openapi: 3.0.0
info:
title: UAE Insurance API
description: '## UAE Open Finance Insurance API Specification'
version: v1.0-draft3
tags:
- name: Insurance Consents
- name: Insurance Policies
paths:
/insurance-consents:
get:
tags:
- Insurance Consents
operationId: InsuranceConsents_list
summary: Retrieve Insurance Consents by BaseConsentId
description: Retrieve all Insurance Consents that are linked to a given BaseConsentId
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/CustomerUserAgent'
- $ref: '#/components/parameters/FapiAuthDate'
- $ref: '#/components/parameters/FapiCustomerIpAddress'
- $ref: '#/components/parameters/FapiInterationId'
- $ref: '#/components/parameters/BaseConsentId'
responses:
'200':
description: The request has succeeded.
headers:
x-fapi-interaction-id:
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBReadInsuranceConsents1'
application/json:
schema:
$ref: '#/components/schemas/OBReadInsuranceConsents1'
application/jwt:
schema:
$ref: '#/components/schemas/OBReadInsuranceConsents1Signed'
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
'401':
description: Unauthorized
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403':
description: Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/OBErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415':
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500':
description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
security:
- TPPOAuth2Security:
- openid
- insurance
/insurance-consents/{ConsentId}:
get:
tags:
- Insurance Consents
operationId: InsuranceConsentsByConsentId_read
summary: Retrieve an Insurance Consent
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/CustomerUserAgent'
- $ref: '#/components/parameters/FapiAuthDate'
- $ref: '#/components/parameters/FapiCustomerIpAddress'
- $ref: '#/components/parameters/FapiInterationId'
- $ref: '#/components/parameters/ConsentId'
responses:
'200':
description: The request has succeeded.
headers:
x-fapi-interaction-id:
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBReadInsuranceConsent1'
application/json:
schema:
$ref: '#/components/schemas/OBReadInsuranceConsent1'
application/jwt:
schema:
$ref: '#/components/schemas/OBReadInsuranceConsent1Signed'
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
'401':
description: Unauthorized
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403':
description: Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/OBErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415':
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500':
description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
security:
- TPPOAuth2Security:
- openid
- insurance
patch:
tags:
- Insurance Consents
operationId: >-
InsuranceConsentsByConsentId_unsignedRequestBodyUpdate_InsuranceConsentsByConsentId_signedRequestBodyUpdate
summary: Modify an Insurance Consent
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/CustomerUserAgent'
- $ref: '#/components/parameters/FapiAuthDate'
- $ref: '#/components/parameters/FapiCustomerIpAddress'
- $ref: '#/components/parameters/FapiInterationId'
- $ref: '#/components/parameters/ConsentId'
responses:
'204':
description: No content
headers:
x-fapi-interaction-id:
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
'401':
description: Unauthorized
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403':
description: Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/OBErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415':
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500':
description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
requestBody:
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBUpdateConsent1'
application/json:
schema:
$ref: '#/components/schemas/OBUpdateConsent1'
application/jwt:
schema:
$ref: '#/components/schemas/OBUpdateConsent1Signed'
security:
- TPPOAuth2Security:
- openid
- insurance
/insurance-policies:
get:
tags:
- Insurance Policies
operationId: InsurancePolicies_list
summary: Get insurance policies
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/CustomerUserAgent'
- $ref: '#/components/parameters/FapiAuthDate'
- $ref: '#/components/parameters/FapiCustomerIpAddress'
- $ref: '#/components/parameters/FapiInterationId'
responses:
'200':
description: The request has succeeded.
headers:
x-fapi-interaction-id:
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBReadInsurancePolicies1'
application/json:
schema:
$ref: '#/components/schemas/OBReadInsurancePolicies1'
application/jwt:
schema:
$ref: '#/components/schemas/OBReadInsurancePolicies1Signed'
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
'401':
description: Unauthorized
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403':
description: Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/OBErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415':
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500':
description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
security:
- UserOAuth2Security:
- openid
- insurance
/insurance-policies/{InsurancePolicyId}:
get:
tags:
- Insurance Policies
operationId: InsurancePoliciesById_read
summary: Get insurance policy
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/CustomerUserAgent'
- $ref: '#/components/parameters/FapiAuthDate'
- $ref: '#/components/parameters/FapiCustomerIpAddress'
- $ref: '#/components/parameters/FapiInterationId'
- $ref: '#/components/parameters/InsurancePolicyId'
responses:
'200':
description: The request has succeeded.
headers:
x-fapi-interaction-id:
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBReadInsurancePolicy1'
application/json:
schema:
$ref: '#/components/schemas/OBReadInsurancePolicy1'
application/jwt:
schema:
$ref: '#/components/schemas/OBReadInsurancePolicy1Signed'
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
'401':
description: Unauthorized
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403':
description: Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/OBErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415':
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500':
description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/json; charset=utf-8:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/json:
schema:
$ref: '#/components/schemas/OBErrorResponse'
application/jwt:
schema:
anyOf:
- $ref: '#/components/schemas/OBErrorResponse'
- $ref: '#/components/schemas/OBErrorSignedResponse'
security:
- UserOAuth2Security:
- openid
- insurance
components:
parameters:
Authorization:
name: authorization
in: header
required: true
description: An authorization Token as per https://tools.ietf.org/html/rfc6750
schema:
type: string
BaseConsentId:
name: BaseConsentId
in: query
required: true
description: A base consent identifier that links to other consent resources
schema:
$ref: '#/components/schemas/uuid'
ConsentId:
name: ConsentId
in: path
required: true
description: Unique identifier for a given consent resource
schema:
$ref: '#/components/schemas/uuid'
CustomerUserAgent:
name: x-customer-user-agent
in: header
required: false
description: Indicates the user-agent that the User is using.
schema:
type: string
FapiAuthDate:
name: x-fapi-auth-date
in: header
required: false
description: >-
The time when the User last logged in with the TPP.
All dates in the HTTP headers are represented as RFC 7231 Full Dates. An
example is below:
Sun, 10 Sep 2017 19:43:31 UTC
schema:
type: string
pattern: >-
^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4}
\d{2}:\d{2}:\d{2} (GMT|UTC)$
FapiCustomerIpAddress:
name: x-fapi-customer-ip-address
in: header
required: false
description: The User's IP address if the User is currently logged in with the TPP.
schema:
type: string
FapiInterationId:
name: x-fapi-interaction-id
in: header
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
InsurancePolicyId:
name: InsurancePolicyId
in: path
required: true
description: Unique identifier for a given insurance policy
schema:
$ref: '#/components/schemas/uuid'
schemas:
Address:
type: object
required:
- AddressLine
- PostalCode
- City
- StateEmirate
- Country
properties:
AddressLine:
type: array
items:
type: string
minItems: 1
maxItems: 3
PostalCode:
type: string
City:
type: string
StateEmirate:
type: string
Country:
type: string
additionalProperties: false
Amount:
type: number
AmountAndCurrency:
type: object
required:
- Currency
- Amount
properties:
Currency:
$ref: '#/components/schemas/CurrencyCode'
Amount:
$ref: '#/components/schemas/Amount'
additionalProperties: false
ClaimHistory:
type: object
required:
- NumberClaims
properties:
NumberClaims:
type: integer
format: int64
NumberApprovedClaims:
type: integer
format: int64
TotalClaimsAmount:
$ref: '#/components/schemas/AmountAndCurrency'
TotalApprovedClaimsAmount:
$ref: '#/components/schemas/AmountAndCurrency'
additionalProperties: false
CommunicationPreferenceTypes:
type: string
enum:
- Home
- Mobile
- Other
CommunicationPreferences:
type: object
required:
- Type
- PhoneNumber
properties:
Type:
$ref: '#/components/schemas/CommunicationPreferenceTypes'
PhoneNumber:
type: string
additionalProperties: false
ConsentStatusCode:
type: string
enum:
- Authorized
- AwaitingAuthorization
- Rejected
- Revoked
- Expired
- Suspended
CurrencyCode:
type: string
pattern: ^[A-Z]{3}$
First:
type: string
format: uri
description: A link to the first page in a paginated result set
Last:
type: string
format: uri
description: A link to the last page in a paginated result set
LinksResource:
type: object
required:
- Self
properties:
Self:
$ref: '#/components/schemas/Self'
First:
$ref: '#/components/schemas/First'
Prev:
$ref: '#/components/schemas/Prev'
Next:
$ref: '#/components/schemas/Next'
Last:
$ref: '#/components/schemas/Last'
description: Links relevant to the resource
additionalProperties: false
LinksSelf:
type: object
required:
- Self
properties:
Self:
$ref: '#/components/schemas/Self'
description: Links relevant to the resource
additionalProperties: false
Meta:
type: object
description: Metadata relevant to the resource
additionalProperties: false
MetaTotalPages:
type: object
required:
- TotalPages
properties:
TotalPages:
$ref: '#/components/schemas/TotalPages'
additionalProperties: false
Next:
type: string
format: uri
description: A link to the next page in a paginated result set
OBAddOns:
type: object
required:
- DriversPersonalAccident
- PassengersPersonalAccident
properties:
DriversPersonalAccident:
type: boolean
description: Indicates whether driver accidental coverage is included
PassengersPersonalAccident:
type: boolean
description: Indicates whether passenger accidental coverage included
additionalProperties: false
OBAdditionalInformation:
type: object
required:
- FirstTimeRegistration
- VehicleMortgage
properties:
FirstTimeRegistration:
type: boolean
VehicleMortgage:
type: number
description: Pending mortgage amount on the vehicle
additionalProperties: false
OBBaseConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
The original ConsentId assigned by the TPP.
It is used by the TPP for updating/renewing parameters associated with
long-lived consents.
It must be provided when long-lived consent parameters are
updated/renewed for a current consent that has not yet finished.
OBConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
Unique identification assigned by the TPP to identify the consent
resource.
OBConsentPermissions:
type: string
enum:
- ReadInsurancePoliciesMotor
description: >-
Specifies the permitted insurance policy data types.
This is a list of the data groups being consented by the User, and
requested for authorization with the LFI.
OBConsentPurpose:
type: string
enum:
- AccountAggregation
- PersonalFinanceManager
- CreditAssessment
- MotorInsuranceQuote
- EnterpriseFinancialManagement
- Other
OBCustomerCommunicationDetails:
type: object
required:
- CorrespondenceAddress
- PermanentAddress
- ResidentialAddress
- CommunicationPreferences
- Email
properties:
CorrespondenceAddress:
$ref: '#/components/schemas/Address'
PermanentAddress:
$ref: '#/components/schemas/Address'
ResidentialAddress:
$ref: '#/components/schemas/Address'
CommunicationPreferences:
type: array
items:
$ref: '#/components/schemas/CommunicationPreferences'
minItems: 1
maxItems: 3
Email:
type: string
AlternativeEmail:
type: string
additionalProperties: false
OBError:
type: object
required:
- Code
- Message
properties:
Code:
allOf:
- $ref: '#/components/schemas/OBErrorCode'
description: Low level textual error code, e.g., UAEOF.Field.Missing
Message:
type: string
minLength: 1
maxLength: 500
description: >-
A description of the error that occurred. e.g., 'A mandatory field
isn't supplied' or 'RequestedExecutionDateTime must be in future'
UAEOF doesn't standardise this field
Path:
type: string
minLength: 1
maxLength: 500
description: >-
Recommended but optional reference to the JSON Path of the field
with error, e.g., Data.Initiation.InstructedAmount.Currency
Url:
type: string
description: >-
URL to help remediate the problem, or provide more information, or
to API Reference, or help etc
description: Error
additionalProperties: false
OBErrorCode:
type: string
enum:
- UAEOF.AccessToken.Unauthorized
- UAEOF.AccessToken.InvalidScope
- UAEOF.Consent.Revoked
- UAEOF.Consent.TransientAccountAccessFailure
- UAEOF.Consent.AccountTemporarilyBlocked
- UAEOF.Consent.PermanentAccountAccessFailure
- UAEOF.Consent.Invalid
- UAEOF.JWS.InvalidSignature
- UAEOF.JWS.Malformed
- UAEOF.JWS.InvalidClaim
- UAEOF.JWS.InvalidHeader
- UAEOF.GenericRecoverableError
- UAEOF.GenericError
- UAEOF.JWE.DecryptionError
- UAEOF.JWE.InvalidHeader
- UAEOF.Event.UnexpectedEvent
- UAEOF.Body.InvalidFormat
- UAEOF.Resource.InvalidResourceId
- UAEOF.Resource.InvalidFormat
- UAEOF.Consent.BusinessRuleViolation
OBErrorResponse:
type: object
required:
- Errors
properties:
Errors:
type: array
items:
$ref: '#/components/schemas/OBError'
minItems: 1
description: >-
An array of detail error codes, and messages, and URLs to documentation
to help remediation.
additionalProperties: false
OBErrorSignedResponse:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/OBErrorResponse'
description: Signed error response payload
additionalProperties: false
OBEventNotification:
type: object
required:
- Webhook
properties:
Webhook:
$ref: '#/components/schemas/OBWebhook'
additionalProperties: false
OBHistoricalInformation:
type: object
properties:
AdditionalInsuranceInformation:
type: string
description: Gap in car insurance or vehicle under TPL coverage
DrivingHistory:
type: integer
format: int64
description: More than 1 year of driving experience
TwelveMonthClaimHistory:
$ref: '#/components/schemas/ClaimHistory'
ThirtySixMonthClaimHistory:
$ref: '#/components/schemas/ClaimHistory'
additionalProperties: false
OBIndividualCustomerDetails:
type: object
properties:
Gender:
type: string
DateofBirth:
type: string
format: date
MaritalStatus:
type: string
EducationBackground:
type: string
Nationality:
type: string
DualNationality:
type: boolean
SecondNationality:
type: string
Salutation:
type: string
CityofBirth:
type: string
CountryofBirth:
type: string
pattern: ^[A-Z]{2,2}$
Religion:
type: string
MothersMaidenName:
type: string
SpouseName:
type: string
SpouseDateofBirth:
type: string
format: date
SpouseEmploymentDetails:
type: string
SpouseContact:
type: string
NumberofChildren:
type: integer
format: int64
additionalProperties: false
OBInsurancePolicy:
type: object
required:
- PolicyType
- PolicyDetails
properties:
PolicyType:
$ref: '#/components/schemas/OBPolicyTypes'
PolicyDetails:
$ref: '#/components/schemas/OBSupportedPolicyTypes'
additionalProperties: false
OBInsurancePolicyInformation:
type: object
required:
- PolicyReference
- IssueDateTime
- ExpiryDateTime
- PolicyType
- CoverageAmount
- CoverageStartDateTime
- PolicyPremium
- PolicyHolderEmirates
properties:
PolicyReference:
$ref: '#/components/schemas/PolicyReference'
IssueDateTime:
type: string
format: date-time
ExpiryDateTime:
type: string
format: date-time
PolicyType:
type: string
CoverageAmount:
$ref: '#/components/schemas/AmountAndCurrency'
CoverageStartDateTime:
type: string
format: date-time
PolicyPremium:
$ref: '#/components/schemas/AmountAndCurrency'
PolicyHolderEmirates:
type: boolean
PreviousPolicy:
$ref: '#/components/schemas/PreviousPolicy'
additionalProperties: false
OBMotorInsurancePolicy:
type: object
required:
- InsurancePolicyId
- CustomerId
- PolicyHolderName
- CustomerCommunicationDetails
- IndividualCustomerDetails
- VehicleInformation
- InsurancePolicyInformation
properties:
InsurancePolicyId:
allOf:
- $ref: '#/components/schemas/uuid'
description: Unique identifier for a given insurance policy
CustomerId:
type: string
description: >-
Identifier that uniquely and consistently identifies the insurance
policy customer
PolicyHolderName:
type: string
PolicyHolderShortName:
type: string
CategorySegment:
type: string
LocalBranch:
type: string
PrimaryLanguage:
type: string
CustomerCommunicationDetails:
$ref: '#/components/schemas/OBCustomerCommunicationDetails'
IndividualCustomerDetails:
$ref: '#/components/schemas/OBIndividualCustomerDetails'
VehicleInformation:
$ref: '#/components/schemas/OBVehicleInformation'
InsurancePolicyInformation:
$ref: '#/components/schemas/OBInsurancePolicyInformation'
HistoricalInformation:
$ref: '#/components/schemas/OBHistoricalInformation'
AddOns:
$ref: '#/components/schemas/OBAddOns'
AdditionalInformation:
$ref: '#/components/schemas/OBAdditionalInformation'
additionalProperties: false
OBOnBehalfOf:
type: object
properties:
TradingName:
type: string
description: Trading Name
LegalName:
type: string
description: Legal Name
IdentifierType:
allOf:
- $ref: '#/components/schemas/OBOnBehalfOfIdentifierType'
description: Identifier Type
Identifier:
type: string
description: Identifier
additionalProperties: false
OBOnBehalfOfIdentifierType:
type: string
enum:
- Other
OBPatchConsent:
type: object
required:
- Status
properties:
Status:
allOf:
- $ref: '#/components/schemas/OBPatchConsentStatus1'
description: >-
The Revoked status must only be set if the current Consent Status is
set to either Authorized or AwaitingAuthorization
RevokedBy:
allOf:
- $ref: '#/components/schemas/OBRevokedByCode'
description: Denotes the Identifier of the revocation.
additionalProperties: false
OBPatchConsentStatus1:
type: string
enum:
- Revoked
OBPolicyTypes:
type: string
enum:
- Motor
OBReadInsuranceConsent1:
type: object
required:
- Data
- Links
- Meta
properties:
Data:
$ref: '#/components/schemas/OBReadInsuranceConsent1Properties'
Subscription:
$ref: '#/components/schemas/OBEventNotification'
Links:
$ref: '#/components/schemas/LinksSelf'
Meta:
$ref: '#/components/schemas/Meta'
additionalProperties: false
OBReadInsuranceConsent1Properties:
type: object
required:
- ConsentId
- BaseConsentId
- Permissions
- CreationDateTime
- Status
- StatusUpdateDateTime
properties:
ConsentId:
$ref: '#/components/schemas/OBConsentId'
BaseConsentId:
$ref: '#/components/schemas/OBBaseConsentId'
Permissions:
type: array
items:
$ref: '#/components/schemas/OBConsentPermissions'
ExpirationDateTime:
type: string
format: date-time
description: >-
Specified date and time the permissions will expire.
If this is not populated, the permissions will be open ended.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
OnBehalfOf:
$ref: '#/components/schemas/OBOnBehalfOf'
Purpose:
type: array
items:
$ref: '#/components/schemas/OBConsentPurpose'
CreationDateTime:
type: string
format: date-time
description: >-
Date and time at which the resource was created.All dates in the
JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
Status:
allOf:
- $ref: '#/components/schemas/ConsentStatusCode'
description: Specifies the status of consent resource in code form.
StatusUpdateDateTime:
type: string
format: date-time
description: >-
Date and time at which the account resource status was updated. All
dates in the JSON payloads are represented in ISO 8601 date-time
format. All date-time fields in responses must include the timezone.
An example is below: 2017-04-05T10:43:07+00:00
RevokedBy:
allOf:
- $ref: '#/components/schemas/OBRevokedByCode'
description: Denotes the Identifier of the revocation.
additionalProperties: false
OBReadInsuranceConsent1Signed:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/OBReadInsuranceConsent1'
additionalProperties: false
OBReadInsuranceConsents1:
type: object
required:
- Data
- Links
properties:
Data:
type: array
items:
$ref: '#/components/schemas/OBReadInsuranceConsent1Properties'
Links:
$ref: '#/components/schemas/LinksResource'
additionalProperties: false
OBReadInsuranceConsents1Signed:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/OBReadInsuranceConsents1'
additionalProperties: false
OBReadInsurancePolicies1:
type: object
required:
- Data
- Links
- Meta
properties:
Data:
type: array
items:
$ref: '#/components/schemas/OBInsurancePolicy'
Links:
$ref: '#/components/schemas/LinksResource'
Meta:
$ref: '#/components/schemas/MetaTotalPages'
additionalProperties: false
OBReadInsurancePolicies1Signed:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/OBReadInsurancePolicies1'
additionalProperties: false
OBReadInsurancePolicy1:
type: object
required:
- Data
- Links
- Meta
properties:
Data:
$ref: '#/components/schemas/OBInsurancePolicy'
Links:
$ref: '#/components/schemas/LinksSelf'
Meta:
$ref: '#/components/schemas/MetaTotalPages'
additionalProperties: false
OBReadInsurancePolicy1Signed:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/OBReadInsurancePolicy1'
additionalProperties: false
OBRevokedByCode:
type: string
enum:
- UAEOF.LFI
- UAEOF.TPP
- UAEOF.LFI.InitiatedByUser
- UAEOF.TPP.InitiatedByUser
OBSupportedPolicyTypes:
$ref: '#/components/schemas/OBMotorInsurancePolicy'
OBUpdateConsent1:
type: object
required:
- Data
properties:
Data:
$ref: '#/components/schemas/OBPatchConsent'
Subscription:
$ref: '#/components/schemas/OBEventNotification'
description: Patch Account Access Consent
additionalProperties: false
OBUpdateConsent1Signed:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/OBUpdateConsent1'
additionalProperties: false
OBVehicleInformation:
type: object
properties:
CarMake:
type: string
CarModel:
type: string
CarModelYear:
type: string
pattern: ^[0-9]{4}$
CarPurchaseDateTime:
type: string
format: date-time
CarSpecification:
type: string
EstimatedValue:
type: integer
format: int32
RegistrationDateTime:
type: string
format: date-time
ChassisNumber:
type: string
EngineNumber:
type: string
CountryofOrigin:
type: string
VehicleColor:
type: string
PlateNumber:
type: string
PlateCode:
type: string
PlateCategory:
type: string
VehicleMileage:
type: integer
format: int64
VehicleWeight:
type: integer
format: int64
TrafficCodeIssuingEmirate:
type: string
TrafficIDNumber:
type: string
VehicleHistory:
$ref: '#/components/schemas/VehicleHistory'
additionalProperties: false
OBWebhook:
type: object
required:
- Url
- IsActive
properties:
Url:
type: string
description: The TPP Callback URL being registered with the LFI
IsActive:
type: boolean
description: >-
The TPP specifying whether the LFI should send (IsActive true) or
not send (IsActive false) Webhook Notifications to the TPP's Webhook
URL
description: A Webhook Subscription Schema
additionalProperties: false
PolicyReference:
type: string
description: Insurance policy identifier issued by the insurer
Prev:
type: string
format: uri
description: A link to the previous page in a paginated result set
PreviousPolicy:
type: object
required:
- PolicyReference
- Insurer
- PolicyStartDateTime
- PolicyExpiryDateTime
properties:
PolicyReference:
$ref: '#/components/schemas/PolicyReference'
Insurer:
type: string
PolicyStartDateTime:
type: string
format: date-time
PolicyExpiryDateTime:
type: string
format: date-time
additionalProperties: false
Self:
type: string
format: uri
description: A link to the current resource
TotalPages:
type: integer
format: int32
minimum: 0
description: Total number of pages where a result set is paginated
VehicleHistory:
type: string
enum:
- Imported
- Modified
- DeclaredTotalLoss
uuid:
type: string
securitySchemes:
TPPOAuth2Security:
type: oauth2
description: >-
TPP confidential client authorization with the LFI to stage a consent.
**Please refer to [OpenID FAPI Security Profile 1.0 -Part 2
Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-server)
- 5.2.2 point 14 - shall authenticate the confidential client using one
of the following methods private_key_jwt and [OpenID Connect Core
1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
9. Client Authentication private_key_jwt**
flows:
clientCredentials:
tokenUrl: https://authserver.example/token
scopes:
openid: Activates OpenID Connect Support
accounts: Ability to read Accounts Information
insurance: Right to read insurance policies
UserOAuth2Security:
type: oauth2
description: >-
[OAuth2 PAR flow](https://datatracker.ietf.org/doc/html/rfc9126), it is
required when the User needs to perform SCA with the LFI when a TPP
wants to access an LFI resource owned by the User. **Please refer to
[OpenID FAPI Security Profile 1.0 -Part 2
Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-server)
- 5.2.2 point 14 - shall authenticate the confidential client using one
of the following methods private_key_jwt and [OpenID Connect Core
1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
9. Client Authentication private_key_jwt**
flows:
authorizationCode:
authorizationUrl: https://authserver.example/authorization
tokenUrl: https://authserver.example/token
scopes:
openid: Activates OpenID Connect Support
accounts: >-
Ability to read Accounts Information. This is a parameterized
scope with the ConsentId
insurance: >-
Right to read insurance policies based on authorization by the End
User
LFIWebhookSecurity:
type: http
description: >-
The LFI generates a Self Signed JWT Authorization Token for Client
Authentication with the TPP. **Please refer to Self-Signed JWT
Authorization Token Specification in the UAE Standard API User Guide**
scheme: bearer
bearerFormat: JWT
|