openapi: 3.0.0
info:
title: UAE Confirmation of Payee API
description: '## UAE Open Finance Confirmation of Payee API Specification'
version: v1.0-draft4
tags:
- name: Discovery Operations
description: Discovery operations and resources
- name: Confirmation Operations
description: Verification Payee confirmation operations and resources
paths:
/confirmation-of-payee/discovery:
post:
tags:
- Confirmation DiscoveryOperations
operationId: >-
ConfirmationOfPayeeDiscovery_unsignedDiscoveryRequest_ConfirmationOfPayeeDiscovery_signedDiscoveryRequestConfirmationOfPayeeConfirmation_signedConfirmationRequest
summary: DiscoverConfirm the account details LFIare thatcorrect willbased confirmon the payeeparameters attributessupplied
description: >-
BeforeProvide athe Confirmationproperties ofthat Payeecan (CoP)be operationused takesto placeverify the TPPpayee willaccount.
need to resolveAt the LFI thatversion 1.0.0 this will servicebe the account propertiesname and either IBAN or
request. This requirement is basedAccount onNumber. theFuture separationversion of concernsthis API may support verification
implemented in the OFP, whichthrough ensuresother thatidentifiers.
the APIs for a given LFI areparameters:
always- physical seperated.$ref: '#/components/parameters/Authorization'
- At version 1.0.0 the TPP will call this endpoint with the account IBAN,
which will be used to resolve the correct URL with which to make the CoP
operation.$ref: '#/components/parameters/x-customer-user-agent'
parameters:
- $ref: '#/components/parameters/Authorizationx-fapi-auth-date'
- $ref: '#/components/parameters/x-fapi-customer-userip-agentaddress'
- $ref: '#/components/parameters/x-fapi-authinteraction-date'
id'
responses:
- $ref'200':
'#/components/parameters/x-fapi-customer-ip-address' - $refdescription: '#/components/parameters/x-fapi-interaction-id'
The request has succeeded.
responses: headers:
'200': descriptionx-fapi-interaction-id:
The request has succeeded. contentrequired: false
application/json; charset=utf-8 description: An RFC4122 UID used as a correlation id.
schema:
$ref: '#/components/schemas/AEVerificationDiscoveryResponse'type: string
content:
application/jsonjwt:
schema:
$ref: '#/components/schemas/AEVerificationDiscoveryResponseNameConfirmationResponseBodySigned'
'400':
application/jwt: schemadescription: $ref: >-
#/components/schemas/DiscoverVerificationSourceResponseBodySignedBad request
headers:
x-fapi-interaction-id:
required: falsetrue
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'400':
description: Bad request
content:
application/json; charset=utf-8jwt:
schema:
$ref: '#/components/schemas/AEErrorResponseAEErrorSignedResponse'
'401':
application/json: description: Unauthorized
schema: headers:
$ref: '#/components/schemas/AEErrorResponse'
application/jwt:
schema:
$ref: '#/components/schemas/AEErrorSignedResponse'
headers:
xx-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'401403':
description: UnauthorizedForbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403'content:
descriptionapplication/jwt:
Forbidden content: schema:
application/json; charset=utf-8: $ref: '#/components/schemas/AEErrorSignedResponse'
schema'404':
description: Not found
$ref: '#/components/schemas/AEErrorResponse' headers:
application/json: x-fapi-interaction-id:
schema: required: true
$ref: '#/components/schemas/AEErrorResponse' description: An RFC4122 UID used as a application/jwt:correlation id.
schema:
$reftype: '#/components/schemas/AEErrorSignedResponse'string
headers'405':
x-fapi-interaction-iddescription: Method Not Allowed
requiredheaders:
true x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'404406':
description: Not foundAcceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405415':
description: MethodUnsupported NotMedia AllowedType
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406429':
description: NotToo Many AcceptableRequests
headers:
x-fapi-interaction-idretry-after:
required: true
description: AnNumber RFC4122in UIDseconds usedto as a correlation id.
wait
schema:
type: stringinteger
'415': description: Unsupported Media Type
headers:format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429500':
description: TooInternal ManyServer RequestsError
headers:
retry-afterx-fapi-interaction-id:
required: true
description: Number in seconds to wait An RFC4122 UID used as a correlation id.
schema:
type: integer string
content:
formatapplication/jwt:
int64 x-fapi-interaction-id:schema:
required: true$ref: '#/components/schemas/AEErrorSignedResponse'
requestBody:
descriptionrequired: Antrue
RFC4122 UID used as a correlation id. content:
application/jwt:
schema: schema:
type: string $ref: '500'#/components/schemas/NameConfirmationRequestBodySigned'
security:
- descriptionTPPOAuth2Security:
Internal Server Error - content:openid
application/json; charset=utf-8:- confirmation-of-payee
/discovery:
post:
schematags:
- Discovery Operations
$refoperationId: '#/components/schemas/AEErrorResponse'ConfirmationOfPayeeDiscovery_signedDiscoveryRequest
summary: Discover the LFI that will confirm application/json:the payee attributes
description: >-
schema: Before a Confirmation of Payee (CoP) operation takes place the TPP will
$ref: '#/components/schemas/AEErrorResponse' need to resolve the LFI that will application/jwt:service the account properties
request. This requirement schema:is based on the separation of concerns
implemented in $ref: '#/components/schemas/AEErrorSignedResponse'
headers:the OFP, which ensures that the APIs for a given LFI are
always physically separated.
x-fapi-interaction-id: At version 1.0.0 the TPP will call required:this trueendpoint with the account IBAN,
which will description:be Anused RFC4122to UIDresolve usedthe ascorrect aURL correlationwith id.which to make the CoP
operation.
schema: parameters:
- type$ref: string'#/components/parameters/Authorization'
requestBody: - $ref: '#/components/parameters/x-customer-user-agent'
content: - application/json; charset=utf-8:$ref: '#/components/parameters/x-fapi-auth-date'
- schema:
$ref: '#/components/parameters/x-fapi-customer-ip-address'
- $ref: '#/components/schemas/AEVerificationDiscoveryRequestparameters/x-fapi-interaction-id'
responses:
application/json: '200':
schema description: The request has succeeded.
$refheaders:
'#/components/schemas/AEVerificationDiscoveryRequest' application/jwt:x-fapi-interaction-id:
schemarequired: false
$refdescription: '#/components/schemas/DiscoverVerificationSourceRequestBodySigned' An RFC4122 UID used as a correlation id.
securityschema:
- TPPOAuth2Security: type: string
- openid content:
- confirmation-of-payee /confirmation-of-payee/verification:application/jwt:
post: tagsschema:
- Verification operationId$ref: >-
ConfirmationOfPayeeVerification_unsignedVerificationRequest_ConfirmationOfPayeeVerification_signedVerificationRequest summary: Verify the account details based on the parameters supplied
#/components/schemas/DiscoverConfirmationSourceResponseBodySigned
'400':
description: >- description: Bad request
Provide the properties that can be used to verify the payeeheaders:
account. At version 1.0.0 this will be the account name and IBAN. Future version x-fapi-interaction-id:
required: true
of this API may support verification through other identifiers. description: An RFC4122 UID parameters:used as a correlation id.
- $ref: '#/components/parameters/Authorization' - $refschema:
'#/components/parameters/x-customer-user-agent' - $ref: '#/components/parameters/x-fapi-auth-date' type: string
- $ref: '#/components/parameters/x-fapi-customer-ip-address' content:
- $ref: '#/components/parameters/x-fapi-interaction-id' responsesapplication/jwt:
'200': schema:
description: The request has succeeded. content$ref: '#/components/schemas/AEErrorSignedResponse'
'401':
application/json; charset=utf-8: description: Unauthorized
schema: headers:
$ref: '#/components/schemas/AENameVerificationResponse'x-fapi-interaction-id:
application/jsonrequired: true
schemadescription: An RFC4122 UID used as a correlation id.
$ref: '#/components/schemas/AENameVerificationResponse' schema:
application/jwt: type: string
schema: '403':
$refdescription: '#/components/schemas/NameVerificationSignedResponse'Forbidden
headers:
x-fapi-interaction-id:
required: falsetrue
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'400':
description: Bad request
content:
application/json; charset=utf-8jwt:
schema:
$ref: '#/components/schemas/AEErrorResponseAEErrorSignedResponse'
'404':
application/json: description: Not found
schema: headers:
$ref: '#/components/schemas/AEErrorResponse'x-fapi-interaction-id:
application/jwtrequired: true
schemadescription: An RFC4122 UID used as a correlation id.
schema:
$ref: '#/components/schemas/AEErrorSignedResponse' type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'401406':
description: Not UnauthorizedAcceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403415':
description: Unsupported ForbiddenMedia Type
contentheaders:
application/json; charset=utf-8x-fapi-interaction-id:
schemarequired: true
description: $ref: '#/components/schemas/AEErrorResponse'
An RFC4122 UID used as a correlation id.
application/json:
schema:
$reftype: '#/components/schemas/AEErrorResponse'string
application/jwt'429':
schemadescription: Too $ref: '#/components/schemas/AEErrorSignedResponse'Many Requests
headers:
x-fapi-interaction-idretry-after:
required: true
description: AnNumber RFC4122in UIDseconds usedto aswait
a correlation id. schema:
type: stringinteger
'404': descriptionformat: Not found
int64
headers: x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405500':
description: MethodInternal NotServer AllowedError
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406'content:
descriptionapplication/jwt:
Not Acceptable headersschema:
x-fapi-interaction-id: $ref: '#/components/schemas/AEErrorSignedResponse'
requestBody:
required: true required: true
descriptioncontent:
An RFC4122 UID used as a correlation id. application/jwt:
schema:
type$ref: string'#/components/schemas/DiscoverConfirmationSourceRequestBodySigned'
'415'security:
- descriptionTPPOAuth2Security:
Unsupported Media Type - headers:openid
x-fapi confirmation-interactionof-idpayee
components:
parameters:
Authorization:
requiredname: trueauthorization
in: header
descriptionrequired: true
description: An RFC4122authorization UIDToken used as a correlation id.per https://tools.ietf.org/html/rfc6750
schema:
schematype: string
x-customer-user-agent:
name: x-customer-user-agent
type: string in: header
'429': required: false
description: Indicates Toothe Manyuser-agent Requeststhat the User is using.
headersschema:
type: string
retry-after x-fapi-auth-date:
name: x-fapi-auth-date
requiredin: trueheader
required: false
description: Number>-
in seconds to wait The time when the User last logged in with the schema:TPP.
All dates in the HTTP headers type:are integerrepresented as RFC 7231 Full Dates. An
example is formatbelow: int64
Sun, 10 Sep x-fapi-interaction-id:
2017 19:43:31 UTC
required: trueschema:
descriptiontype: Anstring
RFC4122 UID used as a correlation id. pattern: >-
schema:^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}
type: string(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4}
'500':
\d{2}:\d{2}:\d{2} (GMT|UTC)$
x-fapi-customer-ip-address:
descriptionname: Internal Server Errorx-fapi-customer-ip-address
in: header
contentrequired: false
description: The User's IP address application/json; charset=utf-8:
if the User is currently logged in with the TPP.
schema:
type: string
$ref: '#/components/schemas/AEErrorResponse'x-fapi-interaction-id:
name: x-fapi-interaction-id
application/jsonin: header
required: false
schemadescription: An RFC4122 UID used as a correlation id.
schema:
$ref: '#/components/schemas/AEErrorResponse' type: string
schemas:
application/jwtAEAccountConfirmationRequest:
type: object
schemarequired:
- Data
$refproperties:
'#/components/schemas/AEErrorSignedResponse' headersData:
x-fapi-interaction-id:
$ref: '#/components/schemas/AEAccountConfirmationRequestProperties'
additionalProperties: false
requiredAEAccountConfirmationRequestProperties:
true oneOf:
description- $ref: An RFC4122 UID used as a correlation id.
'#/components/schemas/AEIbanConfirmationProperties'
- $ref: '#/components/schemas/AEAccountNumberConfirmationProperties'
discriminator:
schema: propertyName: IdentificationType
mapping:
type: string requestBody:UAEOF.IBAN: '#/components/schemas/AEIbanConfirmationProperties'
content: UAEOF.AccountNumber: '#/components/schemas/AEAccountNumberConfirmationProperties'
AEAccountConfirmationResponse:
application/json; charset=utf-8: type: object
required:
schema: - Data
$ref: '#/components/schemas/AENameVerificationRequest'
- Links
application/json:- Meta
properties:
schema: Data:
$ref: '#/components/schemas/AENameVerificationRequestAEAccountConfirmationResponseProperties'
Links:
application/jwt: $ref: '#/components/schemas/LinksSelf'
schema: Meta:
$ref: '#/components/schemas/NameVerificationRequestBodySignedMeta'
securityadditionalProperties: false
AEAccountConfirmationResponseProperties:
- TPPOAuth2Security: type: object
required:
- openid - AccountNameMatchIndicator
- confirmation-of-payee
components: properties:
parameters: AuthorizationAccountNameMatchIndicator:
name: authorization $ref: '#/components/schemas/AEAccountNameMatchIndicators'
in: header MaskedAccountName:
required: true descriptiontype: Anstring
authorization Token as per https://tools.ietf.org/html/rfc6750 schemaminLength: 1
type: string maxLength: 70
x-customer-user-agent: name: x-customer-user-agent description: >-
in: header The masked required:matched falseaccount name. This is provided to allow description:the IndicatesUser
the user-agent that the User is using. to schema:review the account name return from the Confirmation operation.
type: string x-fapi-auth-dateadditionalProperties: false
nameAEAccountDiscoveryByBankCode:
x-fapi-auth-date intype: headerobject
required:
false description: >- IdentificationType
The- timeBankCode
when the User last logged in withproperties:
the TPP. IdentificationType:
All dates in the HTTP headers are representedtype: asstring
RFC 7231 Full Dates. An enum:
example is below: - UAEOF.BankCode
Sun, 10 Sep 2017 19:43:31 UTCBankCode:
schematype: string
type: stringpattern: ^[0-9]{3}$
patterndescription: >-
^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} Bank identification code issued by CBUAE that identifies the LFI at
\d{2}:\d{2}:\d{2} (GMT|UTC)$which the account is held
additionalProperties: false
x-fapi-customer-ip-addressAEAccountDiscoveryByIban:
nametype: x-fapi-customer-ip-addressobject
inrequired:
header required:- falseIdentificationType
description: The User's- IPIdentification
address if the User is currently loggedproperties:
in with the TPP. IdentificationType:
schema: type: string
x-fapi-interaction-id: name: x-fapi-interaction-idenum:
in: header - UAEOF.IBAN
required: false descriptionIdentification:
An RFC4122 UID used as a correlation id. type: string
schema: typeminLength: string1
schemas: AEAccountDiscovery: maxLength: 400
type: object requireddescription: >-
- IdentificationType Identification for the account assigned -by Identificationthe LFI based on the
properties: IdentificationType: Account Scheme Name, and as understood by the payer. This
type: string enum:identification is known by the User account owner. For IBAN, refer
- UAEOF.IBAN Identification:to the ISO Standard 13616.
typeadditionalProperties: false
string AEAccountNameConfirmationProperties:
minLengthoneOf:
1 - maxLength$ref: 400'#/components/schemas/AEPersonalAccountNameConfirmationProperties'
- description$ref: >-'#/components/schemas/AEBusinessAccountNameConfirmationProperties'
AEAccountNameMatchIndicators:
type: Identificationstring
for the account assigned by the LFIenum:
based on the - UAEOF.ConfirmationOfPayee.Yes
Account Scheme Name, and as understood by the payer. This
- UAEOF.ConfirmationOfPayee.No
description: >-
Indicator identification is known byfor whether the Userpayee accountname owner.is Formatched IBAN,with referthe account name
held toat the ISOLFI
Standard 13616. AEAccountNumberConfirmationProperties:
additionalProperties: false type: object
AEAccountVerificationProperties: required:
type: object - required:IdentificationType
- IdentificationTypeIdentification
- IdentificationBankCode
- Name
properties:
IdentificationType:
type: string
enum:
- UAEOF.IBANAccountNumber
Identification:
type: string
minLength: 1
maxLength: 400
description: >-
Identification for the account assigned by the LFI based on the
Account Scheme Name, and as understood by the payer. This
identification is known by the User account owner. For IBAN, refer
to the ISO Standard 13616.
NameBankCode:
type: string
minLengthpattern: 1^[0-9]{3}$
maxLengthdescription: 70>-
description: >- Bank identification code issued by CBUAE that identifies the LFI at
The account name is the name or names ofwhich the User account owner(s)is held
Name:
represented at an account level, as understood by the payer$ref: '#/components/schemas/AEAccountNameConfirmationProperties'
additionalProperties: false
AEErrorAEBusinessAccountNameConfirmationProperties:
type: object
required:
- BusinessName
Code properties:
- Message BusinessName:
properties: Codetype: string
allOfminLength: 1
- $refmaxLength: '#/components/schemas/AEErrorCode'140
description: LowThe levelbusiness textualname error code, e.g., UAEOF.Field.Missing
of the account holder, as understood by the payer
Message: description: The properties required to verify a business account
type: string additionalProperties: false
minLengthAEConfirmationDiscovery:
1 oneOf:
maxLength: 500 - $ref: '#/components/schemas/AEAccountDiscoveryByIban'
description: >- - $ref: '#/components/schemas/AEAccountDiscoveryByBankCode'
discriminator:
A description of the error that occurred. e.g., 'A mandatory field propertyName: IdentificationType
mapping:
isn't supplied' or 'RequestedExecutionDateTime must be in futureUAEOF.IBAN: '#/components/schemas/AEAccountDiscoveryByIban'
UAEOF doesn't standardise this field
UAEOF.BankCode: '#/components/schemas/AEAccountDiscoveryByBankCode'
AEConfirmationDiscoveryRequest:
Pathtype: object
required:
type: string - Data
minLength: 1 properties:
maxLengthData: 500
description$ref: >-'#/components/schemas/AEConfirmationDiscovery'
additionalProperties: false
RecommendedAEConfirmationDiscoveryResponse:
but optional reference to the JSON Pathtype: ofobject
the field required:
with error, e.g., Data.Initiation.InstructedAmount.Currency- Data
Url:- Links
- type:Meta
string descriptionproperties:
>- Data:
URL to help remediate the problem, or provide more information, or
$ref: '#/components/schemas/AEConfirmationSourceProperties'
Links:
to API Reference, or help etc$ref: '#/components/schemas/LinksSelf'
Meta:
description$ref: Error'#/components/schemas/Meta'
additionalProperties: false
AEErrorCodeAEConfirmationSourceProperties:
type: stringobject
enumrequired:
- UAEOF.AccessToken.UnauthorizedAuthorizationServerUrl
- UAEOF.AccessToken.InvalidScopeResourceServerUrl
properties:
- UAEOF.Consent.Revoked AuthorizationServerUrl:
- UAEOF.Consent.TransientAccountAccessFailure type: string
- UAEOF.Consent.AccountTemporarilyBlocked - UAEOF.Consent.PermanentAccountAccessFailureminLength: 1
- UAEOF.Consent.Invalid maxLength: 500
- UAEOF.JWS.InvalidSignature description: >-
- UAEOF.JWS.Malformed Authorization Server - UAEOF.JWS.InvalidClaim
- UAEOF.JWS.InvalidHeaderURL at which an Access Token to invoke the
- UAEOF.GenericRecoverableErrorConfirmation of Payee operation should be sought
- UAEOF.GenericError ResourceServerUrl:
- UAEOF.JWE.DecryptionError type: string
- UAEOF.JWE.InvalidHeader minLength: -1
UAEOF.Event.UnexpectedEvent - UAEOF.Body.InvalidFormat
maxLength: 500
- UAEOF.Resource.InvalidResourceId description: >-
- UAEOF.Resource.InvalidFormat Resource Server URL - UAEOF.Consent.BusinessRuleViolation
AEErrorResponse:
at which the Confirmation of Payee operation
should be invoked
additionalProperties: false
AEError:
type: object
required:
- Code
Errors properties: - Message
Errorsproperties:
typeCode:
array allOf:
items: - $ref: '#/components/schemas/AEErrorAEErrorCode'
minItemsdescription: 1Low level textual error code, e.g., UAEOF.Field.Missing
description: >- Message:
An array of detail error codes, and messages, and URLstype: tostring
documentation to helpminLength: remediation.1
additionalProperties: false maxLength: 500
AEErrorSignedResponse: type: object description: >-
required: -A issdescription of the error that occurred. e.g., 'A mandatory -field
exp - nbf isn't supplied' or 'RequestedExecutionDateTime must be in -future'
message
properties: UAEOF doesn't standardise iss:this field
typePath:
string descriptiontype: >-string
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
minLength: 1
exp: typemaxLength: number500
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
Recommended but optional reference to the JSON Path of the field
type: number with description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)error, e.g., Data.Initiation.InstructedAmount.Currency
audUrl:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3) iatdescription: >-
type: number URL to help remediate the problem, or provide description: >-more information, or
to API [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
Reference, or help etc
messagedescription: Error
additionalProperties: false
$ref AEErrorCode:
'#/components/schemas/AEErrorResponse' type: description:string
Signed error response payload enum:
additionalProperties: false AENameVerificationRequest:- UAEOF.AccessToken.Unauthorized
type: object - UAEOF.AccessToken.InvalidScope
required: - UAEOF.Consent.Revoked
- Data - UAEOF.Consent.TransientAccountAccessFailure
properties: - UAEOF.Consent.AccountTemporarilyBlocked
Data: - UAEOF.Consent.PermanentAccountAccessFailure
$ref: '#/components/schemas/AEAccountVerificationProperties' additionalProperties: false- UAEOF.Consent.Invalid
AENameVerificationResponse: - UAEOF.JWS.InvalidSignature
type: object required:- UAEOF.JWS.Malformed
- DataUAEOF.JWS.InvalidClaim
- LinksUAEOF.JWS.InvalidHeader
properties: - UAEOF.GenericRecoverableError
Data: - UAEOF.GenericError
$ref: '#/components/schemas/AEVerifiedProperties'
- UAEOF.JWE.DecryptionError
Links: - UAEOF.JWE.InvalidHeader
$ref: '#/components/schemas/LinksSelf'- UAEOF.Event.UnexpectedEvent
additionalProperties: false - UAEOF.Body.InvalidFormat
AEOkResponse: type: object- UAEOF.Resource.InvalidResourceId
additionalProperties: false- UAEOF.Resource.InvalidFormat
AEVerificationDiscovery: $ref: '#/components/schemas/AEAccountDiscovery'- UAEOF.Consent.BusinessRuleViolation
AEVerificationDiscoveryRequestAEErrorResponse:
type: object
required:
- DataErrors
properties:
DataErrors:
$ref: '#/components/schemas/AEVerificationDiscovery'
additionalProperties: false
AEVerificationDiscoveryResponse:type: array
type: object required: items:
- Data $ref: '#/components/schemas/AEError'
- Links propertiesminItems: 1
Datadescription: >-
An $ref: '#/components/schemas/AEVerificationSourceProperties'
Links:array of detail error codes, and messages, and URLs to documentation
to $ref: '#/components/schemas/LinksSelf'help remediation.
additionalProperties: false
AEVerificationSourcePropertiesAEErrorSignedResponse:
type: object
required:
- VerificationUrliss
properties: - exp
VerificationUrl: - nbf
type: string - message
minLengthproperties:
1 maxLengthiss:
500 descriptiontype: URL at which the Confirmation of Payee operation should be invokvedstring
additionalProperties: falsedescription: >-
AEVerifiedProperties: type: object[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
requiredexp:
- AccountNameMatched type: number
properties: description: >-
AccountNameMatched: type: boolean[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
description: >- type: number
Indicator for whether the payee name isdescription: matched>-
with the account [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
name held at the LFI aud:
additionalProperties: false DiscoverVerificationSourceRequestBodySignedtype: array
type: object items:
required: - isstype: string
- exp description: >-
- nbf - message[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
properties:
iss iat:
type: stringnumber
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.16](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)6)
message:
$ref: '#/components/schemas/AEErrorResponse'
description: expSigned error response payload
additionalProperties: false
AEIbanConfirmationProperties:
type: object
required:
- IdentificationType
type: number - Identification
description: >- - Name
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)properties:
nbfIdentificationType:
type: numberstring
descriptionenum:
>- [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)- UAEOF.IBAN
audIdentification:
type: arraystring
itemsminLength: 1
typemaxLength: string400
description: >-
Identification for [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:the account assigned by the LFI based on the
type:Account numberScheme Name, and as understood by the payer. This
description: >- identification is known [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)by the User account owner. For IBAN, refer
to the ISO Standard 13616.
messageName:
$ref: '#/components/schemas/AEVerificationDiscoveryRequestAEAccountNameConfirmationProperties'
additionalProperties: false
DiscoverVerificationSourceResponseBodySignedAEPersonalAccountNameConfirmationProperties:
type: object
required:
- issGivenName
- exp LastName
properties:
GivenName:
type: string
- nbf minLength: 1
- message propertiesmaxLength: 70
iss: description: >-
The given or first name of the account holder, as type:understood stringby the
description: >- payer
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)LastName:
exptype: string
typeminLength: number1
descriptionmaxLength: >-
70
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
description: >-
nbf: The family or surname of type:the numberaccount holder, as understood by the
description: >- payer
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
description: The properties required to verify a personal account
audadditionalProperties: false
DiscoverConfirmationSourceRequestBodySigned:
type: arrayobject
required:
items: - iss
- exp
type: string - nbf
description: >- - message
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)properties:
iatiss:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.61](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.61)
message:
$ref: '#/components/schemas/AEVerificationDiscoveryResponse'
exp:
additionalProperties: false DiscoverVerificationSourceSignedRequest:
type: object
required:
number
- requestBody properties: description: >-
requestBody: $ref: '#/components/schemas/DiscoverVerificationSourceRequestBodySigned'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
additionalProperties: false nbf:
DiscoverVerificationSourceSignedResponse: type: objectnumber
required: description: >-
response properties: response:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
$refaud:
'#/components/schemas/DiscoverVerificationSourceResponseBodySigned' allOf: type: array
- $ref: '#/components/schemas/AEOkResponse' additionalPropertiesitems:
false DiscoverVerificationSourceUnsignedRequest: type: object
string
required: description: >-
requestBody properties: requestBody:
$ref: '#/components/schemas/AEVerificationDiscoveryRequest'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
additionalProperties: false iat:
DiscoverVerificationSourceUnsignedResponse: type: number
object required: description: >-
- response properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
responsemessage:
$ref: '#/components/schemas/AEVerificationDiscoveryResponseAEConfirmationDiscoveryRequest'
allOfadditionalProperties: false
DiscoverConfirmationSourceResponseBodySigned:
- $reftype: '#/components/schemas/AEOkResponse'object
additionalPropertiesrequired:
false LinksSelf: - iss
type: object - exp
required: - -nbf
Self properties: - message
Selfproperties:
$ref: '#/components/schemas/Self'iss:
descriptiontype: Linksstring
relevant to the resource additionalPropertiesdescription: >-
false NameVerificationRequestBodySigned: type: object[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
requiredexp:
- iss type: number
- exp description: >-
- nbf - message[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
properties: issnbf:
type: stringnumber
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.15](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.15)
exp:aud:
type: array
items:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.43](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.43)
nbfiat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.56](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.56)
audmessage:
type: array
items:
type: string
$ref: '#/components/schemas/AEConfirmationDiscoveryResponse'
descriptionadditionalProperties: >-false
LinksSelf:
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
type: object
iatrequired:
- Self
type: number properties:
description: >- Self:
[https$ref: '#//www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
components/schemas/Self'
description: Links relevant to the resource
additionalProperties: false
messageMeta:
type: object
$ref: '#/components/schemas/AENameVerificationRequest' description: Metadata relevant to the resource
additionalProperties: false
NameVerificationResponseBodySignedNameConfirmationRequestBodySigned:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
)
message:
$ref: '#/components/schemas/AEAccountConfirmationRequest'
additionalProperties: false
NameConfirmationResponseBodySigned:
type: object
required:
message: - iss
$ref: '#/components/schemas/AENameVerificationResponse'
- exp
additionalProperties: false - nbf
NameVerificationSignedRequest: type:- objectmessage
requiredproperties:
iss:
- requestBody propertiestype: string
requestBodydescription: >-
$ref: '#/components/schemas/NameVerificationRequestBodySigned' [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
additionalPropertiesexp:
false NameVerificationSignedResponsetype: number
type: object description: >-
required: [https://www.rfc- responseeditor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
propertiesnbf:
response: type: number
$ref: '#/components/schemas/NameVerificationSignedResponse' description: >-
allOf: - $ref: '#/components/schemas/AEOkResponse'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
additionalProperties: false aud:
NameVerificationUnsignedRequest: type: objectarray
required: items:
- requestBody propertiestype: string
requestBody: description: >-
$ref: '#/components/schemas/AENameVerificationRequest' additionalProperties: false[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
NameVerificationUnsignedResponse: iat:
type: object requiredtype: number
- response propertiesdescription: >-
response: $ref: '#/components/schemas/AENameVerificationResponse'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
allOfmessage:
- $ref: '#/components/schemas/AEOkResponseAEAccountConfirmationResponse'
additionalProperties: false
Self:
type: string
format: uri
description: A link to the current resource
securitySchemes:
TPPOAuth2Security:
type: oauth2
description: >-
TPP confidential client authorization with the LFI to stage a consent.
**Please refer to [OpenID FAPI Security Profile 1.0 -Part 2
Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-server)
- 5.2.2 point 14 - shall authenticate the confidential client using one
of the following methods private_key_jwt and [OpenID Connect Core
1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
9. Client Authentication private_key_jwt**
flows:
clientCredentials:
tokenUrl: https://authserver.example/token
scopes:
openid: Activates OpenID Connect Support
confirmation-of-payee: Right to invoke a Confirmation of Payee operation
accounts: Ability to read Accounts Information
insurance: Right to read insurance policies
servers:
- url: /open-finance/confirmation-of-payee/v1.0-draft4
description: Default URL
variables: {}
| 