openapi: 3.0.0
info:
title: UAE Confirmation of Payee API
description: '## UAE Open Finance Confirmation of Payee API Specification'
version: v1.0-draft4
tags:
- name: Discovery Operations
description: Discovery operations and resources
- name: Confirmation Operations
description: Verification Payee confirmation operations and resources
paths:
/confirmation-of-payee/discovery:
post:
tags:
- Confirmation DiscoveryOperations
operationId: >-
ConfirmationOfPayeeDiscovery_unsignedDiscoveryRequest_ConfirmationOfPayeeDiscovery_signedDiscoveryRequestConfirmationOfPayeeConfirmation_signedConfirmationRequest
summary: DiscoverConfirm the account details LFIare thatcorrect willbased confirmon the payeeparameters attributessupplied
description: >-
BeforeProvide athe Confirmationproperties ofthat Payeecan (CoP)be operationused takesto placeverify the TPPpayee willaccount.
need to resolveAt the LFI thatversion 1.0.0 this will servicebe the account propertiesname and either IBAN or
request. This requirement is basedAccount onNumber. theFuture separationversion of concernsthis API may support verification
implemented in the OFP, whichthrough ensuresother thatidentifiers.
the APIs for a given LFI areparameters:
always- physical seperated.$ref: '#/components/parameters/Authorization'
- At version 1.0.0 the TPP will call this endpoint with the account IBAN,
which will be used to resolve the correct URL with which to make the CoP
operation.$ref: '#/components/parameters/x-customer-user-agent'
parameters:
- $ref: '#/components/parameters/Authorizationx-fapi-auth-date'
- $ref: '#/components/parameters/x-fapi-customer-userip-agentaddress'
- $ref: '#/components/parameters/x-fapi-authinteraction-date'
id'
responses:
- $ref'200':
'#/components/parameters/x-fapi-customer-ip-address' - $refdescription: '#/components/parameters/x-fapi-interaction-id'
The request has succeeded.
responses: headers:
'200': descriptionx-fapi-interaction-id:
The request has succeeded. contentrequired: false
application/json; charset=utf-8 description: An RFC4122 UID used as a correlation id.
schema:
$ref: '#/components/schemas/AEVerificationDiscoveryResponse'type: string
content:
application/jsonjwt:
schema:
$ref: '#/components/schemas/AEVerificationDiscoveryResponseNameConfirmationResponseBodySigned'
'400':
application/jwt: schemadescription: $ref: >-
#/components/schemas/DiscoverVerificationSourceResponseBodySignedBad request
headers:
x-fapi-interaction-id:
required: falsetrue
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'400':
description: Bad request
content:
application/json; charset=utf-8jwt:
schema:
$ref: '#/components/schemas/AEErrorResponseAEErrorSignedResponse'
'401':
application/json: description: Unauthorized
schema: headers:
$ref: '#/components/schemas/AEErrorResponse'
application/jwt:
schema:
$ref: '#/components/schemas/AEErrorSignedResponse'
headers:
xx-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'401403':
description: UnauthorizedForbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403'content:
descriptionapplication/jwt:
Forbidden content: schema:
application/json; charset=utf-8: $ref: '#/components/schemas/AEErrorSignedResponse'
schema'404':
description: Not found
$ref: '#/components/schemas/AEErrorResponse' headers:
application/json: x-fapi-interaction-id:
schema: required: true
$ref: '#/components/schemas/AEErrorResponse' description: An RFC4122 UID used as a application/jwt:correlation id.
schema:
$reftype: '#/components/schemas/AEErrorSignedResponse'string
headers'405':
x-fapi-interaction-iddescription: Method Not Allowed
requiredheaders:
true x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'404406':
description: Not foundAcceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405415':
description: MethodUnsupported NotMedia AllowedType
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406429':
description: NotToo Many AcceptableRequests
headers:
x-fapi-interaction-idretry-after:
required: true
description: AnNumber RFC4122in UIDseconds usedto as a correlation id.
wait
schema:
type: stringinteger
'415': description: Unsupported Media Type
headers:format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429500':
description: TooInternal ManyServer RequestsError
headers:
retry-afterx-fapi-interaction-id:
required: true
description: Number in seconds to wait An RFC4122 UID used as a correlation id.
schema:
type: integer string
content:
formatapplication/jwt:
int64 x-fapi-interaction-id:schema:
required: true$ref: '#/components/schemas/AEErrorSignedResponse'
requestBody:
descriptionrequired: Antrue
RFC4122 UID used as a correlation id. content:
application/jwt:
schema: schema:
type: string $ref: '500'#/components/schemas/NameConfirmationRequestBodySigned'
security:
- descriptionTPPOAuth2Security:
Internal Server Error - content:openid
application/json; charset=utf-8:- confirmation-of-payee
/discovery:
post:
schematags:
- Discovery Operations
$refoperationId: '#/components/schemas/AEErrorResponse'ConfirmationOfPayeeDiscovery_signedDiscoveryRequest
summary: Discover the LFI that will confirm application/json:the payee attributes
description: >-
schema: Before a Confirmation of Payee (CoP) operation takes place the TPP will
$ref: '#/components/schemas/AEErrorResponse' need to resolve the LFI that will application/jwt:service the account properties
request. This requirement schema:is based on the separation of concerns
implemented in $ref: '#/components/schemas/AEErrorSignedResponse'
headers:the OFP, which ensures that the APIs for a given LFI are
always physically separated.
x-fapi-interaction-id: At version 1.0.0 the TPP will call required:this trueendpoint with the account IBAN,
which will description:be Anused RFC4122to UIDresolve usedthe ascorrect aURL correlationwith id.which to make the CoP
operation.
schema: parameters:
- type$ref: string'#/components/parameters/Authorization'
requestBody: - $ref: '#/components/parameters/x-customer-user-agent'
content: - application/json; charset=utf-8:$ref: '#/components/parameters/x-fapi-auth-date'
- schema:
$ref: '#/components/parameters/x-fapi-customer-ip-address'
- $ref: '#/components/schemas/AEVerificationDiscoveryRequestparameters/x-fapi-interaction-id'
responses:
application/json: '200':
schema description: The request has succeeded.
$refheaders:
'#/components/schemas/AEVerificationDiscoveryRequest' application/jwt:x-fapi-interaction-id:
schemarequired: false
$refdescription: '#/components/schemas/DiscoverVerificationSourceRequestBodySigned' An RFC4122 UID used as a correlation id.
securityschema:
- TPPOAuth2Security: type: string
- openid content:
- confirmation-of-payee /confirmation-of-payee/verification:application/jwt:
post: tagsschema:
- Verification operationId$ref: >-
ConfirmationOfPayeeVerification_unsignedVerificationRequest_ConfirmationOfPayeeVerification_signedVerificationRequest summary: Verify the account details based on the parameters supplied
#/components/schemas/DiscoverConfirmationSourceResponseBodySigned
'400':
description: >- description: Bad request
Provide the properties that can be used to verify the payeeheaders:
account. At version 1.0.0 this will be the account name and IBAN. Future version x-fapi-interaction-id:
required: true
of this API may support verification through other identifiers. description: An RFC4122 UID parameters:used as a correlation id.
- $ref: '#/components/parameters/Authorization' - $refschema:
'#/components/parameters/x-customer-user-agent' - $ref: '#/components/parameters/x-fapi-auth-date' type: string
- $ref: '#/components/parameters/x-fapi-customer-ip-address' content:
- $ref: '#/components/parameters/x-fapi-interaction-id' responsesapplication/jwt:
'200': schema:
description: The request has succeeded. content$ref: '#/components/schemas/AEErrorSignedResponse'
'401':
application/json; charset=utf-8: description: Unauthorized
schema: headers:
$ref: '#/components/schemas/AENameVerificationResponse'x-fapi-interaction-id:
application/jsonrequired: true
schemadescription: An RFC4122 UID used as a correlation id.
$ref: '#/components/schemas/AENameVerificationResponse' schema:
application/jwt: type: string
schema: '403':
$refdescription: '#/components/schemas/NameVerificationSignedResponse'Forbidden
headers:
x-fapi-interaction-id:
required: falsetrue
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'400':
description: Bad request
content:
application/json; charset=utf-8jwt:
schema:
$ref: '#/components/schemas/AEErrorResponseAEErrorSignedResponse'
'404':
application/json: description: Not found
schema: headers:
$ref: '#/components/schemas/AEErrorResponse'x-fapi-interaction-id:
application/jwtrequired: true
schemadescription: An RFC4122 UID used as a correlation id.
schema:
$ref: '#/components/schemas/AEErrorSignedResponse' type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'401406':
description: Not UnauthorizedAcceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403415':
description: Unsupported ForbiddenMedia Type
contentheaders:
application/json; charset=utf-8x-fapi-interaction-id:
schemarequired: true
description: $ref: '#/components/schemas/AEErrorResponse'
An RFC4122 UID used as a correlation id.
application/json:
schema:
$reftype: '#/components/schemas/AEErrorResponse'string
application/jwt'429':
schemadescription: Too $ref: '#/components/schemas/AEErrorSignedResponse'Many Requests
headers:
x-fapi-interaction-idretry-after:
required: true
description: AnNumber RFC4122in UIDseconds usedto aswait
a correlation id. schema:
type: stringinteger
'404': descriptionformat: Not found
int64
headers: x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405500':
description: MethodInternal NotServer AllowedError
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406'content:
descriptionapplication/jwt:
Not Acceptable headersschema:
x-fapi-interaction-id: $ref: '#/components/schemas/AEErrorSignedResponse'
requestBody:
required: true required: true
descriptioncontent:
An RFC4122 UID used as a correlation id. application/jwt:
schema:
type$ref: string'#/components/schemas/DiscoverConfirmationSourceRequestBodySigned'
'415'security:
- descriptionTPPOAuth2Security:
Unsupported Media Type - headers:openid
x-fapi confirmation-interactionof-idpayee
components:
parameters:
Authorization:
requiredname: trueauthorization
in: header
descriptionrequired: true
description: An RFC4122authorization UIDToken used as a correlation id.per https://tools.ietf.org/html/rfc6750
schema:
schematype: string
x-customer-user-agent:
name: x-customer-user-agent
type: string in: header
'429': required: false
description: Indicates Toothe Manyuser-agent Requeststhat the User is using.
headersschema:
type: string
retry-after x-fapi-auth-date:
name: x-fapi-auth-date
requiredin: trueheader
required: false
description: Number>-
in seconds to wait The time when the User last logged in with the schema:TPP.
All dates in the HTTP headers type:are integerrepresented as RFC 7231 Full Dates. An
example is formatbelow: int64
Sun, 10 Sep x-fapi-interaction-id:
2017 19:43:31 UTC
required: trueschema:
descriptiontype: Anstring
RFC4122 UID used as a correlation id. pattern: >-
schema:^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}
type: string(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4}
'500':
\d{2}:\d{2}:\d{2} (GMT|UTC)$
x-fapi-customer-ip-address:
descriptionname: Internal Server Errorx-fapi-customer-ip-address
in: header
contentrequired: false
description: The User's IP address application/json; charset=utf-8:
if the User is currently logged in with the TPP.
schema:
type: string
$ref: '#/components/schemas/AEErrorResponse'x-fapi-interaction-id:
name: x-fapi-interaction-id
application/jsonin: header
required: false
schemadescription: An RFC4122 UID used as a correlation id.
schema:
$ref: '#/components/schemas/AEErrorResponse' type: string
schemas:
application/jwtAEAccountConfirmationRequest:
type: object
schemarequired:
- Data
$refproperties:
'#/components/schemas/AEErrorSignedResponse' headersData:
x-fapi-interaction-id:
$ref: '#/components/schemas/AEAccountConfirmationRequestProperties'
additionalProperties: false
requiredAEAccountConfirmationRequestProperties:
true oneOf:
description- $ref: An RFC4122 UID used as a correlation id.
'#/components/schemas/AEIbanConfirmationProperties'
- $ref: '#/components/schemas/AEAccountNumberConfirmationProperties'
discriminator:
schema: propertyName: IdentificationType
mapping:
type: string requestBody:UAEOF.IBAN: '#/components/schemas/AEIbanConfirmationProperties'
content: UAEOF.AccountNumber: '#/components/schemas/AEAccountNumberConfirmationProperties'
AEAccountConfirmationResponse:
application/json; charset=utf-8: type: object
required:
schema: - Data
$ref: '#/components/schemas/AENameVerificationRequest'
- Links
application/json:- Meta
properties:
schema: Data:
$ref: '#/components/schemas/AENameVerificationRequestAEAccountConfirmationResponseProperties'
Links:
application/jwt: $ref: '#/components/schemas/LinksSelf'
schema: Meta:
$ref: '#/components/schemas/NameVerificationRequestBodySignedMeta'
securityadditionalProperties: false
AEAccountConfirmationResponseProperties:
- TPPOAuth2Security: type: object
required:
- openid - AccountNameMatchIndicator
- confirmation-of-payee
components: properties:
parameters: AuthorizationAccountNameMatchIndicator:
name: authorization $ref: '#/components/schemas/AEAccountNameMatchIndicators'
in: header MaskedAccountName:
required: true descriptiontype: Anstring
authorization Token as per https://tools.ietf.org/html/rfc6750 schemaminLength: 1
type: string maxLength: 70
x-customer-user-agent: name: x-customer-user-agent description: >-
in: header The masked required:matched falseaccount name. This is provided to allow description:the IndicatesUser
the user-agent that the User is using. to schema:review the account name return from the Confirmation operation.
type: string x-fapi-auth-dateadditionalProperties: false
nameAEAccountDiscoveryByBankCode:
x-fapi-auth-date intype: headerobject
required:
false description: >- IdentificationType
The- timeBankCode
when the User last logged in withproperties:
the TPP. IdentificationType:
All dates in the HTTP headers are representedtype: asstring
RFC 7231 Full Dates. An enum:
example is below: - UAEOF.BankCode
Sun, 10 Sep 2017 19:43:31 UTCBankCode:
schematype: string
type: stringpattern: ^[0-9]{3}$
patterndescription: >-
^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} Bank identification code issued by CBUAE that identifies the LFI at
\d{2}:\d{2}:\d{2} (GMT|UTC)$which the account is held
additionalProperties: false
x-fapi-customer-ip-addressAEAccountDiscoveryByIban:
nametype: x-fapi-customer-ip-addressobject
inrequired:
header required:- falseIdentificationType
description: The User's- IPIdentification
address if the User is currently loggedproperties:
in with the TPP. IdentificationType:
schema: type: string
x-fapi-interaction-id: name: x-fapi-interaction-idenum:
in: header - UAEOF.IBAN
required: false description: An RFC4122 UID used as a correlation id.Identification:
schematype: string
type: string schemasminLength: 1
AEAccountDiscovery: typemaxLength: object400
required: description: >-
- IdentificationType Identification -for Accountthe account assigned by the LFI based properties:on the
IdentificationType: Account Scheme Name, and as understood type:by stringthe payer. This
enum: identification is known by the User account owner. -For UAEOF.IBAN, refer
Account: to the ISO $ref: '#/components/schemas/AEAccountIdentification'Standard 13616.
additionalProperties: false
AEAccountIdentificationAEAccountNameConfirmationProperties:
typeoneOf:
object required: - $ref: '#/components/schemas/AEPersonalAccountNameConfirmationProperties'
- Identification - $ref: '#/components/schemas/AEBusinessAccountNameConfirmationProperties'
properties: AEAccountNameMatchIndicators:
Identificationtype: string
enum:
type: string - UAEOF.ConfirmationOfPayee.Yes
minLength: 1 - UAEOF.ConfirmationOfPayee.No
maxLengthdescription: 400>-
Indicator for description:whether >-the payee name is matched with the account name
Identification for the account assignedheld byat the LFI
based on the AEAccountNumberConfirmationProperties:
type: object
Account Scheme Name. This identificationrequired:
is known by the User 1 - IdentificationType
account- owner.Identification
For IBAN, refer to the ISO Standard 13616. - BankCode
additionalProperties: false AEAccountVerificationProperties:
type: object
required:
- IdentificationType
- Identification
- Name
properties:
IdentificationType:
type: string
enum:
- UAEOF.IBANAccountNumber
Identification:
type: string
minLength: 1
maxLength: 400
description: >-
Identification for the account assigned by the LFI based on the
Account Scheme Name, and as understood by the payer. This
identification is known by the User 1 identification is known by the User account owner. For IBAN, refer
to the ISO Standard 13616. to the Name:ISO Standard 13616.
typeBankCode:
string minLengthtype: 1string
maxLengthpattern: 70^[0-9]{3}$
description: >-
TheBank accountidentification namecode isissued theby nameCBUAE orthat namesidentifies of the UserLFI accountat
owner(s) which representedthe ataccount anis accountheld
level, as displayed by the LFI's online Name:
channels. Note$ref: The account name is not the product name or the'#/components/schemas/AEAccountNameConfirmationProperties'
additionalProperties: false
AEBusinessAccountNameConfirmationProperties:
type: object
nickname of the account. required:
additionalProperties: false - AEError:BusinessName
typeproperties:
object requiredBusinessName:
- Code type: string
- Message minLength: 1
properties: maxLength: Code:140
allOfdescription: The business name of the account holder, as understood by the payer
- $ref: '#/components/schemas/AEErrorCode'
description: LowThe levelproperties textualrequired errorto code, e.g., UAEOF.Field.Missing
verify a business account
MessageadditionalProperties: false
AEConfirmationDiscovery:
type: string oneOf:
- minLength$ref: 1'#/components/schemas/AEAccountDiscoveryByIban'
- maxLength$ref: 500'#/components/schemas/AEAccountDiscoveryByBankCode'
discriminator:
description: >- propertyName: IdentificationType
A descriptionmapping:
of the error that occurred. e.g., 'A mandatory field UAEOF.IBAN: '#/components/schemas/AEAccountDiscoveryByIban'
isn't supplied' or 'RequestedExecutionDateTime must be in future'
UAEOF.BankCode: '#/components/schemas/AEAccountDiscoveryByBankCode'
AEConfirmationDiscoveryRequest:
type: object
UAEOF doesn't standardiserequired:
this field - Data
Path: properties:
type: string Data:
minLength: 1 $ref: '#/components/schemas/AEConfirmationDiscovery'
maxLengthadditionalProperties: 500false
AEConfirmationDiscoveryResponse:
descriptiontype: >-object
required:
Recommended but optional reference- toData
the JSON Path of the field - Links
with- error, e.g., Data.Initiation.InstructedAmount.CurrencyMeta
properties:
Url: typeData:
string description$ref: >-'#/components/schemas/AEConfirmationSourceProperties'
Links:
URL to help remediate the problem, or provide more information, or$ref: '#/components/schemas/LinksSelf'
Meta:
to API Reference, or help etc
description: Error $ref: '#/components/schemas/Meta'
additionalProperties: false
AEErrorCodeAEConfirmationSourceProperties:
type: stringobject
enumrequired:
- UAEOF.AccessToken.UnauthorizedAuthorizationServerUrl
- UAEOF.AccessToken.InvalidScopeResourceServerUrl
properties:
- UAEOF.Consent.Revoked AuthorizationServerUrl:
- UAEOF.Consent.TransientAccountAccessFailure type: string
- UAEOF.Consent.AccountTemporarilyBlocked - UAEOF.Consent.PermanentAccountAccessFailureminLength: 1
maxLength: 500
- UAEOF.Consent.Invalid description: >-
UAEOF.JWS.InvalidSignature - UAEOF.JWS.Malformed Authorization Server URL at which an Access - UAEOF.JWS.InvalidClaim
Token to invoke the
- UAEOF.JWS.InvalidHeader Confirmation of Payee operation -should UAEOF.GenericRecoverableErrorbe sought
- UAEOF.GenericErrorResourceServerUrl:
- UAEOF.JWE.DecryptionError type: string
- UAEOF.JWE.InvalidHeader minLength: 1
- UAEOF.Event.UnexpectedEvent maxLength: 500
- UAEOF.Body.InvalidFormat description: >-
UAEOF.Resource.InvalidResourceId - UAEOF.Resource.InvalidFormat
Resource Server URL at which the Confirmation of Payee operation
should be invoked
- UAEOF.Consent.BusinessRuleViolationadditionalProperties: false
AEErrorResponseAEError:
type: object
required:
- ErrorsCode
properties: - Message
Errorsproperties:
typeCode:
array allOf:
items: - $ref: '#/components/schemas/AEErrorAEErrorCode'
minItemsdescription: 1Low level textual error code, e.g., UAEOF.Field.Missing
description: >- Message:
An array of detail error codes, and messages, and URLstype: tostring
documentation to helpminLength: remediation.1
additionalProperties: false maxLength: 500
AEErrorSignedResponse: typedescription: >-
object required: A description of the error that - issoccurred. e.g., 'A mandatory field
- exp isn't supplied' or 'RequestedExecutionDateTime must be in -future'
nbf
- message UAEOF doesn't standardise this properties:field
issPath:
type: string
minLength: 1
maxLength: 500
description: >-
Recommended but optional reference [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
to the JSON Path of the field
exp: with type: numbererror, e.g., Data.Initiation.InstructedAmount.Currency
descriptionUrl:
>- type: [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)string
nbfdescription: >-
type: number URL to help remediate the problem, or provide more description: >-information, or
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
to API Reference, or help etc
aud: description: Error
typeadditionalProperties: false
array AEErrorCode:
itemstype: string
enum:
type: string - UAEOF.AccessToken.Unauthorized
description: >-- UAEOF.AccessToken.InvalidScope
- UAEOF.Consent.Revoked
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3) - UAEOF.Consent.TransientAccountAccessFailure
- UAEOF.Consent.AccountTemporarilyBlocked
- UAEOF.Consent.PermanentAccountAccessFailure
iat: - UAEOF.Consent.Invalid
type: number - UAEOF.JWS.InvalidSignature
description: >- - UAEOF.JWS.Malformed
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6) - UAEOF.JWS.InvalidClaim
- UAEOF.JWS.InvalidHeader
message:- UAEOF.GenericRecoverableError
- $ref: '#/components/schemas/AEErrorResponse'UAEOF.GenericError
description: Signed error response payload- UAEOF.JWE.DecryptionError
additionalProperties: false- UAEOF.JWE.InvalidHeader
AENameVerificationRequest: - UAEOF.Event.UnexpectedEvent
type: object required:- UAEOF.Body.InvalidFormat
- DataUAEOF.Resource.InvalidResourceId
properties: - UAEOF.Resource.InvalidFormat
Data: - UAEOF.Consent.BusinessRuleViolation
AEErrorResponse:
$ref: '#/components/schemas/AEAccountVerificationProperties' type: object
additionalProperties: false AENameVerificationResponserequired:
type: object - Errors
required: properties:
- Data Errors:
- Links type: array
properties: items:
Data: $ref: '#/components/schemas/AEVerifiedPropertiesAEError'
Links: minItems: 1
$refdescription: '#/components/schemas/LinksSelf'>-
additionalProperties: false An array of detail AEOkResponse:error codes, and messages, and URLs to type:documentation
object additionalProperties: falseto AEVerificationDiscovery:help remediation.
$refadditionalProperties: '#/components/schemas/AEAccountDiscovery'false
AEVerificationDiscoveryRequestAEErrorSignedResponse:
type: object
required:
- iss
Data properties: - exp
Data: - nbf
$ref: '#/components/schemas/AEVerificationDiscovery' - message
additionalPropertiesproperties: false
AEVerificationDiscoveryResponse: iss:
type: object requiredtype: string
- Data description: >-
- Links properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
Dataexp:
$reftype: '#/components/schemas/AEVerificationSourceProperties'number
Linksdescription: >-
$ref: '#/components/schemas/LinksSelf'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
additionalProperties: false nbf:
AEVerificationSourceProperties: type: number
object requireddescription: >-
- VerificationUrl
properties: [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
VerificationUrlaud:
type: stringarray
minLengthitems:
1 maxLengthtype: 500string
description: URL>-
at which the Confirmation of Payee operation should be invokved additionalProperties: false
AEVerifiedProperties:
type: object
required:
- AccountNameMatched
properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
AccountNameMatchediat:
type: booleannumber
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
Indicator for whether the payeemessage:
name is matched with the account $ref: '#/components/schemas/AEErrorResponse'
namedescription: heldSigned aterror theresponse LFIpayload
additionalProperties: false
DiscoverVerificationSourceRequestBodySignedAEIbanConfirmationProperties:
type: object
required:
- issIdentificationType
- expIdentification
- nbf
- messageName
properties:
issIdentificationType:
type: string
descriptionenum:
>- [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)- UAEOF.IBAN
expIdentification:
type: numberstring
description: >-
minLength: 1
maxLength: 400
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)description: >-
nbf: Identification for the account assigned by the type:LFI numberbased on the
description: >- Account Scheme Name, and as understood by the [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)payer. This
aud:identification is known by the User account owner. For IBAN, refer
type: array items:to the ISO Standard 13616.
typeName:
string description: >-$ref: '#/components/schemas/AEAccountNameConfirmationProperties'
additionalProperties: false
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)AEPersonalAccountNameConfirmationProperties:
iattype: object
required:
type: number - GivenName
description: >- - LastName
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)properties:
messageGivenName:
$reftype: '#/components/schemas/AEVerificationDiscoveryRequest'string
additionalProperties: false minLength: 1
DiscoverVerificationSourceResponseBodySigned: type: object maxLength: 70
required: description: >-
iss - exp The given or first name of the -account nbfholder, as understood by the
- message properties:payer
issLastName:
type: string
descriptionminLength: >-1
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
maxLength: 70
exp: description: >-
type: number The family or surname of the description: >-
account holder, as understood by the
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4) payer
nbf: description: The properties required to verify a personal account
type: number additionalProperties: false
descriptionDiscoverConfirmationSourceRequestBodySigned:
>- type: object
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)required:
- iss
- exp
- aud:nbf
- message
type: array properties:
items: iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.31](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.31)
iatexp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.64](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/AEVerificationDiscoveryResponse'
additionalProperties: false
DiscoverVerificationSourceSignedRequest:
type: object4)
requirednbf:
- requestBody type: number
properties: description: >-
requestBody: $ref: '#/components/schemas/DiscoverVerificationSourceRequestBodySigned'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
additionalProperties: false aud:
DiscoverVerificationSourceSignedResponse: type: objectarray
required: items:
- response propertiestype: string
response: description: >-
$ref: '#/components/schemas/DiscoverVerificationSourceResponseBodySigned' allOf:
- $ref: '#/components/schemas/AEOkResponse'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
additionalProperties: false iat:
DiscoverVerificationSourceUnsignedRequest: type: objectnumber
required: description: >-
- requestBody properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
requestBodymessage:
$ref: '#/components/schemas/AEVerificationDiscoveryRequestAEConfirmationDiscoveryRequest'
additionalProperties: false
DiscoverVerificationSourceUnsignedResponseDiscoverConfirmationSourceResponseBodySigned:
type: object
required: object
required:
- response properties:- iss
response: - exp
$ref: '#/components/schemas/AEVerificationDiscoveryResponse'- nbf
allOf: - message
- $refproperties: '#/components/schemas/AEOkResponse'
additionalPropertiesiss: false
LinksSelf: type: string
object required: description: >-
- Self properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
Selfexp:
$reftype: '#/components/schemas/Self' number
description: >-
Links relevant to the resource additionalProperties: false[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
NameVerificationRequestBodySignednbf:
type: objectnumber
required: description: >-
- iss - exp[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
-aud:
nbf - messagetype: array
properties: items:
iss: type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.13](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.13)
expiat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.46](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4).1.6)
message:
$ref: '#/components/schemas/AEConfirmationDiscoveryResponse'
additionalProperties: false
LinksSelf:
type: object
required:
- Self
properties:
nbfSelf:
type: number$ref: '#/components/schemas/Self'
description: Links relevant to the resource
additionalProperties: false
descriptionMeta:
>- type: object
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
description: Metadata relevant to the resource
audadditionalProperties: false
NameConfirmationRequestBodySigned:
type: object
array required:
items: - iss
- exp
type: string - nbf
description: >- - message
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)properties:
iatiss:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.61](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/AENameVerificationRequest'
additionalProperties: false
NameVerificationResponseBodySigned:1)
typeexp:
object required: type: number
- iss description: >-
- exp - nbf
- message
properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
issnbf:
type: stringnumber
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.15](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.15)
exp: aud:
type: array
items:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.43](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.43)
nbfiat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.56](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.56)
audmessage:
type$ref: array'#/components/schemas/AEAccountConfirmationRequest'
additionalProperties: false
items NameConfirmationResponseBodySigned:
type: object
type: string required:
- iss
description: >-- exp
- nbf
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)- message
properties:
iatiss:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.61](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.61)
messageexp:
$reftype: '#/components/schemas/AENameVerificationResponse'
number
additionalProperties: false NameVerificationSignedRequestdescription: >-
type: object required:
- requestBody
properties:
requestBody:
$ref: '#/components/schemas/NameVerificationRequestBodySigned'
additionalProperties: false[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
NameVerificationSignedResponsenbf:
type: object requiredtype: number
- response propertiesdescription: >-
response: $ref: '#/components/schemas/NameVerificationSignedResponse'
allOf:
- $ref: '#/components/schemas/AEOkResponse'
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
additionalProperties: false NameVerificationUnsignedRequest:
aud:
type: object requiredtype: array
- requestBody items:
properties: type: requestBody:string
$refdescription: '#/components/schemas/AENameVerificationRequest'>-
additionalProperties: false NameVerificationUnsignedResponse:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
type: object iat:
required: type: number
- response propertiesdescription: >-
response: $ref: '#/components/schemas/AENameVerificationResponse'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
allOfmessage:
- $ref: '#/components/schemas/AEOkResponseAEAccountConfirmationResponse'
additionalProperties: false
Self:
type: string
format: uri
description: A link to the current resource
securitySchemes:
TPPOAuth2Security:
type: oauth2
description: >-
TPP confidential client authorization with the LFI to stage a consent.
**Please refer to [OpenID FAPI Security Profile 1.0 -Part 2
Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-server)
- 5.2.2 point 14 - shall authenticate the confidential client using one
of the following methods private_key_jwt and [OpenID Connect Core
1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
9. Client Authentication private_key_jwt**
flows:
clientCredentials:
tokenUrl: https://authserver.example/token
scopes:
openid: Activates OpenID Connect Support
confirmation-of-payee: Right to invoke a Confirmation of Payee operation
accounts: Ability to read Accounts Information
insurance: Right to read insurance policies
servers:
- url: /open-finance/confirmation-of-payee/v1.0-draft4
description: Default URL
variables: {}
| 