...
| Code Block |
|---|
{
"typ": "JWT",
"alg": "PS256",
"kid": "e4ce77c498e77000a25aa7b40e4a83f9"
}
.
{
"iss": "s6BhdRkqt3",
"aud": "https://server.example.com",
"response_type": "code",
"redirect_uri": "https://openbanking.tpp1.ae/simple-redirect-url",
"scope": "openid payments",
"state": "2616df22-899e-468b-b7af-927145b067cc",
"authorization_details": [
{
"type": "urn:openfinanceuae:service-initiation-consent:v1.0-draft2draft3",
"consent": {
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"AcceptedAuthorizationType": "UAEOF.Single",
"AuthorizationExpirationTimeWindow": "720:00:00",
"ExpirationDateTime": "2024-10-01T00:00:00.000Z",
"ControlParameters": {
"IsPayByAccount": false,
"ConsentSchedule": {
"MultiPayment": {
"MaximumCumulativeNumberOfPayments": 10,
"PeriodicSchedule": {
"Type": "UAEOF.VariablePeriodicSchedule",
"PeriodType": "Day",
"PeriodStartDate": "20232024-1005-01",
"MaximumCumulativeValueOfPaymentsPerPeriodType": {
"Amount": "100.00",
"Currency": "AED"
}
}
}
}
},
"PersonalIdentifiableInformation": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.UGhIOguC7...aQeF_PXwJZ4g.48V1_ALb6US04U3b.5eym5T...QzAAE=.XFBoMY...wifLw",
"PayerReference": "string",
"BeneficiaryReference": "string",
"PaymentPurposeCode": "ABCD",
"SponsoredTPPInformation": {
"Name": "string",
"Identification": "string"
}
}
}
]
} |
...
| Code Block | ||
|---|---|---|
| ||
POST /open-finance/payment/v1.0-draft2draft3/payments HTTP/1.1 Host: rs1.openfinanceplatform.ae Content-Type: application/jwt Accept: application/jwt x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602 x-idempotency-key: 78dae4513b8847f98e2d4173b4ed0eb6 Authorization: Bearer caa1b60d-61ff-4cd8-a4e1-2d18c8696de0 { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0.5, "nbf": 0.5, "aud": [ "string" ], "iat": 0.5, "message": { "Data": { "ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa", "Instruction": { "Amount": { "Amount": "100.00", "Currency": "AED" }, "BeneficiaryReference": "string", "PaymentSequenceNumber": "1" }, "PaymentPurposeCode": "ABCD", "PayerReference": "string" } } } . <<signature>> |
...
| Code Block | ||
|---|---|---|
| ||
HTTP/1.1 201 Created
Content-Type: application/jwt
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
{
"alg": "PS256",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "string",
"exp": 0.5,
"nbf": 0.5,
"aud": [
"string"
],
"iat": 0.5,
"message": {
"Data": {
"PaymentId": "83b47199-90c2-4c05-9ef1-aeae68b0fc7c",
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"PaymentTransactionId": "string",
"PaymentStatusStatus": "Pending",
"PaymentStatusUpdateDateTimeStatusUpdateDateTime": "20232024-1005-01T00:00:00.000Z",
"CreationDateTime": "20232024-1005-01T00:00:00.000Z",
"DebtorCharges": [
{
"Type": "VAT",
"Amount": {
"Amount": "100.00",
"Currency": "AED"
}
}
],
"Instruction": {
"Amount": {
"Amount": "100.00",
"Currency": "AED"
},
"BeneficiaryReference": "string",
"PaymentSequenceNumber": "1"
},
"PaymentPurposeCode": "ABCD",
"PayerReference": "string"
},
"Links": {
"Self": "/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c",
"Related": "/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa"
},
"Meta": {}
}
}
.
<<signature>> |
...
| Code Block | ||
|---|---|---|
| ||
GET /open-finance/payment/v1.0-draft2draft3/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c HTTP/1.1 Host: rs1.openfinanceplatform.ae Accept: application/jwt x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602 Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 |
...
| Code Block | ||
|---|---|---|
| ||
HTTP/1.1 200 OK
Content-Type: application/jwt
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
{
"alg": "PS256",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "string",
"exp": 0.5,
"nbf": 0.5,
"aud": [
"string"
],
"iat": 0.5,
"message": {
"Data": {
"PaymentId": "83b47199-90c2-4c05-9ef1-aeae68b0fc7c",
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"PaymentTransactionId": "string",
"PaymentStatusStatus": "Pending",
"PaymentStatusUpdateDateTimeStatusUpdateDateTime": "20232024-1005-01T00:00:00.000Z",
"CreationDateTime": "20232024-1005-01T00:00:00.000Z",
"DebtorCharges": [
{
"Type": "VAT",
"Amount": {
"Amount": "100.00",
"Currency": "AED"
}
}
],
"Instruction": {
"Amount": {
"Amount": "100.00",
"Currency": "AED"
},
"BeneficiaryReference": "string",
"PaymentSequenceNumber": "1"
},
"PaymentPurposeCode": "ABCD",
"PayerReference": "string"
},
"Links": {
"Self": "/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c",
"Related": "/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa"
},
"Meta": {}
}
}
.
<<signature>> |
...
| Code Block | ||
|---|---|---|
| ||
GET /open-finance/payment/v1.0-draft2draft3/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c HTTP/1.1 Host: rs1.openfinanceplatform.ae Accept: application/jwt x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602 Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 |
...
| Code Block |
|---|
{
"typ": "JWT",
"alg": "PS256",
"kid": "e4ce77c498e77000a25aa7b40e4a83f9"
}
.
{
"iss": "s6BhdRkqt3",
"iat": 1669393154,
"exp": 1669393496,
"nbf": 1669393154,
"aud": "https://server.example.com",
"response_type": "code",
"redirect_uri": "https://openbanking.tpp1.ae/simple-redirect-url",
"scope": "openid payments",
"state": "af0ifjsldkj",
"authorization_details": [
{
"type": "urn:openfinanceuae:service-initiation-consent:v1.0-draft2draft3",
"consent": {
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"AcceptedAuthorizationType": "UAEOF.Single",
"AuthorizationExpirationTimeWindow": "720:00:00",
"ExpirationDateTime": "2024-10-01T00:00:00.000Z",
"ControlParameters": {
"IsPayByAccount": false,
"ConsentSchedule": {
"MultiPayment": {
"MaximumCumulativeNumberOfPayments": 10,
"PeriodicSchedule": {
"Type": "UAEOF.VariablePeriodicSchedule",
"PeriodType": "Day",
"PeriodStartDate": "20232024-1005-01",
"MaximumCumulativeValueOfPaymentsPerPeriodType": {
"Amount": "100.00",
"Currency": "AED"
}
}
}
}
},
"PersonalIdentifiableInformation": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.UGhIOguC7...aQeF_PXwJZ4g.48V1_ALb6US04U3b.5eym5T...QzAAE=.XFBoMY...wifLw",,
"PayerReference": "string",
"BeneficiaryReference": "string",
"PaymentPurposeCode": "ABCD",
"SponsoredTPPInformation": {
"Name": "string",
"Identification": "string"
}
},
"Subscription": {
"Webhook": {
"Url": "https://api.tpp.com/webhook/callbackUrl",
"IsActive": true
}
}
}
}
]
} |
...
| Code Block | ||
|---|---|---|
| ||
PATCH /open-finance/payment/v1.0-draft2draft3/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa HTTP/1.1 Host: rs1.lab.api.openbanking.ae Content-Type: application/jwt Accept: application/jwt x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0, "nbf": 0, "aud": [ "string" ], "iat": 0, "message": { "Subscription": { "Webhook": { "IsActive": true } } } } . <<signature>> |
...
| Code Block | ||
|---|---|---|
| ||
PATCH /open-finance/payment/v1.0-draft2draft3/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa HTTP/1.1 Host: rs1.lab.api.openbanking.ae Content-Type: application/jwt x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 { "alg": "PS256", "kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1" } . { "iss": "string", "exp": 0, "nbf": 0, "aud": [ "string" ], "iat": 0, "message": { "Subscription": { "Webhook": { "IsActive": false } } } } . <<signature>> |
...
| Code Block | ||
|---|---|---|
| ||
{
"alg": "PS256",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "string",
"exp": 0.5,
"nbf": 0.5,
"aud": [
"string"
],
"iat": 0.5,
"message": {
"Data": {
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"BaseConsentId": "abc-19877d98-ab0e-4758-92a7-vvffr1234abv",
"AcceptedAuthorizationType": "UAEOF.Single",
"AuthorizationExpirationTimeWindow": "720:00:00",
"ExpirationDateTime": "2024-10-01T00:00:00.000Z",
"ConsentStatus": "AwaitingAuthorization",
"ConsentStatusUpdateDateTime": "20232024-1005-01T00:00:00.000Z",
"CreationDateTime": "20232024-1005-01T00:00:00.000Z",
"ControlParameters": {
"IsPayByAccount": false,
"ConsentSchedule": {
"MultiPayment": {
"MaximumCumulativeNumberOfPayments": 10,
"PeriodicSchedule": {
"Type": "UAEOF.VariablePeriodicSchedule",
"PeriodType": "Day",
"PeriodStartDate": "20232024-1005-01",
"MaximumCumulativeValueOfPaymentsPerPeriodType": {
"Amount": "100.00",
"Currency": "AED"
}
}
}
}
},
"PersonalIdentifiableInformation": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.UGhIOguC7...aQeF_PXwJZ4g.48V1_ALb6US04U3b.5eym5T...QzAAE=.XFBoMY...wifLw",,
"PayerReference": "string",
"BeneficiaryReference": "string",
"PaymentPurposeCode": "ABCD",
"SponsoredTPPInformation": {
"Name": "string",
"Identification": "string"
},
"IsPayByAccount": false,
"PaymentConsumption": {
"MaximumCumulativeNumberOfPayments": 10,
"MaximumCumulativeValueOfPayments": {
"Amount": "1000.00",
"Currency": "AED"
},
"CumulativeNumberOfPayments": 10,
"CumulativeNumberOfPaymentsPerPeriod": 1,
}
},
"Links": {
"Self": "/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"Related": []
},
"EventMeta": {
"EventDateTime": "2202322024-1005-01T00:00:00.000Z",
"EventResource": "consents",
"EventType": "UAEOF.Resource.Created",
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa"
}
}
}
.
<<signature>> |
...
| Code Block | ||
|---|---|---|
| ||
{
"typ": "JWT",
"alg": "PS256",
"kid": "e4ce77c498e77000a25aa7b40e4a83f9"
}
.
{
"iss": "s6BhdRkqt3",
"aud": "https://server.example.com",
"response_type": "code",
"redirect_uri": "https://openbanking.tpp1.ae/simple-redirect-url",
"scope": "openid payments",
"state": "af0ifjsldkj",
"authorization_details": [
{
"type": "urn:openfinanceuae:service-initiation-consent:v1.0-draft2draft3",
"consent": {
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"AcceptedAuthorizationType": "UAEOF.Multi",
"AuthorizationExpirationTimeWindow": "720:00:00",
"ExpirationDateTime": "2024-10-01T00:00:00.000Z",
"ControlParameters": {
"IsPayByAccount": false,
"ConsentSchedule": {
"MultiPayment": {
"MaximumCumulativeNumberOfPayments": 10,
"PeriodicSchedule": {
"Type": "UAEOF.VariablePeriodicSchedule",
"PeriodType": "Day",
"PeriodStartDate": "20232024-1005-01",
"MaximumCumulativeValueOfPaymentsPerPeriodType": {
"Amount": "100.00",
"Currency": "AED"
}
}
}
}
},
"PersonalIdentifiableInformation": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.UGhIOguC7...aQeF_PXwJZ4g.48V1_ALb6US04U3b.5eym5T...QzAAE=.XFBoMY...wifLw",,
"PayerReference": "string",
"BeneficiaryReference": "string",
"PaymentPurposeCode": "ABCD",
"SponsoredTPPInformation": {
"Name": "string",
"Identification": "string"
}
}
}
]
} |
...
| Code Block | ||
|---|---|---|
| ||
HEAD /open-finance/payment/v1.0-draft2draft3/payments HTTP/1.1 Host: rs1.lab.api.openbanking.ae Accept: application/jwt x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602 Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 x-idempotency-key: 78dae4513b8847f98e2d4173b4ed0eb6 |
...
| Code Block | ||
|---|---|---|
| ||
HTTP/1.1 204 No Content x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead Location: /open-finance/payment/v1.0-draft2draft3/payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c |
5. Open API Specification
See the Bank Service Initiation API - Swagger page.
6. Service Initiation Notes
6.1 Staging a Service Initiation Consent
6.1.1 Single Instant Payment
To manage the creation and execution of a Single Instant payment;
The TPP:
MUST provide a
ConsentIdin the Consent object within theauthorization_detailsof a Rich Authorization Request.MAY use a
GETto the/payments/{PaymentId}resource to poll for Payment Statuses.
The OFP:
MUST reject the Service Initiation consent if a globally unique UUID v4
ConsentIddoes not exist in the RAR object.MUST validate the Consent parameters and create a Consent resource (
ConsentId) that isAwaitingAuthorizationwhen a valid RAR object is staged at the PAR endpoint.MUST immediately stage the payment with the LFI once a valid Service Initiation resource is created by the TPP.
MUST send payment status events to the TPP if an active Webhook Subscription is registered within the Consent object.
The LFI:
MUST immediately stage the payment with the Payment Rails once a valid payment is staged by the OFP.
MUST emit payment status events to the OFP.
6.1.2 Single Future Dated, Multi-Payment
For Single Future Dated and Multi-Payment Consents:
The TPP:
...
4.5 The TPP Initiates a Bulk File Payment
4.5.1 Request: TPP Uses RAR (Rich Authorization Request)
The authorization_details contain the User’s service initiation consent details, and a UUID v4 which is a unique identifier for the Service Initiation consent.
| Code Block |
|---|
{
"typ": "JWT",
"alg": "PS256",
"kid": "e4ce77c498e77000a25aa7b40e4a83f9"
}
.
{
"iss": "s6BhdRkqt3",
"aud": "https://server.example.com",
"response_type": "code",
"redirect_uri": "https://openbanking.tpp1.ae/simple-redirect-url",
"scope": "openid payments",
"state": "2616df22-899e-468b-b7af-927145b067cc",
"authorization_details": [
{
"type": "urn:openfinanceuae:service-initiation-consent:v1.0-draft3",
"consent": {
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"AcceptedAuthorizationType": "UAEOF.Single",
"AuthorizationExpirationTimeWindow": "720:00:00",
"ExpirationDateTime": "2024-10-01T00:00:00.000Z",
"ControlParameters": {
"IsPayByAccount": false,
"ConsentSchedule": {
"FilePayment": {
"FileType": "UAEOF.pain.001.001.08",
"FileHash": "m5ah/h1UjLvJYMxqAoZmj9dKdjZnsGNm+yMkJp/KuqQ",
"NumberOfTransactions": 5,
"ControlSum": "10003.40"
}
}
}
}
}
]
} |
Create the RAR Request using the signed JWT, and authenticated using private_key_jwt.
The request parameter JWT includes the ConsentId, a UUID v4 that was originally generated by the TPP.
| Code Block |
|---|
POST /open-finance/v1/par HTTP/1.1
Host: auth1.openfinanceplatform.ae
Content-Type: application/x-www-form-urlencoded
Accept: application/json
client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
&client_assertion=eyJhbGciOiJIUzI1NiJ9.ew0KICAiaXNzIjogImM4NDIyNzg3LTFkZmYtNDI0ZC1iNjIwLTM1NmMwODcwYmVkNCIsDQogICJzdWIiOiAiYzg0MjI3ODctMWRmZi00MjRkLWI2MjAtMzU2YzA4NzBiZWQ0IiwNCiAgImF1ZCI6ICJhdXRoMS5sYWIub3BlbmJhbmtpbmcuc2EiLA0KICJqdGkiOiAiYThmZDQ2ZjctYTNiMy00MGQ5LTk2ZjctNDk1YmEyMGFiMTZmIiwNCiAgImV4cCI6IDE1MTYyMzkwMjINCn0.nvY2tG7D3_ioVI55nRJ7apBzoGbP9sofMLd7Dni4YbI
&request=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6ImU0Y2U3N2M0OThlNzcwMDBhMjVhYTdiNDBlNGE4M2Y5In0.eyJpc3MiOiJzNkJoZFJrcXQzIiwiYXVkIjoiaHR0cHM6Ly9zZXJ2ZXIuZXhhbXBsZS5jb20iLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vb3BlbmJhbmtpbmcudHBwMS5hZS9zaW1wbGUtcmVkaXJlY3QtdXJsIiwic2NvcGUiOiJvcGVuaWQgcGF5bWVudHMiLCJzdGF0ZSI6IjI2MTZkZjIyLTg5OWUtNDY4Yi1iN2FmLTkyNzE0NWIwNjdjYyIsImF1dGhvcml6YXRpb25fZGV0YWlscyI6W3sidHlwZSI6InVybjpvcGVuZmluYW5jZXVhZTpzZXJ2aWNlLWluaXRpYXRpb24tY29uc2VudDp2MS4wLWRyYWZ0MyIsImNvbnNlbnQiOnsiQ29uc2VudElkIjoiYWFjLTY5MjU1ZDk4LWFiMGUtNDc1OC05MmE3LWNhY2JmMzA3M2VmYSIsIkFjY2VwdGVkQXV0aG9yaXphdGlvblR5cGUiOiJVQUVPRi5TaW5nbGUiLCJBdXRob3JpemF0aW9uRXhwaXJhdGlvblRpbWVXaW5kb3ciOiI3MjA6MDA6MDAiLCJFeHBpcmF0aW9uRGF0ZVRpbWUiOiIyMDI0LTEwLTAxVDAwOjAwOjAwLjAwMFoiLCJDb250cm9sUGFyYW1ldGVycyI6eyJJc1BheUJ5QWNjb3VudCI6ZmFsc2UsIkNvbnNlbnRTY2hlZHVsZSI6eyJGaWxlUGF5bWVudCI6eyJGaWxlVHlwZSI6IlVBRU9GLnBhaW4uMDAxLjAwMS4wOCIsIkZpbGVIYXNoIjoibTVhaC9oMVVqTHZKWU14cUFvWm1qOWRLZGpabnNHTm0reU1rSnAvS3VxUSIsIk51bWJlck9mVHJhbnNhY3Rpb25zIjo1LCJDb250cm9sU3VtIjoiMTAwMDMuNDAifX19fX1dfQ.RnWw0gKOQNb8D0nYvaduiYURhFmIx-gnK6awBg_gF80 |
4.5.2 Response: The OFP Provides the Request URI for the TPP
| Code Block |
|---|
HTTP/1.1 201 Created
Content-Type: application/json
Cache-Control: no-cache, no-store
{
"request_uri": "urn:ietf:params:oauth:request_uri:6esc_11ACC5bwc014ltc14eY22c",
"expires_in": 60
} |
4.5.3 The TPP Uploads File Payment
| Code Block |
|---|
POST /open-finance/payment/v1.0-draft3/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa/file HTTP/1.1
Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1
Content-Type: text/xml
Accept: application/json
[File-Data] |
4.5.4 The TPP Redirects the User to Their LFI with the Request URI to Authorize the Consent
| Code Block | ||
|---|---|---|
| ||
GET /auth?client_id=c8422787-1dff-424d-b620-356c0870bed4&request_uri=urn:ietf:params:oauth:request_uri:6esc_11ACC5bwc014ltc14eY22c
Host: openbanking.lfi.ae |
4.5.5 The User Logs into Their LFI, Reviews and Authorizes the Consent
The LFI confirms the Service Initiation consent in the OFP.
| Code Block | ||
|---|---|---|
| ||
POST /auth/aac-69255d98-ab0e-4758-92a7-cacbf3073efa/rp/doConfirm
host: auth1.lab.openbanking.ae
Content-Type: application/x-www-form-urlencoded
... |
4.5.6 The LFI Returns an Authorization Code to the TPP
| Code Block | ||
|---|---|---|
| ||
302 Found
Location: https://openbanking.tpp1.ae/simple-redirect-url?
code=ce2aeabf-599c-4475-9171-1f6d8c1a49dc
&state=2616df22-899e-468b-b7af-927145b067cc |
4.5.7 The TPP Exchanges the Authorization Code for an Service Initiation API Access Token with the OFP
| Code Block | ||
|---|---|---|
| ||
POST /token HTTP/1.1
Host: as1.lab.openbanking.ae
Content-Type: application/x-www-form-urlencoded
Accept: application/json
grant_type=authorization_code
&code=ce2aeabf-599c-4475-9171-1f6d8c1a49dc
&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
&client_assertion=eyJhbGciOiJIUzI1NiJ9.ew0KICAiaXNzIjogImM4NDIyNzg3LTFkZmYtNDI0ZC1iNjIwLTM1NmMwODcwYmVkNCIsDQogICJzdWIiOiAiYzg0MjI3ODctMWRmZi00MjRkLWI2MjAtMzU2YzA4NzBiZWQ0IiwNCiAgImF1ZCI6ICJhdXRoMS5sYWIub3BlbmJhbmtpbmcuc2EiLA0KICJqdGkiOiAiYThmZDQ2ZjctYTNiMy00MGQ5LTk2ZjctNDk1YmEyMGFiMTZmIiwNCiAgImV4cCI6IDE1MTYyMzkwMjINCn0.nvY2tG7D3_ioVI55nRJ7apBzoGbP9sofMLd7Dni4YbI
&redirect_uri=https%3A%2F%2Fopenbanking.tpp1.ae%2Fsimple-redirect-url |
4.5.8 The OFP Returns an Access Token, Refresh Token to the TPP
| Code Block | ||
|---|---|---|
| ||
HTTP/1.1 200 OK
Content-Type:application/json
{
"access_token": "caa1b60d-61ff-4cd8-a4e1-2d18c8696de0",
"expires_in": 432000,
"token_type": "Bearer",
"scope": "openid payments",
"state": "2616df22-899e-468b-b7af-927145b067cc",
"refresh_token": "266f5f15-eb81-4a02-bf05-e25063ca445f"
} |
The TPP can now initiate a Service Initiation resource using the access token.
4.5.9 The TPP Initiates a Service Initiation Request with the OFP
4.5.9.1 Request: file-payments Resource
| Code Block | ||
|---|---|---|
| ||
POST /open-finance/payment/v1.0-draft3/file-payments HTTP/1.1
Host: rs1.openfinanceplatform.ae
Content-Type: application/jwt
Accept: application/jwt
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
x-idempotency-key: 78dae4513b8847f98e2d4173b4ed0eb6
Authorization: Bearer caa1b60d-61ff-4cd8-a4e1-2d18c8696de0
{
"alg": "PS256",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "string",
"exp": 0.5,
"nbf": 0.5,
"aud": [
"string"
],
"iat": 0.5,
"message": {
"Data": {
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"Instruction": {
"FileType": "UAEOF.pain.001.001.08",
"FileHash": "m5ah/h1UjLvJYMxqAoZmj9dKdjZnsGNm+yMkJp/KuqQ",
"NumberOfTransactions": 5,
"ControlSum": "10003.40"
},
"PaymentPurposeCode": "ABCD",
"PayerReference": "string"
}
}
}
.
<<signature>> |
4.5.8.2 Response: file-payments Resource
| Code Block | ||
|---|---|---|
| ||
HTTP/1.1 201 Created
Content-Type: application/jwt
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
{
"alg": "PS256",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "string",
"exp": 0.5,
"nbf": 0.5,
"aud": [
"string"
],
"iat": 0.5,
"message": {
"Data": {
"PaymentId": "83b47199-90c2-4c05-9ef1-aeae68b0fc7c",
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"PaymentTransactionId": "string",
"Status": "Pending",
"StatusUpdateDateTime": "2024-05-01T00:00:00.000Z",
"CreationDateTime": "2024-05-01T00:00:00.000Z",
"Instruction": {
"FileType": "UAEOF.pain.001.001.08",
"FileHash": "m5ah/h1UjLvJYMxqAoZmj9dKdjZnsGNm+yMkJp/KuqQ",
"NumberOfTransactions": 5,
"ControlSum": "10003.40"
},
"PaymentPurposeCode": "ABCD",
"PayerReference": "string"
},
"Links": {
"Self": "/file-payments/83b47199-90c2-4c05-9ef1-aeae68b0fc7c",
"Related": "/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa"
},
"Meta": {}
}
}
.
<<signature>> |
4.1 The TPP Requests Refund Account Details
4.1.1 Request: payment-consents/{ConsentId}/refund Resource
| Code Block | ||
|---|---|---|
| ||
GET /open-finance/payment/v1.0-draft3/payment-consents/83b47199-90c2-4c05-9ef1-aeae68b0fc7c/refund HTTP/1.1
Host: rs1.openfinanceplatform.ae
Accept: application/jwt
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1 |
4.1.2 Response: payment-consents/{ConsentId}/refund Resource
| Code Block |
|---|
HTTP/1.1 200 OK
Content-Type: application/jwt
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
{
"alg": "PS256",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "string",
"exp": 0.5,
"nbf": 0.5,
"aud": [
"string"
],
"iat": 0.5,
"message": {
"Data": {
"BaseConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa",
"RefundAccount": {
"IdentificationType": "UAEOF.IBAN",
"Identification": "string",
"Name": {
"en": "string",
"ar": "string"
}
},
"Links": {
"Self": "/payment-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa/refund"
},
"Meta": {}
}
}
.
<<signature>> |
5. Open API Specification
See the Bank Service Initiation API - Swagger page.
6. Service Initiation Notes
6.1 Staging a Service Initiation Consent
To manage the creation and execution of a Single Instant payment;
The TPP:
MUST provide a
ConsentIdin the Consent object within theauthorization_detailsof a Rich Authorization Request.MAY use
PATCHto manage any Webhook configurations for the entire duration of a payment consent
...
consent
MAY use a
GETto the/payments/{PaymentId}resource to poll for Payment Statuses.
The OFP:
MUST reject the Service Initiation consent if a globally unique UUID v4
ConsentIddoes not exist in the RAR object.MUST validate the Consent parameters and create a Consent resource (
ConsentId) that isAwaitingAuthorizationwhen a valid RAR object is staged at the PAR endpoint.MUST immediately stage the payment with the LFI once a valid Service Initiation resource is created by the TPP.
MUST send payment status events to the TPP if an active Webhook Subscription is registered within the Consent object.
...
MaximumIndividualPaymentAmountMUST be set to confirm the maximum single payment amount that can be instructed.MaximumCumulativeValueOfPaymentsMUST be set to confirm the total payment amount for the whole consent duration.MaximumCumulativeNumberOfPaymentsMUST be set to confirm the total number of payments for the whole consent duration.AmountMUST be used if there is a fixed value that will be used for every recurring payment in the Period.PeriodicScheduleMAY further define any period specific maximum payment numbers and/or amounts, and is one of these Types:UAEOF.DefinedSchedule- a Payment Schedule denoting a list of pre-defined future dated payments all with fixed amounts and dates.UAEOF.FixedPeriodicSchedule- Payment Controls that apply to all payments in a given period with a fixed payment amount.UAEOF.VariablePeriodicSchedule- Payment Controls that apply to all payments in a given period with a variable payment amount..
6.2.3 Combined Payment Consent Parameters
...
Any one Type of Single Payment
Any one Type of Multi-Payment
6.2.4 File Payment Consent Parameters
A File Payment consent MUST contain these metadata fields of the file being uploaded:
FileTypeMUST be set to the file payment type that is accepted by the LFI.FileHashMUST be set to the base64 encoding of a SHA256 hash of the file to be uploaded.NumberOfTransactionsMUST be set to the number of payments contained in the file.ControlSumMUST be set to the total of all individual amounts included in the file, irrespective of currencies.
6.3 OFP Service Initiation Responsibilities
MUST associate all TPP requests (including retries) with an
X-Idempotency-KeyMUST reject all requests where an
X-Idempotency-Keyis not provided by the TPP for the/paymentsresourceOn receiving the RAR request from the TPP, MUST proceed to:
Create a Service Initiation Consents resource (
ConsentId).Set Consent Status to
AwaitingAuthorizationSet
Meta.MultipleAuthorizerswhere multiple authorizations are required to authorize the Service Initiation
On a User Authorizing the Service Initiation, MUST set the following Consent Status to confirm Service Initiation details:
Set Consent Status to
Authorized
On Payment rails completion, MUST set the following status based on the Payment rails outcome:
Set
PaymentStatusStatusto eitherPending,AcceptedSettlementCompleted,AcceptedCreditSettlementCompleted,AcceptedWithoutPosting,RejectedWhen all Service Initiations have been successfully completed in a consent, the OFP MUST set the Service Initiation Consent Status to
Completed.
MUST set the
Linksobject across both the Payment resource and Consent resource enabling the TPP to locate those resourcesMUST validate that a Payment is within any of the Consent Control parameter limits authorized by the User.
MUST send payment status Events to the TPP where a Webhook subscription has been received in the Payment request
MAY return an HTTP
Locationheader for the201Status code indicating the URI of the primary resource that has been created (rfc9110)MUST use
PaymentConsumptionto provide the TPP with up-to-date cumulative number and value totals of Payments associated with theAuthorizedConsent.
...