openapi: 3.0.0
info:
title: UAE Pushed Authorization Endpoint
description: >-
## UAE Open Finance Pushed Authorization Endpoint Specification
This API description provides the definitions for the supported Rich
Authorization Request (RAR) payloads in the context of the Pushed
Authorization Request endpoint.
Please note that RAR definitions are provided for information and **do not**
accurately reflect a serialized, signed JSON Web Token. The Schema Object
provide the correct message payload definition to create the RAR before
creating a JWT-Secured Authorization Request (JAR).
version: v1.0-draft5rc1
tags:
- name: Pushed Authorization Requests
pathsservers:
- url: /open-finance/auth/v1.0-rc1
paths:
/par:
post:
tags:
- Pushed Authorization Requests
operationId: InsuranceConsents_create
summary: >-
Submit a Rich Authorization Request (RAR) to the Pushed Authorization
Request (PAR) Endpoint
parameters: []
responses:
'201':
description: >-
The request has succeeded and a new resource has been created as a
result.
content:
application/json:
schema:
$ref: '#/components/schemas/PushedAuthorizationResponseBody'
'400':
description: The server could not understand the request due to invalid syntax.
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthBadRequestErrorResponse'
'405':
description: Method Not Allowed
'413':
description: Content Too Large
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/PushedAuthorizationRequest'
components:
schemas:
AEAcceptedAuthorizationTypeRequestPaymentsIsSingleAuthorization:
typedescription: string|
enum: Specifies to the LFI that the consent -authorization UAEOF.Singlemust be completed in a single authorization Step
- UAEOF.Multi with the -LFI
UAEOF.Both descriptiontype: |2-"boolean"
AEAccountAccessAuthorizationDetailConsentProperties:
type: Specifiesobject
to the LFI the type of consentrequired:
authorization accepted by the TPP when staging the consent- ConsentId
- Permissions
* Single - The consent shouldproperties:
incur a single authorization Step with the LFI ConsentId:
* Multi - The consent should incur a multi-authorization Step with the LFI$ref: '#/components/schemas/AEConsentId'
Permissions:
* Both - The consent should incur either a single authorization or multi-authorization step with the LFI. The LFI decides.
AEAccountAccessAuthorizationDetailConsentProperties:
type: object
required:
- ConsentId
- Permissions
properties:
ConsentId:
$ref: '#/components/schemas/AEConsentId'
Permissions:
$ref: '$ref: '#/components/schemas/AEAccountAccesssConsentPermissionCodes'
allOf:
- $ref: '#/components/schemas/AEAccountAccessAuthorizationDetailProperties'
additionalProperties: false
AEAccountAccessAuthorizationDetailProperties:
type: object
properties:
BaseConsentId:
$ref: '#/components/schemas/AEBaseConsentId'
ExpirationDateTime:
type: string
format: date-time
description: >-
Specified date and time the permissions will expire.
If this is not populated, the permissions will be open ended.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
TransactionFromDateTime:
type: string
format: date-time
description: |2-
Specified start date and time for the transaction query period.
If this is not populated, the start date will be open ended, and
data will be returned from the earliest available
transaction.All dates in the JSON payloads are represented in
ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
TransactionToDateTime:
type: string
format: date-time
description: |2-
Specified end date and time for the transaction query period.
If this is not populated, the end date will be open ended, and
data will be returned to the latest available transaction.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
AccountType:
type: array
items:
$ref: '#/components/schemas/AEAccountTypeCode'
AccountSubType:
type: array
items:
$ref: '#/components/schemas/AEAccountSubTypeCode'
OnBehalfOf:
$ref: '#/components/schemas/AEOnBehalfOf'
Purpose:
type: array
items:
$ref: '#/components/schemas/AEAccountAccessConsentPurpose'
additionalProperties: false
AEAccountAccessAuthorizationDetailReconsentProperties:
type: object
required:
- ConsentId
properties:
ConsentId:
$ref: '#/components/schemas/AEConsentId'
Permissions:
$ref: '#/components/schemas/AEAccountAccesssConsentPermissionCodes'
allOf:
- $ref: '#/components/schemas/AEAccountAccessAuthorizationDetailProperties'
additionalProperties: false
AEAccountAccessAuthorizationDetailsConsent:
type: object
required:
- Type
- Consent
- Subscription
properties:
Type:
type: string
enum:
- urn:openfinanceuae:account-access-consent:v1.0-draft5rc1
Consent:
$ref: >-
#/components/schemas/AEAccountAccessAuthorizationDetailConsentProperties
Subscription:
$ref: '#/components/schemas/EventNotification'
description: >-
Properties for creating a consent object for the first time a User
consents to TPP access to account information data
additionalProperties: false
AEAccountAccessAuthorizationDetailsReconsent:
type: object
required:
- Type
- Consent
- Subscription
properties:
Type:
type: string
enum:
- urn:openfinanceuae:account-access-consent:v1.0-draft5rc1
Consent:
$ref: >-
#/components/schemas/AEAccountAccessAuthorizationDetailReconsentProperties
Subscription:
$ref: '#/components/schemas/EventNotification'
description: >-
Properties for creating a consent object when a User reconsents to TPP
access to account information data
additionalProperties: false
AEAccountAccessConsentPurpose:
type: string
enum:
- Account Aggregation
- Personal Finance Manager
- Credit Assessment
- Tax Filing
- Enterprise Financial Management
- Other
AEAccountAccesssConsentPermissionCodes:
type: string
enum:
- ReadAccountsBasic
- ReadAccountsDetail
- ReadBalances
- ReadBeneficiariesBasic
- ReadBeneficiariesDetail
- ReadTransactionsBasic
- ReadTransactionsDetail
- ReadTransactionsCredits
- ReadTransactionsDebits
- ReadProduct
- ReadScheduledPaymentsBasic
- ReadScheduledPaymentsDetail
- ReadDirectDebits
- ReadStandingOrdersBasic
- ReadStandingOrdersDetail
- ReadConsents
- ReadPartyPSU
- ReadPartyPSUIdentity
- ReadParty
description: >-
Specifies the permitted account access policy data types.
This is a list of the data groups being consented by the User, and
requested for authorization with the LFI.
AEAccountSubTypeCode:
type: string
enum:
- CurrentAccount
- Savings
- CreditCard
- PrePaidCard
- EMoney
- ChargeCard
- Other
description: Specifies the sub type of account (product family group)
AEAccountTypeCode:
type: string
enum:
- UAEOF.Retail
- UAEOF.Corporate
description: Specifies the type of account (Retail or Corporate).
AEAmountAndCurrency:
type: object
required:
- Currency
- Amount
properties:
Currency:
$ref: '#/components/schemas/CurrencyCode'
Amount:
$ref: '#/components/schemas/Amount'
description: >-
The Currency and Amount relating to the Payment, Refund or Request to
Pay
additionalProperties: false
AEBaseConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
The original ConsentId assigned by the TPP.
It is used by the TPP for updating/renewing parameters associated with
long-lived consents.
It must be provided when long-lived consent parameters are
updated/renewed for a current consent that has not yet finished.
AEChargeBearerType1Code:
type: string
enum:
- BorneByCreditor
- BorneByDebtor
- FollowingServiceLevel
- Shared
description: >-
Specifies which party/parties will bear the charges associated with the
processing of the payment transaction.
AEConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
Unique identification assigned by the TPP to identify the consent
resource.
AECurrencyRequest:
type: object
required:
- ExtendedPurpose
- CurrencyOfTransfer
properties:
InstructionPriority:
allOf:
- $ref: '#/components/schemas/AEInstructionPriority'
description: >-
Indicator of the urgency or order of importance that the instructing
party would like the instructed party to apply to the processing of
the instruction.
ExtendedPurpose:
type: string
minLength: 1
maxLength: 140
description: >-
Specifies the purpose of an international payment, when there is no
corresponding 4 character code available in the ISO20022 list of
Purpose Codes.
ChargeBearer:
$ref: '#/components/schemas/AEChargeBearerType1Code'
CurrencyOfTransfer:
type: string
pattern: ^[A-Z]{3,3}$
description: >-
Specifies the currency of the to be transferred amount, which is
different from the currency of the debtor's account.
DestinationCountryCode:
type: string
pattern: '[A-Z]{2,2}'
description: >-
Country in which Credit Account is domiciled. Code to identify a
country, a dependency, or another area of particular geopolitical
interest, on the basis of country names obtained from the United
Nations (ISO 3166, Alpha-2 code).
ExchangeRateInformation:
$ref: '#/components/schemas/AEExchangeRateInformation'
description: >-
The details of the non-local currency or FX request that has been agreed
between the User and the TPP.
The requested ChargeBearer and ExchangeRateInformation are included in
this object may be overwritten by the LFI in the returned Consent
object.
additionalProperties: false
AEExchangeRateInformation:
type: object
required:
- UnitCurrency
- RateType
properties:
UnitCurrency:
type: string
pattern: ^[A-Z]{3,3}$
description: >-
Currency in which the rate of exchange is expressed in a currency
exchange. In the example 1GBP = xxxCUR, the unit currency is GBP.
ExchangeRate:
type: number
description: >-
The factor used for conversion of an amount from one currency to
another. This reflects the price at which one currency was bought
with another currency.
RateType:
$ref: '#/components/schemas/AERateType'
ContractIdentification:
type: string
minLength: 1
maxLength: 256
description: >-
Unique and unambiguous reference to the foreign exchange contract
agreed between the initiating party/creditor and the debtor agent.
description: Provides details on the currency exchange rate and contract.
additionalProperties: false
AEExpectedInitiationTimeWindow:
type: string
pattern: >-
^(00[0-9]|0[1-9][0-9]|[1-6][0-9]{2}|7[01][0-9]|720):[0-5][0-9]:[0-5][0-9]$
description: |2-
A time window set by the TPP in which a Payment must be initated by the LFI.
The time window is based on a custom time format hhh:mm:ss. e.g. 000:00:15 represents a time window of 15 seconds to initiate the Payment.
AEInstructionPriority:
type: string
enum:
- Normal
- Urgent
AEInsuranceAuthorizationDetailsConsent:
type: object
required:
- Type
- Consent
- Subscription
properties:
Type:
type: string
enum:
- urn:openfinanceuae:insurance-consent:v1.0-draft5rc1
Consent:
$ref: '#/components/schemas/OBInsuranceAuthorizationDetailConsentProperties'
Subscription:
$ref: '#/components/schemas/EventNotification'
description: >-
Properties for creating a consent object for the first time a User
consents to TPP access to insurance data or services
additionalProperties: false
AEInsuranceAuthorizationDetailsReconsent:
type: object
required:
- Type
- Consent
- Subscription
properties:
Type:
type: string
enum:
- urn:openfinanceuae:insurance-consent:v1.0-draft5rc1
Consent:
$ref: >-
#/components/schemas/OBInsuranceAuthorizationDetailReconsentProperties
Subscription:
$ref: '#/components/schemas/EventNotification'
description: >-
Properties for creating a consent object when a User reconsents to TPP
access to insurance data or services
additionalProperties: false
AEJWEPaymentPII:
type: string
description: |2-
A JSON Web Encryption (JWE) object, which encapsulates a JWS. The value is a compact serialization
of a JWE, which is a string consisting of five base64url-encoded parts joined by dots. It encapsulates encrypted content using JSON data structures.
The decrypted JWS content has the structure of the AEPaymentPII schema.
AEConfirmationOfPayeeResponse:
description: The JSON Web Signature returned by the Payee Confirmation operation at the Confirmation of Payee API. The value must be the full JWS string, including the header and signature, without decoding to an object. If Confirmation of Payee is not performed this property can be omitted
type: string
pattern: '^.+\..+\..+$'
AEPaymentPII:
type: "object"
additionalProperties: false
description: "Elements of Personal Identifiable Information data"
properties:
Initiation:
type: "object"
additionalProperties: false
description: "The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor."
properties:
DebtorAccount:
type: "object"
additionalProperties: false
required:
- "IdentificationTypeSchemeName"
- "Identification"
description: "Unambiguous identification of the account of the debtor to which a debit entry will be made as a result of the transaction."
properties:
IdentificationTypeSchemeName:
description: "Name of the identification scheme, in a coded form as published in an external list."
type: "string"
enum:
- "UAEOF.IBAN"
- "UAEOF.AccountNumber"
Identification:
description: |
Identification for the account assigned by the LFI based on the Account Scheme Name.
This identification is known by the User account owner.
type: "string"
minLength: 1
MobileNumber:
description: | Mobile number of the account owner.
type: "string"
maxLength: 16
Name:
type: "object"
description: |
The Account Holder Name is the name or names of the Account owner(s) represented at the account level
properties:
en:
type: "string"
description: "English value of the string"
maxLength: 70
ar:
type: "string"
description: "Arabic value of the string"
maxLength: 70
additionalProperties: false
CreditorAgent:
description: |
Refers to the Financial Institution.
type: "object"
required:
- "IdentificationTypeSchemeName"
- "Identification"
properties:
IdentificationTypeSchemeName:
type: "string"
description: |
Refers to the Identification scheme for uniquely identifying the Agent.
* UAEOF.OTHEROther: The ID; A Country Code followed by a Bank Code (UAEOF 4 character code). The full list of LFI names and 6 digits IDs are as follows:
enum:
- "UAEOF.OTHEROther"
Identification:
description: |
The Agent is the Country Code followed by a Bank Code"
type: "string"
minLength: 6
maxLength: 6
Name:
description: "Name by which an agent is known and which is usually used to identify that agent."
type: "string"
minLength: 1
maxLength: 140
PostalAddress:
$ref: "#/components/schemas/AEAddress"
Creditor:
type: "object"
additionalProperties: false
description: "Party to which an amount of money is due."
properties:
Name:
description: |
Name by which a party is known and which is usually used to identify that party.
This may be used to identify the Creditor for international payments.
type: "string"
minLength: 1
maxLength: 140
PostalAddress:
description: |
(Array) Address information that locates and identifes a specific address, as defined by a national or international postal service."
type: "array"
minItems: 1
items:
type: "object"
required:
- "AddressType"
- "Country"
properties:
AddressType:
$ref: "#/components/schemas/AEAddressTypeCode"
ShortAddress:
$ref: "#/components/schemas/AEShortAddress"
UnitNumber:
$ref: "#/components/schemas/AEUnitNumber"
FloorNumber:
$ref: "#/components/schemas/AEFloorNumber"
BuildingNumber:
$ref: "#/components/schemas/AEBuildingNumber"
StreetName:
$ref: "#/components/schemas/AEStreetName"
SecondaryNumber:
$ref: "#/components/schemas/AESecondaryNumber"
District:
$ref: "#/components/schemas/AEDistrict"
PostalCode:
$ref: "#/components/schemas/AEPostalCode"
POBox:
$ref: "#/components/schemas/AEPOBox"
ZipCode:
$ref: "#/components/schemas/AEZipCode"
City:
$ref: "#/components/schemas/AECity"
Region:
$ref: "#/components/schemas/AERegion"
Country:
$ref: "#/components/schemas/AECountryCode"
additionalProperties: false
CreditorAccount:
description: "Unambiguous identification of the account of the creditor to which a credit entry will be posted."
type: "object"
additionalProperties: false
required:
- "IdentificationTypeSchemeName"
- "Identification"
- "Name"
properties:
IdentificationTypeSchemeName:
$ref: "#/components/schemas/AEExternalAccountIdentificationCode"
Identification:
$ref: "#/components/schemas/AEIdentification"
MobileNumberName:
$ref: "#/components/schemas/AEMobileNumberAEName"
NameTradingName:
$ref: "#/components/schemas/AENameAETradingName"
TradingName:
ConfirmationOfPayeeResponse:
$ref: "#/components/schemas/AETradingNameAEConfirmationOfPayeeResponse"
Risk:
ConfirmationOfPayeeResponse:
$ref: "#/components/schemas/AEConfirmationOfPayeeResponse"
Risk: $ref: "#/components/schemas/AERisk"
AERisk:
additionalProperties: false
description: |
The Risk section is sent by the TPP to the LFI. It is used to specify additional details for risk/fraud scoring regarding Payments.
type: "object"
properties:
UserIndicators:
$ref: "#/components/schemas/AEUserIndicators"
DestinationDeliveryAddress:
type: "object"
description: |
Destination Delivery Address
properties:
RecipientType:
type: "string"
description: "The recipient of the goods whether an individual or a corporation."
enum:
- "UAEOF.Individual"
- "UAEOF.Corporate"
RecipientName:
type: "object"
description: "The name of the recipient of the goods, whether an individual or a corporation."
properties:
en:
type: "string"
description: "English value of the string"
ar:
type: "string"
description: "Arabic value of the string"
NationalAddress:
$ref: "#/components/schemas/AEAddress"
TransactionIndicators:
$ref: "#/components/schemas/AETransactionIndicators"
BeneficiaryIndicators:
$ref: "#/components/schemas/AEBeneficiaryIndicators"
AEUserIndicators:
type: "object"
description: |
User (Payer) Indicators
properties:
UserName:
type: "object"
description: "The Name of the User initiating the Payment"
properties:
en:
type: "string"
description: "English value of the string"
ar:
type: "string"
description: "Arabic value of the string"
GeoLocation:
type: "object"
description: "GPS to identify and track the whereabouts of the connected electronic device."
required:
- "latitude"
- "longitude"
properties:
latitude:
type: "string"
description: "latitude"
longitude:
type: "string"
description: "longitude"
DeviceId:
type: "string"
description: "IMEISV number of the connected electronic device"
DeviceOperatingSystem:
type: "string"
description: "Device operating system"
DeviceOperatingSystemVersion:
type: "string"
description: "Device operating system version"
UserOnboardingDateTime:
type: "string"
format: "date-time"
description: "The exact date and time when the User account was activated with the TPP."
AuthenticationChannel:
description: Channel on which the User was authenticated
type: string
enum:
- UAEOF.App
- UAEOF.Web
AETransactionIndicators:
type: "object"
description: |
Transaction Indicators
properties:
IsCustomerPresent:
description: "This field differentiates between automatic and manual payment initiation."
type: boolean
IsContractPresent:
description: "Indicates if the Payee has a contractual relationship with the TPP."
type: boolean
Channel:
description: "Where the payment has been initiated from."
type: "string"
enum:
- "UAEOF.Web"
- "UAEOF.Mobile"
AEBeneficiaryIndicators:
type: "object"
description: |
Beneficiary Indicators
properties:
AccountType:
$ref: "#/components/schemas/AEAccountTypeCode"
IsBeneficiaryPrePopulated:
$ref: "#/components/schemas/AEIsBeneficiaryPrePopulated"
TradingName:
$ref: "#/components/schemas/AETradingName"
IsVerifiedByTPP:
$ref: "#/components/schemas/AEIsVerifiedbyTPP"
AdditionalAccountHolderIdentifiers:
$ref: "#/components/schemas/AEAdditionalAccountHolderIdentifiers"
MerchantDetails:
type: "object"
description: |
Details of the Merchant involved in the transaction.
Merchant Details are specified only for those merchant categories that are generally expected to originate retail financial transactions
properties:
MerchantId:
description: "MerchantId"
type: "string"
minLength: 8
maxLength: 20
MerchantName:
description: "Name by which the merchant is known."
type: "string"
minLength: 1
maxLength: 350
MerchantSICCode:
description: |
SIC code stands for standard industrial classification (SIC) code.
This four digit-number identifies a very specific short descriptor of the type of business a company is engaged in.
SIC can be obtained from the Chamber of Commerce.
type: "string"
minLength: 3
maxLength: 4
MerchantCategoryCode:
description: >
Category code values are used to enable the classification of
merchants into specific categories based on the type of business,
trade or services supplied.
Category code conforms to ISO 18245, related to the type of services
or goods the merchant provides for the transaction."
type: string
minLength: 3
maxLength: 4
additionalProperties: false
IsBeneficiaryConfirmed:
description: Beneficiary account details have been confirmed successfully using Confirmation of Payee
type: boolean
AEIsBeneficiaryPrePopulated:
description: "Is Beneficiary populated"
type: "boolean"
AEIsVerifiedbyTPP:
description: "The TPP has onboarded the Beneficiary"
type: "boolean"
AEAdditionalAccountHolderIdentifiers:
type: "array"
items:
type: "object"
description: "Provides the details to identify an account."
required:
- "IdentificationTypeSchemeName"
- "Identification"
properties:
IdentificationTypeSchemeName:
$ref: "#/components/schemas/AERiskExternalAccountIdentificationCode"
Identification:
$ref: "#/components/schemas/AEIdentification"
Name:
$ref: "#/components/schemas/AEName"
additionalProperties: false
AERiskExternalAccountIdentificationCode:
description: "Name of the identification scheme, in a coded form as published in an external list."
type: "string"
enum:
- "UAEOF.EmiratesID"
- "UAEOF.TradeLicenceNumber"
AEIdentification:
description: |
Identification for the account assigned by the LFI based on the Account Scheme Name.
This identification is known by the User account owner.
type: "string"
minLength: 1
AEMobileNumber:
description: |
Mobile number of the account owner.
type: "string"
maxLength: 16
AEName:
type: "object"
description: |
The Account Holder Name is the name or names of the Account owner(s) represented at the account level
properties:
en:
type: "string"
description: "English value of the string"
maxLength: 70
ar:
type: "string"
description: "Arabic value of the string"
maxLength: 70
additionalProperties: false
AETradingName:
type: "object"
description: |
The Trading Brand Name (if applicable) for the Creditor.
Applicable to Payments.
properties:
en:
type: "string"
description: "English value of the string"
maxLength: 70
ar:
type: "string"
description: "Arabic value of the string"
maxLength: 70
additionalProperties: false
AEAddress:
description: |
(Array) Address information that locates and identifes a specific address, as defined by a national or international postal service."
type: "array"
minItems: 1
items:
type: "object"
required:
- "AddressType"
- "Country"
properties:
AddressType:
$ref: "#/components/schemas/AEAddressTypeCode"
ShortAddress:
$ref: "#/components/schemas/AEShortAddress"
UnitNumber:
$ref: "#/components/schemas/AEUnitNumber"
FloorNumber:
$ref: "#/components/schemas/AEFloorNumber"
BuildingNumber:
$ref: "#/components/schemas/AEBuildingNumber"
StreetName:
$ref: "#/components/schemas/AEStreetName"
SecondaryNumber:
$ref: "#/components/schemas/AESecondaryNumber"
District:
$ref: "#/components/schemas/AEDistrict"
PostalCode:
$ref: "#/components/schemas/AEPostalCode"
POBox:
$ref: "#/components/schemas/AEPOBox"
ZipCode:
$ref: "#/components/schemas/AEZipCode"
City:
$ref: "#/components/schemas/AECity"
Region:
$ref: "#/components/schemas/AERegion"
Country:
$ref: "#/components/schemas/AECountryCode"
additionalProperties: false
AEAddressTypeCode:
description: "Specifies the nature of the Address."
type: "string"
enum:
- "UAEOF.Business"
- "UAEOF.Correspondence"
- "UAEOF.Residential"
example: "UAEOF.Residential"
AEShortAddress:
description: "A short address consists of four letters: region code, branch code, division code, unique code and a four-digit number for the building."
type: "string"
minLength: 1
maxLength: 8
example: "ABCD1234"
AEUnitNumber:
description: "Identifies the unit or apartment number."
type: "string"
minLength: 1
maxLength: 10
example: "6"
AEFloorNumber:
description: "Identifies the building floor number."
type: "string"
minLength: 1
maxLength: 10
example: "2"
AEBuildingNumber:
description: "Identifies the building number."
type: "string"
minLength: 1
maxLength: 10
example: "34"
AEStreetName:
description: "Identifies the street name or road."
type: "string"
minLength: 1
maxLength: 70
example: "Omar Bin Hassan Street"
AEDistrict:
description: "Identifies the district of a city."
type: "string"
minLength: 1
maxLength: 35
example: "Olaya Dist."
AECountryCode:
description: "Indicates the country code in which the address is located (References ISO 3166-1 alpha-2)."
type: "string"
pattern: "^[A-Z]{2,2}$"
example: "SA"
AEPostalCode:
description: " Identifies the postal code; a unique code assigned to a specific geographic area for efficient mail sorting and delivery purposes."
type: "string"
minLength: 1
maxLength: 10
example: "12345"
AEPOBox:
description: " Identifies the POBox."
type: "string"
minLength: 1
maxLength: 10
example: "11562"
AEZipCode:
description: "Identifies the ZIP code; a unique code assigned to a specific geographic area for efficient mail sorting and delivery purposes."
type: "string"
minLength: 1
maxLength: 10
example: "12366"
AESecondaryNumber:
description: "4 numbers representing the accurate location coordinates of the address"
type: "string"
minLength: 4
maxLength: 4
example: "1233"
AECity:
description: "Identifies the name of the city or town where the address is situated."
type: "string"
minLength: 1
maxLength: 35
example: "Riyadh"
AERegion:
description: "Identifies the region."
type: "string"
minLength: 1
maxLength: 35
example: "North"
AEExternalAccountIdentificationCode:
description: "Name of the identification scheme, in a coded form as published in an external list."
type: "string"
enum:
- "UAEOF.IBAN"
- "UAEOF.AccountNumber"
AEOnBehalfOf:
type: object
properties:
TradingName:
type: string
description: Trading Name
LegalName:
type: string
description: Legal Name
IdentifierType:
allOf:
- $ref: '#/components/schemas/AEOnBehalfOfIdentifierType'
description: Identifier Type
Identifier:
type: string
description: Identifier
additionalProperties: false
AEOnBehalfOfIdentifierType:
type: string
enum:
- Other
AEPeriodStartDate:
type: string
format: date
description: |2-
* Payments: Specifies the start date of when a payment schedule begins.
Where this is an optional field, if a value is not provided, then it must default to the Consent CreationDateTime, starting from midnight 00:00:00.
AEPeriodType:
type: string
enum:
- UAEOF.Day
- UAEOF.Week
- UAEOF.Month
- UAEOF.Year
description: |2-
A Period may begin from the Consent CreationDateTime if a PeriodStartDate is not provided.
|Period Type|Description|
|-----------|-----------|
|Day|A continuous period of time, consisting of 24 consecutive hours, starting from midnight (00:00:00) and finishing at 23:59:59 of the same day. |
|Week|A continuous period of time, consisting of seven consecutive days, starting from midnight (00:00:00) and finishing at 23:59:59 of the 7th day. |
|Month|A continuous period of time starting from midnight (00:00:00) of the first day of a month and finishing at 23:59:59 of the last day of that month.|
|Year|A continuous period of time, consisting of 12 months.|
AERateType:
type: string
enum:
- Actual
- Agreed
- Indicative
description: Specifies the type used to complete the currency exchange.
AERequestedExecutionDate:
type: string
format: date
description: |2-
The date when the TPP expects the LFI to execute the payment.
The date must be in the future and cannot be on the same day or a day in the past.
The maximum date in the future that can be specified is 1 year from the day of the consent of the User to the TPP.
All dates in the JSON payloads are represented in ISO 8601 date format.
AEServiceInitiationAuthorizationDetailConsent:
type: object
required:
- Type
- Consent
- Subscription
properties:
Type:
type: string
enum:
- urn:openfinanceuae:service-initiation-consent:v1.0-draft5rc1
Consent:
$ref: >-
#/components/schemas/AEServiceInitiationAuthorizationDetailProperties
Subscription:
$ref: '#/components/schemas/EventNotification'
description: >-
Properties for creating a consent object for the first time a User
consents to TPP access to service initiation APIs
additionalProperties: false
AEServiceInitiationAuthorizationDetailProperties:
type: object
required:
- ConsentId
- AcceptedAuthorizationType
- PersonalIdentifiableInformation
- ControlParameters
- PaymentPurposeCode
properties:
ConsentId:
$ref: '#/components/schemas/AEConsentId'
BaseConsentId:
$ref: '#/components/schemas/AEBaseConsentId'
AcceptedAuthorizationTypeIsSingleAuthorization:
$ref: '#/components/schemas/AEAcceptedAuthorizationTypeRequestPaymentsIsSingleAuthorization'
AuthorizationExpirationTimeWindowAuthorizationExpirationDateTime:
type: string
patternformat: >date-time
^(00[0-9]|0[1-9][0-9]|[1-6][0-9]{2}|7[01][0-9]|720):[0-5][0-9]:[0-5][0-9]$
description: description: |2-
A time window by which a Consent (in AwaitingAuthorization status) must be Authorized by the User.
The time window starts from the actual CreationDateTime (when the Consent is staged with the LFI).
If the current time window exceeds the Authorization Expiration Time Window (and the Consent status is AwaitingAuthorization) then the Consent Status must be set to Rejected.
The time window is based on a custom time format hhh:mm:ss. e.g. 720:00:00 represents a time window of 720 hours, 00 minutes, 00 seconds (30 days) after the CreationDateTime to Authorize the Consent.
ExpirationDateTime:
allOf:
- $ref: '#/components/schemas/ARConsentExpirationDateTime'
description: |2-
Specified date and time the consent will expire.
If this is not populated, the consent will remain active as a long lived consent until the maximum consent validity period as per section 4.1.1 Consent Elements in the API User Guide.
All dates in the JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00
* For Payment Consents, the maximum expiration time limit should be 23:59:59 (1 second before 00:00:00)
Permissions:
type: array
items:
$ref: '#/components/schemas/AEServiceInitiationConsentPermissionCodes'
description: |2-
Specifies the permitted Account Access data types.
This is a list of the data groups being consented by the User, and requested for authorization with the LFI.
This allows a TPP to request a balance check permission.
ReadRefundAccount:
type: boolean
description: Allows the LFI to share the refund account details with TPP
CurrencyRequest:
$ref: '#/components/schemas/AECurrencyRequest'
PersonalIdentifiableInformation:
$ref: '#/components/schemas/AEJWEPaymentPII'
ControlParameters:
$ref: '#/components/schemas/AEServiceInitiationConsentControlParameters'
PayerReference:
allOf:
DebtorReference:
- $ref: '#/components/schemas/AEServiceInitiationReferenceAEServiceInitiationStructuredDebtorReference'
description: Reason or reference for the payer regarding the Payment
BeneficiaryReferenceCreditorReference:
allOf:
- $ref: '#/components/schemas/AEServiceInitiationReference'
description: Reason or reference for the beneficiary regarding the Payment
PaymentPurposeCode:
$ref: '#/components/schemas/AEServiceInitiationPaymentPurposeCode'
SponsoredTPPInformation:
$ref: '#/components/schemas/AEServiceInitiationSponsoredTPPInformation'
additionalProperties: false
AEServiceInitiationConsentControlParameters:
type: object
properties:
IsPayByAccount:
type: boolean
description: A flag to denote if the Payment is an E-Commerce transaction
ConsentSchedule:
$ref: '#/components/schemas/AEServiceInitiationConsentSchedule'
description: Control Parameters set the overall rules for the Payment Schedule
additionalProperties: false
AEServiceInitiationConsentPermissionCodes:
type: string
enum:
- ReadAccountsBasic
- ReadAccountsDetail
- ReadBalances
AEServiceInitiationConsentSchedule:
type: object
properties:
SinglePayment:
$ref: '#/components/schemas/AEServiceInitiationSinglePayment'
MultiPayment:
$ref: '#/components/schemas/AEServiceInitiationLongLivedPaymentConsent'
FilePayment:
$ref: '#/components/schemas/AEServiceInitiationFilePaymentConsent'
description: |2-
The various payment types that can be initiated:
* A Single Payment
* A Multi-Payment
* A Combined Payment (one SinglePayment and one MultiPayment)
additionalProperties: false
AEServiceInitiationDefinedSchedule:
type: object
required:
- Type
- Schedule
properties:
Type:
type: string
enum:
- UAEOF.DefinedSchedule
description: The Periodic Schedule Type
Schedule:
type: array
items:
$ref: '#/components/schemas/AEServiceInitiationSchedule'
minItems: 1
description: >-
Payment Schedule denoting a list of pre-defined future dated payments
all with fixed amounts and dates.
additionalProperties: false
AEServiceInitiationFilePaymentConsent:
type: object
required:
- FileType
- FileHash
- NumberOfTransactions
- ControlSum
properties:
FileType:
type: string
minLength: 1
maxLength: 40
description: Specifies the payment file type
FileHash:
type: string
minLength: 1
maxLength: 44
description: A base64 encoding of a SHA256 hash of the file to be uploaded.
FileReference:
$ref: '#/components/schemas/AEServiceInitiationReference'
NumberOfTransactions:
type: integer
description: >-
Number of individual transactions contained in the payment
information group.
ControlSum:
type: string
pattern: ^\d{1,16}\.\d{2}$
description: >-
Total of all individual amounts included in the group, irrespective
of currencies.
RequestedExecutionDateTime:
$ref: '#/components/schemas/AERequestedExecutionDate'
description: A Consent definition for defining Bulk/Batch Payments
additionalProperties: false
AEServiceInitiationFixedPeriodicSchedule:
type: object
required:
- Type
- PeriodType
- PeriodStartDate
- Amount
properties:
Type:
type: string
enum:
- UAEOF.FixedPeriodicSchedule
PeriodType:
$ref: '#/components/schemas/AEPeriodType'
PeriodStartDate:
$ref: '#/components/schemas/AEPeriodStartDate'
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
description: >-
Payment Controls that apply to all payment instructions in a given
period under this payment consent.
additionalProperties: false
AEServiceInitiationFutureDatedPayment:
type: object
required:
- Type
- Amount
- RequestedExecutionDate
properties:
Type:
type: string
enum:
- UAEOF.SingleFutureDatedPayment
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
RequestedExecutionDate:
$ref: '#/components/schemas/AERequestedExecutionDate'
description: >-
A long-lived consent that MUST be used for a single payment which will
be authorized by the User during the payment journey, but the payment
will be initiated by the TPP in the future.
additionalProperties: false
AEServiceInitiationLongLivedPaymentConsent:
type: object
required:
- Amount
- MaximumIndividualPaymentAmount
- PeriodicSchedule
properties:
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
MaximumIndividualPaymentAmount:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: |2-
This is the Maximum amount a variable payment related to the Consent can take.
All payment amounts must be smaller or equal to this value.
MaximumCumulativeValueOfPayments:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: |2-
The maximum cumulative value of all successful payment rails executions under the Consent.
Each successful payment rails execution amount (related to the Consent) is added to the total cumulative value of the Consent which cannot exceed the maximum value agreed with the User at the point of consent.
MaximumCumulativeNumberOfPayments:
type: integer
description: |2-
The maximum cumulative number of all successful payment rails executions under the Consent.
Each successful payment rails execution (related to the Consent) is added to the total cumulative number of payments for the Consent which cannot exceed the maximum value agreed with the User at the point of consent.
PeriodicSchedule:
$ref: >-
#/components/schemas/AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule
description: A Consent definition for defining Multi Payments
additionalProperties: false
AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule:
type: object
required:
- DefinedSchedule
- FixedPeriodicSchedule
- VariablePeriodicSchedule
properties:
DefinedSchedule:
$ref: '#/components/schemas/AEServiceInitiationDefinedSchedule'
FixedPeriodicSchedule:
$ref: '#/components/schemas/AEServiceInitiationFixedPeriodicSchedule'
VariablePeriodicSchedule:
$ref: '#/components/schemas/AEServiceInitiationVariablePeriodicSchedule'
Type:
type: string
description: >-
Discriminator property for
AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule.
discriminator:
propertyName: Type
description: The definition for a schedule
additionalProperties: false
AEServiceInitiationPaymentPurposeCode:
type: string
minLength: 1
maxLength: 4
pattern: ^[A-Z]{4}$
description: |2-
A Category code, related to the type of services or goods that corresponds to the underlying purpose of the Payment.
* The ISO20022 External code sets
AEServiceInitiationReference:
type: string
minLength: 1
maxLength: 120
description: A reason or reference in relation to a payment. reference in relation to a payment.
AEServiceInitiationStructuredDebtorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Payer reference consisting of:
* For payments to Merchants: TPP ID, Merchant ID, BIC and PostCode for the Creditor Account, followed by freeform text to a maximum of 120 characters.
* For other payments: TPP ID, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
The Merchant ID wil be as per the existing IPP rules for the Merchant identification, and will incorporate the Trade License number for the Merchant.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
A PostCode is specified according to the standard format for ISO 20022, and can therefore be either a maximum of 16 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must first omit or truncate the freeform element of the reference, followed by the PostCode.
oneOf:
- type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},Merchant=[A-Z0-9]{3}-[A-Z]{4}-TL.+-[0-9]{4},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1},PostCode=[A-Z0-9]{1,16}($|,.+$)"
- type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}($|,.+$)"
AEServiceInitiationSchedule:
type: object
required:
- PaymentExecutionDate
- Amount
properties:
PaymentExecutionDate:
type: string
format: date
description: |2-
Used to specify the expected payment execution date/time.
All dates in the JSON payloads are represented in ISO 8601 date format.
An example is: 2023-04-05
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
additionalProperties: false
AEServiceInitiationSingleInstantPayment:
type: object
required:
- Type
- Amount
properties:
Type:
type: string
enum:
- UAEOF.SingleInstantPayment
description: The Payment Type
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
ExpectedInitiationTimeWindow:
$ref: '#/components/schemas/AEExpectedInitiationTimeWindow'
description: >-
A single immediate payment consent that MUST be be used for a single
payment which will be initiated immediately after User authorization at
the LFI.
additionalProperties: false
AEServiceInitiationSinglePayment:
anyOf:
- $ref: '#/components/schemas/AEServiceInitiationSingleInstantPayment'
- $ref: '#/components/schemas/AEServiceInitiationFutureDatedPayment'
discriminator:
propertyName: Type
mapping:
UAEOF.SingleInstantPayment: '#/components/schemas/AEServiceInitiationSingleInstantPayment'
UAEOF.SingleFutureDatedPayment: '#/components/schemas/AEServiceInitiationFutureDatedPayment'
description: A Consent definition for defining Single Payments
AEServiceInitiationSponsoredTPPInformation:
type: object
required:
- Name
- Identification
properties:
Name:
type: string
minLength: 1
maxLength: 50
description: The Sponsored TPP Name
Identification:
type: string
minLength: 1
maxLength: 50
description: The Sponsored TPP Identification
description: |2-
The Sponsored TPP is:
* A TPP that itself has no direct Open Banking API integrations.
* A TPP that is using the integration of another TPP that does have direct Open Banking API integrations.
additionalProperties: false
AEServiceInitiationVariablePeriodicSchedule:
type: object
required:
- Type
- PeriodType
- MaximumCumulativeValueOfPaymentsPerPeriodType
- MaximumCumulativeNumberOfPaymentsPerPeriodType
properties:
Type:
type: string
enum:
- UAEOF.VariablePeriodicSchedule
PeriodType:
$ref: '#/components/schemas/AEPeriodType'
PeriodStartDate:
$ref: '#/components/schemas/AEPeriodStartDate'
MaximumCumulativeValueOfPaymentsPerPeriodType:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: >-
The maximum cumulative payment value of all payment initiations per
Period Type.
MaximumCumulativeNumberOfPaymentsPerPeriodType:
type: integer
description: The maximum frequency of payment initiations per Period Type.
description: >-
Payment Controls that apply to all payment instructions in a given
period under this payment consent.
additionalProperties: false
ARConsentExpirationDateTime:
type: string
format: date-time
Amount:
type: number
CurrencyCode:
type: string
pattern: ^[A-Z]{3}$
EventNotification:
type: object
required:
- Webhook
properties:
Webhook:
$ref: '#/components/schemas/OBWebhook'
additionalProperties: false
OAuthBadRequestErrorResponse:
type: object
allOf:
- $ref: '#/components/schemas/OAuthErrorResponse'
description: Bad Request
additionalProperties: false
OAuthErrorCodes:
type: string
enum:
- invalid_request
- invalid_client
- invalid_grant
- unauthorized_client
- unsupported_grant_type
- invalid_scope
description: >-
Status code corresponding to error condition to be returned to the
client
OAuthErrorResponse:
type: object
required:
- error
properties:
error:
$ref: '#/components/schemas/OAuthErrorCodes'
error_description:
type: string
description: Description of the error providing additional information
error_uri:
type: string
description: >-
A URI identifying a human-readable web page with information about
the error
description: Error returned from endpoints compliant with security profile
additionalProperties: false
OBBaseConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
The original ConsentId assigned by the TPP.
It is used by the TPP for updating/renewing parameters associated with
long-lived consents.
It must be provided when long-lived consent parameters are
updated/renewed for a current consent that has not yet finished.
OBConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
Unique identification assigned by the TPP to identify the consent
resource.
OBConsentPermissions:
type: string
enum:
- ReadInsurancePoliciesMotor
description: >-
Specifies the permitted insurance policy data types.
This is a list of the data groups being consented by the User, and
requested for authorization with the LFI.
OBConsentPurpose:
type: string
enum:
- AccountAggregation
- PersonalFinanceManager
- CreditAssessment
- MotorInsuranceQuote
- EnterpriseFinancialManagement
- Other
OBInsuranceAuthorizationDetailConsentProperties:
type: object
required:
- ConsentId
- Permissions
properties:
ConsentId:
$ref: '#/components/schemas/OBConsentId'
BaseConsentId:
$ref: '#/components/schemas/OBBaseConsentId'
Permissions:
type: array
items:
$ref: '#/components/schemas/OBConsentPermissions'
minItems: 1
allOf:
- $ref: '#/components/schemas/OBInsuranceAuthorizationDetailProperties'
additionalProperties: false
OBInsuranceAuthorizationDetailProperties:
type: object
properties:
ExpirationDateTime:
type: string
format: date-time
description: >-
Specified date and time the permissions will expire.
If this is not populated, the permissions will be open ended.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
OnBehalfOf:
$ref: '#/components/schemas/AEOnBehalfOf'
Purpose:
type: array
items:
$ref: '#/components/schemas/OBConsentPurpose'
description: Primary data for the resource
additionalProperties: false
OBInsuranceAuthorizationDetailReconsentProperties:
type: object
required:
- ConsentId
properties:
ConsentId:
$ref: '#/components/schemas/OBConsentId'
allOf:
- $ref: '#/components/schemas/OBInsuranceAuthorizationDetailProperties'
additionalProperties: false
OBWebhook:
type: object
required:
- Url
- IsActive
properties:
Url:
type: string
description: The TPP Callback URL being registered with the LFI
IsActive:
type: boolean
description: >-
The TPP specifying whether the LFI should send (IsActive true) or
not send (IsActive false) Webhook Notifications to the TPP's Webhook
URL
description: A Webhook Subscription Schema
additionalProperties: false
PushedAuthorizationRequest:
type: object
required:
- client_assertion_type
- client_assertion
- request
properties:
client_assertion_type:
type: string
enum:
- urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
client_assertion:
type: string
description: private_key_jwt client assertion
request:
allOf:
- $ref: '#/components/schemas/RichAuthorizationJar'
description: >-
Rich Authorization Request (RAR) that defines the required JSON Web
Token (JWT) payload. This **does not** represent a correctly
serialized JWT, but provides a Schema Object that correctly defines
the supported RARs.
additionalProperties: false
PushedAuthorizationRequestSigned:
type: object
required:
- requestBody
properties:
requestBody:
$ref: '#/components/schemas/PushedAuthorizationRequest'
additionalProperties: false
PushedAuthorizationResponseBody:
type: object
required:
- request_uri
- expires_in
properties:
request_uri:
type: string
description: The request URI corresponding to the authorization request posted
expires_in:
type: integer
description: >-
A JSON number that represents the lifetime of the request URI in
seconds as a positive integer
additionalProperties: false
RichAuthorizationJar:
type: object
required:
- iss
- exp
- nbf
- client_id
- response_type
- redirect_uri
- scope
- code_challenge
- code_challenge_method
- authorization_details
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
aud:
anyOf:
- type: string
- type: array
items:
type: string
description: >-
For Confirmation of Payee operations this property should be set using two values:
* The organization ID of the TPP who is initiating the request
* The organization ID of the payee LFI, who provided the payee details from the Parties endpoint
Guidance from RFC 7519: [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
client_id:
type: string
response_type:
type: string
enum:
- code
redirect_uri:
type: string
scope:
type: string
state:
type: string
nonce:
type: string
max_age:
type: integer
code_challenge:
type: string
description: Code challenge (PKCE)
code_challenge_method:
type: string
enum:
- S256
description: >-
Code verifier transformation method, set to S256 as per clause
[5.3.1.2.5](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.1.2-2.5.1)
of the FAPI 2.0 Security Profile
authorization_details:
type: array
items:
$ref: '#/components/schemas/RichAuthorizationRequestObjects'
additionalProperties: false
RichAuthorizationRequestObjects:
oneOf:
- $ref: '#/components/schemas/AEAccountAccessAuthorizationDetailsConsent'
- $ref: '#/components/schemas/AEAccountAccessAuthorizationDetailsReconsent'
- $ref: '#/components/schemas/AEInsuranceAuthorizationDetailsConsent'
- $ref: '#/components/schemas/AEInsuranceAuthorizationDetailsReconsent'
- $ref: '#/components/schemas/AEServiceInitiationAuthorizationDetailConsent'
Versions:
type: string
enum:
- v1.0-draft5rc1
|
