid payments",
"state": "2616df22-899e-468b-b7af-927145b067cc",
"authorization_details": [
{
"type": "urn:openfinanceuae:service-initiation-consent:v1.0-draft2",
"consent": {
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"AcceptedAuthorizationType": "UAEOF.Single",
"AuthorizationExpirationTimeWindow": "720:00:00",
"ExpirationDateTime": "2024-10-01T00:00:00.000Z",
"ControlParameters": {
"IsPayByAccount": false,
"ConsentSchedule": {
"MultiPayment": {
"TypeMaximumCumulativeNumberOfPayments": "UAEOF.FixedRecurringPayment"10,
"TotalNumberOfPaymentsPeriodicSchedule": 10,{
"PeriodicScheduleType": {"UAEOF.VariablePeriodicSchedule",
"PeriodType": "Day",
"PeriodStartDate": "2023-10-01",
"AmountMaximumCumulativeValueOfPaymentsPerPeriodType": {
"Amount": "100.00",
"Currency": "AED"
}
}
}
}
},
"InitiationPersonalIdentifiableInformation": {"eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.UGhIOguC7...aQeF_PXwJZ4g.48V1_ALb6US04U3b.5eym5T...QzAAE=.XFBoMY...wifLw",
"DebtorAccountPayerReference": {
"string",
"IdentificationTypeBeneficiaryReference": "UAEOF.IBANstring",
"IdentificationPaymentPurposeCode": "stringABCD",
"NameSponsoredTPPInformation": {
"enName": "string",
"arIdentification": "string"
}
} }
},
]
} |
Create the RAR Request using the signed JWT, and authenticated using private_key_jwt.
The request parameter JWT includes the ConsentId, a UUID v4 that was originally generated by the TPP.
| Code Block |
|---|
POST /open-finance/v1/par HTTP/1.1 Host: auth1.openfinanceplatform.ae Content-Type: "CreditorAccount": { "IdentificationType": "UAEOF.IBAN", "Identification": "string", "Name": { "en": "string", "ar": "string" }, "TradingName": { "en": "string", "ar": "string" } } }, "PayerReference": "string", "BeneficiaryReference": "stringapplication/x-www-form-urlencoded Accept: application/json client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer &client_assertion=eyJhbGciOiJIUzI1NiJ9.ew0KICAiaXNzIjogImM4NDIyNzg3LTFkZmYtNDI0ZC1iNjIwLTM1NmMwODcwYmVkNCIsDQogICJzdWIiOiAiYzg0MjI3ODctMWRmZi00MjRkLWI2MjAtMzU2YzA4NzBiZWQ0IiwNCiAgImF1ZCI6ICJhdXRoMS5sYWIub3BlbmJhbmtpbmcuc2EiLA0KICJqdGkiOiAiYThmZDQ2ZjctYTNiMy00MGQ5LTk2ZjctNDk1YmEyMGFiMTZmIiwNCiAgImV4cCI6IDE1MTYyMzkwMjINCn0.nvY2tG7D3_ioVI55nRJ7apBzoGbP9sofMLd7Dni4YbI &request=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzNkJoZFJrcXQzIiwiaWF0IjoxNjY5MzkzMTU0LCJleHAiOjE2NjkzOTM0OTYsIm5iZiI6MTY2OTM5MzE1NCwiYXVkIjoiaHR0cHM6Ly9zZXJ2ZXIuZXhhbXBsZS5jb20iLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vb3BlbmJhbmtpbmcubGZpLmFlL2F1dGgiLCJzY29wZSI6Im9wZW5pZCBhY2NvdW50cyIsInN0YXRlIjoiYWYwaWZqc2xka2oiLCJhdXRob3JpemF0aW9uX2RldGFpbHMiOlt7IlR5cGUiOiJBY2NvdW50QWNjZXNzQ29uc2VudCIsIkRhdGEiOnsiQWNjZXB0ZWRBdXRob3JpemF0aW9uVHlwZSI6IlVBRU9GLlNpbmdsZSIsIkF1dGhvcml6YXRpb25FeHBpcmF0aW9uVGltZVdpbmRvdyI6IjcyMDowMDowMCIsIkV4cGlyYXRpb25EYXRlVGltZSI6IjIwMjQtMTAtMDFUMDA6MDA6MDAuMDAwWiIsIkNvbnRyb2xQYXJhbWV0ZXJzIjp7IklzUGF5QnlBY2NvdW50IjpmYWxzZSwiQ29uc2VudFNjaGVkdWxlIjp7Ik11bHRpUGF5bWVudCI6eyJUeXBlIjoiVUFFT0YuRml4ZWRSZWN1cnJpbmdQYXltZW50IiwiVG90YWxOdW1iZXJPZlBheW1lbnRzIjoxMCwiUGVyaW9kaWNTY2hlZHVsZSI6eyJQZXJpb2RUeXBlIjoiRGF5IiwiUGVyaW9kU3RhcnREYXRlIjoiMjAyMy0xMC0wMSIsIkFtb3VudCI6eyJBbW91bnQiOiIxMDAuMDAiLCJDdXJyZW5jeSI6IkFFRCJ9fX19fSwiSW5pdGlhdGlvbiI6eyJEZWJ0b3JBY2NvdW50Ijp7IklkZW50aWZpY2F0aW9uVHlwZSI6IlVBRU9GLklCQU4iLCJJZGVudGlmaWNhdGlvbiI6InN0cmluZyIsIk5hbWUiOnsiZW4iOiJzdHJpbmciLCJhciI6InN0cmluZyJ9fSwiQ3JlZGl0b3JBY2NvdW50Ijp7IklkZW50aWZpY2F0aW9uVHlwZSI6IlVBRU9GLklCQU4iLCJJZGVudGlmaWNhdGlvbiI6InN0cmluZyIsIk5hbWUiOnsiZW4iOiJzdHJpbmciLCJhciI6InN0cmluZyJ9LCJUcmFkaW5nTmFtZSI6eyJlbiI6InN0cmluZyIsImFyIjoic3RyaW5nIn0sIkNyZWRpdG9yQWdlbnQiOiJTQVNBTUEifX0sIlBheWVyTm90ZXMiOiJzdHJpbmciLCJCZW5lZmljaWFyeUluZm9ybWF0aW9uIjp7Ik5vdGVzIjoic3RyaW5nIn0sIlBheW1lbnRQdXJwb3NlQ29kZSI6IkFCQ0QiLCJTcG9uc29yZWRUUFBJbmZvcm1hdGlvbiI6eyJOYW1lIjoic3RyaW5nIiwiSWRlbnRpZmljYXRpb24iOiJzdHJpbmcifX19XX0.Fsvm1_ffsLYqXMdLGy2Os6hMtNhXYPzFXiV8Mgd5dMs |
3.1.2 Response: The OFP Provides the Request URI for the TPP
| Code Block |
|---|
HTTP/1.1 201 Created
Content-Type: application/json
Cache-Control: no-cache, no-store
{
"request_uri": "urn:ietf:params:oauth:request_uri:6esc_11ACC5bwc014ltc14eY22c",
"expires_in": 60
} |
3.4 The TPP Redirects the User to Their LFI with the Request URI to Authorize the Consent
| Code Block | ||
|---|---|---|
| ||
GET /auth?client_id=c8422787-1dff-424d-b620-356c0870bed4&request_uri=urn:ietf:params:oauth:request_uri:6esc_11ACC5bwc014ltc14eY22c
Host: openbanking.lfi.ae |
3.5 The User Logs into Their LFI, Reviews and Authorizes the Consent
The LFI confirms the Service Initiation consent in the OFP.
| Code Block | ||
|---|---|---|
| ||
POST /auth/aac-69255d98-ab0e-4758-92a7-cacbf3073efa/rp/doConfirm
host: auth1.lab.openbanking.ae
Content-Type: application/x-www-form-urlencoded
DebtorAccount.IdentificationType=UAEOF.IBAN
&CreditorAccount.IdentificationType=UAEOF.IBAN
... |
3.6 The LFI Returns an Authorization Code to the TPP
| Code Block | ||
|---|---|---|
| ||
302 Found
Location: https://openbanking.tpp1.ae/simple-redirect-url?
code=ce2aeabf-599c-4475-9171-1f6d8c1a49dc
&state=2616df22-899e-468b-b7af-927145b067cc |
3.7 The TPP Exchanges the Authorization Code for an Service Initiation API Access Token with the OFP
| Code Block | ||
|---|---|---|
| ||
POST /token HTTP/1.1
Host: as1.lab.openbanking.ae
Content-Type: application/x-www-form-urlencoded
Accept: application/json
grant_type=authorization_code
&code=ce2aeabf-599c-4475-9171-1f6d8c1a49dc
&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
&client_assertion=eyJhbGciOiJIUzI1NiJ9.ew0KICAiaXNzIjogImM4NDIyNzg3LTFkZmYtNDI0ZC1iNjIwLTM1NmMwODcwYmVkNCIsDQogICJzdWIiOiAiYzg0MjI3ODctMWRmZi00MjRkLWI2MjAtMzU2YzA4NzBiZWQ0IiwNCiAgImF1ZCI6ICJhdXRoMS5sYWIub3BlbmJhbmtpbmcuc2EiLA0KICJqdGkiOiAiYThmZDQ2ZjctYTNiMy00MGQ5LTk2ZjctNDk1YmEyMGFiMTZmIiwNCiAgImV4cCI6IDE1MTYyMzkwMjINCn0.nvY2tG7D3_ioVI55nRJ7apBzoGbP9sofMLd7Dni4YbI
&redirect_uri=https%3A%2F%2Fopenbanking.tpp1.ae%2Fsimple-redirect-url |
3.8 The OFP Returns an Access Token, Refresh Token to the TPP
| Code Block | ||
|---|---|---|
| ||
HTTP/1.1 200 OK
Content-Type:application/json
{
"access_token": "caa1b60d-61ff-4cd8-a4e1-2d18c8696de0",
"expires_in": 432000,
"token_type": "Bearer",
"scope": "openid payments",
"state": "2616df22-899e-468b-b7af-927145b067cc",
"refresh_token": "266f5f15-eb81-4a02-bf05-e25063ca445f"
} |
The TPP can now initiate a Service Initiation resource using the access token.
3.9 The TPP Initiates a Service Initiation Request with the OFP
3.9.1 Request: payments Resource
| Code Block | ||
|---|---|---|
| ||
POST /open-finance/payment/2024.03.11-draft1/payments HTTP/1.1 Host: rs1.openfinanceplatform.ae Content-Type: application/jwt Accept: application/jwt x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602 x-idempotency-key: 78dae4513b8847f98e2d4173b4ed0eb6 Authorization: Bearer caa1b60d-61ff-4cd8-a4e1-2d18c8696de0 { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0.5, "nbf": 0.5, "aud": [ "string" ], "iat": 0.5, "message": { "Data": { "ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa", "Type": "UAEOF.FixedRecurringPayment", "PaymentPurposeCodeInstruction": "ABCD",{ "Amount": { "SponsoredTPPInformation": { "Amount": "100.00", "NameCurrency": "stringAED", }, "IdentificationBeneficiaryReference": "string", "PaymentSequenceNumber": "1" }, "PaymentPurposeCode": "ABCD", } "PayerReference": "string" } } } ]. } |
Create the RAR Request using the signed JWT, and authenticated using private_key_jwt.
The request parameter JWT includes the ConsentId, a UUID v4 that was originally generated by the TPP.
| Code Block |
|---|
POST /open-finance/v1/par <<signature>> |
3.9.2 Response: payments Resource
| Code Block | ||
|---|---|---|
| ||
HTTP/1.1 Host: auth1.openfinanceplatform.ae201 Created Content-Type: application/jwt x-www-form-urlencoded Accept: application/json client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer &client_assertion=eyJhbGciOiJIUzI1NiJ9.ew0KICAiaXNzIjogImM4NDIyNzg3LTFkZmYtNDI0ZC1iNjIwLTM1NmMwODcwYmVkNCIsDQogICJzdWIiOiAiYzg0MjI3ODctMWRmZi00MjRkLWI2MjAtMzU2YzA4NzBiZWQ0IiwNCiAgImF1ZCI6ICJhdXRoMS5sYWIub3BlbmJhbmtpbmcuc2EiLA0KICJqdGkiOiAiYThmZDQ2ZjctYTNiMy00MGQ5LTk2ZjctNDk1YmEyMGFiMTZmIiwNCiAgImV4cCI6IDE1MTYyMzkwMjINCn0.nvY2tG7D3_ioVI55nRJ7apBzoGbP9sofMLd7Dni4YbI &request=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzNkJoZFJrcXQzIiwiaWF0IjoxNjY5MzkzMTU0LCJleHAiOjE2NjkzOTM0OTYsIm5iZiI6MTY2OTM5MzE1NCwiYXVkIjoiaHR0cHM6Ly9zZXJ2ZXIuZXhhbXBsZS5jb20iLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vb3BlbmJhbmtpbmcubGZpLmFlL2F1dGgiLCJzY29wZSI6Im9wZW5pZCBhY2NvdW50cyIsInN0YXRlIjoiYWYwaWZqc2xka2oiLCJhdXRob3JpemF0aW9uX2RldGFpbHMiOlt7IlR5cGUiOiJBY2NvdW50QWNjZXNzQ29uc2VudCIsIkRhdGEiOnsiQWNjZXB0ZWRBdXRob3JpemF0aW9uVHlwZSI6IlVBRU9GLlNpbmdsZSIsIkF1dGhvcml6YXRpb25FeHBpcmF0aW9uVGltZVdpbmRvdyI6IjcyMDowMDowMCIsIkV4cGlyYXRpb25EYXRlVGltZSI6IjIwMjQtMTAtMDFUMDA6MDA6MDAuMDAwWiIsIkNvbnRyb2xQYXJhbWV0ZXJzIjp7IklzUGF5QnlBY2NvdW50IjpmYWxzZSwiQ29uc2VudFNjaGVkdWxlIjp7Ik11bHRpUGF5bWVudCI6eyJUeXBlIjoiVUFFT0YuRml4ZWRSZWN1cnJpbmdQYXltZW50IiwiVG90YWxOdW1iZXJPZlBheW1lbnRzIjoxMCwiUGVyaW9kaWNTY2hlZHVsZSI6eyJQZXJpb2RUeXBlIjoiRGF5IiwiUGVyaW9kU3RhcnREYXRlIjoiMjAyMy0xMC0wMSIsIkFtb3VudCI6eyJBbW91bnQiOiIxMDAuMDAiLCJDdXJyZW5jeSI6IkFFRCJ9fX19fSwiSW5pdGlhdGlvbiI6eyJEZWJ0b3JBY2NvdW50Ijp7IklkZW50aWZpY2F0aW9uVHlwZSI6IlVBRU9GLklCQU4iLCJJZGVudGlmaWNhdGlvbiI6InN0cmluZyIsIk5hbWUiOnsiZW4iOiJzdHJpbmciLCJhciI6InN0cmluZyJ9fSwiQ3JlZGl0b3JBY2NvdW50Ijp7IklkZW50aWZpY2F0aW9uVHlwZSI6IlVBRU9GLklCQU4iLCJJZGVudGlmaWNhdGlvbiI6InN0cmluZyIsIk5hbWUiOnsiZW4iOiJzdHJpbmciLCJhciI6InN0cmluZyJ9LCJUcmFkaW5nTmFtZSI6eyJlbiI6InN0cmluZyIsImFyIjoic3RyaW5nIn0sIkNyZWRpdG9yQWdlbnQiOiJTQVNBTUEifX0sIlBheWVyTm90ZXMiOiJzdHJpbmciLCJCZW5lZmljaWFyeUluZm9ybWF0aW9uIjp7Ik5vdGVzIjoic3RyaW5nIn0sIlBheW1lbnRQdXJwb3NlQ29kZSI6IkFCQ0QiLCJTcG9uc29yZWRUUFBJbmZvcm1hdGlvbiI6eyJOYW1lIjoic3RyaW5nIiwiSWRlbnRpZmljYXRpb24iOiJzdHJpbmcifX19XX0.Fsvm1_ffsLYqXMdLGy2Os6hMtNhXYPzFXiV8Mgd5dMs |
3.1.2 Response: The OFP Provides the Request URI for the TPP
| Code Block |
|---|
HTTP/1.1 201 Created
Content-Type: application/json
Cache-Control: no-cache, no-store
{
"request_uri": "urn:ietf:params:oauth:request_uri:6esc_11ACC5bwc014ltc14eY22c",
"expires_in": 60
} |
3.4 The TPP Redirects the User to Their LFI with the Request URI to Authorize the Consent
| Code Block | ||
|---|---|---|
| ||
GET /auth?client_id=c8422787-1dff-424d-b620-356c0870bed4&request_uri=urn:ietf:params:oauth:request_uri:6esc_11ACC5bwc014ltc14eY22c
Host: openbanking.lfi.ae |
3.5 The User Logs into Their LFI, Reviews and Authorizes the Consent
The LFI confirms the Service Initiation consent in the OFP.
| Code Block | ||
|---|---|---|
| ||
POST /auth/-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602 { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0.5, "nbf": 0.5, "aud": [ "string" ], "iat": 0.5, "message": { "Data": { "PaymentId": "83b47199-90c2-4c05-9ef1-aeae68b0fc7c", "ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa/rp/doConfirm host: auth1.lab.openbanking.ae Content-Type: application/x-www-form-urlencoded DebtorAccount.IdentificationType=UAEOF.IBAN &CreditorAccount.IdentificationType=UAEOF.IBAN ... |
3.6 The LFI Returns an Authorization Code to the TPP
| Code Block | ||
|---|---|---|
| ||
302 Found
Location: https://openbanking.tpp1.ae/simple-redirect-url?
code=ce2aeabf-599c-4475-9171-1f6d8c1a49dc
&state=2616df22-899e-468b-b7af-927145b067cc |
3.7 The TPP Exchanges the Authorization Code for an Service Initiation API Access Token with the OFP
| Code Block | ||
|---|---|---|
| ||
POST /token HTTP/1.1
Host: as1.lab.openbanking.ae
Content-Type: application/x-www-form-urlencoded
Accept: application/json
grant_type=authorization_code
&code=ce2aeabf-599c-4475-9171-1f6d8c1a49dc
&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
&client_assertion=eyJhbGciOiJIUzI1NiJ9.ew0KICAiaXNzIjogImM4NDIyNzg3LTFkZmYtNDI0ZC1iNjIwLTM1NmMwODcwYmVkNCIsDQogICJzdWIiOiAiYzg0MjI3ODctMWRmZi00MjRkLWI2MjAtMzU2YzA4NzBiZWQ0IiwNCiAgImF1ZCI6ICJhdXRoMS5sYWIub3BlbmJhbmtpbmcuc2EiLA0KICJqdGkiOiAiYThmZDQ2ZjctYTNiMy00MGQ5LTk2ZjctNDk1YmEyMGFiMTZmIiwNCiAgImV4cCI6IDE1MTYyMzkwMjINCn0.nvY2tG7D3_ioVI55nRJ7apBzoGbP9sofMLd7Dni4YbI
&redirect_uri=https%3A%2F%2Fopenbanking.tpp1.ae%2Fsimple-redirect-url |
3.8 The OFP Returns an Access Token, Refresh Token to the TPP
| Code Block | ||
|---|---|---|
| ||
HTTP/1.1 200 OK Content-Type:application/json { "access_token": "caa1b60d-61ff-4cd8-a4e1-2d18c8696de0", "Type": "UAEOF.FixedRecurringPayment", "PaymentTransactionId": "string", "PaymentStatus": "Pending", "PaymentStatusUpdateDateTime": "2023-10-01T00:00:00.000Z", "CreationDateTime": "2023-10-01T00:00:00.000Z", "DebtorCharges": [ { "Type": "VAT", "expires_in": 432000, "token_typeAmount": "Bearer", { "scopeAmount": "openid payments100.00", "state "Currency": "2616df22-899e-468b-b7af-927145b067cc"AED" } } ], "refresh_tokenInstruction": "266f5f15-eb81-4a02-bf05-e25063ca445f" } |
The TPP can now initiate a Service Initiation resource using the access token.
3.9 The TPP Initiates a Service Initiation Request with the OFP
3.9.1 Request: payments Resource
| Code Block | ||
|---|---|---|
| ||
POST /open-finance/payment/2024.03.11-draft1/payments HTTP/1.1 Host: rs1.openfinanceplatform.ae Content-Type: application/jwt Accept: application/jwt x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602 x-idempotency-key: 78dae4513b8847f98e2d4173b4ed0eb6 Authorization: Bearer caa1b60d-61ff-4cd8-a4e1-2d18c8696de0 { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss{ "Amount": { "Amount": "100.00", "Currency": "AED" }, "BeneficiaryReference": "string", "exp": 0.5, "nbfPaymentSequenceNumber": 0.5,"1" "aud": [ }, "string" ], "iatPaymentPurposeCode": 0.5"ABCD", "message": { "DataPayerReference": { "ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa","string" "Type": "UAEOF.FixedRecurringPayment"}, "InstructionLinks": { "AmountSelf": { "/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c", "AmountRelated": "100.00",/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa" }, "CurrencyMeta": "AED"{} } }, "BeneficiaryReference": "string", "PaymentSequenceNumber": "1" }, "PaymentPurposeCode": "ABCD", "PayerReference": "string" } } } . <<signature>> |
...
.
<<signature>> |
3.10 The TPP Retrieves the Service Initiation Status from the OFP Using the Resource Identifier
Get the Service Initiation Status from the OFP as a JWT response
3.10.1 Request: /payments/{PaymentId} Resource
| Code Block | ||
|---|---|---|
| ||
GET /open-finance/payment/2024.03.11-draft1/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c HTTP/1.1
Host: rs1.openfinanceplatform.ae
Accept: application/jwt
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 |
3.10.2 Response: /payments/{PaymentId} Resource
| Code Block | ||
|---|---|---|
| ||
HTTP/1.1 201200 CreatedOK Content-Type: application/jwt x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602 { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0.5, "nbf": 0.5, "aud": [ "string" ], "iat": 0.5, "message": { "Data": { "PaymentId": "83b47199-90c2-4c05-9ef1-aeae68b0fc7c", "ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa", "Type": "UAEOF.FixedRecurringPayment", "PaymentTransactionId": "string", "PaymentStatus": "Pending", "PaymentStatusUpdateDateTime": "2023-10-01T00:00:00.000Z", "CreationDateTime": "2023-10-01T00:00:00.000Z", "DebtorCharges": [ { "Type": "VAT", "Amount": { "Amount": "100.00", "Currency": "AED" } } ], "Instruction": { "Amount": { "Amount": "100.00", "Currency": "AED" }, "BeneficiaryReference": "string", "PaymentSequenceNumber": "1" }, "PaymentPurposeCode": "ABCD", "PayerReference": "string" }, "Links": { "Self": "/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c", "Related": "/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa" }, "Meta": {} } } . <<signature>> |
...
4. Further Service Initiation Examples
4.1 The TPP
...
Queries the Service Initiation
...
Get the Service Initiation Status from the OFP as a JWT response
...
Resource Using an Expired Access Token
4.1.1 Request:
...
payments/{PaymentId} Resource
| Code Block | ||
|---|---|---|
| ||
GET /open-finance/payment/2024.03.11-draft1/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c HTTP/1.1 Host: rs1.openfinanceplatform.ae Accept: application/jwt x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602 Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 |
...
4.
...
1.2 Response:
...
payments/{PaymentId} Resource
| Code Block | language | bash
|---|
HTTP/1.1 200401 OK Content-Type: application/jwt Unauthorized x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602 Content-Type: application/jwt { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0.5, "nbf": 0.5, "aud": [ "string" ], "iat": 0.5, "message": { "DataErrors": [ { { "PaymentId": "83b47199-90c2-4c05-9ef1-aeae68b0fc7c", "ConsentIdCode": "aac-69255d98-ab0e-4758-92a7-cacbf3073efaUAEOF.AccessToken.Unauthorized", "TypeMessage": "UAEOF.FixedRecurringPayment", "PaymentTransactionId": "string",max_age_exceeded: Token has expired", "PaymentStatusPath": "PendingAuthorization", "PaymentStatusUpdateDateTime": "2023-10-01T00:00:00.000Z", "CreationDateTimeUrl": "2023-10-01T00:00:00.000Z",https://developer.openfinanceplatform.ae/api-errros/401" "DebtorCharges":} [ ] } } { "Type. <<signature>> |
4.2 Webhooks
4.2.1 The TPP Creates a Service Initiation Consent Request on Behalf of the User with a Webhook Subscription
4.2.1.1 Request: Service Initiation Consent and Webhook Subscription
| Code Block |
|---|
{ "typ": "VATJWT", "alg": "PS256", "Amountkid": {"e4ce77c498e77000a25aa7b40e4a83f9" } . { "Amountiss": "100.00s6BhdRkqt3", "iat": 1669393154, "Currencyexp": "AED"1669393496, "nbf": 1669393154, } "aud": "https://server.example.com", } "response_type": "code", ], "redirect_uri": "https://openbanking.tpp1.ae/simple-redirect-url", "Instructionscope": "openid payments", { "state": "af0ifjsldkj", "Amountauthorization_details": [ { "Amounttype": "100.00urn:openfinanceuae:service-initiation-consent:v1.0-draft2", "Currencyconsent": "AED"{ }, "ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa", "BeneficiaryReference": "string", "PaymentSequenceNumberAcceptedAuthorizationType": "1UAEOF.Single" , }, "PaymentPurposeCodeAuthorizationExpirationTimeWindow": "ABCD720:00:00", "PayerReference "ExpirationDateTime": "string"2024-10-01T00:00:00.000Z", }, "LinksControlParameters": { "Self": "/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c", "RelatedIsPayByAccount": "/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa" false, }, "MetaConsentSchedule": {} } } . <<signature>> |
4. Further Service Initiation Examples
4.1 The TPP Queries the Service Initiation Resource Using an Expired Access Token
4.1.1 Request: payments/{PaymentId} Resource
| Code Block | ||
|---|---|---|
| ||
GET /open-finance/payment/2024.03.11-draft1/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c HTTP/1.1 Host: rs1.openfinanceplatform.ae Accept: application/jwt x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602 Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 |
4.1.2 Response: payments/{PaymentId} Resource
| Code Block |
|---|
HTTP/1.1 401 Unauthorized x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602 Content-Type: application/jwt { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0, "nbf": 0, "aud": [ "string" ], "iat": 0, "message" "MultiPayment": { "MaximumCumulativeNumberOfPayments": 10, "PeriodicSchedule": { "Errors": [ { "CodeType": "UAEOF.AccessToken.UnauthorizedVariablePeriodicSchedule", "Message": "max_age_exceeded: Token has expired", "PathPeriodType": "AuthorizationDay", "Url "PeriodStartDate": "https://developer.openfinanceplatform.ae/api-errros/401"2023-10-01", } ] } } . <<signature>> |
4.2 Webhooks
4.2.1 The TPP Creates a Service Initiation Consent Request on Behalf of the User with a Webhook Subscription
4.2.1.1 Request: Service Initiation Consent and Webhook Subscription
| Code Block |
|---|
{ "typMaximumCumulativeValueOfPaymentsPerPeriodType": "JWT", { "alg": "PS256", "kid": "e4ce77c498e77000a25aa7b40e4a83f9" } . { "issAmount": "s6BhdRkqt3100.00", "iat": 1669393154, "exp": 1669393496, "nbf": 1669393154, "audCurrency": "https://server.example.com","AED" "response_type": "code", "redirect_uri": "https://openbanking.tpp1.ae/simple-redirect-url", "scope": "openid payments",} "state": "af0ifjsldkj", "authorization_details": [ } { "type": "urn:openfinanceuae:service-initiation-consent:v1.0-draft2", } "consent": { } "ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa" }, "AcceptedAuthorizationTypePersonalIdentifiableInformation": "UAEOF.Single"eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.UGhIOguC7...aQeF_PXwJZ4g.48V1_ALb6US04U3b.5eym5T...QzAAE=.XFBoMY...wifLw",, "AuthorizationExpirationTimeWindowPayerReference": "720:00:00string", "ExpirationDateTimeBeneficiaryReference": "2024-10-01T00:00:00.000Zstring", "ControlParametersPaymentPurposeCode": {"ABCD", "IsPayByAccountSponsoredTPPInformation": false,{ "ConsentScheduleName": {"string", "MultiPaymentIdentification": {"string" } "Type": "UAEOF.FixedRecurringPayment", }, "TotalNumberOfPayments"Subscription": 10, { "PeriodicScheduleWebhook": { "PeriodType"Url": "Day", https://api.tpp.com/webhook/callbackUrl", "PeriodStartDateIsActive": "2023-10-01",true } "Amount":} { } } "Amount": "100.00", "Currency": "AED" } } ] } |
4.2.2 The TPP updates a Webhook Subscription preference with the OFP
4.2.2.1 Request: Activate Webhook events
| Code Block | ||
|---|---|---|
| ||
PATCH /open-finance/payment/2024.03.11-draft1/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa HTTP/1.1 Host: rs1.lab.api.openbanking.ae Content-Type: application/jwt Accept: application/jwt x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0, "nbf": 0, "aud": [ "string" ], "iat": 0, "message": { "Subscription": { "Webhook": { } "IsActive": true } } } }, "Initiation": { "DebtorAccount": { "IdentificationType": "UAEOF.IBAN", "Identification": "string", "Name": { "en": "string", . <<signature>> |
4.2.2.2 Response: Webhook events activated
| Code Block | ||
|---|---|---|
| ||
x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead
HTTP/1.1 204 No Content |
4.2.3 The TPP unsubscribes their Webhook Subscription with the OFP
4.2.3.1 Request: De-Activate Webhook events
| Code Block | ||
|---|---|---|
| ||
PATCH /open-finance/payment/2024.03.11-draft1/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa HTTP/1.1 Host: rs1.lab.api.openbanking.ae Content-Type: application/jwt x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0, "nbf": 0, "aud": [ "string" ], "iat": 0, "message": { "Subscription": { "arWebhook": "string"{ "IsActive": false } } } }, . "CreditorAccount": { "IdentificationType": "UAEOF.IBAN", "Identification": "string", "Name": { "en": "string", "ar": "string" }, "TradingName<<signature>> |
4.2.3.2 Response: Webhook events de-activated
| Code Block | ||
|---|---|---|
| ||
x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead
HTTP/1.1 204 No Content |
4.2.4 The TPP receives Service Initiation Consent data from the OFP via its Webhook
4.2.4.1 The OFP generates a Self Signed JWT Authorization Token for Client Authentication with the TPP
This JWT Authorization Token MUST be set in the Authorization Header.
| Code Block | ||
|---|---|---|
| ||
{
"alg": "PS256",
"typ": "JOSE",
"cty": "json",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "https://openbanking.masrif-ahmar.ae",
"sub": "e75c26bf-1682-401a-a227-ec125f6636ab",
"aud": "https://api.pisp.com/webhook/callbackUrl",
"exp": 1661378066,
"iat": 1661378036,
"nbf": 1661378036,
"jti": "274aa39d-d77a-46a9-b832-b2ced47919dd"
}
.
<<signature>> |
4.2.4.2 Request: OFP publishes signed/encrypted Service Initiation Data to the registered Webhook Url provided by the TPP
The example below shows a signed and encrypted payload with the JWT Authorization Token set in the Authorization Header
| Code Block | ||
|---|---|---|
| ||
POST /webhook/callbackUrl HTTP/1.1
Host: api.tpp.com
x-fapi-interaction-id: 77b0e830-b095-4c6c-94e8-20f83eaa799f
Content-Type: application/jwt
Date: Wed, 24 Aug 2022 07:28:00 AST
Authorization: Bearer eyJhbGciO9.eyJzdWImlhdCI6MTUxNjIzOTAyMn0.iOeN9eg
<<jwe>
|
Here, <<jwe>> is a signed and encrypted payload. The inner JWS has the structure below.
| Code Block | ||
|---|---|---|
| ||
{ "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0.5, "nbf": 0.5, "aud": [ "string" ], "iat": 0.5, "message": { "Data": { "ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa", "enBaseConsentId": "stringabc-19877d98-ab0e-4758-92a7-vvffr1234abv", "AcceptedAuthorizationType": "UAEOF.Single", "arAuthorizationExpirationTimeWindow": "string720:00:00", "ExpirationDateTime": "2024-10-01T00:00:00.000Z", }"ConsentStatus": "AwaitingAuthorization", "ConsentStatusUpdateDateTime": "2023-10-01T00:00:00.000Z", }"CreationDateTime": "2023-10-01T00:00:00.000Z", "ControlParameters": { }, "IsPayByAccount": false, "PayerReferenceConsentSchedule": "string", { "BeneficiaryReferenceMultiPayment": "string",{ "PaymentPurposeCodeMaximumCumulativeNumberOfPayments": "ABCD"10, "SponsoredTPPInformationPeriodicSchedule": { "NameType": "stringUAEOF.VariablePeriodicSchedule", "IdentificationPeriodType": "stringDay", } "PeriodStartDate": "2023-10-01", }, "SubscriptionMaximumCumulativeValueOfPaymentsPerPeriodType": { "Webhook": { "Amount": "100.00", "UrlCurrency": "https://api.tpp.com/webhook/callbackUrl",AED" "IsActive": true} } } } }, ] } |
4.2.2 The TPP updates a Webhook Subscription preference with the OFP
4.2.2.1 Request: Activate Webhook events
| Code Block | ||
|---|---|---|
| ||
PATCH /open-finance/payment/2024.03.11-draft1/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa HTTP/1.1 Host: rs1.lab.api.openbanking.ae Content-Type: application/jwt Accept: application/jwt x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0, "nbf": 0, "aud": [ "string" ], "iat": 0, "message": { "Subscription": {"PersonalIdentifiableInformation": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.UGhIOguC7...aQeF_PXwJZ4g.48V1_ALb6US04U3b.5eym5T...QzAAE=.XFBoMY...wifLw",, "PayerReference": "string", "BeneficiaryReference": "string", "PaymentPurposeCode": "ABCD", "SponsoredTPPInformation": { "Name": "string", "Identification": "string" }, "IsPayByAccount": false, "PaymentConsumption": { "MaximumCumulativeNumberOfPayments": 10, "WebhookMaximumCumulativeValueOfPayments": { "IsActiveAmount": true"1000.00", "Currency": "AED" } }, } } . <<signature>> |
4.2.2.2 Response: Webhook events activated
| Code Block | ||
|---|---|---|
| ||
x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead
HTTP/1.1 204 No Content |
4.2.3 The TPP unsubscribes their Webhook Subscription with the OFP
4.2.3.1 Request: De-Activate Webhook events
| Code Block | ||
|---|---|---|
| ||
PATCH /open-finance/payment/2024.03.11-draft1/payment- "CumulativeNumberOfPayments": 10, "CumulativeNumberOfPaymentsPerPeriod": 1, } }, "Links": { "Self": "/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa HTTP/1.1 Host: rs1.lab.api.openbanking.ae Content-Type: application/jwt x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0, "nbf": 0, "aud": [ "string" ], "iat": 0, "message": { "Subscription": { "Webhook": { "IsActive": false } } } } . <<signature>> |
...
",
"Related": []
},
"EventMeta": {
"EventDateTime": "22023-10-01T00:00:00.000Z",
"EventResource": "consents",
"EventType": "UAEOF.Resource.Created",
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa"
}
}
}
.
<<signature>> |
4.2.4.3 Response: TPP validates the Self Signed JWT Authorization Token from OFP, stores Payment consent data and acknowledges a success response to the OFP
| Code Block | ||
|---|---|---|
| ||
x-fapi-interaction-id: 3424a37977b0e830-8274b095-46864c6c-99bd94e8-f420d08acead20f83eaa799f HTTP/1.1 204202 No ContentAccepted |
4.
...
3 Multiple Authorizations
4.
...
3.1
...
Request: Service Initiation consent resource requesting Multi-Authorization
The TPP creates a Service Initiation consent with AcceptedAuthorizationType as UAEOF.Multi denoting its support for a Multi-Authorization consent.
| Code Block | ||
|---|---|---|
| ||
{
"algtyp": "PS256JWT",
"typalg": "JOSEPS256",
"ctykid": "json",e4ce77c498e77000a25aa7b40e4a83f9"
}
.
{
"kidiss": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{"s6BhdRkqt3",
"issaud": "https://openbankingserver.masrif-ahmarexample.aecom",
"sub"response_type": "e75c26bf-1682-401a-a227-ec125f6636abcode",
"audredirect_uri": "https://apiopenbanking.pisptpp1.com/webhook/callbackUrlae/simple-redirect-url",
"expscope": 1661378066"openid payments",
"iatstate": 1661378036,"af0ifjsldkj",
"nbfauthorization_details": 1661378036, [
{
"jtitype": "274aa39d-d77a-46a9-b832-b2ced47919dd"
}
.
<<signature>> |
4.2.4.2 Request: OFP publishes signed/encrypted Service Initiation Data to the registered Webhook Url provided by the TPP
The example below shows a signed and encrypted payload with the JWT Authorization Token set in the Authorization Header
| Code Block | ||
|---|---|---|
| ||
POST /webhook/callbackUrl HTTP/1.1
Host: api.tpp.com
x-fapi-interaction-id: 77b0e830-b095-4c6c-94e8-20f83eaa799f
Content-Type: application/jwt
Date: Wed, 24 Aug 2022 07:28:00 AST
Authorization: Bearer eyJhbGciO9.eyJzdWImlhdCI6MTUxNjIzOTAyMn0.iOeN9eg
<<jwe>
|
Here, <<jwe>> is a signed and encrypted payload. The inner JWS has the structure below.
| Code Block | ||
|---|---|---|
| ||
{ "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0.5, "nbf": 0.5, "aud": [ "string" ], "iat": 0.5, "message": { "Data": {urn:openfinanceuae:service-initiation-consent:v1.0-draft2", "consent": { "ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa", "AcceptedAuthorizationType": "UAEOF.Multi", "AuthorizationExpirationTimeWindow": "720:00:00", "ConsentIdExpirationDateTime": "aac2024-69255d98-ab0e-4758-92a7-cacbf3073efa10-01T00:00:00.000Z", "BaseConsentId": "abc-19877d98-ab0e-4758-92a7-vvffr1234abv", "AcceptedAuthorizationTypeControlParameters": "UAEOF.Single", { "AuthorizationExpirationTimeWindow": "720:00:00", "ExpirationDateTimeIsPayByAccount": "2024-10-01T00:00:00.000Z"false, "ConsentStatus": "AwaitingAuthorization", "ConsentStatusUpdateDateTimeConsentSchedule": "2023-10-01T00:00:00.000Z",{ "CreationDateTime": "2023-10-01T00:00:00.000Z", "ControlParametersMultiPayment": { "IsPayByAccount": false, "ConsentScheduleMaximumCumulativeNumberOfPayments": {10, "MultiPayment": { "PeriodicSchedule": { "Type": "UAEOF.FixedRecurringPayment", "TotalNumberOfPayments": 10, "Type": "UAEOF.VariablePeriodicSchedule", "PeriodicSchedule": { "PeriodType": "Day", "PeriodStartDate": "2023-10-01", "Amount "MaximumCumulativeValueOfPaymentsPerPeriodType": { "Amount": "100.00", "Currency": "AED" } } } } } }, "Initiation": { } "DebtorAccount": { "IdentificationType": "UAEOF.IBAN", }, "IdentificationPersonalIdentifiableInformation": "string",eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.UGhIOguC7...aQeF_PXwJZ4g.48V1_ALb6US04U3b.5eym5T...QzAAE=.XFBoMY...wifLw",, "NamePayerReference": {"string", "enBeneficiaryReference": "string", "arPaymentPurposeCode": "stringABCD", } }, "CreditorAccount""SponsoredTPPInformation": { "IdentificationType": "UAEOF.IBAN", "IdentificationName": "string", "Name": { "en"Identification": "string", "ar": "string" }, "TradingName": { } } "en": "string", "ar": "string" } } }, "PayerReference": "string", "BeneficiaryReference": "string", "PaymentPurposeCode": "ABCD", "SponsoredTPPInformation": { "Name": "string", "Identification": "string" }, "IsPayByAccount": false, "PaymentConsumption": { "MaximumCumulativeNumberOfPayments": 10, "MaximumCumulativeValueOfPayments": "1000.00", "CumulativeNumberOfPayments": 0, "CumulativeValueOfPayments": "0.00", "CumulativeNumberOfPaymentsPerPeriod": 0, "CumulativeValueOfPaymentsPerPeriod": "0.00" } }, "Links": { "Self": "/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa", "Related": [] }, "EventMeta": { "EventDateTime": "22023-10-01T00:00:00.000Z", "EventResource": "consents", "EventType": "UAEOF.Resource.Created", "ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa" } } } . <<signature>> |
4.2.4.3 Response: TPP validates the Self Signed JWT Authorization Token from OFP, stores Payment consent data and acknowledges a success response to the OFP
| Code Block | ||
|---|---|---|
| ||
x-fapi-interaction-id: 77b0e830-b095-4c6c-94e8-20f83eaa799f
HTTP/1.1 202 Accepted |
4.3 Multiple Authorizations
4.3.1 Request: Service Initiation consent resource requesting Multi-Authorization
The TPP creates a Service Initiation consent with AcceptedAuthorizationType as UAEOF.Multi denoting its support for a Multi-Authorization consent.
| Code Block | ||
|---|---|---|
| ||
{
"typ": "JWT",
"alg": "PS256",
"kid": "e4ce77c498e77000a25aa7b40e4a83f9"
}
.
{
"iss": "s6BhdRkqt3",
"aud": "https://server.example.com",
"response_type": "code",
"redirect_uri": "https://openbanking.tpp1.ae/simple-redirect-url",
"scope": "openid payments",
"state": "af0ifjsldkj",
"authorization_details": [
{
"type": "urn:openfinanceuae:service-initiation-consent:v1.0-draft2",
"consent": {
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"AcceptedAuthorizationType": "UAEOF.Multi",
"AuthorizationExpirationTimeWindow": "720:00:00",
"ExpirationDateTime": "2024-10-01T00:00:00.000Z",
"ControlParameters": {
"IsPayByAccount": false,
"ConsentSchedule": {
"MultiPayment": {
"Type": "UAEOF.FixedRecurringPayment",
"TotalNumberOfPayments": 10,
"PeriodicSchedule": {
"PeriodType": "Day",
"PeriodStartDate": "2023-10-01",
"Amount": {
"Amount": "100.00",
"Currency": "AED"
}
}
}
}
},
"Initiation": {
"DebtorAccount": {
"IdentificationType": "UAEOF.IBAN",
"Identification": "string",
"Name": {
"en": "string",
"ar": "string"
}
},
"CreditorAccount": {
"IdentificationType": "UAEOF.IBAN",
"Identification": "string",
"Name": {
"en": "string",
"ar": "string"
},
"TradingName": {
"en": "string",
"ar": "string"
}
}
},
"PayerReference": "string",
"BeneficiaryReference": "string",
"PaymentPurposeCode": "ABCD",
"SponsoredTPPInformation": {
"Name": "string",
"Identification": "string"
}
}
}
]
} |
4.4 The TPP Queries the existence of a Service Initiation Resource Using the X-Idempotency-Key
This is a negative scenario whereby the OFP fails to return any payments response and the TPP has no way of identifying the resource PaymentId
The PaymentId is returned within in the HTTP Location Header URL under the /payments resource.
4.4.1 Request to /payments Resource
| Code Block | ||
|---|---|---|
| ||
HEAD /open-finance/payment/2024.03.11-draft1/payments HTTP/1.1
Host: rs1.lab.api.openbanking.ae
Accept: application/jwt
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1
x-idempotency-key: 78dae4513b8847f98e2d4173b4ed0eb6 |
4.4.2 Response to /payments Resource
| Code Block | ||
|---|---|---|
| ||
HTTP/1.1 204 No Content
x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead
Location: /open-finance/payment/2024.03.11-draft1/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c |
5. Open API Specification
See the Bank Service Initiation API - Swagger page.
6. Service Initiation Notes
6.1 Staging a Service Initiation Consent
6.1.1 Single Instant Payment
To manage the creation and execution of a Single Instant payment;
The TPP:
MUST provide a
ConsentIdin the Consent object within theauthorization_detailsof a Rich Authorization Request.MAY use a
GETto the/payments/{PaymentId}resource to poll for Payment Statuses.
The OFP:
MUST reject the Service Initiation consent if a globally unique UUID v4
ConsentIddoes not exist in the RAR object.MUST validate the Consent parameters and create a Consent resource (
ConsentId) that isAwaitingAuthorizationwhen a valid RAR object is staged at the PAR endpoint.MUST immediately stage the payment with the LFI once a valid Service Initiation resource is created by the TPP.
MUST send payment status events to the TPP if an active Webhook Subscription is registered within the Consent object.
The LFI:
MUST immediately stage the payment with the Payment Rails once a valid payment is staged by the OFP.
MUST emit payment status events to the OFP.
6.1.2 Single Future Dated, Multi-Payment
For Single Future Dated and Multi-Payment Consents:
The TPP:
MUST provide an
ConsentIdin the Consent object within theauthorization_detailsof a Rich Authorization Request.MAY use
PATCHto manage any Webhook configurations for the entire duration of a payment consent
The OFP:
MUST validate the Consent parameters and create a Consent resource (
ConsentId) that isAwaitingAuthorizationwhen a valid RAR object is staged at the PAR endpoint.MUST the ConsentID (using
Links.Relatedattribute).MUST immediately stage the payment with the LFI once a valid Service Initiation resource is created by the TPP.
MUST send payment status events to the TPP if an active Webhook Subscription is registered within the Consent object.
The LFI:
MUST immediately stage the payment with the Payment Rails once a valid payment is staged by the OFP.
MUST emit payment status events to the OFP.
6.2 Service Initiation Consent Parameters
6.2.1 Single Payment Consent Parameters
6.2.1.1 Single Instant Payment
A Single Instant Payment MUST meet the following criteria:
TypeMUST be set toUAEOF.SingleInstantPaymentThe Consent Start date is the
CreationDateTime. The Consent end date (ExpirationDateTime) MUST be set to the current date.
6.2.1.2 Single Future Dated Payment
A Single Future Dated Payment MUST meet the following criteria:
TypeMUST be set toUAEOF.SingleFutureDatedPaymentThe Consent Start date is the
CreationDateTime. The Consent end date (ExpirationDateTime) MUST NOT exceed 1 year from the current date.RequestedExecutionDateTimeMUST NOT be set to the current day. It MUST be set to a future date/time beyond the current day when the payment is to be scheduled for execution.
6.2.2 Multi-Payment Consent Parameters
6.2.2.1 Fixed Recurring Payment Consent Parameters
A Fixed Recurring Payment MUST meet the following criteria:
TypeMUST be set toUAEOF.FixedRecurringPaymentUserReferenceMUST be set by the UserThe Consent Start date is the
CreationDateTime. The Consent end date (ExpirationDateTime) MUST NOT exceed 1 year from the current date.PeriodicScheduleMUST define any period specific maximum payment numbers and/or amounts.TotalNumberOfPaymentsMUST be set to confirm the total number of payments for the consent duration.
6.2.2.2 Fixed On-demand Payment Consent Parameters
A Fixed On-demand Payment MUST meet the following criteria:
...
Type MUST be set to UAEOF.FixedOnDemandPayment
...
UserReference MUST be set by the User
...
The Consent Start date is the CreationDateTime. The Consent end date (ExpirationDateTime) MUST NOT exceed 1 year from the current date.
...
Amount MUST have a fixed value that will be used for every recurring payment in the Period.
...
MaximumCumulativeValueOfPayments MUST be set to confirm the total payment amount for the whole consent duration.
...
PeriodicSchedule MAY define any period specific maximum payment numbers and/or amounts.
6.2.2.3 Variable Recurring Payment Consent Parameters
...
]
} |
4.4 The TPP Queries the existence of a Service Initiation Resource Using the X-Idempotency-Key
This is a negative scenario whereby the OFP fails to return any payments response and the TPP has no way of identifying the resource PaymentId
The PaymentId is returned within in the HTTP Location Header URL under the /payments resource.
4.4.1 Request to /payments Resource
| Code Block | ||
|---|---|---|
| ||
HEAD /open-finance/payment/2024.03.11-draft1/payments HTTP/1.1
Host: rs1.lab.api.openbanking.ae
Accept: application/jwt
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1
x-idempotency-key: 78dae4513b8847f98e2d4173b4ed0eb6 |
4.4.2 Response to /payments Resource
| Code Block | ||
|---|---|---|
| ||
HTTP/1.1 204 No Content
x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead
Location: /open-finance/payment/2024.03.11-draft1/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c |
5. Open API Specification
See the Bank Service Initiation API - Swagger page.
6. Service Initiation Notes
6.1 Staging a Service Initiation Consent
6.1.1 Single Instant Payment
To manage the creation and execution of a Single Instant payment;
The TPP:
MUST provide a
ConsentIdin the Consent object within theauthorization_detailsof a Rich Authorization Request.MAY use a
GETto the/payments/{PaymentId}resource to poll for Payment Statuses.
The OFP:
MUST reject the Service Initiation consent if a globally unique UUID v4
ConsentIddoes not exist in the RAR object.MUST validate the Consent parameters and create a Consent resource (
ConsentId) that isAwaitingAuthorizationwhen a valid RAR object is staged at the PAR endpoint.MUST immediately stage the payment with the LFI once a valid Service Initiation resource is created by the TPP.
MUST send payment status events to the TPP if an active Webhook Subscription is registered within the Consent object.
The LFI:
MUST immediately stage the payment with the Payment Rails once a valid payment is staged by the OFP.
MUST emit payment status events to the OFP.
6.1.2 Single Future Dated, Multi-Payment
For Single Future Dated and Multi-Payment Consents:
The TPP:
MUST provide an
ConsentIdin the Consent object within theauthorization_detailsof a Rich Authorization Request.MAY use
PATCHto manage any Webhook configurations for the entire duration of a payment consent
The OFP:
MUST validate the Consent parameters and create a Consent resource (
ConsentId) that isAwaitingAuthorizationwhen a valid RAR object is staged at the PAR endpoint.MUST immediately stage the payment with the LFI once a valid Service Initiation resource is created by the TPP.
MUST send payment status events to the TPP if an active Webhook Subscription is registered within the Consent object.
The LFI:
MUST immediately stage the payment with the Payment Rails once a valid payment is staged by the OFP.
MUST emit payment status events to the OFP.
6.2 Service Initiation Consent Parameters
6.2.1 Single Payment Consent Parameters
6.2.1.1 Single Instant Payment
A Single Instant Payment MUST meet the following criteria:
TypeMUST be set toUAEOF.VariableRecurringPaymentUserReferenceMUST be set by the UserSingleInstantPaymentThe Consent Start date is the
CreationDateTime. The Consent end date (ExpirationDateTime) MUST NOT exceed 1 year from the current date.MaximumIndividualPaymentAmountMUST be set to confirm the maximum single payment amount that can be instructed.MaximumCumulativeValueOfPaymentsMUST be set to confirm the total payment amount for the whole consent duration.MaximumCumulativeNumberOfPaymentsMUST be set to confirm the total number of payments for the whole consent duration.PeriodicScheduleMUST define the period start date and frequencydate (ExpirationDateTime) MUST be set to the current date.
6.2.1.2
...
Single Future Dated Payment
A Single Future Dated Payment MUST meet the following criteria:
TypeMUST be set toUAEOF.VariableOnDemandPaymentUserReferenceMUST be set by the UserSingleFutureDatedPaymentThe Consent Start date is the
CreationDateTime. The Consent end date (ExpirationDateTime) MUST NOT exceed 1 year from the current date.year from the current date.RequestedExecutionDateTimeMUST NOT be set to the current day. It MUST be set to a future date/time beyond the current day when the payment is to be scheduled for execution.
6.2.2 Multi-Payment Consent Parameters
These consent parameters are defined to control the limits for a long lived Multi-Payment consent:
MaximumIndividualPaymentAmountMUST be set to confirm the maximum single payment amount that can be instructed.MaximumCumulativeValueOfPaymentsMUST be set to confirm the total payment amount for the whole consent duration.MaximumCumulativeNumberOfPaymentsMUST be set to confirm the total number of payments for the whole consent duration.PeriodicScheduleMAY further define any period specific maximum payment numbers and/or amounts.
6.2.2.5 Variable Defined Payment Consent Parameters
A Variable Defined Payment MUST meet the following criteria for payment execution by the LFI:
TypeMUST be set toUAEOF.VariableDefinedPaymentUserReferenceMUST be set by the UserThe Consent Start date is the
CreationDateTime. The Consent end date (ExpirationDateTime) MUST NOT exceed 1 year from the current date.PaymentSchedule[]MUST define all required payments to be instructed.PaymentExecutionDateMUST be the exact Date when a Payment is to be debited.PeriodicScheduleMAY further define any period specific maximum payment numbers and/or amounts, and is one of these Types:UAEOF.DefinedSchedule- a Payment Schedule denoting a list of pre-defined future dated payments all with fixed amounts and dates.UAEOF.FixedPeriodicSchedule- Payment Controls that apply to all payments in a given period with a fixed payment amount.UAEOF.VariablePeriodicSchedule- Payment Controls that apply to all payments in a given period with a variable payment amount..
.Amount MUST be the exact Payment value to be debitedAmount MUST be used if there is a fixed value that will be used for every recurring payment in the Period.
6.2.3 Combined Payment Consent Parameters
...