...
| Awesome api app render macro | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
openapi: 3.0.1
servers:
- url: https://<your-ozone-cm-server>
info:
title: Consent Manager API
description: |
This document provides an API description in [OpenAPI](https://spec.openapis.org/oas/v3.0.1.html)
for the Consent Manager API.
These APIs are implemented by Ozone and should be called by the financial institution to find, modify and delete consents.
#### Changes in Release 2024.48.1
* Changed account access and insurance permissions from a string to an array of string values
#### Changes in Release 2024.48.0
* Added required fields parId, rarType, ConsentBody.CreationDateTime & standardVersion in newConsent object
* Added health check endpoint GET /hello-mtls
* Added new object ConsentUsage in consent object
#### Changes in Release 2024.46.0
* Changed PeriodicSchedule to mandatory in AEServiceInitiationLongLivedPaymentConsent
* Changed AEServiceInitiationFixedDefinedSchedule and
AEServiceInitiationVariableDefinedSchedule to a maximum of 53 items
* Changed ExpirationDateTime to mandatory for insurance consents
* Changed AEPaymentConsumption to match v1.1 of the standards
* Changed PersonalIdentifiableInformation to optional in AEPaymentRequest
* Changed AERisk object to provide details of enhanced risk data encrypted as the
payload of the JWE
* Changed ReadPartyPSU and ReadPartyPSUIdentity to ReadPartyUser and
ReadPartyUserIdentity respectively
* Changed PaymentPurposeCode from 4 to 3 characters to match Aani code format
* Removed Received status from payment statuses
* Changes as per V1.1
* Updated description of `ExpirationDateTime` and `BaseConsentId`
* Removed `FollowingServiceLevel` enum from `CurrencyRequest.ChargeBearer`
* Removed `IsPayByAccount`, `ExpectedInitiationTimeWindow` and added `IsDelegatedAuthentication`
* Added new periodic Schedule type
* Made `Permissions` and `ExpirationDateTime` Mandatory for Data sharing and Insurance
* Introduced `oneOf` in `PersonalIdentifiableInformation`
* Removed `oneOf` from `DebtorReference`
* Added `ReadRefundAccount` enum in Service Initiation `Permissions`
* Changed `tpp` property in to provide more information about the
TPP and the Client software statement
* Changed `pageSize` type from `string` to `integer`
* Changed `consentBody` to be mandatory for consent operations
#### Changes in Release 2024.43.0
* Added OpenFinanceBilling object to AEAccountAccessConsentBody, AEInsuranceConsentBody and AEPaymentConsentResponse
* Added OpenFinanceBilling to Get and Patch Consents and Get and Patch Payment log.
#### Changes in Release 2024.37.0
* Update description for consent identifier clarifying the source of the value.
* Removed `additionalProperties: true` as not required and causes tooling issues
#### Changes in Release 2024.34.1
* CreditCard, PrePaidCard, EMoney, ChargeCard and Other enums have been removed from the AccountSubType.
* In AEAccountAccessConsentBody, Purpose field has been made mandatory and it has been made optional in AEInsuranceConsentBody.
* Amount field has been changed from number type to string.
* Amount, MaximumIndividualPaymentAmount and PeriodicSchedule have been made optional in MultiPayment.
* In PeriodicSchedule, DefinedSchedule, FixedPeriodicSchedule and VariablePeriodicSchedule have been made optional.
* In VariablePeriodicSchedule, MaximumCumulativeValueOfPaymentsPerPeriodType and MaximumCumulativeNumberOfPaymentsPerPeriodType have been made optional.
* In VariablePeriodicSchedule, Type field has been removed.
* In FilePayment, RequestedExecutionDateTime has been changed to RequestedExecutionDate
* In AEServiceInitiationDefinedSchedule, maxItems has been updated to 50
* ConnectToken has been added to cbuaePatchBody
* Refactored Security Scheme Objects to use common definitions across all API Hub APIs
* Implemented the correct Security Requirements for this API description, reflecting security patterns available in API Hub
* Added Rich Authorization Request (RAR) payload enumeration values for each consent type based on standards definitions
#### Changes in Release 2024.31.1
* Added the `authorizationChannel` field to the `patchConsent` and `getConsent` APIs
contact:
name: Ozone Financial Technology Limited
version: 2024.4648.01
tags:
- name: consents
- name: consent-groups
- name: consents-by-psu
- name: consents-by-account
- name: payments
- name: actions
security:
- {}
- OzoneConnectJwtAuth: []
paths:
/consents:
post:
tags:
- consents
summary: Creates a new consent
description: |
Used by Ozone to create a new consent using a Heimdall interaction.
operationId: addConsent
requestBody:
description: |
Creates a new consent in the consent Manager.
The API is primararily used by Ozone for creating consents when requested by a TPPs.
Financial Institutions may use this end-point to import consents and for supporting externally managed consents. This is not part of the CBUAE standard.
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/AuthorizationDetails"
responses:
'201':
description: |
Indicates the successful creation of a consent
content:
application/json:
schema:
$ref: "#/components/schemas/ConsentPostResponse"
'400':
description: |
Indicates a failure to create the consent
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
get:
tags:
- consents
summary: Retrieves all the consents that meet the search criteria
description: |
Retrieves an array of consents that meets the search criteria.
If no consents could be found, then an empty array is returned.
This API may be used by an financial institution to get a "stream" of consents that have been created or updated since a given timestamp.
operationId: getAllConsents
parameters:
- name: updatedAt
in: query
schema:
type: number
required: false
description: |
Select only consents updated after the specified time
- $ref: "#/components/parameters/consentType"
- $ref: "#/components/parameters/status"
- $ref: "#/components/parameters/page"
- $ref: "#/components/parameters/pageSize"
responses:
'200':
description: |
Successful response
content:
application/json:
schema:
$ref: "#/components/schemas/multiConsentResponse"
'400':
description: Indicates a failure to retrieve the consents
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
/consents/{consentId}:
get:
tags:
- consents
summary: Retrieve a consent by its id
description: Retrieves a consent by its id.
operationId: getConsentsByConsentId
parameters:
- $ref: "#/components/parameters/consentId"
responses:
'200':
description: successful operation
content:
application/json:
schema:
type: object
required:
- data
- meta
properties:
data:
$ref: "#/components/schemas/consent"
meta:
$ref: "#/components/schemas/meta"
'400':
description: |
Indicates a failure to retrieve the consent
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
patch:
tags:
- consents
summary: Patches one or more fields in a consent
description: |
This operation allows an financial institution modify fields within a consent's `consentBody`.
Typically, this API would be called after the PSU has authorised a consent. This would
allow the financial institution to "patch in" the `psuIdentifier` and `accountIds` associated with the
consent.
This is also called as authentication progresses for a multi-auth consent.
operationId: patchConsent
parameters:
- $ref: "#/components/parameters/consentId"
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/cbuaePatchBody"
responses:
'204':
description: |
Indicates a successful operation.
The response does not have a body.
'400':
description: |
Indicates a failure to patch the consent
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
/consents/{consentId}/audit:
get:
tags:
- consents
summary: Retrieve an audit of a consent by the consent's id
description:
Retrieves an audit of a consent by the consent's id.
The audit log is a low-level record of all changes applied to a Consent
throughout its life-cycle
operationId: getAuditConsentsByConsentId
parameters:
- $ref: "#/components/parameters/consentId"
responses:
'200':
description: successful operation
content:
application/json:
schema:
type: object
required:
- data
- meta
properties:
data:
type: array
items:
type: object
required:
- providerId
- operation
- timestamp
- fkMongoId
- fkId
- id
- ozoneInteractionId
properties:
providerId:
type: string
description: |
The provider id of the financial institution that made the change
operation:
type: string
description: |
Like "create" or "patch"
timestamp:
type: integer
fkMongoId:
type: string
description: |
A unique identifier for the audit log in mongodb
fkId:
type: string
description: |
A unique identifier for the consentId
id:
type: string
description: |
A unique identifier for the audit log
ozoneInteractionId:
type: string
description: |
The ozone interaction id assigned to the interaction that caused this changed. Useful for looking up the api-log.
Note - this is not the "heimdall Interaction Id" - this is an identifier for the API log
callerDetails:
type: object
description: |
The details of the API caller that made the change
additionalProperties: false
properties:
callerOrgId:
type: string
callerClientId:
type: string
callerSoftwareStatementId:
type: string
patchFilter:
type: string
description: |
Low-level operation description of the selector for the patch
patch:
type: string
description: |
Low-level operation description of the patch that was applied at the storage level
meta:
$ref: "#/components/schemas/meta"
'400':
description: |
Indicates a failure to retrieve the consent's audit trail
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
/consent-groups/{consentGroupId}/consents:
get:
tags:
- consent-groups
summary: Retrieves consents within a consent group
description: |
Retrieves an array of consents that are within a consent group.
If no consents could be found, then an empty array is returned.
For CBUAE, a consent group id is the `BaseConsentId`
operationId: getConsentsInConsentGroup
parameters:
- name: consentGroupId
in: path
schema:
type: string
required: true
description: |
Select consents within the consentGroupId
- $ref: "#/components/parameters/consentType"
- $ref: "#/components/parameters/status"
- $ref: "#/components/parameters/page"
- $ref: "#/components/parameters/pageSize"
responses:
'200':
description: |
Successful response
content:
application/json:
schema:
$ref: "#/components/schemas/multiConsentResponse"
'400':
description: Indicates a failure to retrieve the consents
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
/psu/{userId}/consents:
get:
tags:
- consents-by-psu
summary: Retrieves all the consents associated with a given PSU
description: |
Retrieves an array of consents associated with the PSU.
If no consents could be found associated with the PSU, then an empty array is returned.
The userId path parameter is matched with the `psuIdentifiers.userId` field in the consent.
operationId: getConsents
parameters:
- $ref: "#/components/parameters/userId"
- $ref: "#/components/parameters/consentType"
- $ref: "#/components/parameters/status"
- $ref: "#/components/parameters/page"
- $ref: "#/components/parameters/pageSize"
responses:
'200':
description: |
Successful response
content:
application/json:
schema:
$ref: "#/components/schemas/multiConsentResponse"
'400':
description: Indicates a failure to retrieve the consents
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
/accounts/{accountId}/consents:
get:
tags:
- consents-by-account
summary: Retrieve consents of a account by its id
description: |
Retrieve consents of a account by its id
operationId: getAccountIdConsents
parameters:
- name: accountId
in: path
schema:
type: string
required: true
description: Identifier for the account
- $ref: "#/components/parameters/consentType"
- $ref: "#/components/parameters/status"
- $ref: "#/components/parameters/page"
- $ref: "#/components/parameters/pageSize"
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: "#/components/schemas/multiConsentResponse"
'400':
description: |
Indicates a failure to create the consent
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
/consent-groups/{consentGroupId}/consents/action/revoke:
post:
tags:
- actions
summary: Revokes consents within a consent group
description: |
Revokes consents that are within a consent group.
operationId: revokeConsentsInConsentGroup
parameters:
- name: consentGroupId
in: path
schema:
type: string
required: true
description: |
Select consents within the consentGroupId
requestBody:
description: |
An end-point for revoking a consent within a consent group.
This is similar in behaviour to the consent revocation endpoint, but operates on a consent group id parameter instead
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/RevokeConsent"
responses:
'204':
description: |
Indicates a successful operation.
The response does not have a body.
'400':
description: Indicates a failure to revoke the consent
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
/consents/{consentId}/action/revoke:
post:
tags:
- actions
summary: Revoke a consent by its id
description:
Revokes a consent by its id along with any associated access and refresh tokens.
This API is used by ozone internally to revoke consents.
The API should be used by a financial institution to revoke consents (rather than simply patching the consent) to also revoke the tokens associated with the consent
operationId: revokeConsentsByConsentId
parameters:
- $ref: "#/components/parameters/consentId"
requestBody:
description: |
An end-point for revoking a consent.
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/RevokeConsent"
responses:
'204':
description: |
Indicates a successful operation.
The response does not have a body.
'400':
description: |
Indicates a failure to revoke the consent
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
/payment-log:
get:
tags:
- payments
summary: Retrieve a payment log by its consent id or account id
operationId: getAuditConsentsByConsentIdw
description: |
Either one of the query parameters can be used, not both.
parameters:
- name: consentId
in: query
schema:
type: string
required: true
description: |
Identifier for the consent
- name: accountId
in: query
schema:
type: string
required: true
description: |
Identifier for the account
responses:
'200':
description: successful operation
content:
application/json:
schema:
type: object
required:
- data
- meta
properties:
data:
type: array
items:
type: object
required:
- consentId
- paymentType
- paymentId
- idempotencyKey
- paymentResponse
- tpp
- accountId
- psuIdentifiers
- interactionId
- authorizationCode
- requestBody
- requestHeaders
properties:
consentId:
type: string
description: |
A consent identifier generated by the TPP for the consent.
paymentType:
type: string
description: |
The underlying payment type
For example,
- cbuae-payment (Single Instant Payment, Multi Payment - Fixed and Variable Recurring Payment, Future Dated Payment etc)
- cbuae-file-payment
paymentId:
type: string
idempotencyKey:
type: string
paymentResponse:
type: object
description: |
The payment response as received from the financial institution as a result of a `make-payment` call
properties:
id:
type: string
description: |
A unique id for the payment in uuid-v4 format.
status:
type: string
description: |
The current status of the payment
enum:
- "Pending"
- "AcceptedSettlementCompleted"
- "AcceptedCreditSettlementCompleted"
- "AcceptedWithoutPosting"
- "Rejected"
creationDateTime:
type: string
pattern: ($date-time)
description: |
An ISO date-time representing when the consent was created
statusUpdateDateTime:
type: string
pattern: ($date-time)
description: |
An ISO date-time representing when the consent status was last updated
OpenFinanceBilling:
$ref: "#/components/schemas/AEServiceInitiationOpenFinancePaymentBilling"
signedResponse:
type: string
tpp:
$ref: "#/components/schemas/tpp"
accountId:
type: integer
psuIdentifiers:
$ref: "#/components/schemas/psuIdentifiers"
interactionId:
$ref: "#/components/schemas/apiLogInteractionId"
authorizationCode:
type: object
properties:
paymentId:
type: string
accessTokenHash:
type: string
currentDateTime:
type: string
pattern: ($date-time)
requestBody:
$ref: "#/components/schemas/AEPaymentAndFilePaymentRequest"
signedRequestBody:
type: string
requestHeaders:
type: object
description: |
The entire set of Http request headers that was received by Ozone from the TPP
meta:
$ref: "#/components/schemas/meta"
'400':
description: |
Indicates a failure to retrieve the payments
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
/payment-log/{id}:
patch:
tags:
- payments
summary: Patches one or more fields in a payment-log based on id .
description: |
This operation allows an modify fields within a payment's `paymentResponse`.
This is used by the financial institutions to update the status of a payment
operationId: patchPymentlog
parameters:
- $ref: "#/components/parameters/id"
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/CbuaePatchPaymentRecordBody"
responses:
'204':
description: |
Indicates a successful operation.
The response does not have a body.
'400':
description: |
Indicates a failure to retrieve the payments
content:
application/json:
schema:
$ref: "#/components/schemas/errorResponse"
components: schemas/hello-mtls:
errorResponseget:
typeoperationId: objecthelloMtls
propertiestags:
errorCode:- health-check
summary: check connectivity type:including stringmtls and provides information about the client cert that the server description:received
Error code identifying the problem occured description:
errorMessage: This health check is used to check that the type: string
end-to-end network connectivity is working as expected including mutual tls.
description: Message describing what problem hasThis occuredhealth check endpoint assists in debugging meta:mutual tls client issues.
type: object The health check additionalProperties:returns falseinformation about the client certificate and the apiLogInteractionId:issuer of the client certificate that type: objectthe server received.
propertiesresponses:
ozoneInteractionId'200':
typedescription: OK
string clientInteractionIdcontent:
type: string application/json:
additionalProperties: false requiredschema:
- ozoneInteractionId tpp$ref: '#/components/schemas/HealthCheckCertResponse'
components:
schemas:
description errorResponse:
The TPP record as held bytype: Ozone.object
If Ozone TPP Connect has been integratedproperties:
into a errorCode:
directory, the `directoryRecord` provides the TPP's directory record astype: heldstring
by Ozone in description: Error basecode 64identifying encodedthe format.problem occured
type: object errorMessage:
required: type: string
- clientId description: -Message orgIddescribing what problem has occured
- softwareStatementIdmeta:
type: object
- tppId additionalProperties: false
- tppName apiLogInteractionId:
-type: decodedSsaobject
properties:
clientIdozoneInteractionId:
descriptiontype: Thestring
client identifier
for the TPP as issued by the Trust FrameworkclientInteractionId:
type: string
additionalProperties: false
pattern: '^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$' required:
tppId: - ozoneInteractionId
descriptiontpp:
The identifier used by the API Hubdescription: toThe uniquelyTPP identifyrecord theas TPPheld by Ozone. If Ozone TPP Connect has been integrated into type:a
string directory, tppName:the `directoryRecord` provides the TPP's directory record as held by Ozone description:in
The TPP name recorded in the Trust Framework base 64 encoded format.
type: stringobject
required:
obieTppId: - clientId
description: The UK market TPP identifier. This- propertyorgId
is not used for CBUAE and is therefore - softwareStatementId
- tppId
marked as deprecated. - tppName
type: string - decodedSsa
deprecatedproperties:
true softwareStatementIdclientId:
description: The softwareclient statement identifier for the Client.TPP as issued by the Trust Framework
type: string type: string
obieSoftwareStatementId: pattern: description: The UK market software statement identifier. This property is not used for CBUAE'^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$'
tppId:
description: The identifier used by the API Hub andto isuniquely thereforeidentify marked as deprecated.the TPP
type: string
tppName:
deprecated: true obieSoftwareStatementNamedescription: The TPP name recorded in the Trust Framework
type: string
obieTppId:
description: The UK market softwareTPP statement nameidentifier. This property is not used for CBUAE and is therefore
is therefore marked as deprecated.
type: string
deprecated: true
softwareStatementId:
directoryRecord description: The software statement identifier for the Client.
type: string
obieSoftwareStatementId:
description: The UK latestmarket copysoftware ofstatement theidentifier. TPPThis directoryproperty recordis retrievenot fromused thefor CBUAE Trust Framework
and is therefore marked as deprecated.
directory, encoded as a Base 64type: string
formatdeprecated: base64true
ssaobieSoftwareStatementName:
description: The encodedUK market Softwaresoftware Statementstatement Assertionname. This property is not used for CBUAE and
is is therefore marked as deprecated.
type: string
deprecated: true
decodedSsadirectoryRecord:
$reftype: "#/components/schemas/softwareStatementProperties"string
orgId:
description: The latest copy of the TPP directory record retrieve from the CBUAE Trust Framework
description: The organization identifier for the TPP directory, encoded as a Base 64 string
typeformat: string base64
ssa:
pattern: '^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-description: The encoded Software Statement Assertion. This property is not used for CBUAE and is
therefore marked as deprecated.
type: string
deprecated: true
decodedSsa:
$ref: "#/components/schemas/softwareStatementProperties"
orgId:
description: The organization identifier for the TPP
type: string
pattern: '^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$'
softwareStatementProperties:
description: |
The decoded software statement retrieved from the Trust Framework that provides
the properties of the Client.
Please note:
- The JSON payload will contain other properties in addition to those listed
here. The properties listed here are considered most relevant for activities
such as TPP logo retrieval and JWS verification.
- The content reflects elements of discovery metadata, which in generally
defined as a file rather than an API. Providing constraints such as
`minLength` and `maxLength` is impractical in this context
The full software statement record is also available in the Trust Framework.
Please also refer the Registration Framework page in the CBUAE standards for
additional guidance on these properties.
type: object
properties:
redirect_uris:
description: The redirect URIs registered by the TPP at the Trust Framework
type: array
items:
type: string
client_name:
description: Name of the Client to be presented to the End-User.
type: string
client_uri:
description: URL of the home page of the Client.
type: string
logo_uri:
description: URL of the Client logo.
type: string
jwks_uri:
description: URL of the Client JSON Web Key Set (JWKS) at the Trust Framework.
type: string
client_id:
description: Unique Client Identifier.
type: string
roles:
description: The roles under which the organization is registered at the Trust Framework.
type: array
items:
type: string
sector_identifier_uri:
description: URL using the https scheme to be used in calculating Pseudonymous Identifiers
by the OP. Allows redirect URI values to be grouped, easing registration
management.
type: string
application_type:
description: Client application type.
type: string
organisation_id:
description: Organization identifier for organization that owns the Client.
type: string
psuIdentifiers:
type: object
description: |
The PSU that is associated with this consent.
The `PSUIdentifiers` object may have artitrary custom fields that an financial institution may use to
identify the PSU.
However, all `PSUIdentifiers` must have a mandatory `userId` field that provides a unique
user id for the PSU.
The consent is initially created without a PSU identified.
The value must be specified once the consent is authorised.
properties:
userId:
type: string
required:
- userId
newConsent:
type: object
properties:
id:
type: string
description: |
A unique identifier for the consent in uuid-v4 format.
consentGroupIdparId:
type: string
description: |
A unique identifier for the consentPAR request groupthat increated uuid-v4this formatconsent.
The consentvalue groupmatches idthe isvalue usedof tothe grouprequest_uri togetherreturned consentsby thatthe arepost relatedcall to the eachPAR otherendpoint.
requestUrlrarType:
type: string
format: urlpattern: '^urn:openfinanceuae:(?:account-access|insurance|service-initiation)-consent:v[0-9]+\.[0-9]+$'
description: |
The authorization requestdetail urltype of the HttpRAR request that wasresulted receivedin bythis Ozoneconsent.
from the TPP consentType:This value matches the Type of the authorization_details element of the type:RAR stringrequest.
description: | Its value will be one of the authorization_details_types_supported on the well-known endpoint.
The
type of the consent that is being created. standardVersion:
type: string
Each financial institution's instance may support a different set of consentdescription: types|
The ConsentstandardVersion Managerfield supportsspecifies the creationstandardized of consentsversion of differentan consentAPI typesset. dependingAn onAPI theset standardsrefers supported.to a group of APIs designed to deliver a specific functionality (e.g., accounts, payments, - cbuae-account-access-consents
insurance). Example values: 'v1.0', 'v2.1', or 'insurance:v1.1'."
- cbuae-service-initiation-consents
consentGroupId:
type: -string
cbuae-insurance-consents statusdescription: |
$ref: "#/components/schemas/AEConsentStatus" A unique identifier for the consent group in request:
uuid-v4 format.
The consent group $ref: "#/components/schemas/AuthorizationDetails"id is used to group together consents that are related to each other.
requestUrl:
requestHeaderstype: string
type format: objecturl
description: |
The entirerequest seturl of Http request headers that was received by Ozone from the TPP
consentBodyconsentType:
$reftype: "#/components/schemas/cbuaeConsentBody" string
interactionIddescription: |
The type: stringof the consent that is being created.
description: The Heimdall `interactionId` that this consent is associated with.Each financial institution's instance may support a different set of tpp:consent types
$ref: "#/components/schemas/tpp" The Consent Manager supports the creation of consents ozoneSupplementaryInformation:of different consent types depending on the standards supported.
type: object updatedAt:
- cbuae-account-access-consents
type: number - cbuae-service-initiation-consents
required: - cbuae-insurance-consents
id
-status:
consentType - consentBody$ref: "#/components/schemas/AEConsentStatus"
- request:
- requestHeaders $ref: "#/components/schemas/AuthorizationDetails"
- tpp requestHeaders:
cbuaeConsentBody: type: object
description: |
An object representing theThe currententire stateset of theHttp consent.request headers that was received by Ozone from the ThisTPP
includes
the entire request, augmented by additional computed properties consentBody:
(e.g. ids, charges etc) oneOf:
- $ref: "#/components/schemas/AEAccountAccessConsentBodycbuaeConsentBody"
- $refinteractionId:
"#/components/schemas/AEInsuranceConsentBody" - $reftype: "#/components/schemas/AEPaymentConsentResponse"string
patchedConsent: description: The type:Heimdall object`interactionId` that this consent is associated with.
properties:
psuIdentifierstpp:
$ref: "#/components/schemas/psuIdentifierstpp"
accountIdsozoneSupplementaryInformation:
type: arrayobject
itemsupdatedAt:
type: stringnumber
required:
minItems: 1 - id
description: |- - consentType
An- arrayconsentBody
of account ids associated with the consent. The array- mustrequest
be populated once consent has been authorised. - requestHeaders
- Fortpp
payment
consents, the array must alwayscbuaeConsentBody:
have one element - the debtor accounttype: fromobject
which the payment will be made description: |
An object Forrepresenting CBPIIthe consents,current thestate arrayof mustthe alwaysconsent.
have one element - the account for which CoFThis requestsincludes willthe beentire answeredrequest, augmented by additional computed properties
For AIS requests(e.g. ids, thecharges arrayetc)
may contain multiple values, representing each ofoneOf:
the payment accounts for which an AIS service will- be provided.$ref: "#/components/schemas/AEAccountAccessConsentBody"
- supplementaryInformation$ref: "#/components/schemas/AEInsuranceConsentBody"
- description$ref: "#/components/schemas/AEPaymentConsentResponse"
patchedConsent:
Contains additional informationtype: atobject
the discretion of the financial institution. properties:
typepsuIdentifiers:
object interactionId$ref: "#/components/schemas/psuIdentifiers"
typeaccountIds:
string descriptiontype: Thearray
heimdall interaction id that this consent is associated with. This isitems:
updated by heimdall and must not be set by financial institutions. type: string
paymentContext: minItems: 1
type: object description: |-
ConnectToken: An array of type:account stringids associated with the consent. The array must be populated once description:consent Ahas bearerbeen tokenauthorised.
that will be sent as the `Authorization` header for calls to Ozone ConnectFor madepayment underconsents, thisthe consent.array must always have one element cbuaePatchBody:- the debtor account from which the description:payment |will be made
Describes the fields to be patched andFor theirCBPII correspondingconsents, values.the array must always have one element - type:the objectaccount for which CoF requests will be required:answered
- authorizationChannel For AIS requests, the additionalProperties:array falsemay contain multiple values, representing each of properties:the payment accounts for which an AIS service will psuIdentifiers:be provided.
$refsupplementaryInformation:
"#/components/schemas/psuIdentifiers" accountIdsdescription:
type: array Contains additional information at the discretion of the items:
financial institution.
type: stringobject
minItemsinteractionId:
1 type: description:string
|- description: The heimdall interaction Anid arraythat ofthis accountconsent idsis associated with the consent. TheThis arrayis mustupdated beby populatedheimdall onceand consentmust hasnot beenbe authorised.set by financial institutions.
ForpaymentContext:
service initiation, the array must always have one element - thetype: debtorobject
account
from which the payment will be made ConnectToken:
Fortype: datastring
sharing requests, the array may contain multiple values, representing each ofdescription: theA paymentbearer accounts for which an AIS servicetoken that will be provided.sent as the `Authorization` header for calls to Ozone Connect made under this consent.
As
a convenience, when updating the status, the LFI mayconsentUsage:
patch `status` or `consentBody.Data.Status` - the CM will ensure that these are synced.$ref: "#/components/schemas/AEConsentUsage"
cbuaePatchBody:
description: Not|
all state transitions are possible for consent statuses -Describes the standardfields to providesbe apatched listand oftheir validcorresponding transitionsvalues.
supplementaryInformationtype: object
descriptionrequired:
- authorizationChannel
Contains additional information at the discretion of the financial institution.additionalProperties: false
typeproperties:
object statuspsuIdentifiers:
$ref: "#/components/schemas/cbuaePatchableConsentStatuspsuIdentifiers"
consentBody.Data.StatusaccountIds:
$ref: "#/type: array
items:
type: string
minItems: 1
description: |-
An array of account ids associated with the consent. The array must be populated once consent has been authorised.
For service initiation, the array must always have one element - the debtor account from which the payment will be made
For data sharing requests, the array may contain multiple values, representing each of the payment accounts for which an AIS service will be provided.
As a convenience, when updating the status, the LFI may patch `status` or `consentBody.Data.Status` - the CM will ensure that these are synced.
Not all state transitions are possible for consent statuses - the standard provides a list of valid transitions.
supplementaryInformation:
description:
Contains additional information at the discretion of the financial institution.
type: object
status:
$ref: "#/components/schemas/cbuaePatchableConsentStatus"
consentBody.Data.Status:
$ref: "#/components/schemas/cbuaePatchableConsentStatus"
consentBody.Data.ExchangeRate:
$ref: "#/components/schemas/AEExchangeRateInformation"
consentBody.Data.Charges:
$ref: "#/components/schemas/AECharges"
consentBody.Data.RevokedBy:
$ref: "#/components/schemas/AERevokedBy"
consentBody.Meta.MultipleAuthorizers:
$ref: "#/components/schemas/AEMetaMultiAuthorization"
authorizationChannel:
type: string
enum:
- App
- Web
ConnectToken:
type: string
description: A bearer token that will be sent as the `Authorization` header for certain calls to bank connect.
consentBody.Data.OpenFinanceBilling:
$ref: "#/components/schemas/AEOpenFinanceBillingPatch"
consentUsage:
$ref: "#/components/schemas/AEConsentUsage"
AEServiceInitiationOpenFinanceBilling:
type: object
properties:
IsLargeCorporate:
type: "boolean"
description: Customer has more than 100 million AED turnover
description: Billing parameters specified by the LFI
additionalProperties: false
AEOpenFinanceBillingPatch:
type: object
properties:
IsLargeCorporate:
type: "boolean"
description: Customer has more than 100 million AED turnover
description: Billing parameters specified by the LFI
additionalProperties: false
cbuaePatchableConsentStatus:
description: |
Specifies the statuses that a consent can be patched to by an LFI.
type: "string"
enum:
- "Authorized"
- "Rejected"
- "Revoked"
- "Expired"
- "Consumed"
- "Suspended"
CbuaePatchPaymentRecordBody:
type: object
description: |
Describes the fields to be patched and their corresponding values.
required:
- paymentResponse.status
additionalProperties: false
properties:
paymentResponse.status:
type: string
description: |
The current status of the payment
enum:
- "Pending"
- "AcceptedSettlementCompleted"
- "AcceptedCreditSettlementCompleted"
- "AcceptedWithoutPosting"
- "Rejected"
paymentResponse.OpenFinanceBilling:
$ref: "#/components/schemas/AEServiceInitiationOpenFinancePaymentBillingPatch"
paymentResponse.paymentTransactionId:
type: "string"
description: |
This is an end to end TransactionId that is generated by the
underlying payment rails when it is sent from an Originating LFI to a
Receiving LFI:
- For IPP transactions, this is the IPP generated TransactionId.
- This is not the same as the TransactionID in the Account Information
Transactions API.
- The payment transaction ID must be populated if the payment is processed
by the LFI.
minimum: 1
maximum: 40
AEServiceInitiationOpenFinancePaymentBillingPatch:
type: object
properties:
NumberOfSuccessfulTransactions:
type: "integer"
description: |
Number of individual transactions successfully executed by the LFI.
This is returned by the LFI after the file is fully processed.
additionalProperties: false
AEServiceInitiationOpenFinancePaymentBilling:
type: object
properties:
Type:
type: string
enum:
- Collection
- LargeValueCollection
- PushP2P
- PullP2P
- Me2Me
description: The type payment for billing
MerchantId:
description: "MerchantId"
type: "string"
minLength: 8
maxLength: 20
NumberOfSuccessfulTransactions:
type: "integer"
description: |
Number of individual transactions successfully executed by the LFI.
This is returned by the LFI after the file is fully processed.
additionalProperties: false
AEInsuranceConsentBody:
type: object
required:
- Data
properties:
Data:
type: object
required:
- "ConsentId"
- "OpenFinanceBilling"
- "Permissions"
- "ExpirationDateTime"
properties:
ConsentId:
$ref: '#/components/schemas/AEConsentId'
Permissions:
type: array
items:
$ref: '#/components/schemas/AEInsuranceConsentPermissions'
minItems: 1
OpenFinanceBilling:
$ref: '#/components/schemas/AEInsuranceOpenFinanceBilling'
allOf:
- $ref: '#/components/schemas/AEInsuranceAuthorizationDetailProperties'
additionalProperties: false
Meta:
type: object
properties:
MultipleAuthorizers:
$ref: '#/components/schemas/AEMetaMultiAuthorization'
Subscription:
type: object
required:
- Webhook
properties:
Webhook:
$ref: '#/components/schemas/Webhook'
AEInsuranceOpenFinanceBillingPost:
type: object
required:
- Purpose
properties:
Purpose:
description: Purpose of data sharing request
type: string
enum:
- AccountAggregation
- RiskAssessment
- PremiumHistory
- ClaimHistory
- Onboarding
- Verification
- QuoteComparison
- FinancialAdvice
description: Billing parameters specified by the TPP
additionalProperties: false
AEInsuranceOpenFinanceBilling:
type: object
required:
- Purpose
properties:
IsLargeCorporate:
type: "boolean"
description: Customer has more than 100 million AED turnover
Purpose:
description: Purpose of data sharing request
type: string
enum:
- AccountAggregation
- RiskAssessment
- PremiumHistory
- ClaimHistory
- Onboarding
- Verification
- QuoteComparison
- FinancialAdvice
description: Billing parameters specified by the TPP
additionalProperties: false
AEAccountAccessConsentBody:
type: object
required:
- Data
properties:
Data:
type: object
required:
- "ConsentId"
- "OpenFinanceBilling"
- "Permissions"
- "ExpirationDateTime"
properties:
ConsentId:
$ref: '#/components/schemas/AEConsentId'
Permissions:
type: array
items:
$ref: '#/components/schemas/AEAccountAccesssConsentPermissionCodes'AEAccountAccessConsentPermissionCodes'
minItems: 1
OpenFinanceBilling:
$ref: '#/components/schemas/AEAccountAccessOpenFinanceBilling'
allOf:
- $ref: '#/components/schemas/AEAccountAccessAuthorizationDetailProperties'
additionalProperties: false
Meta:
type: object
properties:
MultipleAuthorizers:
$ref: '#/components/schemas/AEMetaMultiAuthorization'
Subscription:
type: object
required:
- Webhook
properties:
Webhook:
$ref: '#/components/schemas/Webhook'
AEAccountAccessOpenFinanceBilling:
type: object
required:
- UserType
- Purpose
properties:
IsLargeCorporate:
type: "boolean"
description: Customer has more than 100 million AED turnover
UserType:
description: Type of Customer
type: string
enum:
- Retail
- SME
- Corporate
Purpose:
description: Purpose of data sharing request
type: string
enum:
- AccountAggregation
- RiskAssessment
- TaxFiling
- Onboarding
- Verification
- QuoteComparison
- BudgetingAnalysis
- FinancialAdvice
- AuditReconciliation
description: Billing parameters specified by the TPP
additionalProperties: false
AEAccountAccessOpenFinanceBillingPost:
type: object
required:
- UserType
- Purpose
properties:
UserType:
description: Type of Customer
type: string
enum:
- Retail
- SME
- Corporate
Purpose:
description: Purpose of data sharing request
type: string
enum:
- AccountAggregation
- RiskAssessment
- TaxFiling
- Onboarding
- Verification
- QuoteComparison
- BudgetingAnalysis
- FinancialAdvice
- AuditReconciliation
description: Billing parameters specified by the TPP
additionalProperties: false
AEAccountAccessAuthorizationDetailProperties:
type: object
properties:
BaseConsentId:
$ref: '#/components/schemas/AEBaseConsentId'
ExpirationDateTime:
type: string
format: date-time
description: >-
Specified date and time the permissions will expire.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
TransactionFromDateTime:
type: string
format: date-time
description: |2-
Specified start date and time for the transaction query period.
If this is not populated, the start date will be open ended, and
data will be returned from the earliest available
transaction.All dates in the JSON payloads are represented in
ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
TransactionToDateTime:
type: string
format: date-time
description: |2-
Specified end date and time for the transaction query period.
If this is not populated, the end date will be open ended, and
data will be returned to the latest available transaction.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
AccountType:
type: array
items:
$ref: '#/components/schemas/AEAccountTypeCode'
AccountSubType:
type: array
items:
$ref: '#/components/schemas/AEAccountSubTypeCode'
OnBehalfOf:
$ref: '#/components/schemas/AEOnBehalfOf'
Status:
$ref: '#/components/schemas/AEAccountAccessConsentStatus'
RevokedBy:
$ref: '#/components/schemas/AERevokedBy'
CreationDateTime:
$ref: "#/components/schemas/AECreationDateTime"
additionalProperties: false
AEInsuranceAuthorizationDetailProperties:
type: object
required:
- ExpirationDateTime
properties:
BaseConsentId:
$ref: '#/components/schemas/AEBaseConsentId'
ExpirationDateTime:
type: string
format: date-time
description: >-
Specified date and time the permissions will expire.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
OnBehalfOf:
$ref: '#/components/schemas/AEOnBehalfOf'
Status:
$ref: '#/components/schemas/AEAccountAccessConsentStatus'
RevokedBy:
$ref: '#/components/schemas/AERevokedBy'
CreationDateTime:
$ref: "#/components/schemas/AECreationDateTime"
additionalProperties: false
AEAccountAccessConsentStatus:
description: >-
Consent Status is set
to either Authorized ,Revoked ,Rejected or AwaitingAuthorization
type: string
enum:
- Authorized
- AwaitingAuthorization
- Rejected
- Revoked
- Expired
- Suspended
AEAccountAccesssConsentPermissionCodesAEAccountAccessConsentPermissionCodes:
type: string
enum:
- ReadAccountsBasic
- ReadAccountsDetail
- ReadBalances
- ReadBeneficiariesBasic
- ReadBeneficiariesDetail
- ReadTransactionsBasic
- ReadTransactionsDetail
- ReadTransactionsCredits
- ReadTransactionsDebits
- ReadProduct
- ReadScheduledPaymentsBasic
- ReadScheduledPaymentsDetail
- ReadDirectDebits
- ReadStandingOrdersBasic
- ReadStandingOrdersDetail
- ReadConsents
- ReadPartyUser
- ReadPartyUserIdentity
- ReadParty
description: >-
Specifies the permitted account access policy data types.
This is a list of the data groups being consented by the User, and
requested for authorization with the LFI.
AEAccountSubTypeCode:
type: string
enum:
- CurrentAccount
- Savings
description: Specifies the sub type of account (product family group)
AEAccountTypeCode:
type: string
enum:
- Retail
- Corporate
description: Specifies the type of account (Retail or Corporate).
AEBaseConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
The original ConsentId assigned by the TPP
AEConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
Unique identification assigned by the TPP to identify the consent
resource.
AEOnBehalfOf:
type: object
properties:
TradingName:
type: string
description: Trading Name
LegalName:
type: string
description: Legal Name
IdentifierType:
allOf:
- $ref: '#/components/schemas/AEOnBehalfOfIdentifierType'
description: Identifier Type
Identifier:
type: string
description: Identifier
additionalProperties: false
AEOnBehalfOfIdentifierType:
type: string
enum:
- Other
Webhook:
type: object
description: |
A Webhook Subscription Schema
required:
- Url
- IsActive
properties:
Url:
description: |
The TPP Callback URL being registered with the LFI
type: string
example: https://api.tpp.com/webhook/callbackUrl
IsActive:
description: >
The TPP specifying whether the LFI should send (IsActive true)
or not send (IsActive false) Webhook Notifications to the TPP's
Webhook URL
type: boolean
example: false
additionalProperties: false
AEInsuranceConsentPermissions:
type: string
enum:
- ReadMotorInsurancePolicies
- ReadMotorInsuranceCustomerBasic
- ReadMotorInsuranceCustomerDetail
- ReadMotorInsuranceCustomerPaymentDetails
- ReadMotorInsuranceProduct
- ReadMotorInsuranceTransactions
AERevokedBy:
description: |
Denotes the Identifier of the revocation.
| Identifier| Description|
|-----------|------------|
| LFI | Revoked by LFI without User initiation|
| TPP | Revoked by TPP without User initiation|
| LFI.InitiatedByUser | Initiated by User via the LFI|
| TPP.InitiatedByUser | Initiated by User via the TPP|
type: string
enum:
- LFI
- TPP
- LFI.InitiatedByUser
- TPP.InitiatedByUser
AEMetaMultiAuthorization:
type: "object"
description: |
Meta Data with Multi-Authorization relevant to the payload.
For a payment, it represents any Authorizers within the financial institution domain that are involved in approving the payment request.
properties:
TotalRequired:
description: |
The total number of Authorizers required to process the request
type: "number"
Authorizations:
type: "array"
items:
description: |
Authorizer
type: "object"
properties:
AuthorizerId:
description: |
The Authorizer's Identifier
type: "string"
AuthorizerType:
description: |
The Type of Authorizer. For example, Financial, Management, etc.
type: "string"
AuthorizationDate:
description: |
The DateTime of when the Authorization occurred. All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2023-04-05T10:43:07+00:00
type: "string"
format: "date-time"
AuthorizationStatus:
description: |
The Status reflecting the Authorizer's final decision regarding the request
type: "string"
enum:
- "Pending"
- "Approved"
- "Rejected"
additionalProperties: false
additionalProperties: false
additionalProperties: false
AEReference:
description: |
A reason or reference in relation to a payment.
Reason or reference for the beneficiary regarding the Payment
type: "string"
minLength: 1
maxLength: 120
AEPaymentConsentResponse:
description: |
Payment Consent Response Schema
type: "object"
additionalProperties: false
required:
- "Data"
properties:
Data:
type: "object"
additionalProperties: false
required:
- "ConsentId"
- "Status"
- "ExpirationDateTime"
properties:
ConsentId:
$ref: "#/components/schemas/AEConsentId"
BaseConsentId:
$ref: "#/components/schemas/AEBaseConsentId"
IsSingleAuthorization:
description: |
Specifies to the LFI that the consent authorization must be completed in a single authorization Step
with the LFI
type: "boolean"
AuthorizationExpirationDateTime:
$ref: "#/components/schemas/AEAuthorizationExpirationDateTime"
Permissions:
$ref: "#/components/schemas/AEConsentPermissions"
AcceptedAuthorizationType:
$ref: "#/components/schemas/AEAcceptedAuthorizationType"
ExpirationDateTime:
$ref: "#/components/schemas/AEConsentExpirationDateTime"
Status:
$ref: "#/components/schemas/AEConsentStatus"
RevokedBy:
$ref: "#/components/schemas/AERevokedBy"
CreationDateTime:
$ref: "#/components/schemas/AECreationDateTime"
StatusUpdateDateTime:
$ref: "#/components/schemas/AEStatusUpdateDateTime"
Charges:
$ref: "#/components/schemas/AECharges"
ExchangeRate:
$ref: "#/components/schemas/AEExchangeRateInformation"
CurrencyRequest:
$ref: "#/components/schemas/AECurrencyRequest"
ControlParameters:
$ref: '#/components/schemas/AEServiceInitiationConsentControlParameters'
DebtorReference:
$ref: '#/components/schemas/AEServiceInitiationStructuredDebtorReference'
CreditorReference:
$ref: "#/components/schemas/AEReference"
PaymentPurposeCode:
$ref: "#/components/schemas/AEPaymentPurposeCode"
SponsoredTPPInformation:
$ref: "#/components/schemas/AESponsoredTPPInformation"
PaymentConsumption:
$ref: "#/components/schemas/AEPaymentConsumption"
OpenFinanceBilling:
$ref: "#/components/schemas/AEServiceInitiationOpenFinanceBilling"
Subscription:
$ref: "#/components/schemas/AEEventNotification"
Meta:
$ref: "#/components/schemas/AEMetaMultiAuthorization"
AEEventNotification:
type: "object"
description: |
A Webhook Subscription Schema
required:
- "Webhook"
properties:
Webhook:
description: |
A Webhook Schema
type: "object"
required:
- "Url"
- "IsActive"
properties:
Url:
description: |
The TPP Callback URL being registered with the LFI
type: "string"
example: "https://api.tpp.com/webhook/callbackUrl"
IsActive:
description: |
The TPP specifying whether the LFI should send (IsActive true) or not send (IsActive false) Webhook Notifications to the TPP's Webhook URL
type: "boolean"
example: false
additionalProperties: false
additionalProperties: false
AEAcceptedAuthorizationType:
description: |
Specifies to the LFI the type of consent authorization accepted by the TPP when staging the consent
* Single - The consent should incur a single authorization Step with the LFI
* Multi - The consent should incur a multi-authorization Step with the LFI
type: "string"
enum:
- "Single"
- "Multi"
AEAuthorizationExpirationDateTime:
description: |
The date and time by which a Consent (in AwaitingAuthorization status) must be Authorized by the User.
type: "string"
format: date-time
AEConsentPermissions:
type: "array"
description: |
Specifies the permitted Account Access data types.
This is a list of the data groups being consented by the User, and requested for authorization with the LFI.
This allows a TPP to request a balance check permission.
items:
type: "string"
enum:
- "ReadAccountsBasic" # Ability to read basic account information
- "ReadAccountsDetail" # Ability to read account identification details
- "ReadBalances" # Ability to read all balance information
- "ReadRefundAccount"
minItems: 1
AEFileNumberOfTransactions:
type: "integer"
description: |
Number of individual transactions contained in the payment information group.
AEControlSum:
description: |
Total of all individual amounts included in the group, irrespective of currencies.
type: "string"
pattern: "^\\d{1,16}\\.\\d{2}$"
example: "100.00"
AEFileType:
type: "string"
description: "Specifies the payment file type"
minLength: 1
maxLength: 40
AEFileHash:
type: "string"
description: "A base64 encoding of a SHA256 hash of the file to be uploaded."
minLength: 1
maxLength: 44
AEConsentExpirationDateTime:
description: |2-
Specified date and time the consent will expire.
All dates in the JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00
type: "string"
format: "date-time"
AEConsentStatus:
description: |
Specifies the status of a payment consent.
| Consent Status| State Type| Description|
|---------------|-----------|------|
| AwaitingAuthorization | Pending | The consent is awaiting authorization.|
| Authorized | In Use | The consent has been successfully authorized.|
| Rejected | Terminal | The unauthorized consent has been rejected at the LFI.|
| Revoked | Terminal | The consent has been revoked at the TPP or LFI.|
| Expired | Terminal | The consent is now expired.|
| Consumed | Terminal | The consented action(s) have either been completed successfully.|
| Suspended | In Use | The consent has been suspended, pending further enquiries.|
type: "string"
enum:
- "AwaitingAuthorization"
- "Authorized"
- "Rejected"
- "Revoked"
- "Expired"
- "Consumed"
- "Suspended"
AECreationDateTime:
description: "Date and time at which the message was created. All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2023-04-05T10:43:07+00:00"
type: "string"
format: "date-time"
AEStatusUpdateDateTime:
description: "Date and time at which the resource status was updated.All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2023-04-05T10:43:07+00:00"
type: "string"
format: "date-time"
AECharges:
type: "array"
items:
type: "object"
additionalProperties: false
description: |
Set of elements used to provide details of a charge for the payment initiation.
* For Payments, these Charges are on the Debtor.
required:
- "ChargeBearer"
- "Type"
- "Amount"
properties:
ChargeBearer:
$ref: "#/components/schemas/AEChargeBearerType1Code"
Type:
$ref: "#/components/schemas/AEExternalPaymentChargeTypeCode"
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
AEExchangeRateInformation:
type: "object"
additionalProperties: false
required:
- "UnitCurrency"
- "ExchangeRate"
- "RateType"
description: "Further detailed information on the exchange rate that has been used in the payment transaction."
properties:
UnitCurrency:
description: "Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP."
type: "string"
pattern: "^[A-Z]{3,3}$"
ExchangeRate:
description: "The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency."
type: "number"
RateType:
description: "Specifies the type used to complete the currency exchange."
type: "string"
enum:
- "Actual"
- "Agreed"
- "Indicative"
ContractIdentification:
description: "Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent."
type: "string"
minLength: 1
maxLength: 256
ExpirationDateTime:
description: "Specified date and time the exchange rate agreement will expire.All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00"
type: "string"
format: "date-time"
AECurrencyRequest:
description: |
The details of the non-local currency or FX request that has been agreed between the User and the TPP.
The requested ChargeBearer and ExchangeRateInformation are included in this object may be overwritten by the LFI in the returned Consent object.
type: "object"
additionalProperties: false
required:
- "CurrencyOfTransfer"
properties:
InstructionPriority:
description: "Indicator of the urgency or order of importance that the instructing party would like the instructed party to apply to the processing of the instruction."
type: "string"
enum:
- "Normal"
- "Urgent"
ExtendedPurpose:
description: "Specifies the purpose of an international payment, when there is no corresponding 4 character code available in the ISO20022 list of Purpose Codes."
type: "string"
minLength: 1
maxLength: 140
ChargeBearer:
$ref: "#/components/schemas/AEChargeBearerType1Code"
CurrencyOfTransfer:
description: "Specifies the currency of the to be transferred amount, which is different from the currency of the debtor's account."
type: "string"
pattern: "^[A-Z]{3,3}$"
DestinationCountryCode:
description: "Country in which Credit Account is domiciled. Code to identify a country, a dependency, or another area of particular geopolitical interest, on the basis of country names obtained from the United Nations (ISO 3166, Alpha-2 code)."
type: "string"
pattern: "[A-Z]{2,2}"
ExchangeRateInformation:
type: "object"
additionalProperties: false
required:
- "UnitCurrency"
- "RateType"
description: "Provides details on the currency exchange rate and contract."
properties:
UnitCurrency:
description: "Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP."
type: "string"
pattern: "^[A-Z]{3,3}$"
ExchangeRate:
description: "The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency."
type: "number"
RateType:
description: "Specifies the type used to complete the currency exchange."
type: "string"
enum:
- "Actual"
- "Agreed"
- "Indicative"
ContractIdentification:
description: "Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent."
type: "string"
minLength: 1
maxLength: 256
AEPaymentPurposeCode:
description: A category code that relates to the type of services or goods that corresponds to the underlying purpose of the payment. The code must conform to the published AANI payment purpose code list.
type: "string"
minLength: 1
maxLength: 4
pattern: "^[A-Z]{3}$"
AESponsoredTPPInformation:
type: "object"
description: |
The Sponsored TPP is:
* A TPP that itself has no direct Open Banking API integrations.
* A TPP that is using the integration of another TPP that does have direct Open Banking API integrations.
properties:
Name:
type: "string"
minLength: 1
maxLength: 50
description: |
The Sponsored TPP Name
Identification:
type: "string"
minLength: 1
maxLength: 50
description: |
The Sponsored TPP Identification
additionalProperties: false
AEFilePaymentConsent:
type: "object"
description: |
A file based payment consent.
A Consent definition for defining Multi Payments
required:
- "FileType"
- "FileHash"
- "NumberOfTransactions"
- "ControlSum"
properties:
FileType:
$ref: "#/components/schemas/AEFileType"
FileHash:
$ref: "#/components/schemas/AEFileHash"
FileReference:
$ref: "#/components/schemas/AEReference"
NumberOfTransactions:
$ref: "#/components/schemas/AEFileNumberOfTransactions"
ControlSum:
$ref: "#/components/schemas/AEControlSum"
RequestedExecutionDate:
$ref: "#/components/schemas/AERequestedExecutionDate"
additionalProperties: false
AEPaymentConsumption:
type: "object"
description: |
Data to track the consumption of Payments in relation to an authorized Consent Schedule
required:
- "CumulativeNumberOfPayments"
- "CumulativeValueOfPayments"
properties:
CumulativeNumberOfPayments:
type: "number"
description: |
The cumulative number of payment instructions initiated under the consent schedule, excluding instructions in a Rejected state.
minLength: 1
example: 4
CumulativeValueOfPayments:
description: |
The cumulative value of payment instructions initiated under the consent schedule, excluding instructions in a Rejected state.
A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217."
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
CumulativeNumberOfPaymentsInCurrentPeriod:
type: "number"
description: |
The cumulative number of payment instructions in the current period initiated under the consent schedule, excluding instructions in a Rejected state.
minLength: 1
example: 1
CumulativeValueOfPaymentsInCurrentPeriod:
description: |
The cumulative value of payment instructions in the current period initiated under the consent schedule, excluding instructions in a Rejected state.
A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217."
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
additionalProperties: false
AEActiveOrHistoricAmount:
description: "A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217."
type: "string"
pattern: "^\\d{1,16}\\.\\d{2}$"
example: "100.00"
AEActiveOrHistoricCurrencyCode:
description: "A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'."
type: "string"
pattern: "^[A-Z]{3,3}$"
example: "AED"
AERequestedExecutionDate:
description: |
The date when the TPP expects the LFI to execute the payment.
The date must be in the future and cannot be on the same day or a day in the past.
The maximum date in the future that can be specified is 1 year from the day of the consent of the User to the TPP.
All dates in the JSON payloads are represented in ISO 8601 date format.
type: "string"
format: "date"
AEExternalPaymentChargeTypeCode:
description: "Charge type, in a coded form."
type: "string"
enum:
- "VAT"
- "Fees"
AEChargeBearerType1Code:
description: "Specifies which party/parties will bear the charges associated with the processing of the payment transaction."
type: "string"
enum:
- "BorneByCreditor"
- "BorneByDebtor"
- "Shared"
AEActiveCurrencyAmount:
description: |
The Currency and Amount relating to the Payment
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
AEPeriodType:
type: "string"
description: |
A Period may begin from the Consent CreationDateTime if a PeriodStartDate is not provided.
|Period Type|Description|
|-----------|-----------|
|Day|A continuous period of time, consisting of 24 consecutive hours, starting from midnight (00:00:00) and finishing at 23:59:59 of the same day. |
|Week|A continuous period of time, consisting of seven consecutive days, starting from midnight (00:00:00) and finishing at 23:59:59 of the 7th day. |
|Month|A continuous period of time starting from midnight (00:00:00) of the first day of a month and finishing at 23:59:59 of the last day of that month.|
|Year|A continuous period of time, consisting of 12 months.|
enum:
- Day
- Week
- Month
- Year
AEPeriodStartDate:
type: "string"
description: |
* Payments: Specifies the start date of when a payment schedule begins.
format: "date"
AEPaymentAndFilePaymentRequest:
description: The payment request body as received from the TPP
oneOf:
- $ref: "#/components/schemas/AEPaymentRequest"
- $ref: "#/components/schemas/AEFilePaymentRequest"
AEPaymentRequest:
description: |
Payment Request Schema
type: "object"
additionalProperties: false
required:
- "Data"
properties:
Data:
type: "object"
additionalProperties: false
required:
- "ConsentId"
- "Instruction"
- "PaymentPurposeCode"
properties:
ConsentId:
$ref: "#/components/schemas/AEConsentId"
Instruction:
$ref: "#/components/schemas/AEPaymentInstruction"
CurrencyRequest:
$ref: "#/components/schemas/AECurrencyRequest"
PersonalIdentifiableInformation:
description: Personal Identifiable Information, represented in both encoded and decoded form
using a `oneOf`, to help implementers readily understand both the structure and
serialized form of the property.
**Implementations MUST reflect the AEJWEPaymentPII Schema Object**
**structure and the notes provided on implementing a JWS and JWE**
**The decoded form AEPaymentInitiationPII is for guidance on content only**
oneOf:
- $ref: "#/components/schemas/AEJWEPaymentPII"
- $ref: "#/components/schemas/AEPaymentInitiationPII"
PaymentPurposeCode:
$ref: "#/components/schemas/AEPaymentPurposeCode"
DebtorReference:
$ref: '#/components/schemas/AEServiceInitiationStructuredDebtorReference'
CreditorReference:
$ref: "#/components/schemas/AEStructuredCreditorReference"
AEPaymentInitiationPII:
type: "object"
additionalProperties: false
description: "Elements of Personal Identifiable Information data"
properties:
Initiation:
type: "object"
additionalProperties: false
description: "The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor."
properties:
CreditorAgent:
$ref: "#/components/schemas/AECreditorAgent"
Creditor:
type: "object"
additionalProperties: false
description: "Party to which an amount of money is due."
properties:
Name:
description: |
Name by which a party is known and which is usually used to identify that party.
This may be used to identify the Creditor for international payments.
type: "string"
minLength: 1
maxLength: 140
PostalAddress:
$ref: "#/components/schemas/AEAddress"
CreditorAccount:
$ref: "#/components/schemas/AECreditorAccount"
ConfirmationOfPayeeResponse:
$ref: "#/components/schemas/AEConfirmationOfPayeeResponse"
Risk:
$ref: "#/components/schemas/AERisk"
AECreditorAgent:
description: |
Refers to the Financial Institution.
type: "object"
required:
- "SchemeName"
- "Identification"
properties:
SchemeName:
type: "string"
description: |
Refers to the Identification scheme for uniquely identifying the Agent.
* BICFI: The BIC/SWIFT Code
* Other: The ID; A Country Code followed by a Bank Code (4 character code). The full list of LFI names and 6 digits IDs are as follows:
enum:
- "BICFI"
- "Other"
Identification:
description: |
The Agent is the Country Code followed by a Bank Code"
type: "string"
Name:
description: "Name by which an agent is known and which is usually used to identify that agent."
type: "string"
minLength: 1
maxLength: 140
PostalAddress:
$ref: "#/components/schemas/AEAddress"
AECreditorAccount:
description: "Unambiguous identification of the account of the creditor to which a credit entry will be posted."
type: "object"
additionalProperties: false
required:
- "SchemeName"
- "Identification"
- "Name"
properties:
SchemeName:
$ref: "#/components/schemas/AECreditorExternalAccountIdentificationCode"
Identification:
$ref: "#/components/schemas/AEIdentification"
Name:
$ref: "#/components/schemas/AEName"
TradingName:
$ref: "#/components/schemas/AETradingName"
AEFilePaymentRequest:
description: |
File Payment Request Schema
type: "object"
additionalProperties: false
required:
- "Data"
properties:
Data:
type: "object"
additionalProperties: false
required:
- "ConsentId"
- "PaymentPurposeCode"
properties:
ConsentId:
$ref: "#/components/schemas/AEConsentId"
Instruction:
$ref: "#/components/schemas/AEFilePaymentConsent"
PaymentPurposeCode:
$ref: "#/components/schemas/AEPaymentPurposeCode"
DebtorReference:
$ref: '#/components/schemas/AEServiceInitiationStructuredDebtorReference'
AEStructuredCreditorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Creditor reference consisting of:
* TPP ID and BIC for the Debtor Account, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must first omit or truncate the freeform element of the reference.
type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
AEPaymentInstruction:
type: "object"
additionalProperties: false
required:
- "Amount"
description: "The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor for a single payment."
properties:
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
consent:
description: |
A consent in its current state.
If the consent has been authorised, then it can be expected that the financial institution would have patched in `accountIds` and `psuIdentifier` fields.
Additionally, the financial institution may also patch in an arbitrary set of fields along with consent in the `supplementaryInformation` field.
allOf:
- $ref: "#/components/schemas/newConsent"
- $ref: "#/components/schemas/patchedConsent"
- properties:
authorizationChannel:
type: string
enum:
- App
- Web
multiConsentResponse:
type: object
required:
- data
- meta
properties:
data:
type: array
items:
$ref: "#/components/schemas/consent"
meta:
$ref: "#/components/schemas/meta"
ConsentPostResponse:
type: object
required:
- data
- meta
properties:
data:
$ref: "#/components/schemas/newConsent"
meta:
$ref: "#/components/schemas/meta"
RevokeConsent:
type: object
required:
- revokedBy
properties:
revokedBy:
$ref: "#/components/schemas/AERevokedBy"
revokedByPsu:
type: object
properties:
userId:
type: string
AuthorizationDetails:
description: |
The request body for creating a new consent.
The body consists of the RAR request that is sent by the TPP to the authorization server.
oneOf:
- $ref: "#/components/schemas/DataSharingAuthorizationDetails"
- $ref: "#/components/schemas/InsuranceAuthorizationDetails"
- $ref: "#/components/schemas/ServiceInitiationAuthorizationDetails"
DataSharingAuthorizationDetails:
type: object
properties:
type:
description: The Rich Authorization Request (RAR) type
type: string
enum:
- urn:openfinanceuae:account-access-consent:v1.1
consent:
$ref: "#/components/schemas/AuthorizationDetailsDataSharingConsent"
subscription:
$ref: '#/components/schemas/EventNotification'
InsuranceAuthorizationDetails:
type: object
properties:
type:
description: The Rich Authorization Request (RAR) type
type: string
enum:
- urn:openfinanceuae:insurance-consent:v1.1
consent:
$ref: "#/components/schemas/AuthorizationDetailsInsuranceConsent"
subscription:
$ref: '#/components/schemas/EventNotification'
ServiceInitiationAuthorizationDetails:
type: object
properties:
type:
description: The Rich Authorization Request (RAR) type
type: string
enum:
- urn:openfinanceuae:service-initiation-consent:v1.1
consent:
$ref: "#/components/schemas/AEServiceInitiationAuthorizationDetailProperties"
subscription:
$ref: '#/components/schemas/EventNotification'
AEServiceInitiationAuthorizationDetailProperties:
type: object
required:
- ConsentId
- PersonalIdentifiableInformation
- ControlParameters
- PaymentPurposeCode
- ExpirationDateTime
properties:
ConsentId:
$ref: '#/components/schemas/AEConsentId'
BaseConsentId:
$ref: '#/components/schemas/AEBaseConsentId'
IsSingleAuthorization:
$ref: '#/components/schemas/IsSingleAuthorization'
AuthorizationExpirationDateTime:
type: string
format: date-time
description: |2-
A time by which a Consent (in AwaitingAuthorization status) must be Authorized by the User.
The time window starts from the actual CreationDateTime (when the Consent is staged with the LFI).
If the current time window exceeds the Authorization Expiration Time Window (and the Consent status is AwaitingAuthorization) then the Consent Status must be set to Rejected.
The time window is based on a custom time format hhh:mm:ss. e.g. 720:00:00 represents a time window of 720 hours, 00 minutes, 00 seconds (30 days) after the CreationDateTime to Authorize the Consent.
ExpirationDateTime:
allOf:
- $ref: '#/components/schemas/ARConsentExpirationDateTime'
description: |2-
Specified date and time the consent will expire.
All dates in the JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00
Permissions:
type: array
items:
$ref: '#/components/schemas/AEServiceInitiationConsentPermissionCodes'
description: |2-
Specifies the permitted Account Access data types.
This is a list of the data groups being consented by the User, and requested for authorization with the LFI.
This allows a TPP to request a balance check permission.
CurrencyRequest:
$ref: '#/components/schemas/AECurrencyRequest'
PersonalIdentifiableInformation:
description: Personal Identifiable Information, represented in both encoded and decoded form
using a `oneOf`, to help implementers readily understand both the structure and
serialized form of the property.
**Implementations MUST reflect the AEJWEPaymentPII Schema Object**
**structure and the notes provided on implementing a JWS and JWE**
**The decoded form AEPaymentConsentPII is for guidance on content only**
oneOf:
- $ref: "#/components/schemas/AEJWEPaymentPII"
- $ref: "#/components/schemas/AEPaymentConsentPII"
ControlParameters:
$ref: '#/components/schemas/AEServiceInitiationConsentControlParameters'
DebtorReference:
$ref: '#/components/schemas/AEServiceInitiationStructuredDebtorReference'
CreditorReference:
$ref: '#/components/schemas/AEServiceInitiationStructuredCreditorReference'
PaymentPurposeCode:
$ref: '#/components/schemas/AEServiceInitiationPaymentPurposeCode'
SponsoredTPPInformation:
$ref: '#/components/schemas/AEServiceInitiationSponsoredTPPInformation'
additionalProperties: false
ARConsentExpirationDateTime:
type: string
format: date-time
AEServiceInitiationSponsoredTPPInformation:
type: object
required:
- Name
- Identification
properties:
Name:
type: string
minLength: 1
maxLength: 50
description: The Sponsored TPP Name
Identification:
type: string
minLength: 1
maxLength: 50
description: The Sponsored TPP Identification
description: |2-
The Sponsored TPP is:
* A TPP that itself has no direct Open Banking API integrations.
* A TPP that is using the integration of another TPP that does have direct Open Banking API integrations.
additionalProperties: false
AEServiceInitiationPaymentPurposeCode:
type: string
minLength: 1
maxLength: 3
pattern: ^[A-Z]{3}$
description: A category code that relates to the type of services or goods that corresponds to the
underlying purpose of the payment. The code must conform to the published Aani
payment purpose code list.
AEServiceInitiationStructuredCreditorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Creditor reference consisting of:
* TPP ID and BIC for the Debtor Account, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must first omit or truncate the freeform element of the reference.
type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
AEServiceInitiationStructuredDebtorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Debtor reference consisting of:
* For payments to Merchants: TPP ID, Merchant ID, BIC for the Creditor Account, followed by freeform text to a maximum of 120 characters.
* For other payments: TPP ID and BIC for the Creditor Account, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
The Merchant ID wil be as per the existing IPP rules for the Merchant identification, and will incorporate the Trade License number for the Merchant.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must omit or truncate the freeform element of the reference.
type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},(Merchant=[A-Z0-9]{3}-[A-Z]{4}-TL.+-[0-9]{4}|),BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
AEServiceInitiationConsentControlParameters:
type: object
properties:
IsDelegatedAuthentication:
type: boolean
description: Indicates whether the all payment controls will be defined and managed by the
TPP under the Payment with Delegated Authentication capability
ConsentSchedule:
$ref: '#/components/schemas/AEServiceInitiationConsentSchedule'
description: Control Parameters set the overall rules for the Payment Schedule
additionalProperties: false
AEServiceInitiationConsentSchedule:
type: object
properties:
SinglePayment:
$ref: '#/components/schemas/AEServiceInitiationSinglePayment'
MultiPayment:
$ref: '#/components/schemas/AEServiceInitiationLongLivedPaymentConsent'
FilePayment:
$ref: '#/components/schemas/AEServiceInitiationFilePaymentConsent'
description: |2-
The various payment types that can be initiated:
* A Single Payment
* A Multi-Payment
* A Combined Payment (one SinglePayment and one MultiPayment)
additionalProperties: false
AEServiceInitiationFilePaymentConsent:
type: object
required:
- FileType
- FileHash
- NumberOfTransactions
- ControlSum
properties:
FileType:
type: string
minLength: 1
maxLength: 40
description: Specifies the payment file type
FileHash:
type: string
minLength: 1
maxLength: 44
description: A base64 encoding of a SHA256 hash of the file to be uploaded.
FileReference:
$ref: '#/components/schemas/AEServiceInitiationReference'
NumberOfTransactions:
type: integer
description: >-
Number of individual transactions contained in the payment
information group.
ControlSum:
type: string
pattern: ^\d{1,16}\.\d{2}$
description: >-
Total of all individual amounts included in the group, irrespective
of currencies.
RequestedExecutionDate:
$ref: '#/components/schemas/AERequestedExecutionDate'
description: A Consent definition for defining Bulk/Batch Payments
additionalProperties: false
AEServiceInitiationReference:
type: string
minLength: 1
maxLength: 120
description: A reason or reference in relation to a payment.
AEServiceInitiationLongLivedPaymentConsent:
type: object
required:
- PeriodicSchedule
properties:
MaximumCumulativeValueOfPayments:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: |2-
The maximum cumulative value of all successful payment rails executions under the Consent.
Each successful payment rails execution amount (related to the Consent) is added to the total cumulative value of the Consent which cannot exceed the maximum value agreed with the User at the point of consent.
MaximumCumulativeNumberOfPayments:
type: integer
description: |2-
The maximum cumulative number of all successful payment rails executions under the Consent.
Each successful payment rails execution (related to the Consent) is added to the total cumulative number of payments for the Consent which cannot exceed the maximum value agreed with the User at the point of consent.
PeriodicSchedule:
$ref: >-
#/components/schemas/AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule
description: A Consent definition for defining Multi Payments
additionalProperties: false
AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule:
oneOf:
- $ref: '#/components/schemas/AEServiceInitiationFixedDefinedSchedule'
- $ref: '#/components/schemas/AEServiceInitiationVariableDefinedSchedule'
- $ref: '#/components/schemas/AEServiceInitiationFixedPeriodicSchedule'
- $ref: '#/components/schemas/AEServiceInitiationVariablePeriodicSchedule'
- $ref: '#/components/schemas/AEServiceInitiationFixedOnDemand'
- $ref: '#/components/schemas/AEServiceInitiationVariableOnDemand'
discriminator:
propertyName: Type
description: The definition for a schedule
additionalProperties: false
AEServiceInitiationVariablePeriodicSchedule:
type: object
required:
- Type
- PeriodType
- PeriodStartDate
- MaximumIndividualAmount
properties:
Type:
type: string
enum:
- VariablePeriodicSchedule
PeriodType:
$ref: '#/components/schemas/AEPeriodType'
PeriodStartDate:
$ref: '#/components/schemas/AEPeriodStartDate'
MaximumIndividualAmount:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: >-
This is the Maximum amount a variable payment can take per period.
description: >-
Payment Controls that apply to all payment instructions in a given
period under this payment consent.
The payments for this consent must be executed only on the PeriodStartDate, and
dates recurring based on the PeriodType.
additionalProperties: false
AEServiceInitiationFixedDefinedSchedule:
type: object
required:
- Type
- Schedule
properties:
Type:
type: string
enum:
- FixedDefinedSchedule
description: The Periodic Schedule Type
Schedule:
type: array
items:
$ref: '#/components/schemas/AEServiceInitiationFixedSchedule'
minItems: 1
maxItems: 53
description: >-
Payment Schedule denoting a list of pre-defined future dated payments
all with fixed amounts and dates.
additionalProperties: false
AEServiceInitiationVariableDefinedSchedule:
type: object
required:
- Type
- Schedule
properties:
Type:
type: string
enum:
- VariableDefinedSchedule
description: The Periodic Schedule Type
Schedule:
type: array
items:
$ref: '#/components/schemas/AEServiceInitiationVariableSchedule'
minItems: 1
maxItems: 53
description: >-
Payment Schedule denoting a list of pre-defined future dated payments
all with variable amounts and dates.
additionalProperties: false
AEServiceInitiationFixedPeriodicSchedule:
type: object
required:
- Type
- PeriodType
- PeriodStartDate
- Amount
properties:
Type:
type: string
enum:
- FixedPeriodicSchedule
PeriodType:
$ref: '#/components/schemas/AEPeriodType'
PeriodStartDate:
$ref: '#/components/schemas/AEPeriodStartDate'
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
description: >-
Payment Controls that apply to all payment instructions in a given
period under this payment consent.
The payments for this consent must be executed only on the PeriodStartDate, and
dates recurring based on the PeriodType.
additionalProperties: false
AEServiceInitiationFixedOnDemand:
type: object
required:
- Type
- PeriodType
- PeriodStartDate
- Amount
- Controls
properties:
Type:
type: string
enum:
- FixedOnDemand
PeriodType:
$ref: '#/components/schemas/AEPeriodType'
PeriodStartDate:
$ref: '#/components/schemas/AEPeriodStartDate'
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
Controls:
type: "object"
minProperties: 1
additionalProperties: false
properties:
MaximumCumulativeValueOfPaymentsPerPeriod:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: >-
The maximum cumulative payment value of all payment initiations per
Period Type.
MaximumCumulativeNumberOfPaymentsPerPeriod:
type: integer
description: The maximum frequency of payment initiations per Period Type.
description: >-
Payment Controls that apply to all payment instructions in a given
period under this payment consent.
The payments for this consent may be executed on any date, as long as they are within the Controls for a PeriodType
additionalProperties: false
AEServiceInitiationVariableOnDemand:
type: object
required:
- Type
- PeriodType
- PeriodStartDate
- Controls
properties:
Type:
type: string
enum:
- VariableOnDemand
PeriodType:
$ref: '#/components/schemas/AEPeriodType'
PeriodStartDate:
$ref: '#/components/schemas/AEPeriodStartDate'
Controls:
type: "object"
minProperties: 1
additionalProperties: false
properties:
MaximumIndividualAmount:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: >-
This is the Maximum amount a variable payment can take per period.
MaximumCumulativeValueOfPaymentsPerPeriod:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: >-
The maximum cumulative payment value of all payment initiations per
Period Type.
MaximumCumulativeNumberOfPaymentsPerPeriod:
type: integer
description: The maximum frequency of payment initiations per Period Type.
description: >-
Payment Controls that apply to all payment instructions in a given
period under this payment consent.
The payments for this consent may be executed on any date, as long as they are within the Controls for a PeriodType for a PeriodType
additionalProperties: false
AEServiceInitiationFixedSchedule:
type: object
required:
- PaymentExecutionDate
- Amount
properties:
PaymentExecutionDate:
type: string
format: date
description: |2-
Used to specify the expected payment execution date/time.
All dates in the JSON payloads are represented in ISO 8601 date format.
An example is: 2023-04-05
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
additionalProperties: false
AEServiceInitiationFixedScheduleAEServiceInitiationVariableSchedule:
type: object
required:
- PaymentExecutionDate
- AmountMaximumIndividualAmount
properties:
PaymentExecutionDate:
type: string
format: date
description: |2>-
Used to specify the expected payment execution date/time.
All dates in the JSON payloads are represented in ISO 8601 date format.
An example is: 2023-04-05
MaximumIndividualAmount:
Amount allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: >-
This is the Maximum amount a variable payment can take per period.
additionalProperties: false
AEServiceInitiationVariableScheduleAEServiceInitiationSinglePayment:
typeanyOf:
object - required:$ref: '#/components/schemas/AEServiceInitiationSingleInstantPayment'
- PaymentExecutionDate$ref: '#/components/schemas/AEServiceInitiationFutureDatedPayment'
discriminator:
propertyName: -Type
MaximumIndividualAmount propertiesmapping:
PaymentExecutionDate:SingleInstantPayment: '#/components/schemas/AEServiceInitiationSingleInstantPayment'
SingleFutureDatedPayment: '#/components/schemas/AEServiceInitiationFutureDatedPayment'
typedescription: A stringConsent definition for defining Single Payments
formatAEServiceInitiationFutureDatedPayment:
date type: object
description: >-
required:
- Type
- Amount
- RequestedExecutionDate
properties:
Used to specify the expectedType:
payment execution date/time. type: string
All dates in the JSON payloads are representedenum:
in ISO 8601 date format. - SingleFutureDatedPayment
An example is: 2023-04-05 Amount:
MaximumIndividualAmount: $ref: '#/components/schemas/AEAmountAndCurrency'
allOf: RequestedExecutionDate:
- $ref: '#/components/schemas/AEAmountAndCurrencyAERequestedExecutionDate'
description: >-A single payment consent that MUST be used for a single payment executed Thisby is the MaximumLFI
amount a variable payment can take per period. on a future date. This payment additionalProperties:consent falsewill be authorized by the User AEServiceInitiationSinglePayment:during
anyOf: the payment journey, and the payment will -be $ref: '#/components/schemas/AEServiceInitiationSingleInstantPayment'
executed by the TPP immediately.
- $refadditionalProperties: '#/components/schemas/AEServiceInitiationFutureDatedPayment'false
discriminatorAEServiceInitiationSingleInstantPayment:
type: object
propertyName: Type required:
mapping: - Type
SingleInstantPayment: '#/components/schemas/AEServiceInitiationSingleInstantPayment' - Amount
SingleFutureDatedPaymentproperties: '#/components/schemas/AEServiceInitiationFutureDatedPayment'
descriptionType:
A Consent definition for defining Single Payments type: string
AEServiceInitiationFutureDatedPayment: typeenum:
object required: - SingleInstantPayment
- Type description: The Payment Type
- Amount Amount:
- RequestedExecutionDate properties$ref: '#/components/schemas/AEAmountAndCurrency'
Typedescription: >-
A type:single stringimmediate payment consent that MUST be used for a single
enum: payment which will be initiated immediately -after SingleFutureDatedPaymentUser authorization at
Amount: the LFI.
$refadditionalProperties: '#/components/schemas/AEAmountAndCurrency' false
AEAmountAndCurrency:
RequestedExecutionDate: type: object
$refrequired:
'#/components/schemas/AERequestedExecutionDate' description: A- singleCurrency
payment consent that MUST be used for a single- paymentAmount
executed by the LFI properties:
on a futureCurrency:
date. This payment consent will be authorized by the User during $ref: '#/components/schemas/CurrencyCode'
theAmount:
payment journey, and the payment will be executed by the TPP immediately.$ref: '#/components/schemas/Amount'
additionalPropertiesdescription: false>-
AEServiceInitiationSingleInstantPayment: The Currency and Amount type:relating objectto the Payment
required: additionalProperties: false
-Amount:
Type description: "A number -of Amountmonetary units specified in an active currency properties:where the unit of currency is explicit and compliant Type:with ISO 4217."
type: string
pattern: ^\\d{1,16}\\.\\d{2}$
enumCurrencyCode:
description: "A 3 character alphabetic code allocated -to SingleInstantPaymenta currency under an international currency identification scheme, as described in description:the Thelatest Paymentedition Typeof the international standard ISO 4217 'Codes for the Amount:representation of currencies and funds'."
$reftype: '#/components/schemas/AEAmountAndCurrency'string
descriptionpattern: >-^[A-Z]{3}$
IsSingleAuthorization:
A single immediate payment consentdescription: that|
MUST be used for a single Specifies to the LFI that the paymentconsent whichauthorization willmust be initiatedcompleted immediatelyin aftera Usersingle authorization Step
at with the LFI.
additionalPropertiestype: false"boolean"
AEAmountAndCurrencyAEServiceInitiationConsentPermissionCodes:
type: objectstring
requiredenum:
- CurrencyReadAccountsBasic
- ReadAccountsDetail
Amount properties: - ReadBalances
Currency: - ReadRefundAccount
AEJWEPaymentPII:
$ref: '#/components/schemas/CurrencyCode' type: string
Amount: description: |
$ref: '#/components/schemas/Amount'
description: >-
The Currency and Amount relating to the Payment
additionalProperties: false
Amount: A JSON Web Encryption (JWE) object, which encapsulates a JWS. The value is a
compact serialization of a JWE, which is a string consisting of five
base64url-encoded parts description:joined "Aby numberdots. ofIt monetaryencapsulates unitsencrypted specifiedcontent
in an active currency where the unit of currencyusing isJSON explicitdata andstructures.
compliant
with ISO 4217." The type:decrypted stringJWS content has the structure of the pattern: ^\\d{1,16}\\.\\d{2}$AEPaymentPII schema.
CurrencyCodeexample: "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ...."
descriptionAEPaymentConsentPII:
"A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'."type: "object"
additionalProperties: false
description: "Elements of Personal Identifiable Information data"
properties:
typeInitiation:
string pattern: ^[A-Z]{3}$ type: "object"
IsSingleAuthorization: descriptionadditionalProperties: |false
Specifies to thedescription: LFI"The thatInitiation thepayload consentis authorizationsent mustby bethe completedinitiating inparty ato singlethe authorizationLFI. StepIt is used to request movement of funds from withthe thedebtor LFIaccount to a creditor."
type: "boolean" AEServiceInitiationConsentPermissionCodesproperties:
type: string DebtorAccount:
enum: - ReadAccountsBasic type: "object"
- ReadAccountsDetail -additionalProperties: ReadBalancesfalse
- ReadRefundAccount AEJWEPaymentPIIrequired:
type: string description: | - "SchemeName"
A JSON Web Encryption (JWE) object, which encapsulates a JWS. The- value"Identification"
is a compact serialization of a JWE, which is a string consisting of five
base64url-encoded parts joined by dots. It encapsulates encrypted contentdescription: "Unambiguous identification of the account of the debtor to which a debit entry will be made as a result of the transaction."
using JSONproperties:
data structures. The decrypted JWS content has theSchemeName:
structure of the AEPaymentPII schema. example: "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ...." AEPaymentConsentPIIdescription: "Name of the identification scheme, in type: "object"
additionalProperties: false
a coded form as published in an external list."
description: "Elements of Personal Identifiable Information data" propertiestype: "string"
Initiation: typeenum:
"object" additionalProperties: false description: "The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor."- "IBAN"
Identification:
propertiesdescription: |
DebtorAccount: Identification for the account assigned by type: "object"
the LFI based on the Account Scheme Name.
additionalProperties: false This identification is known required:by the User account owner.
- "SchemeName" type: "string"
- "Identification" minLength: 1
description: "Unambiguous identification of the account of the debtor to whichName:
a debit entry will be made as a result of the transaction." type: "object"
properties: description: |
SchemeName: The Account description:Holder "Name ofis the identificationname scheme,or innames aof codedthe form as published in an external list."Account owner(s) represented at the account level
typeproperties:
"string" enumen:
- type: "IBANstring"
Identification: description: "English value of the string"
description: | maxLength: 70
Identification for the account assigned by the LFI based on the Account Scheme Name. ar:
This identification is known by the User account owner.type: "string"
typedescription: "string"Arabic value of the string"
minLength: 1 maxLength: 70
Name: additionalProperties: false
type: "object" Creditor:
description: |
(Array) Identification elements for Thea AccountCreditor Holderassociated Namewith isthe theconsent
name or names of the Account owner(s) represented at the account level type: "array"
propertiesminItems: 1
items:
en: $ref: "#/components/schemas/AECreditor"
Risk:
type: "string" $ref: "#/components/schemas/AERisk"
AECreditor:
descriptionadditionalProperties: "Englishfalse
value of the string" type: object
description: Identification elements for a Creditor.
maxLengthproperties:
70 CreditorAgent:
description: |
ar: Refers to the Financial Institution.
type: "stringobject"
required:
description: - "Arabic value of the string"SchemeName"
- "Identification"
properties:
maxLength: 70 SchemeName:
additionalPropertiestype: false"string"
Creditordescription: |
description: | Refers to the Identification scheme for uniquely identifying the Agent.
(Array) Identification elements for a Creditor associated with the consent * BICFI: The BIC/SWIFT Code
type: "array" * Other: The ID; A Country minItems:Code 1followed by a Bank Code (4 character code). The full list of LFI names and items:6 digits IDs are as follows:
$ref: "#/components/schemas/AECreditor" enum:
Risk: - $ref: "#/components/schemas/AERisk"BICFI"
AECreditor: additionalProperties: false - "Other"
type: object description: Identification:
elements for a Creditor. properties: description: |
CreditorAgent: description: | The Agent is the Country Code followed by a Bank Code"
Refers to the Financial Institution.
type: "objectstring"
required Name:
- description: "SchemeName"Name by which an agent is known and which is usually used to identify -that "Identification"agent."
propertiestype: "string"
SchemeName: minLength: 1
type: "string" maxLength: 140
description: | PostalAddress:
Refers to the Identification scheme for uniquely identifying the Agent.$ref: "#/components/schemas/AEAddress"
Creditor:
type: "object"
additionalProperties: false
* BICFIdescription: The BIC/SWIFT Code
"Party to which an amount of money is due."
properties:
* Other: The ID; A Country Code followed by a Bank Code (4Name:
character code). The full list of LFI names and 6 digits IDs are as followsdescription: |
enum: Name by which a party is known and which is usually used to identify - "BICFI"that party.
-This "Other"may be used to identify the Creditor for international payments.
Identification: type: "string"
description: | minLength: 1
The Agent is the Country Code followed by a Bank Code" maxLength: 140
typePostalAddress:
"string" Namedescription: |
description: "Name by which(Array) anAddress agentinformation isthat knownlocates and which is usually used to identify that agentidentifes a specific address, as defined by a national or international postal service."
type: "stringarray"
minLengthminItems: 1
maxLengthitems:
140 PostalAddresstype: "object"
$ref: "#/components/schemas/AEAddress"
required:
Creditor: type:- "objectAddressType"
additionalProperties: false - "Country"
description: "Party to which an amount of money is due." properties:
properties: NameAddressType:
description: | $ref: "#/components/schemas/AEAddressTypeCode"
ShortAddress:
Name by which a party is known and which is usually used to identify that party. $ref: "#/components/schemas/AEShortAddress"
This may be used toUnitNumber:
identify the Creditor for international payments. type$ref: "string#/components/schemas/AEUnitNumber"
minLength: 1 FloorNumber:
maxLength: 140 $ref: "#/components/schemas/AEFloorNumber"
PostalAddress: descriptionBuildingNumber:
| (Array) Address information that locates and identifes a specific address, as defined by a national or international postal service."
$ref: "#/components/schemas/AEBuildingNumber"
StreetName:
type: "array" $ref: "#/components/schemas/AEStreetName"
minItems: 1 SecondaryNumber:
items: type$ref: "object"#/components/schemas/AESecondaryNumber"
requiredDistrict:
- $ref: "AddressType"#/components/schemas/AEDistrict"
PostalCode:
- "Country" properties$ref: "#/components/schemas/AEPostalCode"
AddressType POBox:
$ref: "#/components/schemas/AEAddressTypeCodeAEPOBox"
ShortAddressZipCode:
$ref: "#/components/schemas/AEShortAddressAEZipCode"
UnitNumberCity:
$ref: "#/components/schemas/AEUnitNumberAECity"
FloorNumberRegion:
$ref: "#/components/schemas/AEFloorNumberAERegion"
BuildingNumberCountry:
$ref: "#/components/schemas/AEBuildingNumberAECountryCode"
StreetNameadditionalProperties: false
CreditorAccount:
$refdescription: "#/components/schemas/AEStreetName"
Unambiguous identification of the account of the creditor to which a credit entry will be posted."
SecondaryNumbertype: "object"
additionalProperties: false
$ref required:
"#/components/schemas/AESecondaryNumber" - "SchemeName"
District: - "Identification"
$ref:- "#/components/schemas/AEDistrictName"
properties:
PostalCode: SchemeName:
$ref: "#/components/schemas/AEPostalCodeAECreditorExternalAccountIdentificationCode"
Identification:
POBox: $ref: "#/components/schemas/AEIdentification"
Name:
$ref: "#/components/schemas/AEPOBoxAEName"
TradingName:
ZipCode $ref: "#/components/schemas/AETradingName"
ConfirmationOfPayeeResponse:
$ref: "#/components/schemas/AEZipCode"
AEConfirmationOfPayeeResponse"
AEDebtorIndicators:
type: "object"
description: |
Debtor (User) Indicators
Cityproperties:
Authentication:
$reftype: "#/components/schemas/AECityobject"
description: "The authentication method used by the User Region:to access their account with the TPP"
properties:
$ref: "#/components/schemas/AERegion" AuthenticationChannel:
Country: description: Channel on which the User was authenticated
$ref: "#/components/schemas/AECountryCode" type: string
additionalProperties: false enum:
CreditorAccount: - description:App
"Unambiguous identification of the account of the creditor to which a credit entry will be posted." - Web
type: "object" PossessionFactor:
additionalProperties: false type: "object"
required: -description: "SchemeName"The User's possession, that only the User possesses"
- "Identification" properties:
- "Name" propertiesIsUsed:
SchemeName: type: "boolean"
$ref: "#/components/schemas/AECreditorExternalAccountIdentificationCode" Type:
Identification: $reftype: "#/components/schemas/AEIdentificationstring"
Name: enum:
$ref: "#/components/schemas/AEName" TradingName: - FIDO2SecurityKey
$ref: "#/components/schemas/AETradingName" ConfirmationOfPayeeResponse:- Passkey
$ref: "#/components/schemas/AEConfirmationOfPayeeResponse" - OTPDevice
AEDebtorIndicators: type: "object" description: | - OTPApp
Debtor (User) Indicators properties: - Authentication:SMSOTP
type: "object" - EmailOTP
description: "The authentication method used by the User to access their account with the TPP" - PushNotification
properties: AuthenticationChannel: - WebauthnToken
description: Channel on which the User was authenticated - SecureEnclaveKey
type: string - HardwareOTPKey
enum: - TrustedDevice
App - WebOther
PossessionFactorKnowledgeFactor:
type: "object"
description: "The User's possessionknowledge, that only the User possessesknows"
properties:
IsUsed:
type: "boolean"
Type:
type: "string"
enum:
- FIDO2SecurityKeyPIN
- PasskeyPassword
- OTPDeviceSecurityQuestion
- OTPAppSMSOTP
- SMSOTPEmailOTP
- EmailOTPOTPPush
- PushNotificationOther
InherenceFactor:
- WebauthnToken type: "object"
-description: SecureEnclaveKey"The User's inherance, that is unique to the User's physical characteristics"
- HardwareOTPKey properties:
IsUsed:
- TrustedDevice type: "boolean"
- Other KnowledgeFactorType:
type: "objectstring"
descriptionenum:
"The User's knowledge, that only the User knows" - Biometric
properties: - Fingerprint
IsUsed: - FaceRecognition
type: "boolean" - IrisScan
Type: - VoiceRecognition
type: "string" - enum:FIDOBiometric
- PINDeviceBiometrics
- Password Other
ChallengeOutcome:
type: "string"
description: "The result of multi-factor SecurityQuestionauthentication performed by the TPP, with NotPerformed indication the User was not required to authenticate before consenting to the requested payment"
- SMSOTP enum:
- EmailOTP - Pass
- OTPPush - Fail
- OtherNotPerformed
InherenceFactorAuthenticationFlow:
type: "objectstring"
descriptionenum:
"The User's inherance, that is unique to the User's physical characteristics" - MFA
properties: - Other
IsUsed: AuthenticationValue:
type: "booleanstring"
description: "Cryptographic proof of authentication Type:where supported by the device and protocol."
typeChallengeDateTime:
"string" type: "string"
enum: format: "date-time"
-UserName:
Biometric type: "object"
- Fingerprintdescription: "The Name of the User initiating the Payment"
properties:
- FaceRecognition en:
- IrisScan type: "string"
description: "English -value VoiceRecognitionof the string"
ar:
- FIDOBiometric type: "string"
- DeviceBiometrics description: "Arabic value of the string"
GeoLocation:
- Other type: "object"
ChallengeOutcome: description: "GPS to identify and track the whereabouts of the connected type:electronic device."string"
required:
description: "The result of multi-factor authentication performed by the- TPP,Latitude
with NotPerformed indication the User was not required to authenticate before consenting to- theLongitude
requested payment" properties:
enum: Latitude:
- Pass type: "string"
- Fail description: "latitude"
Longitude:
- NotPerformed AuthenticationFlowtype: "string"
typedescription: "stringlongitude"
DeviceInformation:
enum: type: "object"
- MFA
description: "Detailed device information"
- Otherproperties:
AuthenticationValueDeviceId:
type: "string"
description: "CryptographicIMEISV proofnumber of authenticationthe whereconnected supportedelectronic by the device and protocol."
ChallengeDateTimeAlternativeDeviceId:
type: "string"
formatdescription: "date-time"Alternative identifier for the connected electronic device"
UserName: DeviceOperatingSystem:
type: "object" descriptiontype: "Thestring"
Name of the User initiating the Payment" description: "Device operating properties:system"
enDeviceOperatingSystemVersion:
type: "string"
description: "EnglishDevice valueoperating ofsystem the stringversion"
arDeviceBindingId:
type: "string"
description: "ArabicAn valueidentifier ofthat theassociates string"a device uniquely with a specific application"
GeoLocation: typeLastBindingDateTime:
"object" description: "GPS to identify and track the whereabouts of the connected electronic device."type: "string"
requiredformat: "date-time"
- Latitude description: "Date and time when the device was last bound to -the Longitudeapplication"
properties: LatitudeBindingDuration:
type: "string"
descriptionformat: "latitudeduration"
Longitude: description: "ISO 8601 duration since device was last bound (e.g., P30D for type: "string30 days)"
descriptionBindingStatus:
"longitude"
DeviceInformation: type: "objectstring"
description: "Detailed device information" propertiesdescription: "Current status of the DeviceId:device binding"
typeenum:
"string" description: "IMEISV- numberActive
of the connected electronic device" - AlternativeDeviceId:Expired
type: "string" - Revoked
description: "Alternative identifier for the- connectedSuspended
electronic device" DeviceOperatingSystemDeviceType:
type: "string"
description: "DeviceType of operatingdevice systemused"
DeviceOperatingSystemVersion enum:
type: "string" - Mobile
description: "Device operating system version"- Desktop
DeviceBindingId: - Tablet
type: "string" - Wearable
description: "An identifier that associates a device uniquely with a specific- application"Other
LastBindingDateTimeDeviceManufacturer:
type: "stringobject"
formatproperties:
"date-time" descriptionModel:
"Date and time when the device was last bound to the application" type: "string"
BindingDuration: typedescription: "string"Device model name"
format: "duration" description: "ISO 8601 duration since device was last bound (e.g., P30D for 30 days)"maxLength: 50
Manufacturer:
BindingStatus: type: "string"
description: "Current status of thedescription: device"Device bindingmanufacturer"
enum: maxLength: 50
- ActiveDeviceLanguage:
type: "string"
- Expired description: "Device language"
- Revoked DeviceLocalDateTime:
- Suspended type: "string"
DeviceType: typedescription: "string"Device local time"
descriptionConnectionType:
"Type of device used" enum:type: "string"
description: "Type -of Mobileconnection to the internet"
- Desktopenum:
- TabletWiFi
- WearableCellular
- Other
DeviceManufacturerScreenInformation:
type: "object"
properties:
ModelPixelDensity:
type: "stringnumber"
description: "DeviceScreen modelpixel namedensity"
Orientation:
maxLength: 50 Manufacturer:type: "string"
typeenum:
"string" - description:Portrait
"Device manufacturer" maxLength:- 50Landscape
DeviceLanguageBatteryStatus:
type: "stringobject"
descriptionproperties:
"Device language" DeviceLocalDateTimeLevel:
type: "stringnumber"
description: "Device local time" minimum: 0
ConnectionTypemaximum: 100
type IsCharging:
"string" descriptiontype: "Type of connection to the internet""boolean"
TouchSupport:
enumtype: "object"
properties:
- WiFi Supported:
- Cellular type: "boolean"
- Other ScreenInformationMaxTouchPoints:
type: "objectinteger"
properties: minimum: 0
PixelDensityMotionSensors:
type: "numberobject"
descriptionproperties:
"Screen pixel density" OrientationStatus:
type: "string"
enum:
- PortraitInMotion
- Stationary
Landscape BatteryStatusAccelerometer:
type: "objectboolean"
properties Gyroscope:
Leveltype: "boolean"
DeviceEnvironmentContext:
type: "number": "array"
description: "List of device environment context"
items:
minimum: 0 type: "string"
maximum: 100 enum:
IsCharging: - VPNDetected
type: "boolean" - EmulatorDetected
TouchSupport: BiometricCapabilities:
type: "object"
description: "Device biometric capabilities"
properties: properties:
Supported: SupportsBiometric:
type: "boolean"
description: "Whether MaxTouchPoints:device supports biometric authentication"
BiometricTypes:
type: "integer" type: "array"
minimum: 0 description: "Types of biometric authentication MotionSensors:supported"
typeitems:
"object" propertiestype: "string"
Statusenum:
- type:Fingerprint
"string" - enum:FacialRecognition
- Iris
- InMotion - VoicePrint
- Stationary - Other
Accelerometer: AppInformation:
type: "booleanobject"
Gyroscopedescription: "Mobile application specific information"
type: "boolean"properties:
DeviceEnvironmentContextAppVersion:
type: "arraystring"
description: "ListVersion of devicethe environmentmobile contextapplication"
itemsPackageName:
type: "string"
description: enum:"Application package identifier"
BuildNumber:
- VPNDetected type: "string"
description: "Application -build EmulatorDetectednumber"
BiometricCapabilitiesBrowserInformation:
type: "object"
description: "Device biometric capabilitiesBrowser-specific information"
properties:
SupportsBiometricUserAgent:
type: "booleanstring"
description: "WhetherComplete devicebrowser supportsuser biometricagent authenticationstring"
BiometricTypesIsCookiesEnabled:
type: "arrayboolean"
description: "Types of biometric authentication supported"
items:
type: "stringWhether cookies are enabled in the browser"
AvailableFonts:
enum: type: "array"
- Fingerprint description: "List of available fonts"
- FacialRecognition items:
- Iris type: "string"
Plugins:
- VoicePrint type: "array"
- Other AppInformationdescription: "List of installed browser plugins"
type: "object" items:
description: "Mobile application specific information" properties:type: "string"
AppVersionPixelRatio:
type: "stringnumber"
description: "VersionDevice ofpixel theratio mobilefor applicationscaling"
PackageNameUserBehavior:
type: "stringobject"
description: "ApplicationUser packagebehavior identifierindicators"
BuildNumberproperties:
typeScrollBehavior:
"string" descriptiontype: "Application build numberobject"
BrowserInformation: properties:
type: "object" descriptionDirection:
"Browser-specific information" properties: type: "string"
UserAgent: enum:
type: "string" description: "Complete browser user- agentUp
string" IsCookiesEnabled: - Down
type: "boolean" - Both
description: "Whether cookies are enabled in the browser" Speed:
AvailableFonts: type: "arraynumber"
description: "List of available fontsAverage scroll speed in pixels per second"
items Frequency:
type: "stringnumber"
Plugins: description: "Number of scroll events type: "arrayper minute"
AccountRiskIndicators:
description: "List of installed browser plugins"
type: "object"
itemsdescription: "Risk indicators related to the account"
typeproperties:
"string" PixelRatioUserOnboardingDateTime:
type: "numberstring"
descriptionformat: "Device pixel ratio for scalingdate-time"
UserBehavior: typedescription: "object"The exact date and time when the User account was activated with description:the TPP."User
behavior indicators" propertiesLastAccountChangeDate:
ScrollBehavior type: "string"
typeformat: "objectdate"
propertiesdescription: "Date that the User's account was last changed"
Direction: LastPasswordChangeDate:
type: "string"
format: "date"
enum: description: "Date of the last password change by the -User"
Up SuspiciousActivity:
- Down type: "string"
-description: Both"Indicates any suspicious activity associated with the account"
Speed: enum:
type: "number" - NoSuspiciousActivity
description: "Average- scrollSuspiciousActivityDetected
speed in pixels per second" TransactionHistory:
Frequency: type: "object"
type: "number" properties:
descriptionLastDay:
"Number of scroll events per minute" AccountRiskIndicators: type: "integer"
type: "object" description: "RiskTotal indicatorstransactions relatedmade toby the account" in the last 24 hours"
properties: UserOnboardingDateTimeminimum: 0
type: "string" LastYear:
formattype: "date-timeinteger"
description: "The exact date and time when the User account was activated with the TPP."Total transactions made by the account in the past year"
minimum: 0
LastAccountChangeDate: SupplementaryData:
type: "stringobject"
description: |
format: "date" Additional information that cannot be captured description:in "Datethe thatstructured the User's account was last changed"fields and/or any other specific block
LastPasswordChangeDate:This may include information that is not available in the structured fields, such as a type: "string"
user's behavioural data
like format: "date"
their typing speed and typing patterns.
descriptionadditionalProperties: "Date of the last password change by the User"true
properties: {}
AERisk:
SuspiciousActivityadditionalProperties: false
description: |
type: "string" The Risk section is sent by the TPP to the LFI. It is used description:to "Indicatesspecify anyadditional suspiciousdetails activityfor associatedrisk/fraud withscoring theregarding account"Payments.
type: "object"
enumproperties:
DebtorIndicators:
- NoSuspiciousActivity$ref: "#/components/schemas/AEDebtorIndicators"
DestinationDeliveryAddress:
- SuspiciousActivityDetected type: "object"
TransactionHistorydescription: |
type: "object"Destination Delivery Address
properties:
properties: RecipientType:
LastDay: type: "string"
typedescription: "integer"
The recipient of the goods whether an individual or a corporation."
description: "Total transactions madeenum:
by the account in the last 24 hours" - "Individual"
minimum: 0 - "Corporate"
LastYear: RecipientName:
type: "integerobject"
description: "The name of description:the "Totalrecipient transactionsof madethe bygoods, thewhether accountan inindividual theor pasta yearcorporation."
properties:
minimum: 0 SupplementaryData:en:
type: "objectstring"
description: | description: "English value of the string"
Additional information that cannot be captured in the structured fields and/or any other specific block ar:
This may include information that is not available in the structured fields, such as a user's behavioural datatype: "string"
description: "Arabic likevalue theirof typingthe speedstring"
and typing patterns. additionalPropertiesNationalAddress: true
properties: {} $ref: "#/components/schemas/AEAddress"
AERisk: additionalPropertiesTransactionIndicators:
false description: | $ref: "#/components/schemas/AETransactionIndicators"
The Risk section isCreditorIndicators:
sent by the TPP to the LFI. It is used to specify additional details for risk/fraud scoring regarding Payments.$ref: "#/components/schemas/AECreditorIndicators"
AETransactionIndicators:
type: "object"
propertiesdescription: |
DebtorIndicators: Transaction Indicators
$refproperties:
"#/components/schemas/AEDebtorIndicators" DestinationDeliveryAddressIsCustomerPresent:
typedescription: "object"This field differentiates between automatic and manual payment initiation."
description: | type: boolean
Destination Delivery AddressIsContractPresent:
propertiesdescription: "Indicates if the Creditor has a contractual relationship with the TPP."
RecipientType: type: boolean
type: "string" Channel:
description: "TheWhere recipient of the goodspayment whetherhas anbeen individual or a corporationinitiated from."
type: "string"
enum: enum:
- "Individual" - Web
- "Corporate"Mobile
RecipientName:
ChannelType:
type: "objectstring"
description: "The namechannel of the recipient ofthrough which the goods,transaction whetheris an individual or a corporation.being conducted"
enum:
properties: - ECommerce
en: - InStore
type: "string"- InApp
- Telephone
description: "English value of the string" - Mail
ar: - RecurringPayment
- Other
type: "string" SubChannelType:
descriptiontype: "Arabic value of the string"
NationalAddressdescription: "More specific classification of the transaction channel"
$ref: "#/components/schemas/AEAddress" TransactionIndicatorsenum:
$ref: "#/components/schemas/AETransactionIndicators"
- WebBrowser
CreditorIndicators: - MobileApp
$ref: "#/components/schemas/AECreditorIndicators"
AETransactionIndicators: - SmartTV
type: "object" description: | - WearableDevice
Transaction Indicators - POSTerminal
properties: IsCustomerPresent: - ATM
description: "This field differentiates between automatic and- manualKioskTerminal
payment initiation." type:- booleanOther
IsContractPresentPaymentProcess:
descriptiontype: "Indicatesobject"
if the Creditor has a contractual relationship with the TPP." description: "Metrics related to the payment process duration and attempts"
type: boolean Channelproperties:
description: "Where the payment has been initiated from." TotalDuration:
type: "stringinteger"
enum description: "Total time in seconds from payment initiation to completion"
- Web minimum: 0
- Mobile ChannelTypeCurrentSessionAttempts:
type: "stringinteger"
description: "TheNumber of channelpayment throughattempts whichin the transactioncurrent session"
is being conducted" enumminimum: 1
-CurrentSessionFailedAttempts:
ECommerce - InStoretype: "integer"
-description: InApp"Number of failed payment attempts in the current session"
- Telephone minimum: 0
- Mail Last24HourAttempts:
- RecurringPayment type: "integer"
- Other SubChannelType: description: "Number of payment attempts in the last type:24 "stringhours"
description: "More specific classification ofminimum: the0
transaction channel" enumLast24HourFailedAttempts:
type: -"integer"
WebBrowser - MobileAppdescription: "Number of failed payment attempts in the last 24 hours"
- SmartTV minimum: 0
- WearableDevice MerchantRisk:
- POSTerminal type: "object"
- ATM description: "Risk indicator details provided by the merchant"
- KioskTerminal properties:
- Other DeliveryTimeframe:
PaymentProcess: type: "objectstring"
description: "Metrics related to the payment process duration and attempts"Timeframe for the delivery of purchased items"
propertiesenum:
TotalDuration: - ElectronicDelivery
type: "integer" - SameDayShipping
description: "Total time in seconds from payment- initiationOvernightShipping
to completion" minimum:- 0MoreThan1DayShipping
CurrentSessionAttemptsReorderItemsIndicator:
type: "integerstring"
description: "NumberIndicates ofif paymentthe attemptstransaction inis thea current sessionreorder"
minimumenum:
1 CurrentSessionFailedAttempts: - FirstTimeOrder
type: "integer" - Reorder
description: "Number of failed paymentPreOrderPurchaseIndicator:
attempts in the current session" type: "string"
minimum: 0 description: "Indicates if Last24HourAttempts:this is a pre-ordered item"
type: "integer" enum:
description: "Number of payment attempts in- theMerchandiseAvailable
last 24 hours" - minimum:FutureAvailability
0 Last24HourFailedAttemptsIsGiftCardPurchase:
type: "integerboolean"
description: "NumberIndicates ofif failedthe paymenttransaction attemptsincludes ina the last 24 hoursgift card"
minimum: 0
IsDeliveryAddressMatchesBilling:
MerchantRisk: type: "objectboolean"
description: "Risk indicator details provided bydescription: the merchant"Indicates if delivery address matches billing address"
properties: DeliveryTimeframeAddressMatchLevel:
type: "string"
description: "TimeframeLevel of formatch thebetween delivery ofand purchasedbilling itemsaddresses"
enum:
- ElectronicDeliveryFullMatch
- SameDayShippingPartialMatch
- OvernightShippingNoMatch
- MoreThan1DayShippingNotApplicable
ReorderItemsIndicator:
SupplementaryData:
type: "stringobject"
description: "Indicates if the transactiondescription: is|
a reorder" Additional information that cannot enum:be captured in the structured fields and/or any other specific block
- FirstTimeOrder properties: {}
AECreditorIndicators:
type: -"object"
Reorder description: |
PreOrderPurchaseIndicator: Creditor Indicators
properties:
type: "string" AccountType:
description$ref: "Indicates if this is a pre-ordered item"
#/components/schemas/AEAccountTypeCode"
IsCreditorPrePopulated:
$ref: enum:"#/components/schemas/AEIsCreditorPrePopulated"
TradingName:
- MerchandiseAvailable
$ref: "#/components/schemas/AETradingName"
IsVerifiedByTPP:
- FutureAvailability $ref: "#/components/schemas/AEIsVerifiedbyTPP"
IsGiftCardPurchaseAdditionalAccountHolderIdentifiers:
$ref: "#/components/schemas/AEAdditionalAccountHolderIdentifiers"
type: "boolean" MerchantDetails:
description type: "object"Indicates
if the transaction includes a gift card" description: |
IsDeliveryAddressMatchesBilling: Details of the Merchant involved in the transaction.
type: "boolean" Merchant Details are specified only for description:those "Indicatesmerchant ifcategories deliverythat addressare matchesgenerally billingexpected address"to originate retail financial transactions
AddressMatchLevel: properties:
typeMerchantId:
"string"
description: "MerchantId"Level
of match between delivery and billing addresses" type: "string"
enum: minLength: 8
- FullMatch maxLength: 20
- PartialMatch MerchantName:
- NoMatchdescription: "Name by which the merchant is known."
- NotApplicable SupplementaryDatatype: "string"
type: "object" minLength: 1
description: | maxLength: 350
Additional information that cannot be captured in the structured fieldsMerchantSICCode:
and/or any other specific block propertiesdescription: {}|
AECreditorIndicators: type: "object" SIC code stands for description:standard |industrial classification (SIC) code.
Creditor Indicators properties: This four digit-number identifies a very AccountType:specific short descriptor of the type of business a company is $ref: "#/components/schemas/AEAccountTypeCode"
engaged in.
IsCreditorPrePopulated: SIC can $ref: "#/components/schemas/AEIsCreditorPrePopulated"
be obtained from the Chamber of Commerce.
TradingName: $reftype: "#/components/schemas/AETradingNamestring"
IsVerifiedByTPP: minLength: 3
$ref: "#/components/schemas/AEIsVerifiedbyTPP" AdditionalAccountHolderIdentifiersmaxLength: 4
$ref MerchantCategoryCode:
"#/components/schemas/AEAdditionalAccountHolderIdentifiers" MerchantDetails: description: >
type: "object" Category description:code |values are used to enable the classification of
Details of the Merchant involved in the transaction. merchants into specific categories based on the type of Merchantbusiness,
Details are specified only for those merchant categories that are generally expected to originate retail financial transactionstrade or services supplied.
properties: Category code conforms MerchantId:to ISO 18245, related to the type of services
description: "MerchantId" or goods the merchant provides for type: "stringthe transaction."
minLengthtype: 8string
maxLengthminLength: 20
3
MerchantName: maxLength: 4
descriptionadditionalProperties: "Namefalse
by which the merchant is known." IsCreditorConfirmed:
typedescription: "string"Creditor account details have been confirmed successfully using Confirmation of Payee
minLength: 1 type: boolean
maxLengthConfirmationOfPayeeResponse:
350 MerchantSICCode$ref: "#/components/schemas/AEConfirmationOfPayeeResponse"
SupplementaryData:
description: | type: "object"
SICdescription: code|
stands for standard industrial classification (SIC) code. Additional information that cannot be captured in the structured fields and/or Thisany fourother digit-numberspecific identifiesblock
a very specific short descriptor of the type of business aproperties: company{}
is
engaged in. AEIsCreditorPrePopulated:
description: "Is Creditor populated"
SIC can be obtained from the Chamber of Commerce.
type: "boolean"
AEIsVerifiedbyTPP:
description: "The TPP has onboarded the type: Creditor"string"
type: "boolean"
minLengthAEAdditionalAccountHolderIdentifiers:
3 type: "array"
maxLengthitems: 4
MerchantCategoryCodetype: "object"
description: "Provides the details to description:identify >an account."
required:
Category code values are used- to"SchemeName"
enable the classification of - "Identification"
merchantsproperties:
into specific categories based on the type of business, SchemeName:
$ref: trade or services supplied."#/components/schemas/AERiskExternalAccountIdentificationCode"
Identification:
Category code conforms to ISO 18245, related to the type of services
$ref: "#/components/schemas/AEIdentification"
Name:
$ref: or goods the merchant provides for the transaction."
"#/components/schemas/AEName"
additionalProperties: false
AERiskExternalAccountIdentificationCode:
typedescription: string"Name of the identification scheme, in a coded form as published in an external list."
minLength: 3 type: "string"
maxLengthenum:
4 - "EmiratesID"
additionalProperties: false - "TradeLicenceNumber"
IsCreditorConfirmed: AEConfirmationOfPayeeResponse:
description: CreditorThe accountJSON detailsWeb haveSignature beenreturned confirmedby successfullythe usingPayee Confirmation ofoperation Payeeat the Confirmation of Payee API. The value must be the type:full booleanJWS string, including the header and signature, without decoding ConfirmationOfPayeeResponse:to an object. If Confirmation of Payee is not performed this $ref: "#/components/schemas/AEConfirmationOfPayeeResponse"
property can be omitted
SupplementaryDatatype: string
pattern: '^.+\..+\..+$'
type: "object" AEAddress:
description: |
(Array) Address Additional information that cannot be captured in the structured fields and/or any otherlocates and identifes a specific blockaddress, as defined by a national or international postal service."
properties: {} AEIsCreditorPrePopulated:type: "array"
descriptionminItems: "Is1
Creditor populated" items:
type: "boolean" AEIsVerifiedbyTPPtype: "object"
description: "The TPPrequired:
has onboarded the Creditor" type:- "booleanAddressType"
AEAdditionalAccountHolderIdentifiers: - "Country"
type: "array" itemsproperties:
type AddressType:
"object" description$ref: "Provides the details to identify an account.""#/components/schemas/AEAddressTypeCode"
ShortAddress:
required: $ref: "#/components/schemas/AEShortAddress"
- "SchemeName" UnitNumber:
- "Identification" properties:$ref: "#/components/schemas/AEUnitNumber"
SchemeNameFloorNumber:
$ref: "#/components/schemas/AERiskExternalAccountIdentificationCodeAEFloorNumber"
IdentificationBuildingNumber:
$ref: "#/components/schemas/AEIdentificationAEBuildingNumber"
NameStreetName:
$ref: "#/components/schemas/AENameAEStreetName"
additionalPropertiesSecondaryNumber: false
AERiskExternalAccountIdentificationCode: description$ref: "Name of the identification scheme, in a coded form as published in an external list."#/components/schemas/AESecondaryNumber"
District:
type$ref: "string"#/components/schemas/AEDistrict"
enumPostalCode:
- $ref: "EmiratesID"#/components/schemas/AEPostalCode"
- "TradeLicenceNumber"POBox:
AEConfirmationOfPayeeResponse: description: The JSON Web Signature returned by the Payee Confirmation operation at the Confirmation of Payee API. The value must be the full JWS string, including the header and signature, without decoding to an object. If Confirmation of Payee is not performed this property can be omitted
type: string$ref: "#/components/schemas/AEPOBox"
ZipCode:
$ref: "#/components/schemas/AEZipCode"
City:
$ref: "#/components/schemas/AECity"
patternRegion:
'^.+\..+\..+$'
AEAddress: description$ref: |"#/components/schemas/AERegion"
(Array) Address informationCountry:
that locates and identifes a specific address, as defined by a national or international postal service."$ref: "#/components/schemas/AECountryCode"
typeadditionalProperties: false
"array"
AEAddressTypeCode:
minItems: 1 description: "Specifies the nature items:of the Address."
type: "objectstring"
requiredenum:
- "AddressTypeBusiness"
- "CountryCorrespondence"
properties:- "Residential"
example: "Residential"
AddressType: AEShortAddress:
description: $ref: "#/components/schemas/AEAddressTypeCode"
ShortAddress:
"A short address consists of four letters: region code, branch code, division code, unique code and a four-digit number for the building."
$reftype: "#/components/schemas/AEShortAddressstring"
minLength: 1
UnitNumber: maxLength: 8
$refexample: "#/components/schemas/AEUnitNumberABCD1234"
AEUnitNumber:
FloorNumberdescription: "Identifies the unit or apartment number."
$reftype: "#/components/schemas/AEFloorNumberstring"
minLength: 1
BuildingNumber: maxLength: 10
$refexample: "#/components/schemas/AEBuildingNumber6"
AEFloorNumber:
StreetName description: "Identifies the building floor number."
$reftype: "#/components/schemas/AEStreetNamestring"
minLength: 1
SecondaryNumber: maxLength: 10
$refexample: "#/components/schemas/AESecondaryNumber2"
AEBuildingNumber:
District: description: "Identifies the building number."
$reftype: "#/components/schemas/AEDistrictstring"
minLength: 1
PostalCode: maxLength: 10
$refexample: "#/components/schemas/AEPostalCode34"
AEStreetName:
POBox description: "Identifies the street name or road."
$reftype: "#/components/schemas/AEPOBoxstring"
minLength: 1
ZipCode: maxLength: 70
$refexample: "#/components/schemas/AEZipCodeOmar Bin Hassan Street"
AEDistrict:
City description: "Identifies the district of a city."
$reftype: "#/components/schemas/AECitystring"
minLength: 1
Region: maxLength: 35
$refexample: "#/components/schemas/AERegion"Olaya Dist."
AECountryCode:
Countrydescription: "Indicates the country code in which the address is located (References ISO $ref: "#/components/schemas/AECountryCode3166-1 alpha-2)."
type: "string"
additionalProperties: false AEAddressTypeCode:pattern: "^[A-Z]{2,2}$"
descriptionexample: "Specifies the nature of the Address.SA"
typeAEPostalCode:
"string" description: enum:" Identifies the postal code; a unique code assigned -to "Business"a specific geographic area for efficient mail sorting and -delivery purposes."Correspondence"
type: - "Residentialstring"
exampleminLength: "Residential"1
AEShortAddressmaxLength: 10
descriptionexample: "A12345"
short
address consists of four lettersAEPOBox:
region code, branch code, division code, unique code and a four-digit number for the buildingdescription: " Identifies the POBox."
type: "string"
minLength: 1
maxLength: 810
example: "ABCD123411562"
AEUnitNumberAEZipCode:
description: "Identifies the unit or apartment number ZIP code; a unique code assigned to a specific geographic area for efficient mail sorting and delivery purposes."
type: "string"
minLength: 1
maxLength: 10
example: "612366"
AEFloorNumberAESecondaryNumber:
description: "Identifies4 numbers representing the building floor number.accurate location coordinates of the address"
type: "string"
minLength: 14
maxLength: 104
example: "21233"
AEBuildingNumberAECity:
description: "Identifies the name of the city or town where the buildingaddress is numbersituated."
type: "string"
minLength: 1
maxLength: 1035
example: "34Riyadh"
AEStreetNameAERegion:
description: "Identifies the street name or roadregion."
type: "string"
minLength: 1
maxLength: 7035
example: "Omar Bin Hassan StreetNorth"
AEDistrictAECreditorExternalAccountIdentificationCode:
description: "IdentifiesName of the identification districtscheme, ofin a city coded form as published in an external list."
type: "string"
minLength: 1enum:
- "IBAN"
- "AccountNumber"
AEIdentification:
maxLengthdescription: 35|
example:Identification "Olaya Dist."
AECountryCode:
description: "Indicates the country code in which the address is located (References ISO 3166-1 alpha-2)."for the account assigned by the LFI based on the Account Scheme Name.
This identification is known by the User account owner.
type: "string"
patternminLength: "^[A-Z]{2,2}$"1
exampleAEName:
"SA" AEPostalCodetype: "object"
description: "|
Identifies the postal code; a unique codeThe assignedAccount toHolder aName specificis geographicthe areaname foror efficientnames mailof sortingthe and delivery purposes."
Account owner(s) represented at the account level
type: "string" properties:
minLength: 1 en:
maxLength: 10 exampletype: "12345string"
AEPOBox: description: "English value Identifiesof the POBox.string"
type: "string" maxLength: 70
minLength: 1 ar:
maxLength: 10 exampletype: "11562string"
AEZipCode: description: "IdentifiesArabic thevalue ZIPof code;the astring"
unique code assigned to a specific geographic area for efficient mailmaxLength: sorting70
and delivery purposes." typeadditionalProperties: "string"false
minLengthAETradingName:
1 maxLengthtype: 10"object"
exampledescription: |
"12366" AESecondaryNumber: The Trading Brand Name (if applicable) description:for "4the numbersCreditor.
representing the accurate location coordinates of the address" Applicable to Payments.
type: "string" properties:
minLength: 4 en:
maxLength: 4 exampletype: "1233string"
AECity: description: "IdentifiesEnglish the namevalue of the citystring"
or town where the address is situated." maxLength: 70
type: "string" minLengthar:
1 maxLength: 35 exampletype: "Riyadhstring"
AERegion: description: "IdentifiesArabic value of the region."string"
typemaxLength: "string"70
minLengthadditionalProperties: 1false
maxLengthAuthorizationDetailsDataSharingConsent:
35 type: example:object
"North" AECreditorExternalAccountIdentificationCoderequired:
description: "Name of- theConsentId
identification scheme, in a coded form as published in- anPermissions
external list." type: "string"- OpenFinanceBilling
enum: - ExpirationDateTime
- "IBAN"properties:
-ConsentId:
"AccountNumber" AEIdentification: $ref: '#/components/schemas/AEConsentId'
description: | Permissions:
Identification for the account assigned by the LFI basedtype: onarray
the Account Scheme Name. items:
This identification is known by the User account owner. $ref: '#/components/schemas/AEAccountAccessConsentPermissionCodes'
type: "string" minLengthminItems: 1
AEName OpenFinanceBilling:
type: "object" $ref: '#/components/schemas/AEAccountAccessOpenFinanceBillingPost'
descriptionallOf:
| - $ref: '#/components/schemas/AEAccountAccessAuthorizationDetailsProperties'
The Account HolderadditionalProperties: Namefalse
is
the name or names ofAuthorizationDetailsInsuranceConsent:
the Account owner(s) represented at the accounttype: levelobject
propertiesrequired:
en:- ConsentId
- type:Permissions
"string" - OpenFinanceBilling
description: "English value of the string" - ExpirationDateTime
maxLengthproperties:
70 arBaseConsentId:
type: "string"
description: "Arabic>-
value of the string" The original maxLength:ConsentId 70assigned by the TPP
additionalProperties: false AETradingNameExpirationDateTime:
type: "object" type: string
description: | format: date-time
The Trading Brand Name (if applicable) for the Creditor. description: >-
Applicable to Payments. Specified date properties:and time the permissions will expire. All date-time fields en:in responses must include the timezone. An example is type: "string"below: 2017-04-05T10:43:07+00:00
description: "English value of the string"OnBehalfOf:
maxLength$ref: 70'#/components/schemas/OnBehalfOf'
arConsentId:
type$ref: "string"'#/components/schemas/AEConsentId'
descriptionPermissions:
"Arabic value of the string" type: array
maxLength: 70 additionalPropertiesitems:
false AuthorizationDetailsDataSharingConsent: type: object$ref: '#/components/schemas/AEInsuranceConsentPermissions'
required: minItems: 1
- ConsentId OpenFinanceBilling:
- Permissions $ref: '#/components/schemas/AEInsuranceOpenFinanceBillingPost'
- OpenFinanceBilling AEAccountAccessAuthorizationDetailsProperties:
type: -object
ExpirationDateTime properties:
ConsentIdBaseConsentId:
$ref: '#/components/schemas/AEConsentIdAEBaseConsentId'
PermissionsExpirationDateTime:
type: arraystring
itemsformat: date-time
$refdescription: '#/components/schemas/AEAccountAccesssConsentPermissionCodes'>-
minItems: 1 Specified date and time the permissions will expire.
OpenFinanceBilling:
$ref: '#/components/schemas/AEAccountAccessOpenFinanceBillingPost'
allOf:
All date-time fields in responses must include the timezone. An
- $ref: '#/components/schemas/AEAccountAccessAuthorizationDetailsProperties' example is additionalPropertiesbelow:
false
AuthorizationDetailsInsuranceConsent:2017-04-05T10:43:07+00:00
type TransactionFromDateTime:
object requiredtype: string
format: date-time
ConsentId description: |2-
Permissions - OpenFinanceBilling Specified start date -and ExpirationDateTimetime for the transaction query period.
properties: BaseConsentId: If this is not type:populated, stringthe start date will be open ended, and
description: >- data Thewill originalbe ConsentIdreturned assigned byfrom the TPPearliest available
ExpirationDateTime: transaction.All dates type:in stringthe JSON payloads are represented in
format: date-time ISO description:8601 >date-time format.
Specified date and time the permissions will expire. All date-time fields in responses must include the timezone. An
example is below: 2017-04-05T10:43:07+00:00
OnBehalfOf: $ref: '#/components/schemas/OnBehalfOf'2017-04-05T10:43:07+00:00
ConsentIdTransactionToDateTime:
$reftype: '#/components/schemas/AEConsentId'string
Permissionsformat: date-time
$ref description: '#/components/schemas/AEInsuranceConsentPermissions'|2-
OpenFinanceBilling: Specified end date $ref: '#/components/schemas/AEInsuranceOpenFinanceBillingPost'
AEAccountAccessAuthorizationDetailsProperties:and time for the transaction query period.
type: object properties: If this is not populated, the end BaseConsentId:date will be open ended, and
$ref: '#/components/schemas/AEBaseConsentId' ExpirationDateTime: data will be returned to the latest available transaction.All
type: string format: date-time dates in the JSON payloads are represented in ISO description:8601 >date-time
Specified date and timeformat.
the
permissions will expire. All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
AccountType:
type: array
items:
$ref: '#/components/schemas/AEExternalAccountTypeCode'
TransactionFromDateTime AccountSubType:
type: array
items: string
$ref: '#/components/schemas/AEAccountSubTypeCode'
formatOnBehalfOf:
date-time description$ref: |2-'#/components/schemas/AEOnBehalfOf'
additionalProperties: false
AEExternalAccountTypeCode:
Specified start date and timedescription: forSpecifies the transactiontype queryof period.account (Retail, SME or Corporate).
type: string
If thisenum:
is not populated, the start date will be open- ended,Retail
and - SME
data will- beCorporate
returned
from the earliest available OnBehalfOf:
type: object
description: transaction.AllOn datesBehalf inOf
the JSON payloads are represented in properties:
TradingName:
ISO 8601 date-time format. type: string
description: Trading Name
All date-time fields in responses must include the timezone.example: AnAcme Accounting Trading Name
LegalName:
example is below: type: string
2017-04-05T10:43:07+00:00
description: Legal Name
TransactionToDateTime: example: Acme Accounting Legal Name
type: string format: date-timeIdentifierType:
descriptiontype: |2-string
description: Identifier Type
Specified end date and time for the transaction query period. enum:
- Other
If this is not populated, the endIdentifier:
date will be open ended, and type: string
datadescription: willIdentifier
be returned to the latest available transaction.All example: abcd1234
additionalProperties: false
dates in theEventNotification:
JSON payloads are represented in ISO 8601 date-timetype: object
description: |
format.A Webhook Subscription Schema
required:
All date-time Webhook
fields in responses must include the timezone.properties:
An Webhook:
example is belowdescription: |
A Webhook Schema
2017-04-05T10:43:07+00:00 AccountTypetype: object
type required:
array - "Url"
items: - "IsActive"
$ref: '#/components/schemas/AEExternalAccountTypeCode' AccountSubTypeproperties:
type Url:
array itemsdescription: |
$ref: '#/components/schemas/AEAccountSubTypeCode' The TPP Callback URL OnBehalfOf:being registered with the LFI
$ref: '#/components/schemas/AEOnBehalfOf' additionalPropertiestype: falsestring
AEExternalAccountTypeCode: description: Specifies the type of account (Retail, SME or Corporate).example: https://api.tpp.com/webhook/callbackUrl
typeIsActive:
string enum: description: >
- Retail - SME The TPP specifying whether -the CorporateLFI should send (IsActive true)
OnBehalfOf: type: object description:or Onnot Behalfsend Of(IsActive false) Webhook Notifications to the TPP's
properties: TradingName: Webhook URL
type: string descriptiontype: Tradingboolean
Name example: false
Acme Accounting Trading Name additionalProperties: false
LegalName: additionalProperties: false
typeHealthCheckCertResponse:
string properties:
description: Legal Name connectionEstablished:
example: Acme Accountingtype: Legalboolean
Name
IdentifierTypemtlsStatus:
type: string
descriptionenum:
Identifier Type - established
enum: - not-established
Other
IdentifierhostName:
type: string
descriptionclientCertificate:
Identifier exampletype: abcd1234object
additionalProperties: false EventNotificationproperties:
type: object descriptionsubject:
| A Webhook Subscription Schema type: string
required: - Webhook issuer:
properties: Webhooktype: string
description required:
| - Asubject
Webhook Schema type: object
- issuer
required:
- "Url"connectionEstablished
- mtlsStatus
- "IsActive" - hostName
properties: - clientCertificate
UrlAEConsentUsage:
type: object
description: |
Contains information about the last time the consent The TPP Callback URL being registered with the LFI
was used.
properties:
typelastDataShared:
string example: https://api.tpp.com/webhook/callbackUrltype: string
IsActiveformat: date-time
description: >
|
The TPPlast specifying whethertime the LFIdata shouldwas sendshared (IsActivewith true)the TPP. This is updated by the CM when the data is shared with the TPP.
or not send (IsActive false) Webhook Notifications tolastServiceInitiationAttempt:
the TPP's type: string
Webhook URL format: date-time
typedescription: boolean|
The last example:time falsethe payment was initiated by TPP. This is updated by the additionalProperties:CM falsewhen payment is initiated additionalProperties: falseby TPP.
parameters:
consentId:
name: consentId
in: path
schema:
type: string
required: true
description: |
Identifies the consent by an id
id:
name: id
in: path
schema:
type: string
required: true
description: |
Identifies the payment by an id
userId:
name: userId
in: path
schema:
type: string
required: true
description: |
Identifies the PSU associated with a consent.
This should match up with the `psuIdentifier.userId` field.
page:
name: page
in: query
schema:
type: integer
format: int32
minimum: 1
required: false
description: |
The page number to retrieve in a paginated response
pageSize:
name: pageSize
in: query
schema:
type: integer
format: int32
minimum: 1
required: false
description: |
The maximum rows to retrieve in a given page. Defaults to 25 if not specified.
consentType:
name: consentType
in: query
schema:
type: string
description: Consents of particular accountId
required: false
status:
name: status
in: query
schema:
type: string
description: Status of the consent
required: false
securitySchemes:
OzoneConnectJwtAuth:
description: |
Communications between the API Hub and the LFI Ozone Connect implementation are secured using the "JWT Auth" mechanism, where the Client presents a signed JSON Web Token as a credential.
The Server MUST verify the signature in order to authenticate the Client.
Please note that the value of the `scheme` parameter is not a registered HTTP Authentication Scheme, to indicate it is specific to Ozone Connect. Please refer to API Hub documentation for further details.
type: http
scheme: Ozone-Connect-JWT-Auth
|
...