openapi: 3.0.1
info:
title: Ozone Connect - Consent Event & Action APIs
contact:
name: Ozone Financial Technology Limited
description: |
This document provides the OAS3 specification for APIs that are called by Ozone Connect to inform a financial institution that a consent has been created or modified.
These are also used to carry out actions to verify and augment a consent when it is being created.
These APIs should be implemented by an financial institution.
#### Document Structure
The documentation contains a number of references of the form `XXX-999-999`. These are references
to test case numbers in the Ozone Connect Test Harness that financial institutions may use to test their Ozone Connect implementations.
version: Release ####2024.34
Coming
soonservers:
- The following changes can be expected in the next release:
- some enumeration and object definitions remain to be aligned with CBUAE specifications. These will be updated
- specific changes expected in the next release have been marked as ***TODO*** in the document
- query parameters for pagination will be introduced in alignment with CBUAE specifications
- some additional query parameters for functional completeness will be introduced
- the request and response object may be moved into `data` and `meta` objects for consistency
version: Version 2024.31 for CBUAE
servers:
- url: https://<your-ozone-connect-server>
tags:
- name: consent-events
description: |
APIs that are called when a consent is created or modified.
- name: consent-actions
description: |
APIs that are called to take actions on a consent
paths:
/consent/event/{operation}:
post:
tags:url: https://<your-ozone-connect-server>
tags:
- name: consent-events
description: |
APIs that are called when a consent is created or modified.
- name: consent-actions
description: |
APIs that are called to take actions on a consent
paths:
/consent/event/{operation}:
post:
tags:
- consent-events
summary: Called to inform a financial instituation that a consent has been created or modified
description: |
Used by financial institution to get a notification for updated consent.
operationId: consentEvent
parameters:
# common header parameters that set context
- $ref: "#/components/parameters/providerId"
- $ref: "#/components/parameters/aspspId"
- consent-events$ref: "#/components/parameters/callerOrgId"
summary: Called- to inform a financial instituation that a consent has been created or modified$ref: "#/components/parameters/callerClientId"
- $ref: "#/components/parameters/callerSoftwareStatementId"
description: | - $ref: "#/components/parameters/apiUri"
Used by financial institution- to get a notification for updated consent.$ref: "#/components/parameters/apiOperation"
- $ref: "#/components/parameters/consentId"
operationId: consentEvent - parameters$ref: "#/components/parameters/callerInteractionId"
# common- header parameters that set context$ref: "#/components/parameters/ozoneInteractionId"
- $ref: "#/components/parameters/providerIdpsuIdentifier"
- $ref: "#/components/parameters/aspspId" # Path param definitions
- $refname: "#/components/parameters/callerOrgId" operation
- $refin: "#/components/parameters/callerClientId"path
- $refdescription: "#/components/parameters/callerSoftwareStatementId"
- $ref: "#/components/parameters/apiUri"specifies whether this is a POST or PATCH operation
required: true
- $ref: "#/components/parameters/apiOperation" schema:
- $ref: "#/components/parameters/consentId" - $reftype: "#/components/parameters/callerInteractionId"string
- $refenum:
"#/components/parameters/ozoneInteractionId" - $ref: "#/components/parameters/psuIdentifier"
- post
# Path param definitions - patch
- name: operation requestBody:
indescription: path|
description:Sends specifiesan whetherevent thisindicating isthe a POSTcreated or PATCHupdated operationconsent to an financial institution.
required: true This consists of the entire consent as stored schema:in the consent Manager.
typerequired: stringtrue
content:
enum: application/json:
- postschema:
- patch$ref: "#/components/schemas/consent"
requestBodyresponses:
description"204":
| description: Sends|
an event indicating the created or updated consent to an financial institution.Indicates the successful notification response.
This consists of the entire consent asThe storedresponse indoes thenot consenthave Manager.a body
required "400":
true contentdescription: |
application/json: Indicates that the financial institution could not process the event.
schema:
Ozone will $ref: "#/components/schemas/consent"
ignore these errors.
responses: The notification "204":
*will not* be retried.
description: | The change to the consent *will not* be rolled Indicatesback.
the
successful notification response. content:
The response does not have a body application/json:
"400": schema:
description: | Indicates that the financial institution could not process the event.$ref: "#/components/schemas/Error"
/consent/action/augment:
post:
tags:
Ozone will ignore- theseconsent-actions
errors. summary: Account action augumentation
The notification *will not* be retried.
The change description: |
The API is called by Ozone to allow a Financial Institution to augment additional information that may apply to the account consent
*will
not* be rolled back. The request body contains the entire consent record content:as stored in the Consent Manager.
application/jsonoperationId: augmentAccountConsent
parameters:
schema: # common header parameters that set context
- $ref: "#/components/schemasparameters/ErrorproviderId"
/consent/action/augment: post:
tags:
- $ref: "#/components/parameters/aspspId"
- consent-actions $ref: "#/components/parameters/callerOrgId"
summary: Account action augumentation - $ref: "#/components/parameters/callerClientId"
description: | - The API is called by Ozone to allow a Financial Institution to augment additional information that may apply to the account consent
The request body contains the entire consent record as stored in the Consent Manager.
operationId: augmentAccountConsent
parameters:
# common header parameters that set context$ref: "#/components/parameters/callerSoftwareStatementId"
- $ref: "#/components/parameters/providerIdapiUri"
- $ref: "#/components/parameters/aspspIdapiOperation"
- $ref: "#/components/parameters/callerOrgIdconsentId"
- $ref: "#/components/parameters/callerClientIdcallerInteractionId"
- $ref: "#/components/parameters/callerSoftwareStatementIdozoneInteractionId"
- $ref: "#/components/parameters/apiUripsuIdentifier"
- $ref: "#/components/parameters/apiOperation"
- $ref: "#/components/parameters/consentId"
- $ref: "#/components/parameters/callerInteractionId"
- $ref: "#/components/parameters/ozoneInteractionId"
- $ref: "#/components/parameters/psuIdentifier"
requestBody:
required: requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/consent"
responses:
"200":
description: |
Indicates a successful operation
The response consists of fields that must be augmented into the consent.
These fields will be different for each consent type.
content:
•••TODO••• Specify the fields that must be augmented for CBUAE consents application/json:
content: schema:
application/json: schema:
$ref: "#/$ref: "#/components/schemas/augmentConsentResponse"
"400":
description: failed operation
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
/consent/action/validate:
post:
tags:
- consent-actions
summary: Provides an opportunity for a financial institution to validate a consent before it is created
description: |
The API is called by Ozone to allow a financial institution to carry out additional validations before a consent is created.
The request body contains the entire consent along with contextual information.
Typically this could be used for situations like:
- soft validation of the debtor account (e.g. to ensure that it is a debtor account managed by the financial institution)
- populating charges and exchange rate information
Note that a financial institution only need to implement this API where it needs to correlate information in the consent payload
with data held in its systems. If this is not the case, "local" validations can be configured in Ozone that do not require a remote call.
The financial institution must return a response that includes a status. If the status is set to `valid`, the consent is saved and processing continues.
If the status is set to `invalid` the processing fails and an error response is sent to the TPP.
operationId: validateConsent
parameters:
# common header parameters that set context
- $ref: "#/components/parameters/providerId"
- $ref: "#/components/parameters/aspspId"
- $ref: "#/components/parameters/callerOrgId"
- $ref: "#/components/parameters/callerClientId"
- $ref: "#/components/parameters/callerSoftwareStatementId"
- $ref: "#/components/parameters/apiUri"
- $ref: "#/components/parameters/apiOperation"
- $ref: "#/components/parameters/consentId"
- $ref: "#/components/parameters/callerInteractionId"
- $ref: "#/components/parameters/ozoneInteractionId"
- $ref: "#/components/parameters/psuIdentifier"
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/consent"
responses:
'200':
description: successful operation
content:
application/json:
schema:
$ref: "#/components/schemas/consentValidateResponse"
'400':
description: failed operation
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
components:
schemas:
augmentConsentResponse:
description: |
Fields to be added to the consent
***TODO***type: Specifyobject
the fields that must be augmented forproperties:
CBUAE consents typeCharges:
object additionalProperties: true $ref: "#/components/schemas/AECharges"
consent: descriptionExchangeRate:
| A consent in its current state.$ref: "#/components/schemas/AEExchangeRateInformation"
additionalProperties: true
IfAECharges:
the consent has been authorised, then it can be expected that the financial institution would have patched in `accountIds` and `psuIdentifier` fields.
type: "array"
items:
type: "object"
Additionally, the financialadditionalProperties: institutionfalse
may also patch in an arbitrary set of fieldsdescription: along|
with consent in the `supplementaryInformation` field. Set of elements used to provide •••TODO•••details Importof thea schemascharge for the consentpayment frominitiation.
the CBUAE specification allOf:* For Payments, these Charges are on the Debtor.
- $ref: "#/components/schemas/newConsent" required:
- $ref: "#/components/schemas/patchedConsent" newConsent:- "ChargeBearer"
type: object - "Type"
properties: id:- "Amount"
typeproperties:
string descriptionChargeBearer:
| A unique identifier for the consent in uuid-v4 format.
$ref: "#/components/schemas/AEChargeBearerType1Code"
Type:
consentGroupId: $ref: "#/components/schemas/AEExternalPaymentChargeTypeCode"
type: string Amount:
description: | $ref: "#/components/schemas/AEActiveCurrencyAmount"
A uniqueAEChargeBearerType1Code:
identifier for the consent group in uuid-v4 format.
The consent group id is used to group together consents that are related to each other.
description: "Specifies which party/parties will bear the charges associated with the processing of the payment transaction."
type: "string"
enum:
requestUrl:- "BorneByCreditor"
- type:"BorneByDebtor"
string - "FollowingServiceLevel"
format: url - "Shared"
descriptionAEExternalPaymentChargeTypeCode:
| description: "Charge type, in a coded form."
The request url of Http request that was received by Ozone from the TPPtype: "string"
enum:
- consentType:"VAT"
- "Fees"
type:
string AEActiveCurrencyAmount:
description: |
The Currency and Amount Therelating typeto of the consentPayment, thatRefund isor beingRequest created.to Pay
type: "object"
Each financial institution'srequired:
instance may support a different set of consent types- "Amount"
- "Currency"
The Consent Manager supports the creationproperties:
of consents of different consent types depending on theAmount:
standards supported. $ref: "#/components/schemas/AEActiveOrHistoricAmount"
•••TODO••• Specify the consent types supportedCurrency:
for CBUAE status$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
typeAEActiveOrHistoricAmount:
string description: |"A number of monetary units specified in an active currency where The current statusthe unit of thecurrency consentis explicit and compliant with ISO 4217."
type: The"string"
Consent Manager ensures that this field is synchronised with the status of the consent body (the disposition of that field depending on the underlying standard)
•••TODO••• Specify the consent statuses supported for CBUAE
request:
type: object
pattern: "^\\d{1,16}\\.\\d{2}$"
example: "100.00"
AEActiveOrHistoricCurrencyCode:
description: "A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'."
type: "string"
descriptionpattern: |"^[A-Z]{3,3}$"
example: "AED"
The entireAEExchangeRateInformation:
Http request body that was received by Ozone from the TPP to create the consent.
type: "object"
additionalProperties: false
required:
The Consent Manager uses- the"UnitCurrency"
consent type to identify the schema - "ExchangeRate"
that- should"RateType"
be used to validate the request. (These schemas are defined bydescription: "Further detailed information on the exchange rate that has been used in the payment transaction."
underlying standard) properties:
additionalPropertiesUnitCurrency:
true requestHeadersdescription: "Currency in which the rate of exchange is expressed in type:a objectcurrency exchange. In the example 1GBP = xxxCUR, the unit currency description: |is GBP."
type: "string"
The entire set of Http request headers that was received by Ozone from the TPPpattern: "^[A-Z]{3,3}$"
ExchangeRate:
additionalProperties: true description: "The factor used for consentBody:conversion of an amount from one currency to another. This reflects $ref: "#/components/schemas/cbuaeConsentBody"
interactionId:the price at which one currency was bought with another currency."
type: string"number"
descriptionRateType:
| description: "Specifies the Thetype heimdallused interactionto idcomplete thatthe thiscurrency consentexchange."
is associated with. tpp:type: "string"
$refenum:
"#/components/schemas/tpp" ozoneSupplementaryInformation: - "Actual"
type: object - "Agreed"
additionalProperties: true - "Indicative"
updatedAt: ContractIdentification:
type: number requireddescription: "Unique and unambiguous reference to the foreign exchange -contract idagreed between the initiating party/creditor and the debtor agent."
- consentType - requesttype: "string"
- requestHeaders minLength: 1
- tpp maxLength: 256
additionalProperties: true patchedConsentExpirationDateTime:
type: object description: "Specified date and properties:time the exchange rate agreement will expire.All dates in psuIdentifiers:the JSON payloads are represented in ISO 8601 date-time format. $ref: "#/components/schemas/psuIdentifiers"
accountIds:\nAll date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00"
type: array"string"
itemsformat: "date-time"
consent:
typedescription: string|
A minItems:consent 1in its current state.
description: |- If the consent has been authorised, then it can be expected that Anthe arrayfinancial ofinstitution accountwould idshave associatedpatched within the`accountIds` consent.and The`psuIdentifier` arrayfields.
must
be populated once consent has been authorised. Additionally, the financial institution may also patch in an arbitrary set Forof paymentfields consents,along thewith arrayconsent mustin alwaysthe have`supplementaryInformation` onefield.
element
- the debtor account from which theallOf:
payment will be made - $ref: "#/components/schemas/newConsent"
For CBPII consents, the- array must always have one element - the account for which CoF requests will be answered$ref: "#/components/schemas/patchedConsent"
newConsent:
type: object
properties:
For AIS requests, theid:
array may contain multiple values, representing each of the payment accountstype: forstring
which an AIS service will be provided. description: |
supplementaryInformation: A unique identifier description:for the consent in uuid-v4 format.
Contains additional informationconsentGroupId:
at the discretion of the financial institution. type: string
type: object description: |
additionalProperties: true A unique identifier for the interactionId:consent group in uuid-v4 format.
type: string The consent group id is used description:to Thegroup heimdalltogether interactionconsents id that thisare consentrelated isto associatedeach withother.
This
is updated by heimdall and must not be setrequestUrl:
by financial institutions. type: string
paymentContext: typeformat: objecturl
additionalPropertiesdescription: true|
ConnectToken: The request url of Http request that was type:received stringby Ozone from the TPP
description: A bearer tokenconsentType:
that will be sent as the `Authorization` header for calls totype: Ozonestring
Connect made under this consent. additionalPropertiesdescription: |
true tpp: The type: objectof the consent that is being created.
description:
| The TPPEach recordfinancial asinstitution's heldinstance bymay Ozone.support a different set of consent types
If Ozone TPP Connect has been integrated into a directory,The theConsent `directoryRecord`Manager providessupports the TPP'screation directoryof recordconsents asof helddifferent byconsent Ozonetypes independing baseon 64the encodedstandards formatsupported.
required: - cbuae-account-access-consents
- clientId - orgIdcbuae-service-initiation-consents
- softwareStatementId - cbuae-insurance-consents
- tppName status:
properties: clientId$ref: "#/components/schemas/AEConsentStatus"
typerequest:
string description$ref: The clientId for the TPP as issued by Ozone"#/components/schemas/AuthorizationDetails"
requestHeaders:
orgIdtype: object
typedescription: string|
description: The organization id for entire set of Http request headers that was received by Ozone from the TPP
softwareStatementId additionalProperties: true
consentBody:
$ref: "#/components/schemas/cbuaeConsentBody"
interactionId:
type: string
description: |
The organizationheimdall interaction id that this consent is associated with.
tpp:
$ref: "#/components/schemas/tpp"
ozoneSupplementaryInformation:
type: object
additionalProperties: true
updatedAt:
type: number
required:
- id
- consentType
- request
- requestHeaders
- tpp
additionalProperties: true
patchedConsent:
type: object
properties:
psuIdentifiers:
$ref: "#/components/schemas/psuIdentifiers"
accountIds:
type: array
items:
type: string
minItems: 1
description: |-
An array of account ids associated with the consent. The array must be populated once consent has been authorised.
For payment consents, the array must always have one element - the debtor account from which the payment will be made
For CBPII consents, the array must always have one element - the account for which CoF requests will be answered
For AIS requests, the array may contain multiple values, representing each of the payment accounts for which an AIS service will be provided.
supplementaryInformation:
description:
Contains additional information at the discretion of the financial institution.
type: object
additionalProperties: true
interactionId:
type: string
description: The heimdall interaction id that this consent is associated with. This is updated by heimdall and must not be set by financial institutions.
paymentContext:
type: object
additionalProperties: true
ConnectToken:
type: string
description: A bearer token that will be sent as the `Authorization` header for calls to Ozone Connect made under this consent.
additionalProperties: true
tpp:
type: object
description: |
The TPP record as held by Ozone.
If Ozone TPP Connect has been integrated into a directory, the `directoryRecord` provides the TPP's directory record as held by Ozone in base 64 encoded format.
required:
- clientId
- orgId
- softwareStatementId
- tppName
properties:
clientId:
type: string
description: The clientId for the TPP as issued by Ozone
orgId:
type: string
description: The organization id for the TPP
softwareStatementId:
type: string
description: The organization id for the TPP
tppName:
type: string
description: The name of the TPP
directoryRecord:
type: string
description: The latest copy of the TPP directory record if the TPP has registered with a directory
additionalProperties: false
cbuaeConsentBody:
type: object
description: |
An object representing the current state of the consent.
This includes the entire request, augmented by additional computed properties
(e.g. ids, charges etc)
oneOf:
- $ref: "#/components/schemas/AEAccountAccessAndInsuranceConsentBody"
- $ref: "#/components/schemas/AEPaymentConsentResponse"
AuthorizationDetails:
description: |
The request body for creating a new consent.
The body consists of the RAR request that is sent by the TPP to the authorization server.
oneOf:
- $ref: "#/components/schemas/DataSharingAuthorizationDetails"
- $ref: "#/components/schemas/InsuranceAuthorizationDetails"
- $ref: "#/components/schemas/ServiceInitiationAuthorizationDetails"
DataSharingAuthorizationDetails:
type: object
properties:
Type:
type: string
Consent:
$ref: "#/components/schemas/AuthorizationDetailsDataSharingConsent"
Subscription:
$ref: '#/components/schemas/EventNotification'
InsuranceAuthorizationDetails:
type: object
properties:
Type:
type: string
Consent:
$ref: "#/components/schemas/AuthorizationDetailsInsuranceConsent"
Subscription:
$ref: '#/components/schemas/EventNotification'
ServiceInitiationAuthorizationDetails:
type: object
properties:
Type:
type: string
Consent:
$ref: "#/components/schemas/AEServiceInitiationAuthorizationDetailProperties"
Subscription:
$ref: '#/components/schemas/EventNotification'
AEServiceInitiationAuthorizationDetailProperties:
type: object
required:
- ConsentId
- PersonalIdentifiableInformation
- ControlParameters
- PaymentPurposeCode
properties:
ConsentId:
$ref: '#/components/schemas/AEConsentId'
BaseConsentId:
$ref: '#/components/schemas/AEBaseConsentId'
IsSingleAuthorization:
$ref: '#/components/schemas/IsSingleAuthorization'
AuthorizationExpirationDateTime:
type: string
format: date-time
description: |2-
A time by which a Consent (in AwaitingAuthorization status) must be Authorized by the User.
The time window starts from the actual CreationDateTime (when the Consent is staged with the LFI).
If the current time window exceeds the Authorization Expiration Time Window (and the Consent status is AwaitingAuthorization) then the Consent Status must be set to Rejected.
The time window is based on a custom time format hhh:mm:ss. e.g. 720:00:00 represents a time window of 720 hours, 00 minutes, 00 seconds (30 days) after the CreationDateTime to Authorize the Consent.
ExpirationDateTime:
allOf:
- $ref: '#/components/schemas/ARConsentExpirationDateTime'
description: |2-
Specified date and time the consent will expire.
If this is not populated, the consent will remain active as a long lived consent until the maximum consent validity period as per section 4.1.1 Consent Elements in the API User Guide.
All dates in the JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00
* For Payment Consents, the maximum expiration time limit should be 23:59:59 (1 second before 00:00:00)
Permissions:
type: array
items:
$ref: '#/components/schemas/AEServiceInitiationConsentPermissionCodes'
description: |2-
Specifies the permitted Account Access data types.
This is a list of the data groups being consented by the User, and requested for authorization with the LFI.
This allows a TPP to request a balance check permission.
ReadRefundAccount:
type: boolean
description: Allows the LFI to share the refund account details with TPP
CurrencyRequest:
$ref: '#/components/schemas/AECurrencyRequest'
PersonalIdentifiableInformation:
$ref: '#/components/schemas/AEJWEPaymentPII'
ControlParameters:
$ref: '#/components/schemas/AEServiceInitiationConsentControlParameters'
DebtorReference:
$ref: '#/components/schemas/AEServiceInitiationStructuredDebtorReference'
CreditorReference:
$ref: '#/components/schemas/AEServiceInitiationStructuredCreditorReference'
PaymentPurposeCode:
$ref: '#/components/schemas/AEServiceInitiationPaymentPurposeCode'
SponsoredTPPInformation:
$ref: '#/components/schemas/AEServiceInitiationSponsoredTPPInformation'
additionalProperties: false
ARConsentExpirationDateTime:
type: string
format: date-time
AEServiceInitiationSponsoredTPPInformation:
type: object
required:
- Name
- Identification
properties:
Name:
type: string
minLength: 1
maxLength: 50
description: The Sponsored TPP Name
Identification:
type: string
minLength: 1
maxLength: 50
description: The Sponsored TPP Identification
description: |2-
The Sponsored TPP is:
* A TPP that itself has no direct Open Banking API integrations.
* A TPP that is using the integration of another TPP that does have direct Open Banking API integrations.
additionalProperties: false
AEServiceInitiationPaymentPurposeCode:
type: string
minLength: 1
maxLength: 4
pattern: ^[A-Z]{4}$
description: |2-
A Category code, related to the type of services or goods that corresponds to the underlying purpose of the Payment.
* The ISO20022 External code sets
AEServiceInitiationStructuredCreditorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Creditor reference consisting of:
* TPP ID and BIC for the Debtor Account, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must first omit or truncate the freeform element of the reference.
type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
AEServiceInitiationStructuredDebtorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Debtor reference consisting of:
* For payments to Merchants: TPP ID, Merchant ID, BIC for the Creditor Account, followed by freeform text to a maximum of 120 characters.
* For other payments: TPP ID and BIC for the Creditor Account, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
The Merchant ID wil be as per the existing IPP rules for the Merchant identification, and will incorporate the Trade License number for the Merchant.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must omit or truncate the freeform element of the reference.
oneOf:
- type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},Merchant=[A-Z0-9]{3}-[A-Z]{4}-TL.+-[0-9]{4},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
- type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
AEServiceInitiationConsentControlParameters:
type: object
properties:
IsPayByAccount:
type: boolean
description: A flag to denote if the Payment is an E-Commerce transaction
ConsentSchedule:
$ref: '#/components/schemas/AEServiceInitiationConsentSchedule'
description: Control Parameters set the overall rules for the Payment Schedule
additionalProperties: false
AEServiceInitiationConsentSchedule:
type: object
properties:
SinglePayment:
$ref: '#/components/schemas/AEServiceInitiationSinglePayment'
MultiPayment:
$ref: '#/components/schemas/AEServiceInitiationLongLivedPaymentConsent'
FilePayment:
$ref: '#/components/schemas/AEServiceInitiationFilePaymentConsent'
description: |2-
The various payment types that can be initiated:
* A Single Payment
* A Multi-Payment
* A Combined Payment (one SinglePayment and one MultiPayment)
additionalProperties: false
AEServiceInitiationFilePaymentConsent:
type: object
required:
- FileType
- FileHash
- NumberOfTransactions
- ControlSum
properties:
FileType:
type: string
minLength: 1
maxLength: 40
description: Specifies the payment file type
FileHash:
type: string
minLength: 1
maxLength: 44
description: A base64 encoding of a SHA256 hash of the file to be uploaded.
FileReference:
$ref: '#/components/schemas/AEServiceInitiationReference'
NumberOfTransactions:
type: integer
description: >-
Number of individual transactions contained in the payment
information group.
ControlSum:
type: string
pattern: ^\d{1,16}\.\d{2}$
description: >-
Total of all individual amounts included in the group, irrespective
of currencies.
RequestedExecutionDateTime:
$ref: '#/components/schemas/AERequestedExecutionDate'
description: A Consent definition for defining Bulk/Batch Payments
additionalProperties: false
AEServiceInitiationReference:
type: string
minLength: 1
maxLength: 120
description: A reason or reference in relation to a payment.
AEServiceInitiationLongLivedPaymentConsent:
type: object
required:
- Amount
- MaximumIndividualPaymentAmount
- PeriodicSchedule
properties:
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
MaximumIndividualPaymentAmount:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: |2-
This is the Maximum amount a variable payment related to the Consent can take.
All payment amounts must be smaller or equal to this value.
MaximumCumulativeValueOfPayments:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: |2-
The maximum cumulative value of all successful payment rails executions under the Consent.
Each successful payment rails execution amount (related to the Consent) is added to the total cumulative value of the Consent which cannot exceed the maximum value agreed with the User at the point of consent.
MaximumCumulativeNumberOfPayments:
type: integer
description: |2-
The maximum cumulative number of all successful payment rails executions under the Consent.
Each successful payment rails execution (related to the Consent) is added to the total cumulative number of payments for the Consent which cannot exceed the maximum value agreed with the User at the point of consent.
PeriodicSchedule:
$ref: >-
#/components/schemas/AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule
description: A Consent definition for defining Multi Payments
additionalProperties: false
AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule:
type: object
required:
- DefinedSchedule
- FixedPeriodicSchedule
- VariablePeriodicSchedule
properties:
DefinedSchedule:
$ref: '#/components/schemas/AEServiceInitiationDefinedSchedule'
FixedPeriodicSchedule:
$ref: '#/components/schemas/AEServiceInitiationFixedPeriodicSchedule'
VariablePeriodicSchedule:
$ref: '#/components/schemas/AEServiceInitiationVariablePeriodicSchedule'
Type:
type: string
description: >-
Discriminator property for
AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule.
discriminator:
propertyName: Type
description: The definition for a schedule
additionalProperties: false
AEServiceInitiationVariablePeriodicSchedule:
type: object
required:
- Type
- PeriodType
- MaximumCumulativeValueOfPaymentsPerPeriodType
- MaximumCumulativeNumberOfPaymentsPerPeriodType
properties:
Type:
type: string
enum:
- VariablePeriodicSchedule
PeriodType:
$ref: '#/components/schemas/AEPeriodType'
PeriodStartDate:
$ref: '#/components/schemas/AEPeriodStartDate'
MaximumCumulativeValueOfPaymentsPerPeriodType:
allOf:
- $ref: '#/components/schemas/AEAmountAndCurrency'
description: >-
The maximum cumulative payment value of all payment initiations per
Period Type.
MaximumCumulativeNumberOfPaymentsPerPeriodType:
type: integer
description: The maximum frequency of payment initiations per Period Type.
description: >-
Payment Controls that apply to all payment instructions in a given
period under this payment consent.
additionalProperties: false
AEServiceInitiationSchedule:
type: object
required:
- PaymentExecutionDate
- Amount
properties:
PaymentExecutionDate:
type: string
format: date
description: |2-
Used to specify the expected payment execution date/time.
All dates in the JSON payloads are represented in ISO 8601 date format.
An example is: 2023-04-05
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
additionalProperties: false
AEServiceInitiationFixedPeriodicSchedule:
type: object
required:
- Type
- PeriodType
- PeriodStartDate
- Amount
properties:
Type:
type: string
enum:
- FixedPeriodicSchedule
PeriodType:
$ref: '#/components/schemas/AEPeriodType'
PeriodStartDate:
$ref: '#/components/schemas/AEPeriodStartDate'
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
description: >-
Payment Controls that apply to all payment instructions in a given
period under this payment consent.
additionalProperties: false
AEServiceInitiationDefinedSchedule:
type: object
required:
- Type
- Schedule
properties:
Type:
type: string
enum:
- DefinedSchedule
description: The Periodic Schedule Type
Schedule:
type: array
items:
$ref: '#/components/schemas/AEServiceInitiationSchedule'
minItems: 1
description: >-
Payment Schedule denoting a list of pre-defined future dated payments
all with fixed amounts and dates.
additionalProperties: false
AEServiceInitiationSinglePayment:
anyOf:
- $ref: '#/components/schemas/AEServiceInitiationSingleInstantPayment'
- $ref: '#/components/schemas/AEServiceInitiationFutureDatedPayment'
discriminator:
propertyName: Type
mapping:
SingleInstantPayment: '#/components/schemas/AEServiceInitiationSingleInstantPayment'
SingleFutureDatedPayment: '#/components/schemas/AEServiceInitiationFutureDatedPayment'
description: A Consent definition for defining Single Payments
AEServiceInitiationFutureDatedPayment:
type: object
required:
- Type
- Amount
- RequestedExecutionDate
properties:
Type:
type: string
enum:
- SingleFutureDatedPayment
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
RequestedExecutionDate:
$ref: '#/components/schemas/AERequestedExecutionDate'
description: >-
A long-lived consent that MUST be used for a single payment which will
be authorized by the User during the payment journey, but the payment
will be initiated by the TPP in the future.
additionalProperties: false
AEServiceInitiationSingleInstantPayment:
type: object
required:
- Type
- Amount
properties:
Type:
type: string
enum:
- SingleInstantPayment
description: The Payment Type
Amount:
$ref: '#/components/schemas/AEAmountAndCurrency'
ExpectedInitiationTimeWindow:
$ref: '#/components/schemas/AEExpectedInitiationTimeWindow'
description: >-
A single immediate payment consent that MUST be be used for a single
payment which will be initiated immediately after User authorization at
the LFI.
additionalProperties: false
AEAmountAndCurrency:
type: object
required:
- Currency
- Amount
properties:
Currency:
$ref: '#/components/schemas/CurrencyCode'
Amount:
$ref: '#/components/schemas/Amount'
description: >-
The Currency and Amount relating to the Payment, Refund or Request to
Pay
additionalProperties: false
Amount:
type: number
CurrencyCode:
type: string
pattern: ^[A-Z]{3}$
IsSingleAuthorization:
description: |
Specifies to the LFI that the consent authorization must be completed in a single authorization Step
with the LFI
type: "boolean"
AEServiceInitiationConsentPermissionCodes:
type: string
enum:
- ReadAccountsBasic
- ReadAccountsDetail
- ReadBalances
AEJWEPaymentPII:
type: string
description: |2-
A JSON Web Encryption (JWE) object, which encapsulates a JWS. The value is a compact serialization
of a JWE, which is a string consisting of five base64url-encoded parts joined by dots. It encapsulates encrypted content using JSON data structures.
The decrypted JWS content has the structure of the AEPaymentPII schema.
AuthorizationDetailsDataSharingConsent:
type: object
required:
- ConsentId
- Permissions
properties:
ConsentId:
$ref: '#/components/schemas/AEConsentId'
Permissions:
type: array
items:
$ref: '#/components/schemas/AEAccountAccesssConsentPermissionCodes'
minItems: 1
allOf:
- $ref: '#/components/schemas/AEAccountAccessAuthorizationDetailsProperties'
additionalProperties: false
AuthorizationDetailsInsuranceConsent:
type: object
required:
- ConsentId
- Permissions
properties:
BaseConsentId:
type: string
ExpirationDateTime:
type: string
format: date-time
OnBehalfOf:
$ref: '#/components/schemas/OnBehalfOf'
Purpose:
type: array
items:
$ref: '#/components/schemas/OBConsentPurpose'
ConsentId:
$ref: '#/components/schemas/AEConsentId'
Permissions:
$ref: '#/components/schemas/AEInsuranceConsentPermissions'
OBConsentPurpose:
type: string
enum:
- InsurancePolicyAggregation
- PersonalFinanceManager
- CreditAssessment
- MotorInsuranceQuote
- EnterpriseFinancialManagement
- Other
AEAccountAccessAuthorizationDetailsProperties:
type: object
properties:
BaseConsentId:
$ref: '#/components/schemas/AEBaseConsentId'
ExpirationDateTime:
type: string
format: date-time
description: >-
Specified date and time the permissions will expire.
If this is not populated, the permissions will be open ended.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
TransactionFromDateTime:
type: string
format: date-time
description: |2-
Specified start date and time for the transaction query period.
If this is not populated, the start date will be open ended, and
data will be returned from the earliest available
transaction.All dates in the JSON payloads are represented in
ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
TransactionToDateTime:
type: string
format: date-time
description: |2-
Specified end date and time for the transaction query period.
If this is not populated, the end date will be open ended, and
data will be returned to the latest available transaction.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
AccountType:
type: array
items:
$ref: '#/components/schemas/AEExternalAccountTypeCode'
AccountSubType:
type: array
items:
$ref: '#/components/schemas/AEAccountSubTypeCode'
OnBehalfOf:
$ref: '#/components/schemas/AEOnBehalfOf'
Purpose:
type: array
items:
$ref: '#/components/schemas/AEAccountAccessConsentPurpose'
additionalProperties: false
AEExternalAccountTypeCode:
description: Specifies the type of account (Retail, SME or Corporate).
type: string
enum:
- Retail
- SME
- Corporate
OnBehalfOf:
type: object
description: On Behalf Of
properties:
TradingName:
type: string
description: Trading Name
example: Acme Accounting Trading Name
LegalName:
type: string
description: Legal Name
example: Acme Accounting Legal Name
IdentifierType:
type: string
description: Identifier Type
enum:
- Other
Identifier:
type: string
description: Identifier
example: abcd1234
additionalProperties: false
AEInsuranceConsentPermissions:
type: string
enum:
- ReadMotorInsurancePolicies
- ReadMotorInsuranceCustomerBasic
- ReadMotorInsuranceCustomerDetail
- ReadMotorInsuranceCustomerPaymentDetails
- ReadMotorInsuranceProduct
- ReadMotorInsuranceTransactions
EventNotification:
type: object
description: |
A Webhook Subscription Schema
required:
- Webhook
properties:
Webhook:
description: |
A Webhook Schema
type: object
properties:
Url:
description: |
The TPP Callback URL being registered with the LFI
type: string
example: https://api.tpp.com/webhook/callbackUrl
IsActive:
description: >
The TPP specifying whether the LFI should send (IsActive true)
or not send (IsActive false) Webhook Notifications to the TPP's
Webhook URL
type: boolean
example: false
additionalProperties: false
additionalProperties: false
AEAccountAccessAndInsuranceConsentBody:
type: object
required:
- Data
properties:
Data:
type: object
required:
- "ConsentId"
- "BaseConsentId"
- "Status"
properties:
ConsentId:
$ref: '#/components/schemas/AEConsentId'
Permissions:
$ref: '#/components/schemas/AEAccountAccesssConsentPermissionCodes'
allOf:
- $ref: '#/components/schemas/AEAccountAccessAuthorizationDetailProperties'
additionalProperties: false
Meta:
type: object
properties:
MultipleAuthorizers:
$ref: '#/components/schemas/AEMetaMultiAuthorization'
Subscription:
type: object
properties:
Webhook:
$ref: '#/components/schemas/Webhook'
AEMetaMultiAuthorization:
type: "object"
description: |
Meta Data with Multi-Authorization relevant to the payload.
For a payment, it represents any Authorizers within the financial institution domain that are involved in approving the payment request.
properties:
TotalRequired:
description: |
The total number of Authorizers required to process the request
type: "number"
Authorizations:
type: "array"
items:
description: |
Authorizer
type: "object"
properties:
AuthorizerId:
description: |
The Authorizer's Identifier
type: "string"
AuthorizerType:
description: |
The Type of Authorizer. For example, Financial, Management, etc.
type: "string"
AuthorizationDate:
description: |
The DateTime of when the Authorization occurred. All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2023-04-05T10:43:07+00:00
type: "string"
format: "date-time"
AuthorizationStatus:
description: |
The Status reflecting the Authorizer's final decision regarding the request
type: "string"
enum:
- "Pending"
- "Approved"
- "Rejected"
additionalProperties: false
additionalProperties: false
additionalProperties: false
AEConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
Unique identification assigned by the TPP to identify the consent
resource.
AEAccountAccesssConsentPermissionCodes:
type: string
enum:
- ReadAccountsBasic
- ReadAccountsDetail
- ReadBalances
- ReadBeneficiariesBasic
- ReadBeneficiariesDetail
- ReadTransactionsBasic
- ReadTransactionsDetail
- ReadTransactionsCredits
- ReadTransactionsDebits
- ReadProduct
- ReadScheduledPaymentsBasic
- ReadScheduledPaymentsDetail
- ReadDirectDebits
- ReadStandingOrdersBasic
- ReadStandingOrdersDetail
- ReadConsents
- ReadPartyPSU
- ReadPartyPSUIdentity
- ReadParty
description: >-
Specifies the permitted account access policy data types.
This is a list of the data groups being consented by the User, and
requested for authorization with the LFI.
AEAccountAccessAuthorizationDetailProperties:
type: object
properties:
BaseConsentId:
$ref: '#/components/schemas/AEBaseConsentId'
ExpirationDateTime:
type: string
format: date-time
description: >-
Specified date and time the permissions will expire.
If this is not populated, the permissions will be open ended.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
TransactionFromDateTime:
type: string
format: date-time
description: |2-
Specified start date and time for the transaction query period.
If this is not populated, the start date will be open ended, and
data will be returned from the earliest available
transaction.All dates in the JSON payloads are represented in
ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
TransactionToDateTime:
type: string
format: date-time
description: |2-
Specified end date and time for the transaction query period.
If this is not populated, the end date will be open ended, and
data will be returned to the latest available transaction.All
dates in the JSON payloads are represented in ISO 8601 date-time
format.
All date-time fields in responses must include the timezone. An
example is below:
2017-04-05T10:43:07+00:00
AccountType:
type: array
items:
$ref: '#/components/schemas/AEAccountTypeCode'
AccountSubType:
type: array
items:
$ref: '#/components/schemas/AEAccountSubTypeCode'
OnBehalfOf:
$ref: '#/components/schemas/AEOnBehalfOf'
Status:
$ref: '#/components/schemas/AEAccountAccessConsentStatus'
Purpose:
type: array
items:
$ref: '#/components/schemas/AEAccountAccessConsentPurpose'
RevokedBy:
$ref: '#/components/schemas/AERevokedBy'
additionalProperties: false
AEAccountAccessConsentStatus:
description: >-
Consent Status is set
to either Authorized ,Revoked ,Rejected or AwaitingAuthorization
type: string
enum:
- Authorized
- AwaitingAuthorization
- Rejected
- Revoked
- Expired
- Suspended
AEAccountAccessConsentPurpose:
type: string
enum:
- Account Aggregation
- Personal Finance Manager
- Credit Assessment
- Tax Filing
- Enterprise Financial Management
- Other
AEAccountSubTypeCode:
type: string
enum:
- CurrentAccount
- Savings
- CreditCard
- PrePaidCard
- EMoney
- ChargeCard
- Other
description: Specifies the sub type of account (product family group)
AEAccountTypeCode:
type: string
enum:
- Retail
- Corporate
description: Specifies the type of account (Retail or Corporate).
AEPaymentConsentResponse:
description: |
Payment Consent Response Schema
type: "object"
additionalProperties: false
required:
- "Data"
properties:
Data:
type: "object"
additionalProperties: false
required:
- "ConsentId"
- "BaseConsentId"
- "Status"
# - "StatusUpdateDateTime"
# - "CreationDateTime"
# - "ControlParameters"
# - "PaymentPurposeCode"
# - "PaymentConsumption"
# - "AcceptedAuthorizationType"
# - "ExpirationDateTime"
properties:
ConsentId:
$ref: "#/components/schemas/AEConsentId"
BaseConsentId:
$ref: "#/components/schemas/AEBaseConsentId"
AcceptedAuthorizationType:
$ref: "#/components/schemas/AEAcceptedAuthorizationType"
AuthorizationExpirationDateTime:
$ref: "#/components/schemas/AEAuthorizationExpirationDateTime"
Permissions:
$ref: "#/components/schemas/AEConsentPermissions"
ReadRefundAccount:
$ref: "#/components/schemas/AEReadRefundAccount"
ExpirationDateTime:
$ref: "#/components/schemas/AEConsentExpirationDateTime"
Status:
$ref: "#/components/schemas/AEConsentStatus"
RevokedBy:
$ref: "#/components/schemas/AERevokedBy"
CreationDateTime:
$ref: "#/components/schemas/AECreationDateTime"
StatusUpdateDateTime:
$ref: "#/components/schemas/AEStatusUpdateDateTime"
Charges:
$ref: "#/components/schemas/AECharges"
ExchangeRate:
$ref: "#/components/schemas/AEExchangeRateInformation"
CurrencyRequest:
$ref: "#/components/schemas/AECurrencyRequest"
ControlParameters:
description: |
Control Parameters set the overall rules for the Payment Schedule
type: "object"
additionalProperties: false
properties:
IsPayByAccount:
$ref: "#/components/schemas/AEIsPayByAccount"
ConsentSchedule:
type: "object"
description: |
The various payment types that can be initiated:
* A Single Payment
* A Multi-Payment
* A Combined Payment (one SinglePayment and one MultiPayment)
properties:
SinglePayment:
description: |
A Consent definition for defining Single Payments
oneOf:
- $ref: "#/components/schemas/AESingleInstantPayment"
- $ref: "#/components/schemas/AESingleFutureDatedPayment"
discriminator:
propertyName: Type
MultiPayment:
$ref: "#/components/schemas/AELongLivedPaymentConsent"
FilePayment:
$ref: "#/components/schemas/AEFilePaymentConsent"
additionalProperties: false
DebtorReference:
$ref: "#/components/schemas/AEStructuredDebtorReference"
CreditorReference:
$ref: "#/components/schemas/AEReference"
PaymentPurposeCode:
$ref: "#/components/schemas/AEPaymentPurposeCode"
SponsoredTPPInformation:
$ref: "#/components/schemas/AESponsoredTPPInformation"
PaymentConsumption:
$ref: "#/components/schemas/AEPaymentConsumption"
IsSingleAuthorization:
description: |
Specifies to the LFI that the consent authorization must be completed in a single authorization Step
with the LFI
type: "boolean"
Subscription:
$ref: "#/components/schemas/AEEventNotification"
Meta:
$ref: "#/components/schemas/AEMetaMultiAuthorization"
AEPaymentConsumption:
type: "object"
description: |
Data to track the consumption of Payments in relation to an authorized Consent Schedule
required:
- "CumulativeNumberOfPayments"
- "CumulativeValueOfPayments"
- "CumulativeValueOfPaymentsPerCurrentPeriod"
properties:
CumulativeNumberOfPayments:
type: "number"
description: |
The cumulative number of payment instructions successfully accepted under the current consent schedule (Settlement on the Creditor's account has been completed)
minLength: 1
example: 4
CumulativeValueOfPayments:
description: |
The cumulative value of payment instructions successfully accepted under the current consent schedule (Settlement on the Creditor's account has been completed)
A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217."
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
CumulativeNumberOfPaymentsPerCurrentPeriod:
type: "number"
description: |
The cumulative number of payment instructions in the current period that are successfully accepted (Settlement on the Creditor's account has been completed)
minLength: 1
example: 1
CumulativeValueOfPaymentsPerCurrentPeriod:
description: |
The cumulative value of payment instructions in the current period that are successfully accepted (Settlement on the Creditor's account has been completed)
A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217."
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
additionalProperties: false
AEFilePaymentConsent:
type: "object"
description: |
A file based payment consent.
A Consent definition for defining Multi Payments
required:
- "FileType"
- "FileHash"
- "NumberOfTransactions"
- "ControlSum"
properties:
FileType:
$ref: "#/components/schemas/AEFileType"
FileHash:
$ref: "#/components/schemas/AEFileHash"
FileReference:
$ref: "#/components/schemas/AEReference"
NumberOfTransactions:
$ref: "#/components/schemas/AEFileNumberOfTransactions"
ControlSum:
$ref: "#/components/schemas/AEControlSum"
RequestedExecutionDate:
$ref: "#/components/schemas/AERequestedExecutionDate"
additionalProperties: false
AERequestedExecutionDate:
description: |
The date when the TPP expects the LFI to execute the payment.
The date must be in the future and cannot be on the same day or a day in the past.
The maximum date in the future that can be specified is 1 year from the day of the consent of the User to the TPP.
All dates in the JSON payloads are represented in ISO 8601 date format.
type: "string"
format: "date"
AEFileType:
type: "string"
description: "Specifies the payment file type"
minLength: 1
maxLength: 40
AEFileHash:
type: "string"
description: "A base64 encoding of a SHA256 hash of the file to be uploaded."
minLength: 1
maxLength: 44
AEConsentExpirationDateTime:
description: |
Specified date and time the consent will expire.
If this is not populated, the consent will remain active as a long lived consent until the maximum consent validity period as per section 4.1.1 Consent Elements in the API User Guide.
All dates in the JSON payloads are represented in ISO 8601 date-time format.
All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00
* For Payment Consents, the maximum expiration time limit should be 23:59:59 (1 second before 00:00:00)
type: "string"
format: "date-time"
AEConsentStatus:
description: |
Specifies the status of a payment consent.
| Consent Status| State Type| Description|
|---------------|-----------|------|
| AwaitingAuthorization | Pending | The consent is awaiting authorization.|
| Authorized | In Use | The consent has been successfully authorized.|
| Rejected | Terminal | The unauthorized consent has been rejected at the LFI.|
| Revoked | Terminal | The consent has been revoked at the TPP or LFI.|
| Expired | Terminal | The consent is now expired.|
| Consumed | Terminal | The consented action(s) have either been completed successfully.|
| Suspended | In Use | The consent has been suspended, pending further enquiries.|
type: "string"
enum:
- "AwaitingAuthorization"
- "Authorized"
- "Rejected"
- "Revoked"
- "Expired"
- "Consumed"
- "Suspended"
AECreationDateTime:
description: "Date and time at which the message was created. All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2023-04-05T10:43:07+00:00"
type: "string"
format: "date-time"
AEStatusUpdateDateTime:
description: "Date and time at which the resource status was updated.All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2023-04-05T10:43:07+00:00"
type: "string"
format: "date-time"
AECurrencyRequest:
description: |
The details of the non-local currency or FX request that has been agreed between the User and the TPP.
The requested ChargeBearer and ExchangeRateInformation are included in this object may be overwritten by the LFI in the returned Consent object.
type: "object"
additionalProperties: false
required:
- "CurrencyOfTransfer"
properties:
InstructionPriority:
description: "Indicator of the urgency or order of importance that the instructing party would like the instructed party to apply to the processing of the instruction."
type: "string"
enum:
- "Normal"
- "Urgent"
ExtendedPurpose:
description: "Specifies the purpose of an international payment, when there is no corresponding 4 character code available in the ISO20022 list of Purpose Codes."
type: "string"
minLength: 1
maxLength: 140
ChargeBearer:
$ref: "#/components/schemas/AEChargeBearerType1Code"
CurrencyOfTransfer:
description: "Specifies the currency of the to be transferred amount, which is different from the currency of the debtor's account."
type: "string"
pattern: "^[A-Z]{3,3}$"
DestinationCountryCode:
description: "Country in which Credit Account is domiciled. Code to identify a country, a dependency, or another area of particular geopolitical interest, on the basis of country names obtained from the United Nations (ISO 3166, Alpha-2 code)."
type: "string"
pattern: "[A-Z]{2,2}"
ExchangeRateInformation:
type: "object"
additionalProperties: false
required:
- "UnitCurrency"
- "RateType"
description: "Provides details on the currency exchange rate and contract."
properties:
UnitCurrency:
description: "Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP."
type: "string"
pattern: "^[A-Z]{3,3}$"
ExchangeRate:
description: "The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency."
type: "number"
RateType:
description: "Specifies the type used to complete the currency exchange."
type: "string"
enum:
- "Actual"
- "Agreed"
- "Indicative"
ContractIdentification:
description: "Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent."
type: "string"
minLength: 1
maxLength: 256
AEIsPayByAccount:
type: boolean
description: |
A flag to denote if the Payment is an E-Commerce transaction
default: false
AESingleInstantPayment:
type: "object"
description: |
A single immediate payment consent that MUST be be used for a single payment which will be initiated immediately after User authorization at the LFI.
required:
- "Type"
- "Amount"
properties:
Type:
type: "string"
description: "The Payment Type"
enum:
- SingleInstantPayment
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
ExpectedInitiationTimeWindow:
$ref: "#/components/schemas/AEExpectedInitiationTimeWindow"
additionalProperties: false
AEExpectedInitiationTimeWindow:
description: |
A time window set by the TPP in which a Payment must be initated by the LFI.
The time window is based on a custom time format hhh:mm:ss. e.g. 000:00:15 represents a time window of 15 seconds to initiate the Payment.
type: "string"
pattern: "^(00[0-9]|0[1-9][0-9]|[1-6][0-9]{2}|7[01][0-9]|720):[0-5][0-9]:[0-5][0-9]$"
example: "000:00:15"
AESingleFutureDatedPayment:
type: "object"
description: |
A long-lived consent that MUST be used for a single payment which will be authorized by the User during the payment journey, but the payment will be initiated by the TPP in the future.
required:
- "Type"
- "Amount"
- "RequestedExecutionDate"
properties:
Type:
type: "string"
description: "The Payment Type"
enum:
- SingleFutureDatedPayment
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
RequestedExecutionDate:
$ref: "#/components/schemas/AERequestedExecutionDate"
additionalProperties: false
AEFixedPeriodicSchedule:
description: |
Payment Controls that apply to all payment instructions in a given period under this payment consent.
type: "object"
additionalProperties: false
required:
- "PeriodType"
- "PeriodStartDate"
- "Amount"
- "Type"
properties:
Type:
type: "string"
description: "The Periodic Schedule Type"
enum:
- FixedPeriodicSchedule
PeriodType:
$ref: "#/components/schemas/AEPeriodType"
PeriodStartDate:
$ref: "#/components/schemas/AEPeriodStartDate"
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
AELongLivedPaymentConsent:
type: "object"
description: |
A long-lived payment consent.
A Consent definition for defining Multi Payments
properties:
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
MaximumIndividualPaymentAmount:
$ref: "#/components/schemas/AEMaximumIndividualPaymentAmount"
MaximumCumulativeValueOfPayments:
$ref: "#/components/schemas/AEMaximumCumulativeValueOfPayments"
MaximumCumulativeNumberOfPayments:
$ref: "#/components/schemas/AEMaximumCumulativeNumberOfPayments"
PeriodicSchedule:
description: |
The definition for a schedule
oneOf:
- $ref: "#/components/schemas/AEDefinedSchedule"
- $ref: "#/components/schemas/AEFixedPeriodicSchedule"
- $ref: "#/components/schemas/AEVariablePeriodicSchedule"
discriminator:
propertyName: Type
additionalProperties: false
AEDefinedSchedule:
type: "object"
description: |
Payment Schedule denoting a list of pre-defined future dated payments all with fixed amounts and dates.
additionalProperties: false
required:
- "Schedule"
- "Type"
properties:
Type:
type: "string"
description: "The Periodic Schedule Type"
enum:
- DefinedSchedule
Schedule:
type: "array"
minItems: 1
uniqueItems: false
items:
type: "object"
additionalProperties: false
required:
- "PaymentExecutionDate"
- "Amount"
properties:
PaymentExecutionDate:
$ref: "#/components/schemas/AEPaymentExecutionDate"
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
AEPaymentExecutionDate:
description: |
Used to specify the expected payment execution date/time.
All dates in the JSON payloads are represented in ISO 8601 date format.
An example is: 2023-04-05
type: "string"
format: "date"
AEMaximumIndividualPaymentAmount:
description: |
This is the Maximum amount a variable payment related to the Consent can take.
All payment amounts must be smaller or equal to this value.
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
AEPeriodType:
type: "string"
description: |
A Period may begin from the Consent CreationDateTime if a PeriodStartDate is not provided.
|Period Type|Description|
|-----------|-----------|
|Day|A continuous period of time, consisting of 24 consecutive hours, starting from midnight (00:00:00) and finishing at 23:59:59 of the same day. |
|Week|A continuous period of time, consisting of seven consecutive days, starting from midnight (00:00:00) and finishing at 23:59:59 of the 7th day. |
|Month|A continuous period of time starting from midnight (00:00:00) of the first day of a month and finishing at 23:59:59 of the last day of that month.|
|Year|A continuous period of time, consisting of 12 months.|
enum:
- Day
- Week
- Month
- Year
AEPeriodStartDate:
type: "string"
description: |
* Payments: Specifies the start date of when a payment schedule begins.
Where this is an optional field, if a value is not provided, then it must default to the Consent CreationDateTime, starting from midnight 00:00:00.
format: "date"
AEVariablePeriodicSchedule:
description: |
Payment Controls that apply to all payment instructions in a given period under this payment consent.
type: "object"
additionalProperties: false
required:
- "PeriodType"
- "Type"
properties:
Type:
type: "string"
description: "The Periodic Schedule Type"
enum:
- VariablePeriodicSchedule
PeriodType:
$ref: "#/components/schemas/AEPeriodType"
PeriodStartDate:
$ref: "#/components/schemas/AEPeriodStartDate"
MaximumCumulativeValueOfPaymentsPerPeriodType:
$ref: "#/components/schemas/AEPeriodTypeMaximumCumulativeValueOfPayments"
MaximumCumulativeNumberOfPaymentsPerPeriodType:
$ref: "#/components/schemas/AEPeriodTypeMaximumCumulativeNumberOfPayments"
AEPeriodTypeMaximumCumulativeValueOfPayments:
description: |
The maximum cumulative payment value of all payment initiations per Period Type.
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
AEPeriodTypeMaximumCumulativeNumberOfPayments:
type: "integer"
description: |
The maximum frequency of payment initiations per Period Type.
AEMaximumCumulativeNumberOfPayments:
type: "integer"
description: |
The maximum cumulative number of all successful payment rails executions under the Consent.
Each successful payment rails execution (related to the Consent) is added to the total cumulative number of payments for the Consent which cannot exceed the maximum value agreed with the User at the point of consent.
AEMaximumCumulativeValueOfPayments:
description: |
The maximum cumulative value of all successful payment rails executions under the Consent.
Each successful payment rails execution amount (related to the Consent) is added to the total cumulative value of the Consent which cannot exceed the maximum value agreed with the User at the point of consent.
type: "object"
required:
- "Amount"
- "Currency"
properties:
Amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
Currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
AEStructuredDebtorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Payer reference consisting of:
* For payments to Merchants: TPP ID, Merchant ID, BIC and PostCode for the Creditor Account, followed by freeform text to a maximum of 120 characters.
* For other payments: TPP ID, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
The Merchant ID wil be as per the existing IPP rules for the Merchant identification, and will incorporate the Trade License number for the Merchant.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
A PostCode is specified according to the standard format for ISO 20022, and can therefore be either a maximum of 16 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must first omit or truncate the freeform element of the reference, followed by the PostCode.
oneOf:
- type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},Merchant=[A-Z0-9]{3}-[A-Z]{4}-TL.+-[0-9]{4},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1},PostCode=[A-Z0-9]{1,16}($|,.+$)"
- type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}($|,.+$)"
AEPaymentPurposeCode:
description: A category code that relates to the type of services or goods that corresponds to the underlying purpose of the payment. The code must conform to the published AANI payment purpose code list.
type: "string"
minLength: 1
maxLength: 4
pattern: "^[A-Z]{3}$"
AESponsoredTPPInformation:
type: "object"
description: |
The Sponsored TPP is:
* A TPP that itself has no direct Open Banking API integrations.
* A TPP that is using the integration of another TPP that does have direct Open Banking API integrations.
properties:
Name:
type: "string"
minLength: 1
maxLength: 50
description: |
The Sponsored TPP Name
Identification:
type: "string"
minLength: 1
maxLength: 50
description: |
The Sponsored TPP Identification
additionalProperties: false
AEBaseConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
The original ConsentId assigned by the TPP.
It is used by the TPP for updating/renewing parameters associated with
long-lived consents.
It must be provided when long-lived consent parameters are
updated/renewed for a current consent that has not yet finished.
AEOnBehalfOf:
type: object
properties:
TradingName:
type: string
description: Trading Name
LegalName:
type: string
description: Legal Name
IdentifierType:
allOf:
- $ref: '#/components/schemas/AEOnBehalfOfIdentifierType'
description: Identifier Type
Identifier:
type: string
description: Identifier
additionalProperties: false
AEOnBehalfOfIdentifierType:
type: string
enum:
- Other
Webhook:
type: object
description: |
A Webhook Subscription Schema
properties:
Url:
description: |
The TPP Callback URL being registered with the LFI
type: string
example: https://api.tpp.com/webhook/callbackUrl
IsActive:
description: >
The TPP specifying whether the LFI should send (IsActive true)
or not send (IsActive false) Webhook Notifications to the TPP's
Webhook URL
type: boolean
example: false
additionalProperties: false
AERevokedBy:
description: |
Denotes the Identifier of the revocation.
| Identifier| Description|
|-----------|------------|
| LFI | Revoked by LFI without User initiation|
| TPP | Revoked by TPP without User initiation|
| LFI.InitiatedByUser | Initiated by User via the LFI|
| TPP.InitiatedByUser | Initiated by User via the TPP|
type: string
enum:
- LFI
- TPP
- LFI.InitiatedByUser
- TPP.InitiatedByUser
AEReference:
description: |
A reason or reference in relation to a payment.
Reason or reference for the beneficiary regarding the Payment
type: "string"
minLength: 1
maxLength: 120
AEEventNotification:
type: "object"
description: |
A Webhook Subscription Schema
required:
- "Webhook"
properties:
Webhook:
description: |
A Webhook Schema
type: "object"
properties:
Url:
description: |
The TPP Callback URL being registered with the LFI
type: "string"
example: "https://api.tpp.com/webhook/callbackUrl"
IsActive:
description: |
The TPP specifying whether the LFI should send (IsActive true) or not send (IsActive false) Webhook Notifications to the TPP's Webhook URL
type: "boolean"
example: false
additionalProperties: false
additionalProperties: false
AEAcceptedAuthorizationType:
description: |
Specifies to the LFI the type of consent authorization accepted by the TPP when staging the consent
* Single - The consent should incur a single authorization Step with the LFI
* Multi - The consent should incur a multi-authorization Step with the LFI
type: "string"
enum:
- "Single"
- "Multi"
AEAuthorizationExpirationDateTime:
description: |
A time window by which a Consent (in AwaitingAuthorization status) must be Authorized by the User.
The time window starts from the actual CreationDateTime (when the Consent is staged with the LFI).
If the current time window exceeds the Authorization Expiration Time Window (and the Consent status is AwaitingAuthorization) then the Consent Status must be set to Rejected.
The time window is based on a custom time format hhh:mm:ss. e.g. 720:00:00 represents a time window of 720 hours, 00 minutes, 00 seconds (30 days) after the CreationDateTime to Authorize the Consent.
type: "string"
pattern: "^(00[0-9]|0[1-9][0-9]|[1-6][0-9]{2}|7[01][0-9]|720):[0-5][0-9]:[0-5][0-9]$"
example: "720:00:00"
AEConsentPermissions:
type: "array"
description: |
Specifies the permitted Account Access data types.
This is a list of the data groups being consented by the User, and requested for the authorization with the LFI.
This allows a TPP to request a balance check permission.
tppName: items:
type: "string"
enum:
description: The name of the TPP - "ReadAccountsBasic" # Ability to read directoryRecord:basic account information
type: string - "ReadAccountsDetail" # Ability to read account identification details
description: The latest copy of the TPP directory record if- the"ReadBalances" TPP# hasAbility registeredto withread aall directorybalance information
additionalPropertiesminItems: false1
cbuaeConsentBodyAEReadRefundAccount:
typedescription: object"Allows the LFI to share the refund description:account |details with TPP"
Antype: objectboolean
representing the current state ofAEFileNumberOfTransactions:
the consent. type: "integer"
This includes the entire request,description: augmented|
by additional computed properties Number of individual (e.g. ids, charges etc)
transactions contained in the payment information group.
AEControlSum:
The Ozone Consent Manager caters to consentsdescription: from|
various standards. The actual schema for each consentBody wouldTotal beof determinedall byindividual theamounts underlyingincluded standard.in the group, irrespective of currencies.
•••TODO••• Import the schemas for the consentBody from the CBUAE specification
type: "string"
pattern: "^\\d{1,16}\\.\\d{2}$"
additionalPropertiesexample: true"100.00"
psuIdentifiers:
type: object
description: |
The PSU that is associated with this consent.
The `PSUIdentifiers` object may have artitrary custom fields that an financial institution may use to
identify the PSU.
However, all `PSUIdentifiers` must have a mandatory `userId` field that provides a unique
user id for the PSU.
The consent is initially created without a PSU identified.
The value must be specified once the consent is authorised.
properties:
userId:
type: string
required:
- userId
additionalProperties: true
ValidateResponseStatusEnum:
type: string
enum:
- valid
- invalid
consentValidateResponse:
type: object
properties:
data:
type: object
properties:
status:
$ref: "#/components/schemas/ValidateResponseStatusEnum"
code:
type: string
description:
type: string
meta:
$ref: "#/components/schemas/Meta"
Meta:
type: object
additionalProperties: false
Error:
type: object
properties:
errorCode:
type: string
description: Error code identifying the problem occured
errorMessage:
type: string
description: Message describing what problem has occured
propogateError:
type: boolean
description: optional field if error want to propogate
parameters:
aspspId:
name: o3-aspsp-id
in: header
schema:
type: string
required: true
deprecated: true
description:
Identifier for the financial institution that the request is targetted to.
This header is deprecated and will be removed in a future version of Ozone Connect. Use `o3-provider-id` instead.
providerId:
name: o3-provider-id
in: header
schema:
type: string
required: true
description: Identifier for the financial institution that the request is targetted to
callerOrgId:
name: o3-caller-org-id
in: header
schema:
type: string
required: true
description: An identifier for the organization calling the API
callerClientId:
name: o3-caller-client-id
in: header
schema:
type: string
required: true
description: An identifier for the OIDC clientId calling the API
callerSoftwareStatementId:
name: o3-caller-software-statement-id
in: header
schema:
type: string
required: true
description: An identifier for the software statement calling the API
apiUri:
name: o3-api-uri
in: header
schema:
type: string
required: true
description: The parameterised URL of the API being called by the caller
apiOperation:
name: o3-api-operation
in: header
schema:
type: string
required: true
description: The API operation carried out by the caller (e.g. GET, POST, PUT, DELETE, PATCH)
consentId:
name: o3-consent-id
in: header
schema:
type: string
required: true
description: The consentId for which this call is being made
callerInteractionId:
name: o3-caller-interaction-id
in: header
schema:
type: string
required: true
description: The interaction ID passed in by the caller, if any
ozoneInteractionId:
name: o3-ozone-interaction-id
in: header
schema:
type: string
required: true
description: An interaction ID generated by Ozone if the caller did not send in one. If the callerInteractionId is specified, this takes the same value.
psuIdentifier:
name: o3-psu-identifier
in: header
schema:
type: string
required: true
description: A Base64 encoded representation of the psuIdentifier JSON object.
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT |