openapi: 3.0.0
info:
title: UAE Confirmation of Payee API
description: '## UAE Open Finance Confirmation of Payee API Specification'
version: v1.0-draft4
tags:
- name: Discovery Operations
description: Discovery operations and resources
- name: VerificationConfirmation Operations
description: Payee confirmation operations and resources
paths:
/confirmation-of-payee/discovery:
post:
tags:
- DiscoveryConfirmation Operations
operationId: >-ConfirmationOfPayeeConfirmation_signedConfirmationRequest
summary: ConfirmationOfPayeeDiscovery_unsignedDiscoveryRequest_ConfirmationOfPayeeDiscovery_signedDiscoveryRequest
summary: DiscoverConfirm the account details are correct based on the LFIparameters thatsupplied
will confirm the payee attributes description: >-
BeforeProvide athe Confirmationproperties ofthat Payeecan (CoP)be operationused takesto placeverify the TPPpayee willaccount.
need to resolveAt the LFI thatversion 1.0.0 this will servicebe the account propertiesname and either IBAN or
request. This requirement is basedAccount onNumber. theFuture separationversion of concernsthis API may support verification
implemented in the OFP, whichthrough ensuresother thatidentifiers.
the APIs for a given LFI areparameters:
always- physical seperated.
At version 1.0.0 the TPP will call this endpoint with the account IBAN,
which will be used to resolve the correct URL with which to make the CoP
operation.
parameters:
- $ref: $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/x-customer-user-agent'
- $ref: '#/components/parameters/x-fapi-auth-date'
- $ref: '#/components/parameters/x-fapi-customer-ip-address'
- $ref: '#/components/parameters/x-fapi-interaction-id'
responses:
'200':
description: The request has succeeded.
contentheaders:
application/json; charset=utf-8x-fapi-interaction-id:
schemarequired: false
$ref: '#/components/schemas/AEVerificationDiscoveryResponse'
description: An RFC4122 UID used as a correlation id.
application/json: schema:
schema: type: string
$ref: '#/components/schemas/AEVerificationDiscoveryResponse'content:
application/jwt:
schema:
$ref: >-'#/components/schemas/NameConfirmationResponseBodySigned'
'400':
description: #/components/schemas/DiscoverVerificationSourceResponseBodySignedBad request
headers:
x-fapi-interaction-id:
required: falsetrue
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'400': content:
description: Bad request application/jwt:
content: schema:
application/json; charset=utf-8: $ref: '#/components/schemas/AEErrorSignedResponse'
schema'401':
description: Unauthorized
$ref headers:
'#/components/schemas/AEErrorResponse' application/jsonx-fapi-interaction-id:
schema:required: true
description: An RFC4122 UID used as a correlation id.
$ref: '#/components/schemas/AEErrorResponse' application/jwtschema:
schema type: string
'403':
$ref description: '#/components/schemas/AEErrorSignedResponse'Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'401': content:
description: Unauthorized application/jwt:
schema:
$ref: '#/components/schemas/AEErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403405':
description: ForbiddenMethod Not Allowed
contentheaders:
application/json; charset=utf-8x-fapi-interaction-id:
schemarequired: true
description: An $ref: '#/components/schemas/AEErrorResponse'
RFC4122 UID used as a correlation id.
application/json: schema:
$reftype: '#/components/schemas/AEErrorResponse'string
application/jwt'406':
schemadescription: $ref: '#/components/schemas/AEErrorSignedResponse'Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'404415':
description: Unsupported NotMedia foundType
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405429':
description: MethodToo NotMany AllowedRequests
headers:
x-fapi-interaction-idretry-after:
required: true
description: AnNumber RFC4122in UIDseconds usedto aswait
a correlation id. schema:
type: string
integer
'406': descriptionformat: Not Acceptableint64
headers: x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415500':
description: UnsupportedInternal MediaServer TypeError
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429'content:
description application/jwt:
Too Many Requests headersschema:
retry-after: $ref: '#/components/schemas/AEErrorSignedResponse'
requestBody:
required: true
content:
description: Number in seconds to wait
application/jwt:
schema:
type$ref: integer'#/components/schemas/NameConfirmationRequestBodySigned'
security:
- formatTPPOAuth2Security: int64
x-fapi-interaction-id: openid
required: true
- confirmation-of-payee
/discovery:
post:
descriptiontags:
An RFC4122 UID used as a correlation id. - Discovery Operations
operationId: ConfirmationOfPayeeDiscovery_signedDiscoveryRequest
schema: summary: Discover the LFI that will confirm the payee attributes
type: string description: >-
'500': Before a Confirmation of Payee (CoP) operation takes place description:the InternalTPP Serverwill
Error need to resolve content:the LFI that will service the account properties
application/json; charset=utf-8: request. This requirement is based on the separation of concerns
schema: implemented in the OFP, which ensures that the APIs for a given $ref: '#/components/schemas/AEErrorResponse'LFI are
always physically separated.
application/json:
At version 1.0.0 the TPP will schema:call this endpoint with the account IBAN,
which will $ref: '#/components/schemas/AEErrorResponse'
application/jwt:be used to resolve the correct URL with which to make the CoP
operation.
schemaparameters:
- $ref: '#/components/schemasparameters/AEErrorSignedResponseAuthorization'
- headers$ref: '#/components/parameters/x-customer-user-agent'
- $ref: '#/components/parameters/x-fapi-interaction-id:
auth-date'
- $ref: '#/components/parameters/x-fapi-customer-ip-address'
- $ref: '#/components/parameters/x-fapi-interaction-id'
requiredresponses:
true '200':
description: AnThe RFC4122request UIDhas usedsucceeded.
as a correlation id. headers:
schema: x-fapi-interaction-id:
type: string required: false
requestBody: content: description: An RFC4122 UID used as a correlation id.
application/json; charset=utf-8: schema:
$ref: '#/components/schemas/AEVerificationDiscoveryRequest' type: string
application/jsoncontent:
schemaapplication/jwt:
$refschema:
'#/components/schemas/AEVerificationDiscoveryRequest' application/jwt: $ref: >-
schema: $ref: '#/components/schemas/DiscoverVerificationSourceRequestBodySigned'DiscoverConfirmationSourceResponseBodySigned
security'400':
- TPPOAuth2Securitydescription: Bad request
- openidheaders:
x- confirmationfapi-ofinteraction-payeeid:
/confirmation-of-payee/verification: post: tagsrequired: true
- Verification operationIddescription: >-An RFC4122 UID used as a correlation id.
ConfirmationOfPayeeVerification_unsignedVerificationRequest_ConfirmationOfPayeeVerification_signedVerificationRequest summary: Verify the account details based on the parameters supplied
description schema:
>- Provide the properties that can be used totype: verifystring
the payee account. content:
At version 1.0.0 this will be the account name and IBAN. Future versionapplication/jwt:
of this API may support verification through other identifiers.schema:
parameters: - $ref: '#/components/parametersschemas/AuthorizationAEErrorSignedResponse'
- $ref: '#/components/parameters/x-customer-user-agent''401':
- $refdescription: '#/components/parameters/x-fapi-auth-date'Unauthorized
- $refheaders: '#/components/parameters/x-fapi-customer-ip-address'
- $ref: '#/components/parameters/x-fapi-interaction-id':
responses: required: true
'200': description: The request has succeeded. An RFC4122 UID used as a correlation id.
contentschema:
application/json; charset=utf-8 type: string
'403':
schema: description: Forbidden
$ref headers:
'#/components/schemas/AENameVerificationResponse' application/jsonx-fapi-interaction-id:
schemarequired: true
$ref: '#/components/schemas/AENameVerificationResponse'description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/NameVerificationSignedResponse'AEErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: falsetrue
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'400405':
description: Method BadNot requestAllowed
contentheaders:
application/json; charset=utf-8x-fapi-interaction-id:
schemarequired: true
$refdescription: '#/components/schemas/AEErrorResponse'
application/json:An RFC4122 UID used as a correlation id.
schema:
$reftype: '#/components/schemas/AEErrorResponse'string
application/jwt'406':
schemadescription: Not Acceptable
$ref: '#/components/schemas/AEErrorSignedResponse'
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'401415':
description: Unsupported Media UnauthorizedType
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403429':
description: Too ForbiddenMany Requests
contentheaders:
application/json; charset=utf-8retry-after:
schemarequired: true
$refdescription: '#/components/schemas/AEErrorResponse'
Number in seconds to wait
application/json:
schema:
$reftype: '#/components/schemas/AEErrorResponse'integer
application/jwt: schemaformat: int64
$ref: '#/components/schemas/AEErrorSignedResponse'
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'404500':
description: Internal NotServer foundError
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405': content:
descriptionapplication/jwt:
Method Not Allowed headersschema:
x-fapi-interaction-id$ref: '#/components/schemas/AEErrorSignedResponse'
requestBody:
required: true
content:
description: An RFC4122 UID usedapplication/jwt:
as a correlation id. schema:
schema: $ref: '#/components/schemas/DiscoverConfirmationSourceRequestBodySigned'
typesecurity:
string - '406'TPPOAuth2Security:
description: Not Acceptable- openid
headers: - confirmation-of-payee
components:
parameters:
x-fapi-interaction-idAuthorization:
name: authorization
requiredin: trueheader
required: true
description: An RFC4122authorization UID usedToken as a correlation id.per https://tools.ietf.org/html/rfc6750
schema:
schematype: string
x-customer-user-agent:
name: x-customer-user-agent
type: string in: header
'415': required: false
description: Unsupported Media Type
Indicates the user-agent that the User is using.
headersschema:
type: string
x-fapi-interactionauth-iddate:
name: x-fapi-auth-date
requiredin: trueheader
required: false
description: An>-
RFC4122 UID used as a correlation id. The time when the User last logged in with the TPP.
schema: All dates in the HTTP headers are represented as type:RFC string7231 Full Dates. An
'429': example is below:
description: Too Many Requests Sun, 10 Sep 2017 19:43:31 UTC
headers: schema:
retry-aftertype: string
pattern: >-
required: true ^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}
description: Number in seconds to wait (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4}
\d{2}:\d{2}:\d{2} (GMT|UTC)$
schema:
x-fapi-customer-ip-address:
name: x-fapi-customer-ip-address
in: header
required: false
typedescription: integerThe User's IP address if the User is currently logged in with the TPP.
format schema:
int64 type: string
x-fapi-interaction-id:
name: x-fapi-interaction-id
requiredin: trueheader
required: false
description: An RFC4122 UID used as a correlation id.
schema:
schematype: string
schemas:
AEAccountConfirmationRequest:
type: stringobject
required:
'500': - Data
descriptionproperties:
Internal Server Error Data:
content: $ref: '#/components/schemas/AEAccountConfirmationRequestProperties'
application/json; charset=utf-8: additionalProperties: false
AEAccountConfirmationRequestProperties:
oneOf:
schema: - $ref: '#/components/schemas/AEIbanConfirmationProperties'
- $ref: '#/components/schemas/AEErrorResponseAEAccountNumberConfirmationProperties'
discriminator:
application/jsonpropertyName: IdentificationType
mapping:
schema: UAEOF.IBAN: '#/components/schemas/AEIbanConfirmationProperties'
$refUAEOF.AccountNumber: '#/components/schemas/AEErrorResponseAEAccountNumberConfirmationProperties'
AEAccountConfirmationResponse:
application/jwt:type: object
required:
schema:- Data
- Links
$ref: '#/components/schemas/AEErrorSignedResponse' - Meta
headersproperties:
Data:
x-fapi-interaction-id: $ref: '#/components/schemas/AEAccountConfirmationResponseProperties'
required: true Links:
description$ref: An RFC4122 UID used as a correlation id.'#/components/schemas/LinksSelf'
Meta:
schema$ref: '#/components/schemas/Meta'
additionalProperties: false
typeAEAccountConfirmationResponseProperties:
string requestBodytype: object
contentrequired:
application/json; charset=utf-8: AccountNameMatchIndicator
properties:
schema: AccountNameMatchIndicator:
$ref: '#/components/schemas/AENameVerificationRequestAEAccountNameMatchIndicators'
application/jsonMaskedAccountName:
type: schema:string
minLength: 1
$refmaxLength: '#/components/schemas/AENameVerificationRequest'70
application/jwtdescription: >-
schema: The masked matched account name. This is provided to allow the User
$ref: '#/components/schemas/NameVerificationRequestBodySigned' security: to review the account name return from -the TPPOAuth2Security:Confirmation operation.
additionalProperties: false
- openidAEAccountDiscoveryByBankCode:
type: object
- confirmation-of-payee componentsrequired:
parameters: - IdentificationType
Authorization: name:- authorizationBankCode
inproperties:
header requiredIdentificationType:
true descriptiontype: Anstring
authorization Token as per https://tools.ietf.org/html/rfc6750 schemaenum:
type: string - x-customer-user-agent:UAEOF.BankCode
nameBankCode:
x-customer-user-agent in: header type: string
required: false descriptionpattern: Indicates the user-agent that the User is using.^[0-9]{3}$
schemadescription: >-
type: string x-fapi-auth-date:
name: x-fapi-auth-date
Bank identification code issued by CBUAE that identifies the LFI at
in: header which required:the falseaccount is held
descriptionadditionalProperties: false
>- AEAccountDiscoveryByIban:
The timetype: whenobject
the User last logged in with therequired:
TPP. - IdentificationType
All dates in the HTTP headers are represented- asIdentification
RFC 7231 Full Dates. An properties:
example is below:IdentificationType:
type: string
Sun, 10 Sep 2017 19:43:31 UTCenum:
- schema:UAEOF.IBAN
typeIdentification:
string patterntype: >-string
^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}minLength: 1
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4}maxLength: 400
\d{2}:\d{2}:\d{2} (GMT|UTC)$description: >-
x-fapi-customer-ip-address: name: x-fapi-customer-ip-address
in: header
Identification for the account assigned by the LFI based on the
required: false Account description:Scheme The User's IP address ifName, and as understood by the Userpayer. isThis
currently logged in with the TPP. schema:identification is known by the User account owner. For type:IBAN, stringrefer
x-fapi-interaction-id: name: x-fapi-interaction-id
in: header to the ISO Standard 13616.
requiredadditionalProperties: false
AEAccountNameConfirmationProperties:
description: An RFC4122 UID used asoneOf:
a correlation id. - schema$ref: '#/components/schemas/AEPersonalAccountNameConfirmationProperties'
type: string- schemas:$ref: '#/components/schemas/AEBusinessAccountNameConfirmationProperties'
AEAccountDiscoveryAEAccountNameMatchIndicators:
type: objectstring
requiredenum:
- IdentificationTypeUAEOF.ConfirmationOfPayee.Yes
- IdentificationUAEOF.ConfirmationOfPayee.No
propertiesdescription: >-
IdentificationType: Indicator for whether the payee name is matched with the type:account stringname
held at enum:the LFI
AEAccountNumberConfirmationProperties:
- UAEOF.IBANtype: object
Identificationrequired:
- IdentificationType
type: string - Identification
minLength: 1 - BankCode
maxLength: 400 - Name
descriptionproperties:
>- IdentificationType:
Identification for the account assigned bytype: thestring
LFI based on the enum:
Account Scheme Name, and as understood by the- payerUAEOF.AccountNumber
This Identification:
identification is known by the User accounttype: owner.string
For IBAN, refer minLength: 1
to the ISO Standard 13616. maxLength: 400
additionalProperties: false AEAccountVerificationProperties: description: >-
type: object required: Identification for the account assigned by the LFI -based IdentificationTypeon the
- Identification Account Scheme Name, and as -understood by Namethe payer. This
properties: identification IdentificationType:is known by the User account owner. For IBAN, refer
type: string to enum:the ISO Standard 13616.
BankCode:
- UAEOF.IBAN Identificationtype: string
typepattern: string^[0-9]{3}$
minLengthdescription: 1>-
maxLength: 400 Bank identification code issued by CBUAE that identifies the LFI description:at
>- which Identification for the account assignedis byheld
the LFI based on the Name:
Account Scheme Name, and as understood by the payer. This
$ref: '#/components/schemas/AEAccountNameConfirmationProperties'
additionalProperties: false
AEBusinessAccountNameConfirmationProperties:
identification istype: knownobject
by the User account owner. For IBAN,required:
refer - BusinessName
to the ISO Standard 13616. properties:
NameBusinessName:
type: string
minLength: 1
maxLength: 70140
description: >-The business name of the account holder, as understood by the payer
The account name isdescription: theThe nameproperties orrequired namesto ofverify thea Userbusiness account
owner(s) additionalProperties: false
AEConfirmationDiscovery:
represented at an account level, as understoodoneOf:
by the payer - additionalProperties$ref: false
'#/components/schemas/AEAccountDiscoveryByIban'
AEError: - type$ref: object'#/components/schemas/AEAccountDiscoveryByBankCode'
requireddiscriminator:
-propertyName: CodeIdentificationType
- Message
propertiesmapping:
Code: allOf:
UAEOF.IBAN: '#/components/schemas/AEAccountDiscoveryByIban'
- $refUAEOF.BankCode: '#/components/schemas/AEErrorCodeAEAccountDiscoveryByBankCode'
AEConfirmationDiscoveryRequest:
description type: Lowobject
level textual error code, e.g., UAEOF.Field.Missing required:
Message: - Data
properties:
type: string Data:
minLength: 1 $ref: '#/components/schemas/AEConfirmationDiscovery'
maxLength: 500 additionalProperties: false
AEConfirmationDiscoveryResponse:
description: >- type: object
required:
A description of the error that occurred. e.g., 'A mandatory field- Data
- Links
isn't supplied' or 'RequestedExecutionDateTime- mustMeta
be in future' properties:
Data:
UAEOF doesn't standardise this field Path$ref: '#/components/schemas/AEConfirmationSourceProperties'
typeLinks: string
minLength$ref: 1'#/components/schemas/LinksSelf'
maxLengthMeta:
500 description$ref: >-'#/components/schemas/Meta'
additionalProperties: false
RecommendedAEConfirmationSourceProperties:
but optional reference to the JSON Pathtype: ofobject
the field required:
with error, e.g., Data.Initiation.InstructedAmount.Currency- AuthorizationServerUrl
- Url:ResourceServerUrl
typeproperties:
string description: >-AuthorizationServerUrl:
type: string
URL to help remediate the problem, or provide more information, orminLength: 1
maxLength: to500
API Reference, or help etc description: Error>-
additionalProperties: false AEErrorCode:Authorization Server URL at which an Access Token type:to stringinvoke the
enum: Confirmation of - UAEOF.AccessToken.Unauthorized
Payee operation should be sought
- UAEOF.AccessToken.InvalidScope ResourceServerUrl:
- UAEOF.Consent.Revoked type: string
- UAEOF.Consent.TransientAccountAccessFailure minLength: 1
- UAEOF.Consent.AccountTemporarilyBlocked maxLength: 500
- UAEOF.Consent.PermanentAccountAccessFailure description: >-
UAEOF.Consent.Invalid - UAEOF.JWS.InvalidSignature Resource Server URL at which the Confirmation - UAEOF.JWS.Malformed
of Payee operation
- UAEOF.JWS.InvalidClaim should be invoked
- UAEOF.JWS.InvalidHeader additionalProperties: false
-AEError:
UAEOF.GenericRecoverableError type: object
- UAEOF.GenericError required:
- UAEOF.JWE.DecryptionError - Code
- UAEOF.JWE.InvalidHeader - Message
- UAEOF.Event.UnexpectedEvent properties:
- UAEOF.Body.InvalidFormat Code:
- UAEOF.Resource.InvalidResourceId allOf:
- UAEOF.Resource.InvalidFormat - $ref: '#/components/schemas/AEErrorCode'
- UAEOF.Consent.BusinessRuleViolation AEErrorResponse: description: Low level textual error type: object
code, e.g., UAEOF.Field.Missing
required: Message:
- Errors type: string
properties: ErrorsminLength: 1
typemaxLength: array500
itemsdescription: >-
$ref: '#/components/schemas/AEError'
minItems: 1 A description of the error that occurred. e.g., 'A mandatory field
description: >- isn't supplied' or 'RequestedExecutionDateTime must be Anin arrayfuture'
of
detail error codes, and messages, and URLs to documentation UAEOF doesn't standardise this field
to help remediation. additionalProperties: false
AEErrorSignedResponse:
typePath:
object required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5) type: string
audminLength: 1
typemaxLength: array500
itemsdescription: >-
type: stringRecommended but optional reference to the JSON Path of the field
description: >- with [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)error, e.g., Data.Initiation.InstructedAmount.Currency
Url:
type: string
iatdescription: >-
type: number URL to help remediate the problem, or provide description: >-more information, or
to API [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
Reference, or help etc
messagedescription: Error
additionalProperties: false
$ref AEErrorCode:
'#/components/schemas/AEErrorResponse' type: description:string
Signed error response payload enum:
additionalProperties: false AENameVerificationRequest:- UAEOF.AccessToken.Unauthorized
type: object - UAEOF.AccessToken.InvalidScope
required: - UAEOF.Consent.Revoked
- Data - UAEOF.Consent.TransientAccountAccessFailure
properties: - UAEOF.Consent.AccountTemporarilyBlocked
Data: - UAEOF.Consent.PermanentAccountAccessFailure
$ref: '#/components/schemas/AEAccountVerificationProperties' additionalProperties: false- UAEOF.Consent.Invalid
AENameVerificationResponse: - UAEOF.JWS.InvalidSignature
type: object required:- UAEOF.JWS.Malformed
- DataUAEOF.JWS.InvalidClaim
- LinksUAEOF.JWS.InvalidHeader
properties: - UAEOF.GenericRecoverableError
Data: - UAEOF.GenericError
$ref: '#/components/schemas/AEVerifiedProperties'
- UAEOF.JWE.DecryptionError
Links: - UAEOF.JWE.InvalidHeader
$ref: '#/components/schemas/LinksSelf'- UAEOF.Event.UnexpectedEvent
additionalProperties: false - UAEOF.Body.InvalidFormat
AEOkResponse: type: object- UAEOF.Resource.InvalidResourceId
additionalProperties: false- UAEOF.Resource.InvalidFormat
AEVerificationDiscovery: $ref: '#/components/schemas/AEAccountDiscovery'- UAEOF.Consent.BusinessRuleViolation
AEVerificationDiscoveryRequestAEErrorResponse:
type: object
required:
- DataErrors
properties:
DataErrors:
$ref: '#/components/schemas/AEVerificationDiscovery'
additionalProperties: false
AEVerificationDiscoveryResponse:type: array
type: object required: items:
- Data $ref: '#/components/schemas/AEError'
- Links propertiesminItems: 1
Datadescription: >-
An $ref: '#/components/schemas/AEVerificationSourceProperties'
Links:array of detail error codes, and messages, and URLs to documentation
to $ref: '#/components/schemas/LinksSelf'help remediation.
additionalProperties: false
AEVerificationSourcePropertiesAEErrorSignedResponse:
type: object
required:
- VerificationUrliss
properties: - exp
VerificationUrl: - nbf
type: string - message
minLengthproperties:
1 maxLengthiss:
500 descriptiontype: URL at which the Confirmation of Payee operation should be invokvedstring
additionalProperties: falsedescription: >-
AEVerifiedProperties: type: object[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
requiredexp:
- AccountNameMatched type: number
properties: description: >-
AccountNameMatched: type: boolean[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
description: >- type: number
Indicator for whether the payee name isdescription: matched>-
with the account [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
name held at the LFI aud:
additionalProperties: false DiscoverVerificationSourceRequestBodySignedtype: array
type: object items:
required: - isstype: string
- exp description: >-
- nbf - message[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
properties:
iss iat:
type: stringnumber
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.16](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)6)
message:
$ref: '#/components/schemas/AEErrorResponse'
description: expSigned error response payload
additionalProperties: false
AEIbanConfirmationProperties:
type: object
required:
- IdentificationType
type: number - Identification
description: >- - Name
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)properties:
nbfIdentificationType:
type: numberstring
descriptionenum:
>- [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)- UAEOF.IBAN
audIdentification:
type: arraystring
itemsminLength: 1
typemaxLength: string400
description: >-
Identification for [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:the account assigned by the LFI based on the
type:Account numberScheme Name, and as understood by the payer. This
description: >- identification is known [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)by the User account owner. For IBAN, refer
to the ISO Standard 13616.
messageName:
$ref: '#/components/schemas/AEVerificationDiscoveryRequestAEAccountNameConfirmationProperties'
additionalProperties: false
DiscoverVerificationSourceResponseBodySignedAEPersonalAccountNameConfirmationProperties:
type: object
required:
- issGivenName
- exp LastName
properties:
GivenName:
type: string
- nbf minLength: 1
- message propertiesmaxLength: 70
iss: description: >-
The given or first name of the account holder, as type:understood stringby the
description: >- payer
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)LastName:
exptype: string
typeminLength: number1
descriptionmaxLength: >-
70
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
description: >-
nbf: The family or surname of type:the numberaccount holder, as understood by the
description: >- payer
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
description: The properties required to verify a personal account
audadditionalProperties: false
DiscoverConfirmationSourceRequestBodySigned:
type: arrayobject
required:
items: - iss
- exp
type: string - nbf
description: >- - message
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)properties:
iatiss:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.61](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.61)
message:
$ref: '#/components/schemas/AEVerificationDiscoveryResponse'
exp:
additionalProperties: false DiscoverVerificationSourceSignedRequest:
type: object
required:
number
- requestBody properties: description: >-
requestBody: $ref: '#/components/schemas/DiscoverVerificationSourceRequestBodySigned'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
additionalProperties: false nbf:
DiscoverVerificationSourceSignedResponse: type: objectnumber
required: description: >-
response properties: response:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
$refaud:
'#/components/schemas/DiscoverVerificationSourceResponseBodySigned' allOf: type: array
- $ref: '#/components/schemas/AEOkResponse' additionalPropertiesitems:
false DiscoverVerificationSourceUnsignedRequest: type: object
string
required: description: >-
requestBody properties: requestBody:
$ref: '#/components/schemas/AEVerificationDiscoveryRequest'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
additionalProperties: false iat:
DiscoverVerificationSourceUnsignedResponse: type: number
object required: description: >-
- response properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
responsemessage:
$ref: '#/components/schemas/AEVerificationDiscoveryResponseAEConfirmationDiscoveryRequest'
allOfadditionalProperties: false
DiscoverConfirmationSourceResponseBodySigned:
- $reftype: '#/components/schemas/AEOkResponse'object
additionalPropertiesrequired:
false LinksSelf: - iss
type: object - exp
required: - -nbf
Self properties: - message
Selfproperties:
$ref: '#/components/schemas/Self'iss:
descriptiontype: Linksstring
relevant to the resource additionalPropertiesdescription: >-
false NameVerificationRequestBodySigned: type: object[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
requiredexp:
- iss type: number
- exp description: >-
- nbf - message[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
properties: issnbf:
type: stringnumber
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.15](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.15)
exp:aud:
type: array
items:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.43](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.43)
nbfiat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.56](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.56)
audmessage:
type: array
items:
type: string
$ref: '#/components/schemas/AEConfirmationDiscoveryResponse'
descriptionadditionalProperties: >-false
LinksSelf:
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
type: object
iatrequired:
- Self
type: number properties:
description: >- Self:
[https$ref: '#//www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
components/schemas/Self'
description: Links relevant to the resource
additionalProperties: false
messageMeta:
type: object
$ref: '#/components/schemas/AENameVerificationRequest' description: Metadata relevant to the resource
additionalProperties: false
NameVerificationResponseBodySignedNameConfirmationRequestBodySigned:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
)
message:
$ref: '#/components/schemas/AEAccountConfirmationRequest'
additionalProperties: false
NameConfirmationResponseBodySigned:
type: object
required:
message: - iss
$ref: '#/components/schemas/AENameVerificationResponse'
- exp
additionalProperties: false - nbf
NameVerificationSignedRequest: type:- objectmessage
requiredproperties:
iss:
- requestBody propertiestype: string
requestBodydescription: >-
$ref: '#/components/schemas/NameVerificationRequestBodySigned' [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
additionalPropertiesexp:
false NameVerificationSignedResponsetype: number
type: object description: >-
required: [https://www.rfc- responseeditor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
propertiesnbf:
response: type: number
$ref: '#/components/schemas/NameVerificationSignedResponse' description: >-
allOf: - $ref: '#/components/schemas/AEOkResponse'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
additionalProperties: false aud:
NameVerificationUnsignedRequest: type: objectarray
required: items:
- requestBody propertiestype: string
requestBody: description: >-
$ref: '#/components/schemas/AENameVerificationRequest' additionalProperties: false[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
NameVerificationUnsignedResponse: iat:
type: object requiredtype: number
- response propertiesdescription: >-
response: $ref: '#/components/schemas/AENameVerificationResponse'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
allOfmessage:
- $ref: '#/components/schemas/AEOkResponseAEAccountConfirmationResponse'
additionalProperties: false
Self:
type: string
format: uri
description: A link to the current resource
securitySchemes:
TPPOAuth2Security:
type: oauth2
description: >-
TPP confidential client authorization with the LFI to stage a consent.
**Please refer to [OpenID FAPI Security Profile 1.0 -Part 2
Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-server)
- 5.2.2 point 14 - shall authenticate the confidential client using one
of the following methods private_key_jwt and [OpenID Connect Core
1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
9. Client Authentication private_key_jwt**
flows:
clientCredentials:
tokenUrl: https://authserver.example/token
scopes:
openid: Activates OpenID Connect Support
confirmation-of-payee: Right to invoke a Confirmation of Payee operation
accounts: Ability to read Accounts Information
insurance: Right to read insurance policies
servers:
- url: /open-finance/confirmation-of-payee/v1.0-draft4
description: Default URL
variables: {}
| 