...
The TPP MUST now request the User to authorize the consent. Please refer to the Authentication and Authorizationpage to review the supported Authorization Flows.
The TPP MUST construct a Rich Authorization Request (https://www.rfc-editor.org/rfc/rfc9396) with the authorization_details populated with the User’s consent
The TPP MUST include in an insurance access consent with all the REQUIRED data permissions that the User intends to provide to the TPP.
...
The following are non-normative examples of API access and usage of the Insurance Information API.
3.1 The TPP Redirects the User to Authorize Insurance
...
Consent
3.1.1 Request: TPP Uses RAR (Rich Authorization Request) via a PAR (Pushed Authorization Request) Endpoint with the OFP to Obtain a Request URI
...
The authorization_details contain the User’s account access insurance consent details, and a UUID v4 which is a unique identifier for the account access insurance consent.
| Code Block |
|---|
{
"typ": "JWT",
"alg": "PS256",
"kid": "e4ce77c498e77000a25aa7b40e4a83f9"
}
.
{
"iss": "s6BhdRkqt3",
"aud": "https://server.example.com",
"response_type": "code",
"redirect_uri": "https://openbanking.tpp1.ae/simple-redirect-url",
"scope": "accountsinsurance",
"state": "2616df22-899e-468b-b7af-927145b067cc",
"authorization_details": [
{
"Type": "urn:openfinanceuae:insurance-consent:v1.0-draft3",
"Consent": {
"ConsentId": "6a6a826f-0930-4eb0-b365-a8eac3032828",
"Permissions": [
"ReadInsurancePoliciesMotor"
],
"ExpirationDateTime": "2024-03-28T15:27:13+030",
"Purpose": [
"MotorInsuranceQuote"
]
}
}
]
} |
...
The LFI confirms insurance consent properties in the OFP.
| Code Block |
|---|
POST /authconsents/aac6a6a826f-1a672e830930-d1e54eb0-42bc-b8e1-60a490ec52fd/ic/doConfirmb365-a8eac3032828 host: auth1.openfinanceplatform.ae Content-Type: application/x-www-form-urlencoded policyReference=f91d07d0-6d8f-4e0e-9fb4-0ac61f84d115 &policyReferencejson { "psuIdentifiers": [ "userId": "33f81f80-6223-4ae1-927a-fec19169ecef" ], "insurancePoliciesIds": [ "176794ea-ee8c-4621-b824-b8cfa95db0ff" ] } |
The LFI then confirms authorization of insurance consent in the OFP.
| Code Block |
|---|
POST /auth/aac-1a672e83-d1e5-42bc-b8e1-60a490ec52fd/doConfirm
host: auth1.openfinanceplatform.ae
Content-Type: application/x-www-form-urlencoded
InsurancePolicyInformation.PolicyReference=f91d07d0-6d8f-4e0e-9fb4-0ac61f84d115
&InsurancePolicyInformation.PolicyReference=bed6cb83-956e-4795-86c3-0f4254ae1cab |
...
The TPP can now request insurance policy information using the access token.
3.7 Get a List of Insurance Policies
...
| Code Block |
|---|
HTTP/1.1 200 OK
Content-Type: application/json
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
{
"Data": [
{
"PolicyType": "Motor",
"PolicyDetails": {
"InsurancePolicyId": "176794ea-ee8c-4621-b824-b8cfa95db0ff",
"CustomerId": "dcaaef9c-63cb-4c57-9f2a-a4986c4a958e",
"PolicyHolderNamePolicyReference": "Hamad Ali9e77ccbd-f3c0-4a51-8c22-48c51531a4de",
"PolicyHolderName": "Hamad Ali",
"CustomerCommunicationDetails": {
"CorrespondenceAddress": {
"AddressLine": [
"PO Box 12345"
],
"PostalCode": "12345",
"City": "Al Qouz",
"StateEmirate": "Dubai",
"Country": "UAE"
},
"PermanentAddress": {
"AddressLine": [
"PO Box 12345"
],
"PostalCode": "12345",
"City": "Al Qouz",
"StateEmirate": "Dubai",
"Country": "UAE"
},
"ResidentialAddress": {
"AddressLine": [
"PO Box 12345"
],
"PostalCode": "12345",
"City": "Al Qouz",
"StateEmirate": "Dubai",
"Country": "UAE"
},
"CommunicationPreferences": [
{
"Type": "Home",
"PhoneNumber": "971000000000"
}
],
"Email": "hamad.ali@email.ae"
},
"IndividualCustomerDetails": {
"Gender": "Male",
"DateofBirth": "2003-09-12",
"MaritalStatus": "Married",
"Nationality": "UAE",
"NumberofChildren": 1
},
"VehicleInformation": {
"CarMake": "Toyota",
"CarModel": "Land Cruiser",
"CarModelYear": "2023",
"CarPurchaseDateTime": "2023-01-31T00:00:00.000Z",
"EstimatedValueAmount": {
"Currency": "AED",
"Amount": 180000
},
"RegistrationDateTime": "2023-01-31T00:00:00.000Z",
"CountryofOrigin": "ARE",
"VehicleColor": "White",
"PlateNumber": "12345",
"PlateCode": "1",
"VehicleMileage": 50000,
"VehicleWeight": 2000,
"VehicleHistory": "Imported"
},
"InsurancePolicyInformation": {
"IssueDateTime": "2024-05-01T00:00:00.000Z",
"ExpiryDateTime": "2025-04-31T23:59:59.999Z",
"PolicyType": "Comprehensive",
"CoverageAmount": {
"Currency": "AED",
"Amount": 180000
},
"CoverageStartDateTime": "2024-05-01T00:00:00.000Z",
"PolicyPremium": {
"Currency": "AED",
"Amount": 4600
},
"PolicyHolderEmirates": true,
"PreviousPolicy": {
"PolicyReference": "8a43bab5-43d8-4525-b92d-840eff449ba5",
"Insurer": "AXA",
"PolicyStartDateTime": "2023-05-01T00:00:00.000Z",
"PolicyExpiryDateTime": "2024-04-31T23:59:59.999Z"
}
},
"AddOns": {
"DriversPersonalAccident": true,
"PassengersPersonalAccident": true
},
"AdditionalInformation": {
"FirstTimeRegistration": "true",
"VehicleMortgageAmount": {
"Currency": "AED",
"Amount": 180000
}
}
}
}
],
"Links": {
"Self": "https://rs1.openfinanceplatform.ae/open-finance/insurance/v1.0-draft3/insurance-policies"
},
"Meta": {
"TotalPages": "1"
}
} |
...
| Code Block |
|---|
HTTP/1.1 200 OK
Content-Type:application/json
x-fapi-interaction-id: 2e974f01-d111-4078-9a19-7a9b385e637c
{
"Data": {
"ConsentId": "6a6a826f-0930-4eb0-b365-a8eac3032828",
"CreationDateTime": "2024-06-27T15:27:13+0300",
"ConsentStatusStatus": "Authorized",
"ConsentFlagsStatusUpdateDateTime": {
"PartlyAuthorized": "2024-06-27T16:27:13+0300"
},
"ConsentStatusUpdateDateTime": "2024-06-27T16:27:13+0300",
"Permissions": [
"ReadInsurancePoliciesMotor"
],
"ExpirationDateTime": "2024-03-28T15:27:13+030",
"Purpose": [
"MotorInsuranceQuote"
]
},
"Subscription": {
"Webhook": {
"Url": "https://api.tpp1.com/webhook/callbackUrl",
"IsActive": false
}
},
"Links": {
"Self": "https://rs1.openfinanceplatform.ae/open-finance/account-informationinsurance/v1.0-draft3/insurance-consents/6a6a826f-0930-4eb0-b365-a8eac3032828"
},
"Meta": {}
} |
...
4.2 The TPP Requests the List of Insurance Policies Using an Expired Access Token
4.2.1 Request:
...
insurance-policies collection
| Code Block |
|---|
GET /open-finance/insurance/v1.0-draft3/insurance-policies HTTP/1.1 Host: rs1.openfinanceplatform.ae Content-Type: application/json x-fapi-interaction-id: 9a371b79-4e79-4d7d-a77d-380c528ab8c0 Authorization: Bearer caa1b60d-61ff-4cd8-a4e1-2d18c8696de0 |
4.2.2 Response:
...
401 Unauthorized
| Code Block |
|---|
HTTP/1.1 401 Unauthorized
Content-Type: application/json
x-fapi-interaction-id: 9a371b79-4e79-4d7d-a77d-380c528ab8c0
{
"Errors": [ |
4.3 Webhooks
4.3.1 The TPP Creates an Insurance Consent Request with a Webhook Subscription
4.3.1.1 Request: Insurance Consent and Webhook Subscription
| Code Block |
|---|
{ { "typ": "JWT", "Codealg": "UAEOF.AccessToken.UnauthorizedPS256", "Messagekid": "max_age_exceeded: Token has expired", e4ce77c498e77000a25aa7b40e4a83f9" } . { "Pathiss": "Authorizations6BhdRkqt3", "iat": 1669393154, "Urlexp": 1669393496, "nbf"https://developer.openfinanceplatform.ae/api-errors/401" } 1669393154, ] } |
4.3 Webhooks
4.3.1 The TPP Creates an Insurance Consent Request with a Webhook Subscription
4.3.1.1 Request: Account Access Consent and Webhook Subscription
| Code Block |
|---|
{ "typ"aud": "JWThttps://server.example.com", "algresponse_type": "PS256code", "kidredirect_uri": "e4ce77c498e77000a25aa7b40e4a83f9" } . {https://openbanking.tpp1.ae/simple-redirect-url", "issscope": "s6BhdRkqt3insurance", "iatstate": 1669393154"2616df22-899e-468b-b7af-927145b067cc", "expauthorization_details": 1669393496,[ { "nbf": 1669393154, "audType": "https://server.example.com",urn:openfinanceuae:insurance-consent:v1.0-draft3", "response_type": "code", "redirect_uriConsent": "https://openbanking.tpp1.ae/simple-redirect-url", { "scope": "accounts", "stateConsentId": "2616df226a6a826f-899e0930-468b4eb0-b7afb365-927145b067cca8eac3032828", "authorization_details": [ { "Permissions": [ "Type": "urn:openfinanceuae:insurance-consent:v1.0-draft3", "ConsentReadInsurancePoliciesMotor": { "ConsentId": "6a6a826f-0930-4eb0-b365-a8eac3032828"], "PermissionsExpirationDateTime": [ "ReadInsurancePoliciesMotor" ], "ExpirationDateTime": "2024-03-28T15:27:13+030", "Purpose": [ "MotorInsuranceQuote" ] }, "Subscription": { "Webhook": { "Url": "https://api.tpp1.com/webhook/callbackUrl", "IsActive": false } } } ] } |
...
| Code Block |
|---|
PATCH /open-finance/account-informationinsurance/v1.0-draft3/accountinsurance-access-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa HTTP/1.1 Host: rs1.lab.api.openbanking.ae Content-Type: application/json x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 { "Subscription": { "Webhook": { "IsActive": true } } } |
...
| Code Block |
|---|
PATCH /open-finance/account-informationinsurance/v1.0-draft3/account-accessinsurance-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa HTTP/1.1 Host: rs1.lab.api.openbanking.ae Content-Type: application/json x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 { "Subscription": { "Webhook": { "IsActive": false } } } |
...
Here, <<jwe>> is a signed and encrypted payload. The inner JWS encapsulated by the JWE has the structure below:
| Code Block |
|---|
{
"alg": "PS256",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "string",
"exp": 1664950125,
"nbf": 1664950125,
"aud": [
"6uC8HSQ8C59SDSw43Cdm9YWxxjJmDV"
],
"iat": 1661378036,
"message": {
"Data": {
"AccountIdPolicyType": "f91d07d0-6d8f-4e0e-9fb4-0ac61f84d115","Motor",
"AccountPolicyDetails": [
{
"CurrencyInsurancePolicyId": "AED176794ea-ee8c-4621-b824-b8cfa95db0ff",
"StatusCustomerId": "Activedcaaef9c-63cb-4c57-9f2a-a4986c4a958e",
...
}
"AccountIdentifiers": [},
"Links": {
"Name": "Account 1",
"Self": "https://rs1.openfinanceplatform.ae/open-finance/insurance/v1.0-draft3/insurance-policies/176794ea-ee8c-4621-b824-b8cfa95db0ff"
},
"EventMeta": {
"IdentificationTypeEventDateTime": "UAEOF.IBAN2022-08-24T07:28:00.556Z",
"EventResource": "insurance-policies",
"IdentificationEventType": "00003130000001UAEOF.Resource.Updated",
"ConsentId": "6a6a826f-0930-4eb0-b365-a8eac3032828"
}
}
}
]
}
]
},
"Links": {
"Self": "https://rs1.openfinanceplatform.ae/open-finance/account-information/v1.0-draft3/accounts/f91d07d0-6d8f-4e0e-9fb4-0ac61f84d115"
},
"EventMeta": {
"EventDateTime": "2022-08-24T07:28:00.556Z",
"EventResource": "accounts",
"EventType": "UAEOF.Resource.Created",
"ConsentId": "aac-1a672e83-d1e5-42bc-b8e1-60a490ec52fd"
}
}
}
.
<<signature>> |
4.3.4.3 Response: TPP validates the Self Signed JWT Authorization Token from LFI, stores data, and acknowledges a successful response to the OFP
| Code Block |
|---|
HTTP/1.1 202 Accepted
x-fapi-interaction-id: 77b0e830-b095-4c6c-94e8-20f83eaa799f |
4.3.5 Webhook Payload for a single resource collection associated with a single event type
The following non-normative example illustrates a OFP webhook payload for a collection of account ID transactions of the same event type: UAEOF.Resource.Created
| Code Block |
|---|
{
"alg": "PS256",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "string",
"exp": 1664950125,
"nbf": 1664950125,
"aud": [
"6uC8HSQ8C59SDSw43Cdm9YWxxjJmDV"
],
"iat": 1661378036,
"message": {
"Data": {
"AccountId": "f91d07d0-6d8f-4e0e-9fb4-0ac61f84d115",
"Transaction": [
{
"TransactionId": "668f2fc8-7aa8-411b-bb9f-7571a90e7512",
"TransactionReference": "1852efce-bedc-4fda-ba51-0f76c9137f91",
"CreditDebitIndicator": "Debit",
"Status": "Booked",
"TransactionMutability": "",
"BookingDateTime": "2022-08-24T07:27:00.556Z",
"ValueDateTime": "2022-08-24T07:27:00.556Z",
"TransactionInformation": "Foo Group ",
"Amount": {
"Amount": "41.10",
"Currency": "AED"
},
"BankTransactionCode": {
"Code": "CustomerCardTransactions",
"SubCode": "CashWithdrawal"
},
"ProprietaryBankTransactionCode": {
"Code": ""
}
},
{
"TransactionId": "05b6bfde-ce5a-48e1-a448-66d75518f1e8",
"TransactionReference": "b5a6a869-730f-449d-badf-14ebf3980147",
"CreditDebitIndicator": "Debit",
"Status": "Booked",
"TransactionMutability": "",
"BookingDateTime": "2022-08-24T07:28:00.556Z",
"ValueDateTime": "2022-08-24T07:28:00.556Z",
"TransactionInformation": "Bar Holding",
"Amount": {
"Amount": "32.40",
"Currency": "AED"
},
"BankTransactionCode": {
"Code": "CustomerCardTransactions",
"SubCode": "CashWithdrawal"
},
"ProprietaryBankTransactionCode": {
"Code": ""
}
}
]
},
"Links": {
"Self": "https://rs1.openfinanceplatform.ae/open-finance/account-information/v1.0-draft3/accounts/f91d07d0-6d8f-4e0e-9fb4-0ac61f84d115/transactions"
},
"EventMeta": {
"EventDateTime": "2022-08-24T08:28:00.556Z",
"EventResource": "transactions",
"EventType": "UAEOF.Resource.Created",
"ConsentId": "aac-1a672e83-d1e5-42bc-b8e1-60a490ec52fd"
}
}
}
.
<<signature>> |
5. OpenAPI Specification
See the Bank Data API - Swagger page
6. Notes
IBAN
Where
Data.Account.AccountIdentifiers[].IdentificationTypeisUAEOF.IBAN, the Identification field SHOULD contain the full IBAN
Passport, Driving Permit, IDCard, Residence Permit
Where
Data.Party.VerifiedClaims.[].Verification.Evidence[DocumentDetails.Type]is set to any one of these enumerated values, then the DocumentNumber field SHOULD contain the actual number of the document type specified.
ProprietaryBankTransactionCodes
This code is mandatory when the BenefeciaryCode with code specifying the Domain, Family, and SubFamily as per External Codes ISO20022 is absent. This code is a proprietary code from the LFI and does not have a defined code list.
7. Security
...
.
<<signature>> |
4.3.4.3 Response: TPP validates the Self Signed JWT Authorization Token from LFI, stores data, and acknowledges a successful response to the OFP
| Code Block |
|---|
HTTP/1.1 202 Accepted
x-fapi-interaction-id: 77b0e830-b095-4c6c-94e8-20f83eaa799f |
5. OpenAPI Specification
See the Insurance API - OpenAPI Documentation page.
6. Security
A insurance scope is used for accessing the insurance endpoints.