openapi: 3.0.0
info:
title: MotorUAE Insurance API
description: '## UAE Open Finance Motor Insurance API Specification'
version: v1.0-draft3
tags:
- name: Insurance Consents
- name: Insurance Policies
paths:
/insurance-consents:
get:
tags:
- Insurance Consents
operationId: InsuranceConsents_list
summary: Retrieve Insurance Consents by BaseConsentId
description: Retrieve all Insurance Consents that are linked to a given BaseConsentId
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/CustomerUserAgent'
- $ref: '#/components/parameters/FapiAuthDate'
- $ref: '#/components/parameters/FapiCustomerIpAddress'
- $ref: '#/components/parameters/FapiInterationId'
- $ref: '#/components/parameters/BaseConsentId'
responses:
'200':
description: The request has succeeded.
headers:
x-fapi-interaction-id:
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBReadInsuranceConsents1'
application/json:
schema:
$ref: '#/components/schemas/OBReadInsuranceConsents1'
application/jwt:
schema:
$ref: '#/components/schemas/OBReadInsuranceConsents1Signed'
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
'401':
description: Unauthorized
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403':
description: Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/OBErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415':
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500':
description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
security:
- TPPOAuth2Security:
- openid
- insurance-access
/insurance-consents/{ConsentId}:
get:
tags:
- Insurance Consents
operationId: InsuranceConsentsByConsentId_read
summary: Retrieve an Insurance Consent
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/CustomerUserAgent'
- $ref: '#/components/parameters/FapiAuthDate'
- $ref: '#/components/parameters/FapiCustomerIpAddress'
- $ref: '#/components/parameters/FapiInterationId'
- $ref: '#/components/parameters/ConsentId'
responses:
'200':
description: The request has succeeded.
headers:
x-fapi-interaction-id:
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBReadInsuranceConsent1'
application/json:
schema:
$ref: '#/components/schemas/OBReadInsuranceConsent1'
application/jwt:
schema:
$ref: '#/components/schemas/OBReadInsuranceConsent1Signed'
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
'401':
description: Unauthorized
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403':
description: Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'404': content:
description: Not found application/jwt:
headers: schema:
x-fapi-interaction-id: $ref: '#/components/schemas/OBErrorSignedResponse'
required: true '404':
description: AnNot RFC4122found
UID used as a correlation id. headers:
schema: x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415':
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500':
description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
security:
- TPPOAuth2Security:
- openid
- insurance-access
patch:
tags:
- Insurance Consents
operationId: >-
InsuranceConsentsByConsentId_unsignedRequestBodyUpdate_InsuranceConsentsByConsentId_signedRequestBodyUpdate
summary: Modify an Insurance Consent
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/CustomerUserAgent'
- $ref: '#/components/parameters/FapiAuthDate'
- $ref: '#/components/parameters/FapiCustomerIpAddress'
- $ref: '#/components/parameters/FapiInterationId'
- $ref: '#/components/parameters/ConsentId'
responses:
'204':
description: No content
headers:
x-fapi-interaction-id:
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
'401':
description: Unauthorized
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403':
description: Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/OBErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415':
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500':
description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
requestBody:
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBUpdateConsent1'
application/json:
schema:
$ref: '#/components/schemas/OBUpdateConsent1'
application/jwt:
schema:
$ref: '#/components/schemas/OBUpdateConsent1Signed'
security:
- TPPOAuth2Security:
- openid
- insurance-access
/insurance-policies:
get:
tags:
- Insurance Policies
operationId: InsurancePolicies_list
summary: Get insurance policies
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/CustomerUserAgent'
- $ref: '#/components/parameters/FapiAuthDate'
- $ref: '#/components/parameters/FapiCustomerIpAddress'
- $ref: '#/components/parameters/FapiInterationId'
responses:
'200':
description: The request has succeeded.
headers:
x-fapi-interaction-id:
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBReadInsurancePolicies1'
application/json:
schema:
$ref: '#/components/schemas/OBReadInsurancePolicies1'
application/jwt:
schema:
$ref: '#/components/schemas/OBReadInsurancePolicies1Signed'
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
'401':
description: Unauthorized
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403':
description: Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'404' content:
description application/jwt:
Not found schema:
$ref: '#/components/schemas/OBErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415':
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500':
description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
security:
- UserOAuth2Security:
- openid
- insurance-access
/insurance-policies/{InsurancePolicyId}:
get:
tags:
- Insurance Policies
operationId: InsurancePoliciesById_read
summary: Get insurance policy
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/CustomerUserAgent'
- $ref: '#/components/parameters/FapiAuthDate'
- $ref: '#/components/parameters/FapiCustomerIpAddress'
- $ref: '#/components/parameters/FapiInterationId'
- $ref: '#/components/parameters/InsurancePolicyId'
responses:
'200':
description: The request has succeeded.
headers:
x-fapi-interaction-id:
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBReadInsurancePolicy1'
application/json:
schema:
$ref: '#/components/schemas/OBReadInsurancePolicy1'
application/jwt:
schema:
$ref: '#/components/schemas/OBReadInsurancePolicy1Signed'
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
'401':
description: Unauthorized
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403':
description: Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/OBErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415':
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500':
description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
security:
- UserOAuth2Security:
- openid
- insurance-access
components:
parameters:
Authorization:
name: authorization
in: header
required: true
description: An authorization Token as per https://tools.ietf.org/html/rfc6750
schema:
type: string
BaseConsentId:
name: BaseConsentId
in: query
required: true
description: A base consent identifier that links to other consent resources
schema:
$ref: '#/components/schemas/uuid'
ConsentId:
name: ConsentId
in: path
required: true
description: Unique identifier for a given consent resource
schema:
$ref: '#/components/schemas/uuid'
CustomerUserAgent:
name: x-customer-user-agent
in: header
required: false
description: Indicates the user-agent that the User is using.
schema:
type: string
FapiAuthDate:
name: x-fapi-auth-date
in: header
required: false
description: >-
The time when the User last logged in with the TPP.
All dates in the HTTP headers are represented as RFC 7231 Full Dates. An
example is below:
Sun, 10 Sep 2017 19:43:31 UTC
schema:
type: string
pattern: >-
^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4}
\d{2}:\d{2}:\d{2} (GMT|UTC)$
FapiCustomerIpAddress:
name: x-fapi-customer-ip-address
in: header
required: false
description: The User's IP address if the User is currently logged in with the TPP.
schema:
type: string
FapiInterationId:
name: x-fapi-interaction-id
in: header
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
InsurancePolicyId:
name: InsurancePolicyId
in: path
required: true
description: Unique identifier for a given insurance policy
schema:
$ref: '#/components/schemas/uuid'
schemas:
Address:
type: object
required:
- AddressLine
- PostalCode
- City
- StateEmirate
- Country
properties:
AddressLine:
type: array
items:
type: string
minItems: 1
maxItems: 3
PostalCode:
type: string
City:
type: string
StateEmirate:
type: string
Country:
type: string
additionalProperties: false
Amount:
type: number
AmountAndCurrency:
type: object
required:
- Currency
- Amount
properties:
Currency:
$ref: '#/components/schemas/CurrencyCode'
Amount:
$ref: '#/components/schemas/Amount'
additionalProperties: false
ClaimHistory:
type: object
required:
- NumberClaims
properties:
- NumberApprovedClaims NumberClaims:
- TotalClaimsAmount type: integer
- TotalApprovedClaimsAmount properties: format: int64
NumberClaims: type: integer
format: int64
NumberApprovedClaims:
type: integer
format: int64
TotalClaimsAmount:
$ref: '#/components/schemas/AmountAndCurrency'
TotalApprovedClaimsAmount:
$ref: '#/components/schemas/AmountAndCurrency'
additionalProperties: false
CommunicationPreferenceTypes:
type: string
enum:
- Home
- Mobile
- Other
CommunicationPreferences:
type: object
required:
- Type
- PhoneNumber
properties:
Type:
$ref: '#/components/schemas/CommunicationPreferenceTypes'
PhoneNumber:
type: string
additionalProperties: false
ConsentStatusCode:
type: string
enum:
- Authorized
- AwaitingAuthorization
- Rejected
- Revoked
- Expired
- Suspended
CurrencyCode:
type: string
pattern: ^[A-Z]{3}$
First:
type: string
format: uri
description: A link to the first page in a paginated result set
Last:
type: string
format: uri
description: A link to the last page in a paginated result set
LinksResource:
type: object
required:
- Self
properties:
Self:
$ref: '#/components/schemas/Self'
First:
$ref: '#/components/schemas/First'
Prev:
$ref: '#/components/schemas/Prev'
Next:
$ref: '#/components/schemas/Next'
Last:
$ref: '#/components/schemas/Last'
description: Links relevant to the resource
additionalProperties: false
LinksSelf:
type: object
required:
- Self
properties:
Self:
$ref: '#/components/schemas/Self'
description: Links relevant to the resource
additionalProperties: false
MetaTotalPagesMeta:
type: object
requireddescription: Metadata relevant to the resource
- TotalPages additionalProperties: false
propertiesMetaTotalPages:
type: object
TotalPages: required:
$ref: '#/components/schemas/TotalPages'- TotalPages
properties:
TotalPages:
$ref: '#/components/schemas/TotalPages'
additionalProperties: false
Next:
type: string
format: uri
description: A link to the next page in a paginated result set
OBAddOns:
type: object
required:
- DriversPersonalAccident
- PassengersPersonalAccident
properties:
DriversPersonalAccident:
type: boolean
description: Indicates whether driver accidental coverage is included
PassengersPersonalAccident:
type: boolean
description: Indicates whether passenger accidental coverage included
additionalProperties: false
OBAdditionalInformation:
type: object
required:
- FirstTimeRegistration
- VehicleMortgage
properties:
FirstTimeRegistration:
type: boolean
VehicleMortgage:
type: number
description: Pending mortgage amount on the vehicle
additionalProperties: false
OBBaseConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
The original ConsentId assigned by the TPP.
It is used by the TPP for updating/renewing parameters associated with
long-lived consents.
It must be provided when long-lived consent parameters are
updated/renewed for a current consent that has not yet finished.
OBConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
Unique identification assigned by the TPP to identify the consent
resource.
OBConsentPermissions:
type: string
enum:
- ReadInsurancePoliciesMotor
description: >-
Specifies the permitted insurance policy data types.
This is a list of the data groups being consented by the User, and
requested for authorization with the LFI.
OBConsentPurpose:
type: string
enum:
- AccountAggregation
- PersonalFinanceManager
- CreditAssessment
- MotorInsuranceQuote
- EnterpriseFinancialManagement
- Other
OBCustomerCommunicationDetails:
type: object
required:
- CorrespondenceAddress
- PermanentAddress
- ResidentialAddress
- CommunicationPreferences
- Email
properties:
CorrespondenceAddress:
$ref: '#/components/schemas/Address'
PermanentAddress:
$ref: '#/components/schemas/Address'
ResidentialAddress:
$ref: '#/components/schemas/Address'
CommunicationPreferences:
type: array
items:
$ref: '#/components/schemas/CommunicationPreferences'
minItems: 1
maxItems: 3
Email:
type: string
AlternativeEmail:
type: string
additionalProperties: false
OBError:
type: object
required:
- Code
- Message
properties:
Code:
allOf:
- $ref: '#/components/schemas/OBErrorCode'
description: Low level textual error code, e.g., UAEOF.Field.Missing
Message:
type: string
minLength: 1
maxLength: 500
description: >-
A description of the error that occurred. e.g., 'A mandatory field
isn't supplied' or 'RequestedExecutionDateTime must be in future'
UAEOF doesn't standardise this field
Path:
type: string
minLength: 1
maxLength: 500
description: >-
Recommended but optional reference to the JSON Path of the field
with error, e.g., Data.Initiation.InstructedAmount.Currency
Url:
type: string
description: >-
URL to help remediate the problem, or provide more information, or
to API Reference, or help etc
description: Error
additionalProperties: false
OBErrorCode:
type: string
enum:
- UAEOF.AccessToken.Unauthorized
- UAEOF.AccessToken.InvalidScope
- UAEOF.Consent.Revoked
- UAEOF.Consent.TransientAccountAccessFailure
- UAEOF.Consent.AccountTemporarilyBlocked
- UAEOF.Consent.PermanentAccountAccessFailure
- UAEOF.Consent.Invalid
- UAEOF.JWS.InvalidSignature
- UAEOF.JWS.Malformed
- UAEOF.JWS.InvalidClaim
- UAEOF.JWS.InvalidHeader
- UAEOF.GenericRecoverableError
- UAEOF.GenericError
- UAEOF.JWE.DecryptionError
- UAEOF.JWE.InvalidHeader
- UAEOF.Event.UnexpectedEvent
- UAEOF.Body.InvalidFormat
- UAEOF.Resource.InvalidResourceId
- UAEOF.Resource.InvalidFormat
- UAEOF.Consent.BusinessRuleViolation
OBErrorResponse:
type: object
required:
- Errors
properties:
Errors:
type: array
items:
$ref: '#/components/schemas/OBError'
minItems: 1
description: >-
An array of detail error codes, and messages, and URLs to documentation
to help remediation.
additionalProperties: false
OBErrorSignedResponse:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/OBErrorResponse'
description: Signed error response payload
additionalProperties: false
OBEventNotification:
type: object
required:
- Webhook
properties:
Webhook:
$ref: '#/components/schemas/OBWebhook'
additionalProperties: false
OBHistoricalInformation:
type: object
properties:
AdditionalInsuranceInformation:
type: string
description: Gap in car insurance or vehicle under TPL coverage
DrivingHistory:
type: integer
format: int64
description: More than 1 year of driving experience
TwelveMonthClaimHistory:
$ref: '#/components/schemas/ClaimHistory'
ThirtySixMonthClaimHistory:
$ref: '#/components/schemas/ClaimHistory'
additionalProperties: false
OBIndividualCustomerDetails:
type: object
properties:
Gender:
type: string
DateofBirth:
type: string
format: date-time
MaritalStatus:
type: string
EducationBackground:
type: string
Nationality:
type: string
DualNationality:
type: boolean
SecondNationality:
type: string
Salutation:
type: string
CityofBirth:
type: string
CountryofBirth:
type: string
pattern: ^[A-Z]{2,2}$
Religion:
type: string
MothersMaidenName:
type: string
SpouseName:
type: string
SpouseDateofBirth:
type: string
format: date-time
SpouseEmploymentDetails:
type: string
SpouseContact:
type: string
NumberofChildren:
type: integer
format: int64
additionalProperties: false
OBInsuranceAuthorizationDetailTypes:
type: string
enum:
- urn:openfinanceuae:insurance-access-consent:v1.0-draft3
OBInsurancePolicy:
type: object
required:
- PolicyType
- PolicyDetails
properties:
PolicyType:
$ref: '#/components/schemas/OBPolicyTypes'
PolicyDetails:
$ref: '#/components/schemas/OBSupportedPolicyTypes'
additionalProperties: false
OBInsurancePolicyInformation:
type: object
required:
- PolicyReference
- IssueDateIssueDateTime
- ExpiryDateExpiryDateTime
- PolicyType
- CoverageAmount
- CoverageStartDateCoverageStartDateTime
- PolicyPremium
- PolicyHolderEmirates
properties:
PolicyReference:
IssueDate $ref: '#/components/schemas/PolicyReference'
IssueDateTime:
type: string
format: date-time
ExpiryDateExpiryDateTime:
type: string
format: date-time
PolicyType:
type: string
CoverageAmount:
$ref: '#/components/schemas/AmountAndCurrency'
CoverageStartDateCoverageStartDateTime:
type: string
format: date-time
PolicyPremium:
$ref: '#/components/schemas/AmountAndCurrency'
PolicyHolderEmirates:
type: boolean
PreviousPolicy:
$ref: '#/components/schemas/PreviousPolicy'
additionalProperties: false
OBInsurnanceAuthorizationDetailConsentOBMotorInsurancePolicy:
type: object
required:
- TypeInsurancePolicyId
- ConsentCustomerId
properties: - PolicyHolderName
Type: - CustomerCommunicationDetails
$ref: '#/components/schemas/OBInsuranceAuthorizationDetailTypes'
- IndividualCustomerDetails
Consent: - VehicleInformation
$ref: >- InsurancePolicyInformation
properties:
#/components/schemas/OBInsurnanceAuthorizationDetailConsentProperties InsurancePolicyId:
description: >- allOf:
Properties for creating an insurance access object in the - $ref: '#/components/schemas/uuid'
authorization_details properties for the first consent description: Unique identifier for a given additionalProperties:insurance falsepolicy
OBInsurnanceAuthorizationDetailConsentProperties: CustomerId:
type: object requiredtype: string
- ConsentId description: >-
- Permissions Identifier properties:that uniquely and consistently identifies the insurance
ConsentId: $ref: '#/components/schemas/OBConsentId'policy customer
PermissionsPolicyHolderName:
type: arraystring
itemsPolicyHolderShortName:
type: string
$ref: '#/components/schemas/OBConsentPermissions' allOfCategorySegment:
- $reftype: '#/components/schemas/OBInsurnanceAuthorizationDetailProperties'string
additionalProperties: false LocalBranch:
OBInsurnanceAuthorizationDetailProperties: type: string
object propertiesPrimaryLanguage:
ConsentId type: string
CustomerCommunicationDetails:
$ref: '#/components/schemas/OBConsentIdOBCustomerCommunicationDetails'
BaseConsentIdIndividualCustomerDetails:
$ref: '#/components/schemas/OBBaseConsentIdOBIndividualCustomerDetails'
PermissionsVehicleInformation:
type$ref: array'#/components/schemas/OBVehicleInformation'
itemsInsurancePolicyInformation:
$ref: '#/components/schemas/OBConsentPermissionsOBInsurancePolicyInformation'
HistoricalInformation:
minItems: 1 ExpirationDateTime$ref: '#/components/schemas/OBHistoricalInformation'
typeAddOns:
string format$ref: date-time'#/components/schemas/OBAddOns'
descriptionAdditionalInformation:
>- $ref: '#/components/schemas/OBAdditionalInformation'
Specified date and time the permissionsadditionalProperties: willfalse
expire. OBOnBehalfOf:
type: object
If this is not populated, theproperties:
permissions will be open ended.All TradingName:
dates in thetype: JSONstring
payloads are represented in ISO 8601 date-time description: Trading Name
format. LegalName:
type: string
All date-time fields in responses must include the timezone. An description: Legal Name
IdentifierType:
example is below: allOf:
2017-04-05T10:43:07+00:00 - OnBehalfOf:$ref: '#/components/schemas/OBOnBehalfOfIdentifierType'
$refdescription: '#/components/schemas/OBOnBehalfOf'Identifier Type
PurposeIdentifier:
type: arraystring
itemsdescription: Identifier
additionalProperties: false
$ref OBOnBehalfOfIdentifierType:
'#/components/schemas/OBConsentPurpose' type: string
description: Primary data forenum:
the resource additionalProperties:- falseOther
OBInsurnanceAuthorizationDetailReconsentPropertiesOBPatchConsent:
type: object
required:
- ConsentIdStatus
properties:
ConsentIdStatus:
$ref: '#/components/schemas/OBConsentId'allOf:
allOf: - $ref: '#/components/schemas/OBInsurnanceAuthorizationDetailPropertiesOBPatchConsentStatus1'
additionalProperties: false OBMotorInsurancePolicydescription: >-
type: object The required:Revoked status must only be set if the current -Consent CustomerIdStatus is
- PolicyHolderName set to either Authorized or -AwaitingAuthorization
PolicyHolderShortName RevokedBy:
- CustomerCommunicationDetails -allOf:
IndividualCustomerDetails - VehicleInformation - $ref: '#/components/schemas/OBRevokedByCode'
- InsurancePolicyInformation description: Denotes the Identifier properties:of the revocation.
CustomerIdadditionalProperties: false
OBPatchConsentStatus1:
type: string
enum:
PolicyHolderName: - Revoked
typeOBPolicyTypes:
string type: string
PolicyHolderShortName: enum:
type: string - Motor
CategorySegmentOBReadInsuranceConsent1:
type: object
type: string required:
LocalBranch: - Data
type: string - Links
PrimaryLanguage: - Meta
typeproperties:
string CustomerCommunicationDetailsData:
$ref: '#/components/schemas/OBCustomerCommunicationDetailsOBReadInsuranceConsent1Properties'
IndividualCustomerDetailsSubscription:
$ref: '#/components/schemas/OBIndividualCustomerDetailsOBEventNotification'
VehicleInformationLinks:
$ref: '#/components/schemas/OBVehicleInformationLinksSelf'
InsurancePolicyInformationMeta:
$ref: '#/components/schemas/OBInsurancePolicyInformationMeta'
additionalProperties: false
HistoricalInformation OBReadInsuranceConsent1Properties:
type: object
$ref: '#/components/schemas/OBHistoricalInformation' required:
AddOns: - ConsentId
$ref: '#/components/schemas/OBAddOns'
- BaseConsentId
AdditionalInformation: - Permissions
$ref: '#/components/schemas/OBAdditionalInformation'
- CreationDateTime
additionalProperties: false - Status
OBOnBehalfOf: type:- objectStatusUpdateDateTime
properties:
TradingNameConsentId:
type$ref: string'#/components/schemas/OBConsentId'
descriptionBaseConsentId:
Trading Name LegalName$ref: '#/components/schemas/OBBaseConsentId'
typePermissions:
string descriptiontype: Legalarray
Name IdentifierType:
allOf items:
- $ref: '#/components/schemas/OBOnBehalfOfIdentifierTypeOBConsentPermissions'
descriptionExpirationDateTime:
Identifier Type Identifiertype: string
type format: stringdate-time
description: Identifier>-
additionalProperties: false OBOnBehalfOfIdentifierType:Specified date and time the permissions will type:expire.
string
enum: If this is -not Otherpopulated, the permissions will be OBPatchConsent:open ended.All
type: object dates required:in the JSON payloads are represented in ISO 8601 date-time
Status properties: format.
Status: allOf:All date-time fields in responses must include the timezone. An
- $ref: '#/components/schemas/OBPatchConsentStatus1' example is description: >-below:
The Revoked status must only be set if the current Consent Status is
2017-04-05T10:43:07+00:00
OnBehalfOf:
$ref: '#/components/schemas/OBOnBehalfOf'
Purpose:
type: array
items:
$ref: '#/components/schemas/OBConsentPurpose'
CreationDateTime:
type: string
format: date-time
description: >-
Date and time at which the resource was created.All dates in the
JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An
example is below:
set to either Authorized or AwaitingAuthorization 2017-04-05T10:43:07+00:00
RevokedByStatus:
allOf:
- $ref: '#/components/schemas/OBRevokedByConsentStatusCode'
description: DenotesSpecifies the Identifierstatus of the revocation consent resource in code form.
additionalProperties: false StatusUpdateDateTime:
OBPatchConsentStatus1: type: string
enum: format: date-time
description: >- Revoked
OBPolicyTypes:
Date and time at which the account resource status was updated. All
type: string dates enum:in the JSON payloads are represented in ISO 8601 date- Motortime
OBReadInsuranceConsent1: type: objectformat. All date-time fields in responses must required:include the timezone.
- Data An example is below: 2017- Links04-05T10:43:07+00:00
propertiesRevokedBy:
DataallOf:
- $ref: '#/components/schemas/OBInsurnanceAuthorizationDetailConsentOBRevokedByCode'
Links: description: Denotes the Identifier of the revocation.
$ref: '#/components/schemas/LinksSelf' additionalProperties: false
OBReadInsuranceConsent1Signed:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/OBReadInsuranceConsent1'
additionalProperties: false
OBReadInsuranceConsents1:
type: object
required:
- Data
- Links
properties:
Data:
type: array
items:
$ref: '#/components/schemas/OBInsurnanceAuthorizationDetailConsentOBReadInsuranceConsent1Properties'
Links:
$ref: '#/components/schemas/LinksResource'
additionalProperties: false
OBReadInsuranceConsents1Signed:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/OBReadInsuranceConsents1'
additionalProperties: false
OBReadInsurancePolicies1:
type: object
required:
- Data
- Links
- Meta
properties:
Data:
type: array
items:
$ref: '#/components/schemas/OBInsurancePolicy'
Links:
$ref: '#/components/schemas/LinksResource'
Meta:
$ref: '#/components/schemas/MetaTotalPages'
additionalProperties: false
OBReadInsurancePolicies1Signed:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/OBReadInsurancePolicies1'
additionalProperties: false
OBReadInsurancePolicy1:
type: object
required:
- Data
- Links
- Meta
properties:
Data:
$ref: '#/components/schemas/OBInsurancePolicy'
Links:
$ref: '#/components/schemas/LinksSelf'
Meta:
$ref: '#/components/schemas/MetaTotalPages'
additionalProperties: false
OBReadInsurancePolicy1Signed:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/OBReadInsurancePolicy1'
additionalProperties: false
OBRevokedByOBRevokedByCode:
type: string
enum:
- UAEOF.LFI
- UAEOF.TPP
- UAEOF.LFI.InitiatedByUser
- UAEOF.TPP.InitiatedByUser
OBSupportedPolicyTypes:
$ref: '#/components/schemas/OBMotorInsurancePolicy'
OBUpdateConsent1:
type: object
required:
- Data
properties:
Data:
$ref: '#/components/schemas/OBPatchConsent'
Subscription:
$ref: '#/components/schemas/OBEventNotification'
description: Patch Account Access Consent
additionalProperties: false
OBUpdateConsent1Signed:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/OBUpdateConsent1'
additionalProperties: false
OBVehicleInformation:
type: object
properties:
CarMake:
type: string
CarModel:
type: string
CarModelYear:
type: string
pattern: ^[0-9]{4}$
CarPurchaseDateCarPurchaseDateTime:
type: string
format: date-time
CarSpecification:
type: string
EstimatedValue:
type: integer
format: int32
DateofRegistrationRegistrationDateTime:
type: string
format: date-time
ChassisNumber:
type: string
EngineNumber:
type: string
CountryofOrigin:
type: string
VehicleColor:
type: string
PlateNumber:
type: string
PlateCode:
type: string
PlateCategory:
type: string
VehicleMileage:
type: integer
format: int64
VehicleWeight:
type: integer
format: int64
TrafficCodeIssuingEmirate:
type: string
TrafficIDNumber:
type: string
VehicleHistory:
$ref: '#/components/schemas/VehicleHistory'
additionalProperties: false
OBWebhook:
type: object
required:
- Url
- IsActive
properties:
Url:
type: string
description: The TPP Callback URL being registered with the LFI
IsActive:
type: boolean
description: >-
The TPP specifying whether the LFI should send (IsActive true) or
not send (IsActive false) Webhook Notifications to the TPP's Webhook
URL
description: A Webhook Subscription Schema
additionalProperties: false
PolicyReference:
type: string
description: Insurance policy identifier issued by the insurer
Prev:
type: string
format: uri
description: A link to the previous page in a paginated result set
PreviousPolicy:
type: object
required:
- PolicyReference
- Insurer
- PolicyStartDatePolicyStartDateTime
- PolicyExpiryDatePolicyExpiryDateTime
properties:
PolicyReference:
type$ref: string'#/components/schemas/PolicyReference'
Insurer:
type: string
PolicyStartDatePolicyStartDateTime:
type: string
format: date-time
PolicyExpiryDatePolicyExpiryDateTime:
type: string
format: date-time
additionalProperties: false
Self:
type: string
format: uri
description: A link to the current resource
TotalPages:
type: integer
format: int32
minimum: 0
description: Meta Data relevant to the resourceTotal number of pages where a result set is paginated
VehicleHistory:
type: string
enum:
- Imported
- Modified
- DeclaredTotalLoss
uuid:
type: string
securitySchemes:
TPPOAuth2Security:
type: oauth2
description: >-
TPP confidential client authorization with the LFI to stage a consent.
**Please refer to [OpenID FAPI Security Profile 1.0 -Part 2
Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-server)
- 5.2.2 point 14 - shall authenticate the confidential client using one
of the following methods private_key_jwt and [OpenID Connect Core
1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
9. Client Authentication private_key_jwt**
flows:
clientCredentials:
tokenUrl: https://authserver.example/token
scopes:
openid: Activates OpenID Connect Support
accounts: Ability to read Accounts Information
insurance-access: Right to read insurance policies
UserOAuth2Security:
type: oauth2
description: >-
[OAuth2 PAR flow](https://datatracker.ietf.org/doc/html/rfc9126), it is
required when the User needs to perform SCA with the LFI when a TPP
wants to access an LFI resource owned by the User. **Please refer to
[OpenID FAPI Security Profile 1.0 -Part 2
Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-server)
- 5.2.2 point 14 - shall authenticate the confidential client using one
of the following methods private_key_jwt and [OpenID Connect Core
1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
9. Client Authentication private_key_jwt**
flows:
authorizationCode:
authorizationUrl: https://authserver.example/authorization
tokenUrl: https://authserver.example/token
scopes:
openid: Activates OpenID Connect Support
accounts: >-
Ability to read Accounts Information. This is a parameterized
scope with the ConsentId
insurance-access: >-
Right to read insurance policies based on authorization by the End
User
LFIWebhookSecurity:
type: http
description: >-
The LFI generates a Self Signed JWT Authorization Token for Client
Authentication with the TPP. **Please refer to Self-Signed JWT
Authorization Token Specification in the UAE Standard API User Guide**
scheme: bearer
bearerFormat: JWT
|