...
The flow MUST begin with the TPP either:
Prompt Prompting the User for the Payee account details, where the account details are solicited from the User.
Retrieving the Payee account details where they are stored by the TPP
In both cases the TPP will agree with the User that the details appear correct prior to to correlate with the intended Payee before invoking any Confirmation of Payee operation. The requested account details must included either the IBAN or the domestic account number and bank code.
1.2 Step 2: Discover LFI that holds the Payee account
...
The TPP MUST create a request payload that contains the IBAN or the bank code for the Payee account, signed and encoded as a JSON Web Signature (JWS) for purposes of non-repudiation. The Content-type
header field will be set to application/jwt
to indicate that request is a JWS.
The TPP MUST call the Discover operation to retrieve the correct OFP Authorization Server and Resource Server URLs for the LFI that holds the account. The request body must include the IBAN or the bank code for the payee account.
The OFP MUST resolve the IBAN or bank code sent by the TPP to the correct OFP Authorization Server and Resource URLs for the LFI that holds the payee account. The Authorization Server and Resource Server URLs will be used to create the response body, which will be signed and encoded as a JWS for purposes of non-repudiation.
The OFP MUST return a 200 OK
together with the response body containing the Authorization Server and Resource Server URLs. The Content-type
header field will be set to application/jwt
to indicate that response is a JWS.
1.3 Step 3:
...
Confirm Payee Account Details at the LFI
The TPP MUST have a valid access token (with scope), solicited using the Client Credentials grant type, using the OFP Authorization Server URL returned in Step 2.
The TPP MUST create a request payload that contains the IBAN or the domestic account number for the Payee account and the account name as understood by the User, signed and encoded as a JSON Web Signature (JWS) for purposes of non-repudiation. The Content-type
header field will be set to application/jwt
to indicate that request is a JWS.
The TPP MUST use the Resource Server URL, together with the request payload, returned from Step 2 to call the Verify Confirmation operation.
The OFP MUST resolve the IBAN to the correct AccountId
value at the LFI.The OFP MUST call the Parties endpoint at the LFI to retrieve the account holder name, using the AccountId
value to address the correct accountthe account details retrieve the party for the account being confirmed.
The LFI MUST respond with 200 OK
together with the properties of the account holder.
...
The OFP MUST return a 200 OK
together with the response body containing the account name match indicator. If the value of the matched indicator is UAEOF.ConfirmationOfPayee.No
, the response will also contain the name that was on the account, which will be masked. The Content-type
header field will be set to application/jwt
to indicate that response is a JWS.
...
The Confirmation of Payee flows illustrate the API interactions completing successfully, with no API Errors.
...
3. Confirmation of Payee Examples
...
Code Block |
---|
POST /open-finance/confirmation-of-paymentpayee/v1/discoverdiscovery HTTP/1.1 Host: rs1.openfinanceplatform.ae Content-Type: application/jwt Accept: application/jwt x-fapi-interaction-id: 8b92e2c6-e0b6-4bc2-92e7-dae085a8141c Authorization: Bearer 54234c74-8ab7-4633-bc3d-ce050695751c { "alg": "PS256", "kid": "44310147-3249-40cf-a85f-d197a29f9b1b" } . { "iss": "string", "exp": 0.5, "nbf": 0.5, "aud": [ "string" ], "iat": 0.5, "message": { "Data": { "IdentificationType": "UAEOF.IBAN", "Identification": "AE070331234567890123456" } } } . <<signature>> |
3.2.2 Response: Authorization Server and Resource Server URLs to Invoke
...
Confirmation Operation
Code Block |
---|
HTTP/1.1 200 OK Content-Type:application/jwt x-fapi-interaction-id: 8b92e2c6-e0b6-4bc2-92e7-dae085a8141c { "alg": "PS256", "kid": "c3cce1fa-e3c1-4901-bf70-e3bd33c42bfb" } . { "iss": "string", "exp": 0.5, "nbf": 0.5, "aud": [ "string" ], "iat": 0.5, "message": { "Data": { "AuthorizationServerUrl": "https:/lfi1.openfinance.ae/open-finance/auth/v1/as", "ResourceServerUrl": "https:/lfi1.openfinance.ae/open-finance/confirmation-of-payee/v1/verificationconfirmation" } } } . <<signature>> |
3.3. The TPP Requests an Access Token to
...
Confirm the Payee Account Name
3.3.1 Request: Access Token Request using the Client Credentials Grant Type at the LFI Authorization Server Instance
...
Code Block |
---|
HTTP/1.1 200 OK Content-Type: application/json { "access_token": "77c38589-a158-4eda-8b9f-279dc98d1635", "expires_in": 3600, "token_type": "Bearer", "scope": "openid confirmation-of-payee" } |
3.4 The TPP Invokes the
...
Confirm Operation for the Payee Account Name
3.4.1 Request: TPP Sends Account Details as JSON Web Signature
Code Block |
---|
POST /open-finance/confirmation-of-paymentpayee/v1/verificationconfirmation HTTP/1.1 Host: lfi1.openfinanceplatform.ae Content-Type: application/jwt Accept: application/jwt x-fapi-interaction-id: 1a1f0c67-1120-4b4b-abf3-7f5cd5979189 Authorization: Bearer 77c38589-a158-4eda-8b9f-279dc98d1635 { "alg": "PS256", "kid": "44310147-3249-40cf-a85f-d197a29f9b1b" } . { "iss": "string", "exp": 0.5, "nbf": 0.5, "aud": [ "string" ], "iat": 0.5, "message": { "Data": { "IdentificationType": "UAEOF.IBAN", "Identification": "AE070331234567890123456", "Name": { "GivenName": "Mohammed", "FamilyName": "Al-Nakheel" } } } } . <<signature>> |
3.4.2 Request: OFP Sends Parties Request to LFI
...
Code Block |
---|
HTTP/1.1 200 OK Content-Type: application/json { "Data": { "Party": [ ... "Claims": { "GivenName": "Mohammed", "FamilyName": "Al-Nakheel" } ] } } |
3.4.4 Response: Name
...
Confirmation Response
Code Block |
---|
HTTP/1.1 200 OK Content-Type: application/json {jwt { "alg": "PS256", "kid": "29b362fc-c46c-460e-98b5-2a8af073e6aa" } . { "iss": "string", "exp": 0.5, "nbf": 0.5, "aud": [ "string" ], "iat": 0.5, "message": { "Data": { "AccountNameMatchIndicator": "UAEOF.ConfirmationOfPayee.NoYes" } } } . <<signature>> |
5. OpenAPI Specification
See the Confirmation of Payee - OpenAPI Documentation page.
6. Confirmation of Payee Notes
The Confirmation of Payee API only supports signed requests and responses. All request and response payloads must be encoded as a JWS.
The examples of retrieving the Party information from the LFI only show the bare payloads and do not include the security approach implemented between the OFP and LFI, which varies based on LFI preferences.
7. Security
A confirmation-of-payee
scope is used for the Discover and Verify Confirmation operations.