...
The TPP MUST now request the User to authorize the consent. Please refer to the Authentication and Authorizationpage to review the supported Authorization Flows.
The TPP MUST construct a Rich Authorization Request (https://www.rfc-editor.org/rfc/rfc9396) with the authorization_details populated with the User’s consent
The TPP MUST include in an insurance access consent with all the REQUIRED data permissions that the User intends to provide to the TPP.
...
The following are non-normative examples of API access and usage of the Insurance Information API.
3.1 The TPP Redirects the User to Authorize Insurance
...
Consent
3.1.1 Request: TPP Uses RAR (Rich Authorization Request) via a PAR (Pushed Authorization Request) Endpoint with the OFP to Obtain a Request URI
...
The authorization_details contain the User’s account access insurance consent details, and a UUID v4 which is a unique identifier for the account access insurance consent.
| Code Block |
|---|
{
"typ": "JWT",
"alg": "PS256",
"kid": "e4ce77c498e77000a25aa7b40e4a83f9"
}
.
{
"iss": "s6BhdRkqt3",
"aud": "https://server.example.com",
"response_type": "code",
"redirect_uri": "https://openbanking.tpp1.ae/simple-redirect-url",
"scope": "accountsinsurance",
"state": "2616df22-899e-468b-b7af-927145b067cc",
"authorization_details": [
{
"typeType": "urn:openfinanceuae:account-accessinsurance-consent:v1.0-draft3",
"consentConsent": {
"ConsentId": "399e00656a6a826f-99070930-42cc4eb0-82b9b365-1ec4f273e3e9a8eac3032828",
"Permissions": [
"ReadAccountsBasicReadInsurancePoliciesMotor",
"ReadAccountsDetail"],
"ReadBalances",
"ExpirationDateTime": "2024-03-28T15:27:13+030",
"ReadBeneficiariesBasicPurpose",: [
"ReadBeneficiariesDetailMotorInsuranceQuote",
]
"ReadTransactionsBasic", }
}
"ReadTransactionsDetail", "ReadTransactionsCredits",
"ReadTransactionsDebits",
"ReadScheduledPaymentsBasic",
"ReadScheduledPaymentsDetail",
]
} |
Create the RAR Request using the signed JWT, and authenticated using private_key_jwt.
The request parameter JWT includes the ConsentId, a UUID v4 that was originally generated by the TPP.
| Code Block |
|---|
POST /open-finance/v1/par HTTP/1.1
Host: auth1.openfinanceplatform.ae
Content-Type: application/x-www-form-urlencoded
Accept: application/json
client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
&client_assertion=eyJhbGciOiJIUzI1NiJ9.ew0KICAiaXNzIjogImM4NDIyNzg3LTFkZmYtNDI0ZC1iNjIwLTM1NmMwODcwYmVkNCIsDQogICJzdWIiOiAiYzg0MjI3ODctMWRmZi00MjRkLWI2MjAtMzU2YzA4NzBiZWQ0IiwNCiAgImF1ZCI6ICJhdXRoMS5sYWIub3BlbmJhbmtpbmcuc2EiLA0KICJqdGkiOiAiYThmZDQ2ZjctYTNiMy00MGQ5LTk2ZjctNDk1YmEyMGFiMTZmIiwNCiAgImV4cCI6IDE1MTYyMzkwMjINCn0.nvY2tG7D3_ioVI55nRJ7apBzoGbP9sofMLd7Dni4YbI
&request=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6ImU0Y2U3N2M0OThlNzcwMDBhMjVhYTdiNDBlNGE4M2Y5In0.eyJpc3MiOiJzNkJoZFJrcXQzIiwiaWF0IjoxNjY5MzkzMTU0LCJleHAiOjE2NjkzOTM0OTYsIm5iZiI6IjE2NjkzOTMxNTQiLCJhdWQiOiJodHRwczovL3NlcnZlci5leGFtcGxlLmNvbSIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly9sZmkubGFiLm9wZW5iYW5raW5nLmFlL2F1dGgiLCJzY29wZSI6Im9wZW5pZCBhY2NvdW50cyIsInN0YXRlIjoiYWYwaWZqc2xka2oiLCJhdXRob3JpemF0aW9uX2RldGFpbHMiOlt7IlR5cGUiOiJBY2NvdW50QWNjZXNzQ29uc2VudCIsIkRhdGEiOnsiQ29uc2VudElkIjoiMzk5ZTAwNjUtOTkwNy00MmNjLTgyYjktMWVjNGYyNzNlM2U5IiwiQ3JlYXRpb25EYXRlVGltZSI6IjIwMjQtMDMtMjdUMTU6Mjc6MTMrMDMwMCIsIkNvbnNlbnRTdGF0dXMiOiJBdXRob3JpemVkIiwiQ29uc2VudFN0YXR1c1VwZGF0ZURhdGVUaW1lIjoiMjAyNC0wMy0yN1QxNjoyNzoxMyswMzAwIiwiUGVybWlzc2lvbnMiOlsiUmVhZEFjY291bnRzQmFzaWMiLCJSZWFkQWNjb3VudHNEZXRhaWwiLCJSZWFkQmFsYW5jZXMiLCJSZWFkQmVuZWZpY2lhcmllc0Jhc2ljIiwiUmVhZEJlbmVmaWNpYXJpZXNEZXRhaWwiLCJSZWFkVHJhbnNhY3Rpb25zQmFzaWMiLCJSZWFkVHJhbnNhY3Rpb25zRGV0YWlsIiwiUmVhZFRyYW5zYWN0aW9uc0NyZWRpdHMiLCJSZWFkVHJhbnNhY3Rpb25zRGViaXRzIiwiUmVhZFNjaGVkdWxlZFBheW1lbnRzQmFzaWMiLCJSZWFkU2NoZWR1bGVkUGF5bWVudHNEZXRhaWwiLCJSZWFkRGlyZWN0RGViaXRzIiwiUmVhZFN0YW5kaW5nT3JkZXJzQmFzaWMiLCJSZWFkU3RhbmRpbmdPcmRlcnNEZXRhaWwiXSwiQXV0aG9yaXphdGlvbkV4cGlyYXRpb25UaW1lV2luZG93IjoiNzIwOjAwOjAwIiwiRXhwaXJhdGlvbkRhdGVUaW1lIjoiMjAyNC0wMy0yOFQxNToyNzoxMyswMzAwIiwiVHJhbnNhY3Rpb25Gcm9tRGF0ZVRpbWUiOiIyMDI0LTAzLTI1VDEyOjE5OjI0KzAzMDAiLCJUcmFuc2FjdGlvblRvRGF0ZVRpbWUiOiIyMDI0LTAzLTI3VDEyOjE5OjI0KzAzMDAiLCJBY2NvdW50VHlwZSI6WyJVQUVPRi5SZXRhaWwiXSwiQWNjb3VudFN1YlR5cGUiOlsiQ3VycmVudEFjY291bnQiXSwiQ29uc2VudFB1cnBvc2UiOlsiQWNjb3VudCBBZ2dyZWdhdGlvbiIsIkUtU3RhdGVtZW50Il19fV19.8T2xivs2zqFdxyrs8h3TWsMxigzk9QcsamU9Dj-2GDs |
3.1.2 Response: The OFP Provides the Request URI for the TPP
| Code Block |
|---|
HTTP/1.1 201 Created
Content-Type: application/json
Cache-Control: no-cache, no-store
{
"request_uri": "urn:ietf:params:oauth:request_uri:6esc_11ACC5bwc014ltc14eY22c",
"expires_in": 60
} |
3.2 The TPP Redirects the User to Their LFI with the Request URI to Authorize the Consent
| Code Block |
|---|
GET /auth?client_id=c8422787-1dff-424d-b620-356c0870bed4&request_uri=urn:ietf:params:oauth:request_uri:6esc_11ACC5bwc014ltc14eY22c
Host: openbanking.lfi.ae |
3.3 The User Logs into Their LFI, Reviews and Authorizes the Consent Request, and Confirms They Wish to Share Insurance Policies with the TPP
The LFI confirms insurance consent properties in the OFP.
| Code Block |
|---|
POST /consents/6a6a826f-0930-4eb0-b365-a8eac3032828
host: auth1.openfinanceplatform.ae
Content-Type: application/json
{
"psuIdentifiers": [
"userId": "33f81f80-6223-4ae1-927a-fec19169ecef"
],
"insurancePoliciesIds": [
"176794ea-ee8c-4621-b824-b8cfa95db0ff"
]
} |
The LFI then confirms authorization of insurance consent in the OFP.
| Code Block |
|---|
POST /auth/aac-1a672e83-d1e5-42bc-b8e1-60a490ec52fd/doConfirm
host: auth1.openfinanceplatform.ae
Content-Type: application/x-www-form-urlencoded
InsurancePolicyInformation.PolicyReference=f91d07d0-6d8f-4e0e-9fb4-0ac61f84d115
&InsurancePolicyInformation.PolicyReference=bed6cb83-956e-4795-86c3-0f4254ae1cab |
3.4 The LFI Returns an Authorization Code to the TPP
| Code Block |
|---|
302 Found
Location: https://openbanking.tpp1.ae/simple-redirect-url?
code=ce2aeabf-599c-4475-9171-1f6d8c1a49dc
&state=2616df22-899e-468b-b7af-927145b067cc |
3.5 The TPP Exchanges the Authorization Code for an Insurance API Access Token with the OFP
| Code Block |
|---|
POST /token HTTP/1.1
Host: as1.openfinanceplatform.ae
Content-Type: application/x-www-form-urlencoded
Accept: application/json
grant_type=authorization_code
&code=ce2aeabf-599c-4475-9171-1f6d8c1a49dc
&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
&client_assertion=eyJhbGciOiJIUzI1NiJ9.ew0KICAiaXNzIjogImM4NDIyNzg3LTFkZmYtNDI0ZC1iNjIwLTM1NmMwODcwYmVkNCIsDQogICJzdWIiOiAiYzg0MjI3ODctMWRmZi00MjRkLWI2MjAtMzU2YzA4NzBiZWQ0IiwNCiAgImF1ZCI6ICJhdXRoMS5sYWIub3BlbmJhbmtpbmcuc2EiLA0KICJqdGkiOiAiYThmZDQ2ZjctYTNiMy00MGQ5LTk2ZjctNDk1YmEyMGFiMTZmIiwNCiAgImV4cCI6IDE1MTYyMzkwMjINCn0.nvY2tG7D3_ioVI55nRJ7apBzoGbP9sofMLd7Dni4YbI
&redirect_uri=https%3A%2F%2Fopenbanking.tpp1.ae%2Fsimple-redirect-url |
3.6 The OFP Returns an Access Token, Refresh Token, and ID Token to the TPP
| Code Block |
|---|
HTTP/1.1 200 OK
Content-Type:application/json
{
"access_token": "caa1b60d-61ff-4cd8-a4e1-2d18c8696de0",
"expires_in": 432000,
"token_type": "Bearer",
"scope": "openid%20insurance",
"state": "2616df22-899e-468b-b7af-927145b067cc",
"refresh_token": "266f5f15-eb81-4a02-bf05-e25063ca445f",
"id_token": "eyJhbGciOiJQUzI1NiIsImtpZCI6IkM4a3FRRlZoUFVOUnZTN1ljamZBSEVSTEVDZEFfamZENXJjb1NXVkMwY2sifQ.eyJzdWIiOiJhYWMtMWE2NzJlODMtZDFlNS00MmJjLWI4ZTEtNjBhNDkwZWM1MmZkIiwib3BlbmJhbmtpbmdfaW50ZW50X2lkIjoiYWFjLTFhNjcyZTgzLWQxZTUtNDJiYy1iOGUxLTYwYTQ5MGVjNTJmZCIsInBzdV9pZGVudGlmaWVycyI6eyJjb21wYW55SWQiOiIxMjM0NSJ9LCJpc3MiOiJodHRwczovL2F1dGgxLmxhYi5vcGVuYmFua2luZy5zYSIsImF1ZCI6ImM4NDIyNzg3LTFkZmYtNDI0ZC1iNjIwLTM1NmMwODcwYmVkNCIsImlhdCI6MTY1OTg2NDEzMywiZXhwIjoxNjU5ODY1MDMzLCJub25jZSI6ImZmMzljMGQxLTIyN2EtNGM3My1iYjA1LTA4NDY0ZjA1MmU4NSIsImF1dGhfdGltZSI6MTY1OTg2NDEzMywiYXpwIjoiYzg0MjI3ODctMWRmZi00MjRkLWI2MjAtMzU2YzA4NzBiZWQ0IiwicmVmcmVzaF90b2tlbl9leHBpcmVzX2F0IjoxNjY3NjQwMTMzLCJjX2hhc2giOiI5UWhXZVlzWnd6NzF0NWhjdlI2OU5BIiwic19oYXNoIjoiNHN0R0QtYTFjS3dFSjVwWFZYOEdnUSIsImFjciI6InVybjpvcGVuYmFua2luZzpwc2QyOnNjYSJ9.AfunjbLyzOMQXtZfAl4563cKxTYbXhzZk5IFrJ864w1aF9_XpIQe1iH5H17xIXL_1XmjbPiPMzx55025NMyDOMwPSRBDu9bIb37EyUlVVtVevxxwVeyOixcOx-NoNMHO4qTKyznhCM_oJmNmq5n8N9xSbmyJSGDIusGiiyXyNt0egnK4xkvPFwri4FJd3IUIdUWOCuUO9RlckBQottUiyo4UazrAaShpn4GIsl_1fj8U2Ga5v4t_6jRG7oEndwQoDruLrftFnwvDWJYD2NSm5LKUb2z4HTb-89aPihcGpCrSrnxqyB6kiAculoJAhZhC8TBY40G3l-6qjc5Ey71JHA"
} |
The TPP can now request insurance policy information using the access token.
3.7 Get a List of Insurance Policies
3.7.1 Request: Insurance Policies Resource
| Code Block |
|---|
GET /open-finance/insurance/v1.0-draft3/insurance-policies HTTP/1.1
Host: rs1.openfinanceplatform.ae
Accept: application/json
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
Authorization: Bearer caa1b60d-61ff-4cd8-a4e1-2d18c8696de0 |
3.7.2 Response: Insurance Policies Resource
| Code Block |
|---|
HTTP/1.1 200 OK
Content-Type: application/json
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
{
"Data": [
{
"PolicyType": "Motor",
"PolicyDetails": {
"InsurancePolicyId": "176794ea-ee8c-4621-b824-b8cfa95db0ff",
"CustomerId": "dcaaef9c-63cb-4c57-9f2a-a4986c4a958e",
"PolicyReference": "9e77ccbd-f3c0-4a51-8c22-48c51531a4de",
"PolicyHolderName": "Hamad Ali",
"CustomerCommunicationDetails": {
"CorrespondenceAddress": {
"AddressLine": [
"PO Box 12345"
],
"PostalCode": "ReadDirectDebits12345",
"City": "Al Qouz",
"StateEmirate": "ReadStandingOrdersBasicDubai",
"Country": "UAE"
"ReadStandingOrdersDetail" },
], "PermanentAddress": {
"AuthorizationExpirationTimeWindowAddressLine": "720:00:00", [
"PO Box 12345"
"ExpirationDateTime": "2024-03-28T15:27:13+0300", ],
"TransactionFromDateTimePostalCode": "2024-03-25T12:19:24+030012345",
"TransactionToDateTimeCity": "2024-03-27T12:19:24+0300Al Qouz",
"AccountTypeStateEmirate": ["UAEOF.RetailDubai"],
"AccountSubTypeCountry": ["CurrentAccount"],UAE"
},
"ConsentPurpose": ["Account Aggregation", "E-Statement"]
"ResidentialAddress": {
} "AddressLine": [
} ] } |
Create the RAR Request using the signed JWT, and authenticated using private_key_jwt.
The request parameter JWT includes the ConsentId, a UUID v4 that was originally generated by the TPP.
| Code Block |
|---|
POST /open-finance/v1/par HTTP/1.1 Host: auth1.openfinanceplatform.ae Content-Type: application/x-www-form-urlencoded
Accept: application/json
client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
&client_assertion=eyJhbGciOiJIUzI1NiJ9.ew0KICAiaXNzIjogImM4NDIyNzg3LTFkZmYtNDI0ZC1iNjIwLTM1NmMwODcwYmVkNCIsDQogICJzdWIiOiAiYzg0MjI3ODctMWRmZi00MjRkLWI2MjAtMzU2YzA4NzBiZWQ0IiwNCiAgImF1ZCI6ICJhdXRoMS5sYWIub3BlbmJhbmtpbmcuc2EiLA0KICJqdGkiOiAiYThmZDQ2ZjctYTNiMy00MGQ5LTk2ZjctNDk1YmEyMGFiMTZmIiwNCiAgImV4cCI6IDE1MTYyMzkwMjINCn0.nvY2tG7D3_ioVI55nRJ7apBzoGbP9sofMLd7Dni4YbI
&request=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6ImU0Y2U3N2M0OThlNzcwMDBhMjVhYTdiNDBlNGE4M2Y5In0.eyJpc3MiOiJzNkJoZFJrcXQzIiwiaWF0IjoxNjY5MzkzMTU0LCJleHAiOjE2NjkzOTM0OTYsIm5iZiI6IjE2NjkzOTMxNTQiLCJhdWQiOiJodHRwczovL3NlcnZlci5leGFtcGxlLmNvbSIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIGlkX3Rva2VuIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly9sZmkubGFiLm9wZW5iYW5raW5nLmFlL2F1dGgiLCJzY29wZSI6Im9wZW5pZCBhY2NvdW50cyIsInN0YXRlIjoiYWYwaWZqc2xka2oiLCJhdXRob3JpemF0aW9uX2RldGFpbHMiOlt7IlR5cGUiOiJBY2NvdW50QWNjZXNzQ29uc2VudCIsIkRhdGEiOnsiQ29uc2VudElkIjoiMzk5ZTAwNjUtOTkwNy00MmNjLTgyYjktMWVjNGYyNzNlM2U5IiwiQ3JlYXRpb25EYXRlVGltZSI6IjIwMjQtMDMtMjdUMTU6Mjc6MTMrMDMwMCIsIkNvbnNlbnRTdGF0dXMiOiJBdXRob3JpemVkIiwiQ29uc2VudFN0YXR1c1VwZGF0ZURhdGVUaW1lIjoiMjAyNC0wMy0yN1QxNjoyNzoxMyswMzAwIiwiUGVybWlzc2lvbnMiOlsiUmVhZEFjY291bnRzQmFzaWMiLCJSZWFkQWNjb3VudHNEZXRhaWwiLCJSZWFkQmFsYW5jZXMiLCJSZWFkQmVuZWZpY2lhcmllc0Jhc2ljIiwiUmVhZEJlbmVmaWNpYXJpZXNEZXRhaWwiLCJSZWFkVHJhbnNhY3Rpb25zQmFzaWMiLCJSZWFkVHJhbnNhY3Rpb25zRGV0YWlsIiwiUmVhZFRyYW5zYWN0aW9uc0NyZWRpdHMiLCJSZWFkVHJhbnNhY3Rpb25zRGViaXRzIiwiUmVhZFNjaGVkdWxlZFBheW1lbnRzQmFzaWMiLCJSZWFkU2NoZWR1bGVkUGF5bWVudHNEZXRhaWwiLCJSZWFkRGlyZWN0RGViaXRzIiwiUmVhZFN0YW5kaW5nT3JkZXJzQmFzaWMiLCJSZWFkU3RhbmRpbmdPcmRlcnNEZXRhaWwiXSwiQXV0aG9yaXphdGlvbkV4cGlyYXRpb25UaW1lV2luZG93IjoiNzIwOjAwOjAwIiwiRXhwaXJhdGlvbkRhdGVUaW1lIjoiMjAyNC0wMy0yOFQxNToyNzoxMyswMzAwIiwiVHJhbnNhY3Rpb25Gcm9tRGF0ZVRpbWUiOiIyMDI0LTAzLTI1VDEyOjE5OjI0KzAzMDAiLCJUcmFuc2FjdGlvblRvRGF0ZVRpbWUiOiIyMDI0LTAzLTI3VDEyOjE5OjI0KzAzMDAiLCJBY2NvdW50VHlwZSI6WyJVQUVPRi5SZXRhaWwiXSwiQWNjb3VudFN1YlR5cGUiOlsiQ3VycmVudEFjY291bnQiXSwiQ29uc2VudFB1cnBvc2UiOlsiQWNjb3VudCBBZ2dyZWdhdGlvbiIsIkUtU3RhdGVtZW50Il19fV19.8T2xivs2zqFdxyrs8h3TWsMxigzk9QcsamU9Dj-2GDs |
3.1.2 Response: The OFP Provides the Request URI for the TPP
| Code Block |
|---|
HTTP/1.1 201 Created
Content-Type: application/json
Cache-Control: no-cache, no-store
{
"request_uri": "urn:ietf:params:oauth:request_uri:6esc_11ACC5bwc014ltc14eY22c",
"expires_in": 60
} |
3.2 The TPP Redirects the User to Their LFI with the Request URI to Authorize the Consent
| Code Block |
|---|
GET /auth?client_id=c8422787-1dff-424d-b620-356c0870bed4&request_uri=urn:ietf:params:oauth:request_uri:6esc_11ACC5bwc014ltc14eY22c
Host: openbanking.lfi.ae |
3.3 The User Logs into Their LFI, Reviews and Authorizes the Consent Request, and Confirms the Accounts They Want to Share with the TPP
The LFI confirms account access consent in the OFP.
| Code Block |
|---|
POST /auth/aac-1a672e83-d1e5-42bc-b8e1-60a490ec52fd/aac/doConfirm
host: auth1.openfinanceplatform.ae
Content-Type: application/x-www-form-urlencoded
accounts=f91d07d0-6d8f-4e0e-9fb4-0ac61f84d115
&accounts=bed6cb83-956e-4795-86c3-0f4254ae1cab
&accounts=528b9f0c-c4e1-45fd-8f28-ab53fda4c850
&accounts=fe1e15fe-d4aa-4b4c-9ce0-e69bbf901fa6
&accounts=802d03c3-4ac5-4809-8c1e-f9f046e314e4
&accounts=02d19fb7-cf51-4b9a-a958-77701120da3c |
3.4 The LFI Returns an Authorization Code to the TPP
| Code Block |
|---|
302 Found
Location: https://openbanking.tpp1.ae/simple-redirect-url?
code=ce2aeabf-599c-4475-9171-1f6d8c1a49dc
&state=2616df22-899e-468b-b7af-927145b067cc |
3.5 The TPP Exchanges the Authorization Code for an Account API Access Token with the OFP
| Code Block |
|---|
POST /token HTTP/1.1
Host: as1.openfinanceplatform.ae
Content-Type: application/x-www-form-urlencoded
Accept: application/json
grant_type=authorization_code
&code=ce2aeabf-599c-4475-9171-1f6d8c1a49dc
&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
&client_assertion=eyJhbGciOiJIUzI1NiJ9.ew0KICAiaXNzIjogImM4NDIyNzg3LTFkZmYtNDI0ZC1iNjIwLTM1NmMwODcwYmVkNCIsDQogICJzdWIiOiAiYzg0MjI3ODctMWRmZi00MjRkLWI2MjAtMzU2YzA4NzBiZWQ0IiwNCiAgImF1ZCI6ICJhdXRoMS5sYWIub3BlbmJhbmtpbmcuc2EiLA0KICJqdGkiOiAiYThmZDQ2ZjctYTNiMy00MGQ5LTk2ZjctNDk1YmEyMGFiMTZmIiwNCiAgImV4cCI6IDE1MTYyMzkwMjINCn0.nvY2tG7D3_ioVI55nRJ7apBzoGbP9sofMLd7Dni4YbI
&redirect_uri=https%3A%2F%2Fopenbanking.tpp1.ae%2Fsimple-redirect-url |
3.6 The OFP Returns an Access Token, Refresh Token, and ID Token to the TPP
| Code Block |
|---|
HTTP/1.1 200 OK
Content-Type:application/json
{
"access_token": "caa1b60d-61ff-4cd8-a4e1-2d18c8696de0",
"expires_in": 432000,
"token_type": "Bearer",
"scope": "openid%20insurance",
"state": "2616df22-899e-468b-b7af-927145b067cc",
"refresh_token": "266f5f15-eb81-4a02-bf05-e25063ca445f",
"id_token": "eyJhbGciOiJQUzI1NiIsImtpZCI6IkM4a3FRRlZoUFVOUnZTN1ljamZBSEVSTEVDZEFfamZENXJjb1NXVkMwY2sifQ.eyJzdWIiOiJhYWMtMWE2NzJlODMtZDFlNS00MmJjLWI4ZTEtNjBhNDkwZWM1MmZkIiwib3BlbmJhbmtpbmdfaW50ZW50X2lkIjoiYWFjLTFhNjcyZTgzLWQxZTUtNDJiYy1iOGUxLTYwYTQ5MGVjNTJmZCIsInBzdV9pZGVudGlmaWVycyI6eyJjb21wYW55SWQiOiIxMjM0NSJ9LCJpc3MiOiJodHRwczovL2F1dGgxLmxhYi5vcGVuYmFua2luZy5zYSIsImF1ZCI6ImM4NDIyNzg3LTFkZmYtNDI0ZC1iNjIwLTM1NmMwODcwYmVkNCIsImlhdCI6MTY1OTg2NDEzMywiZXhwIjoxNjU5ODY1MDMzLCJub25jZSI6ImZmMzljMGQxLTIyN2EtNGM3My1iYjA1LTA4NDY0ZjA1MmU4NSIsImF1dGhfdGltZSI6MTY1OTg2NDEzMywiYXpwIjoiYzg0MjI3ODctMWRmZi00MjRkLWI2MjAtMzU2YzA4NzBiZWQ0IiwicmVmcmVzaF90b2tlbl9leHBpcmVzX2F0IjoxNjY3NjQwMTMzLCJjX2hhc2giOiI5UWhXZVlzWnd6NzF0NWhjdlI2OU5BIiwic19oYXNoIjoiNHN0R0QtYTFjS3dFSjVwWFZYOEdnUSIsImFjciI6InVybjpvcGVuYmFua2luZzpwc2QyOnNjYSJ9.AfunjbLyzOMQXtZfAl4563cKxTYbXhzZk5IFrJ864w1aF9_XpIQe1iH5H17xIXL_1XmjbPiPMzx55025NMyDOMwPSRBDu9bIb37EyUlVVtVevxxwVeyOixcOx-NoNMHO4qTKyznhCM_oJmNmq5n8N9xSbmyJSGDIusGiiyXyNt0egnK4xkvPFwri4FJd3IUIdUWOCuUO9RlckBQottUiyo4UazrAaShpn4GIsl_1fj8U2Ga5v4t_6jRG7oEndwQoDruLrftFnwvDWJYD2NSm5LKUb2z4HTb-89aPihcGpCrSrnxqyB6kiAculoJAhZhC8TBY40G3l-6qjc5Ey71JHA"
} |
The TPP can now request insurance policy using the access token.
3.7 Get a List of Insurance Policies
3.7.1 Request: Insurance Policies Resource
| Code Block |
|---|
GET /open-finance/insurance/v1.0-draft3/insurance-policies HTTP/1.1
Host: rs1.openfinanceplatform.ae
Accept: application/json
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
Authorization: Bearer caa1b60d-61ff-4cd8-a4e1-2d18c8696de0 |
3.7.2 Response: Insurance Policies Resource
| Code Block |
|---|
HTTP/1.1 200 OK
Content-Type: application/json
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
{
"Data": {
"Account": [
{ "PO Box 12345"
],
"PostalCode": "12345",
"City": "Al Qouz",
"StateEmirate": "Dubai",
"Country": "UAE"
},
"CommunicationPreferences": [
{
"Type": "Home",
"PhoneNumber": "971000000000"
}
],
"Email": "hamad.ali@email.ae"
},
"AccountIdIndividualCustomerDetails": "f91d07d0-6d8f-4e0e-9fb4-0ac61f84d115", {
"AccountHolderNameGender": "Hamad AliMale",
"AccountHolderShortNameDateofBirth": "2003-09-12",
"StatusMaritalStatus": "ActiveMarried",
"CurrencyNationality": "AEDUAE",
"AccountTypeNumberofChildren": "UAEOF.Retail", 1
"AccountSubType": "CurrentAccount", },
"NicknameVehicleInformation": "CurrentAC", {
"OpeningDateCarMake": "2021-01-28T15:27:13+0300","Toyota",
"AccountIdentifiersCarModel": [ "Land Cruiser",
{"CarModelYear": "2023",
"IdentificationTypeCarPurchaseDateTime": "UAEOF.IBAN2023-01-31T00:00:00.000Z",
"IdentificationEstimatedValueAmount": "SA4420000001234567891234",{
"NameCurrency": "Hamad Ali""AED",
"Amount": 180000
} ]},
"ServicerRegistrationDateTime": {"2023-01-31T00:00:00.000Z",
"IdentificationTypeCountryofOrigin": "UAEOF.BICFIARE",
"IdentificationVehicleColor": "SASAMAWhite",
} }"PlateNumber": "12345",
{
"AccountIdPlateCode": "g91d07d0-6d8f-4e0e-9fb4-0ac61f84e4441",
"AccountHolderNameVehicleMileage": 50000,
"Hamad Ali", "AccountHolderShortNameVehicleWeight": ""2000,
"Status": "Active", "CurrencyVehicleHistory": "USDImported",
"AccountType": "UAEOF.Retail",},
"AccountSubTypeInsurancePolicyInformation": "Savings", {
"NicknameIssueDateTime": "SavingsAC2024-05-01T00:00:00.000Z",
"OpeningDateExpiryDateTime": "20212025-0104-28T1531T23:27:13+030059:59.999Z",
"AccountIdentifiers": [ {"PolicyType": "Comprehensive",
"IdentificationTypeCoverageAmount": "UAEOF.IBAN",{
"IdentificationCurrency": "SA4420000001234567890001AED",
"NameAmount": "Hamad Ali"
180000
} },
], "CoverageStartDateTime"Servicer": {: "2024-05-01T00:00:00.000Z",
"IdentificationTypePolicyPremium": "UAEOF.BICFI", {
"IdentificationCurrency": "SASAMA"AED",
} "Amount": 4600
} ] },
"Links": { "Self": "https://rs1.openfinanceplatform.ae/open-finance/account-information/v1.0-draft3/accounts"
}, "PolicyHolderEmirates": true,
"MetaPreviousPolicy": {}
} |
3.8 Get an Insurance Policy
3.8.1 Request: Insurance Policy Resource
...
3.8.2 Response: Insurance Policy Resource
...
4. Further Examples
4.1 The TPP Queries the Account Access Consent Resource for the Status after a User has Authorized the Consent
4.1.1 Request: account-access-consents/{ConsentId} resource
| Code Block |
|---|
GET /open-finance/account-information/v1.0-draft3/account-access-consents/aac-1a672e83-d1e5-42bc-b8e1-60a490ec52fd HTTP/1.1
Host: rs1.openfinanceplatform.ae
Content-Type: application/json
x-fapi-interaction-id: 2e974f01-d111-4078-9a19-7a9b385e637c
Authorization: Bearer e6156449-6f27-4c42-aa5b-36602f73eac9 |
4.1.2 Response: account-access-consents/{ConsentId} resource
| Code Block |
|---|
HTTP/1.1 200 OK
Content-Type:application/json
x-fapi-interaction-id: 2e974f01-d111-4078-9a19-7a9b385e637c
{
"Data
"PolicyReference": "8a43bab5-43d8-4525-b92d-840eff449ba5",
"Insurer": "AXA",
"PolicyStartDateTime": "2023-05-01T00:00:00.000Z",
"PolicyExpiryDateTime": "2024-04-31T23:59:59.999Z"
}
},
"AddOns": {
"ConsentId": "aac-69255d98-ab0e-4758-92a7-cacbf3073efa", "DriversPersonalAccident": true,
"CreationDateTimePassengersPersonalAccident": "2024-06-27T15:27:13+0300", true
"ConsentStatus": "Authorized", },
"ConsentFlags": { "PartlyAuthorizedAdditionalInformation": "2024-06-27T16:27:13+0300" {
}, "ConsentStatusUpdateDateTimeFirstTimeRegistration": "2024-06-27T16:27:13+0300true",
"Permissions "VehicleMortgageAmount": {
[ "ReadAccountsBasic", "Currency": "ReadAccountsDetailAED",
"ReadBalances", "ReadBeneficiariesBasicAmount",: 180000
"ReadBeneficiariesDetail", "ReadTransactionsBasic",}
"ReadTransactionsDetail", }
"ReadTransactionsCredits", }
"ReadTransactionsDebits", "ReadScheduledPaymentsBasic",}
"ReadScheduledPaymentsDetail"],
"ReadDirectDebitsLinks",: {
"ReadStandingOrdersBasicSelf",
"ReadStandingOrdersDetail: "https://rs1.openfinanceplatform.ae/open-finance/insurance/v1.0-draft3/insurance-policies"
]},
"AuthorizationExpirationTimeWindowMeta": "720:00:00", {
"ExpirationDateTimeTotalPages": "2024-06-28T15:27:13+0300",1"
}
"TransactionFromDateTime": "2024-06-25T12:19:24+0300",
"TransactionToDateTime": "2024-06-27T12:19:24+0300",
"AccountType": [
"UAEOF.Retail"
], } |
3.8 Get an Insurance Policy
3.8.1 Request: Insurance Policy Resource
| Code Block |
|---|
GET /open-finance/insurance/v1.0-draft3/insurance-policies/176794ea-ee8c-4621-b824-b8cfa95db0ff HTTP/1.1
Host: rs1.openfinanceplatform.ae
Accept: application/json
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
Authorization: Bearer caa1b60d-61ff-4cd8-a4e1-2d18c8696de0 |
3.8.2 Response: Insurance Policy Resource
| Code Block |
|---|
HTTP/1.1 200 OK
Content-Type: application/json
x-fapi-interaction-id: 942a7ee7-d29a-45aa-93b7-c5f292d86602
{
"AccountSubTypeData": [{
"CurrentAccountPolicyType"
: "Motor",
], "ConsentPurposePolicyDetails": {
[ "Account Aggregation",
"E-Statement"
]
},
"Subscription": {InsurancePolicyId": "176794ea-ee8c-4621-b824-b8cfa95db0ff",
"WebhookCustomerId": { "dcaaef9c-63cb-4c57-9f2a-a4986c4a958e",
"UrlPolicyHolderName": "https://api.tpp1.com/webhook/callbackUrlHamad Ali",
"IsActiveCustomerCommunicationDetails": false{
} }, "LinksCorrespondenceAddress": {
"Self": "https://rs1.openfinanceplatform.ae/open-finance/account-information/v1.0-draft3/account-access-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa"
},
"Meta": {}
} |
4.2 The TPP Requests a List of Accounts Using an Expired Access Token
4.2.1 Request: accounts resource
| Code Block |
|---|
GET /open-finance/account-information/v1.0-draft3/accounts HTTP/1.1
Host: rs1.openfinanceplatform.ae
Content-Type: application/json
x-fapi-interaction-id: 9a371b79-4e79-4d7d-a77d-380c528ab8c0
Authorization: Bearer caa1b60d-61ff-4cd8-a4e1-2d18c8696de0 |
4.2.2 Response: 403 Forbidden
| Code Block |
|---|
HTTP/1.1 401 Unauthorized
Content-Type: application/json
x-fapi-interaction-id: 9a371b79-4e79-4d7d-a77d-380c528ab8c0
{
"Errors": [
{ "AddressLine": [
"PO Box 12345"
],
"PostalCode": "12345",
"City": "Al Qouz",
"StateEmirate": "Dubai",
"CodeCountry": "UAEOF.AccessToken.Unauthorized",UAE"
},
"MessagePermanentAddress": {
"max_age_exceeded: Token has expired", "AddressLine": [
"Path": "Authorization",PO Box 12345"
"Url": "https://developer.openfinanceplatform.ae/api-errors/401" } ],
] } |
4.3 Webhooks
4.3.1 The TPP Creates an Account Access Consent Request with a Webhook Subscription
4.3.1.1 Request: Account Access Consent and Webhook Subscription
| Code Block |
|---|
{ "typ": "JWT", "algPostalCode": "PS25612345",
"kid": "e4ce77c498e77000a25aa7b40e4a83f9" } . { "issCity": "s6BhdRkqt3Al Qouz",
"iat": 1669393154, "expStateEmirate": 1669393496"Dubai",
"nbf": 1669393154, "audCountry": "https://server.example.com",UAE"
"response_type": "code" },
"redirect_uri": "https://openbanking.tpp1.ae/simple-redirect-url", "scopeResidentialAddress": "accounts", {
"state": "2616df22-899e-468b-b7af-927145b067cc", "authorization_detailsAddressLine": [
{ "PO Box 12345"
"type": "urn:openfinanceuae:account-access-consent:v1.0-draft3" ],
"consentPostalCode": {
"12345",
"ConsentIdCity": "399e0065-9907-42cc-82b9-1ec4f273e3e9",
Al Qouz",
"CreationDateTimeStateEmirate": "2024-03-27T15:27:13+0300Dubai",
"ConsentStatusCountry": "AuthorizedUAE",
},
"ConsentStatusUpdateDateTime": "2024-03-27T16:27:13+0300", "CommunicationPreferences": [
"Permissions": [{
"ReadAccountsBasic"Type": "Home",
"PhoneNumber": "971000000000"
"ReadAccountsDetail", }
],
"ReadBalances", "Email": "hamad.ali@email.ae"
},
"ReadBeneficiariesBasic", "IndividualCustomerDetails": {
"Gender": "ReadBeneficiariesDetailMale",
"DateofBirth": "2003-09-12",
"ReadTransactionsBasic"MaritalStatus": "Married",
"Nationality": "UAE",
"ReadTransactionsDetailNumberofChildren",: 1
},
"ReadTransactionsCreditsVehicleInformation",: {
"CarMake": "Toyota",
"ReadTransactionsDebits", "CarModel": "Land Cruiser",
"ReadScheduledPaymentsBasic"CarModelYear": "2023",
"CarPurchaseDateTime": "2023-01-31T00:00:00.000Z",
"ReadScheduledPaymentsDetailEstimatedValueAmount",: {
"Currency": "AED",
"ReadDirectDebits", "Amount": 180000
},
"ReadStandingOrdersBasic", "RegistrationDateTime": "2023-01-31T00:00:00.000Z",
"CountryofOrigin": "ReadStandingOrdersDetailARE",
"VehicleColor": "White",
], "PlateNumber": "12345",
"AuthorizationExpirationTimeWindowPlateCode": "720:00:001",
"VehicleMileage": 50000,
"ExpirationDateTime": "2024-03-28T15:27:13+0300", "VehicleWeight": 2000,
"TransactionFromDateTimeVehicleHistory": "2024-03-25T12:19:24+0300",Imported"
},
"TransactionToDateTimeInsurancePolicyInformation": "2024-03-27T12:19:24+0300",
{
"AccountTypeIssueDateTime": ["UAEOF.Retail"],
"2024-05-01T00:00:00.000Z",
"AccountSubTypeExpiryDateTime": ["CurrentAccount"],
"2025-04-31T23:59:59.999Z",
"ConsentPurposePolicyType": ["Account AggregationComprehensive",
"E-Statement"] },"CoverageAmount": {
"SubscriptionCurrency": {
"AED",
"WebhookAmount": 180000
{ },
"UrlCoverageStartDateTime": "https://api.tpp1.com/webhook/callbackUrl",
2024-05-01T00:00:00.000Z",
"IsActivePolicyPremium": false{
"Currency": "AED",
} }"Amount": 4600
}
,
] } |
4.3.2 The TPP updates a Webhook Subscription preference with the OFP
4.3.2.1 Request: Activate Webhook events
| Code Block |
|---|
PATCH /open-finance/account-information/v1.0-draft3/account-access-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa HTTP/1.1
Host: rs1.lab.api.openbanking.ae
Content-Type: application/json
x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead
Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1
{
"Subscription": {
"Webhook": { "PolicyHolderEmirates": true,
"PreviousPolicy": {
"PolicyReference": "8a43bab5-43d8-4525-b92d-840eff449ba5",
"IsActiveInsurer": true"AXA",
} } } |
4.3.2.2 Response: Webhook events activated
| Code Block |
|---|
HTTP/1.1 204 No Content
x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead |
4.3.3 The TPP unsubscribes their Webhook Subscription with the OFP
4.3.3.1 Request: De-Activate Webhook events
| Code Block |
|---|
PATCH /open-finance/account-information/v1.0-draft3/account-access-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa HTTP/1.1
Host: rs1.lab.api.openbanking.ae
Content-Type: application/json
x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead
Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1
{
"Subscription": { "PolicyStartDateTime": "2023-05-01T00:00:00.000Z",
"PolicyExpiryDateTime": "2024-04-31T23:59:59.999Z"
}
},
"AddOns": {
"WebhookDriversPersonalAccident": true,
{ "IsActivePassengersPersonalAccident": true
false },
} } |
4.3.3.2 Response: Webhook events de-activated
| Code Block |
|---|
HTTP/1.1 204 No Content
x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead |
4.3.4 The TPP receives data from the OFP (specific to the consent and permissions) via its Webhook
4.3.4.1 The OFP generates a Self Signed JWT Authorization Token for Client Authentication with the TPP.
This JWT Authorization Token MUST be set in the Authorization Header.
| Code Block |
|---|
{ "AdditionalInformation": {
"algFirstTimeRegistration": "PS256true",
"typVehicleMortgageAmount": "JOSE", {
"ctyCurrency": "jsonAED",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "https://openbanking.masrif-ahmar.ae",
"sub": "e75c26bf-1682-401a-a227-ec125f6636ab",
"aud": "https://api.tpp.com/webhook/callbackUrl",
"exp": 1661378066,
"iat": 1661378036,
"nbf": 1661378036,
"jti": "274aa39d-d77a-46a9-b832-b2ced47919dd"
}
.
<<signature>> |
4.3.4.2 Request: OFP publishes signed/encrypted data to the registered Webhook Url provided by the TPP
The example below shows a signed and encrypted payload with the JWT Authorization Token set in the Authorization Header.
| Code Block |
|---|
POST /webhook/callbackUrl "Amount": 180000
}
}
}
},
"Links": {
"Self": "https://rs1.openfinanceplatform.ae/open-finance/insurance/v1.0-draft3/insurance-policies/176794ea-ee8c-4621-b824-b8cfa95db0ff"
}
} |
4. Further Examples
4.1 The TPP Queries the Insurance Resource for the Status after a User has Authorized the Consent
4.1.1 Request: insurance-consents/{ConsentId} resource
| Code Block |
|---|
GET /open-finance/insurance/v1.0-draft3/insurance-consents/aac-1a672e83-d1e5-42bc-b8e1-60a490ec52fd HTTP/1.1
Host: apirs1.tpp.comopenfinanceplatform.ae
Content-Type: application/json
x-fapi-interaction-id: 77b0e8302e974f01-b095d111-4c6c4078-94e89a19-20f83eaa799f7a9b385e637c
Content-TypeAuthorization: application/jwt
Date: Wed, 24 Aug 2022 07:28:00 AST
Authorization: Bearer eyJhbGciO9.eyJzdWImlhdCI6MTUxNjIzOTAyMn0.iOeN9eg
<<jwe>>
|
Here, <<jwe>> is a signed and encrypted payload. The inner JWS has the structure below:
| Code Block |
|---|
{
"alg": "PS256",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "string",
"exp": 1664950125,
"nbf": 1664950125,
"aud": [
"6uC8HSQ8C59SDSw43Cdm9YWxxjJmDV"
],
"iat": 1661378036,
"message": {
"Data": {
"AccountId": "f91d07d0-6d8f-4e0e-9fb4-0ac61f84d115",
"Account": [Bearer e6156449-6f27-4c42-aa5b-36602f73eac9 |
4.1.2 Response: insurance-consents/{ConsentId} resource
| Code Block |
|---|
HTTP/1.1 200 OK
Content-Type:application/json
x-fapi-interaction-id: 2e974f01-d111-4078-9a19-7a9b385e637c
{
"Data": {
"ConsentId": "6a6a826f-0930-4eb0-b365-a8eac3032828",
"CreationDateTime": "2024-06-27T15:27:13+0300",
"Status": "Authorized",
"StatusUpdateDateTime": "2024-06-27T16:27:13+0300",
"Permissions": [
"ReadInsurancePoliciesMotor"
],
"ExpirationDateTime": "2024-03-28T15:27:13+030",
"Purpose": [
"MotorInsuranceQuote"
]
},
"Subscription": {
"Webhook": {
"Url": {"https://api.tpp1.com/webhook/callbackUrl",
"IsActive": false
}
"Currency": "AED" },
"Links": {
"Status": "Active""Self": "https://rs1.openfinanceplatform.ae/open-finance/insurance/v1.0-draft3/insurance-consents/6a6a826f-0930-4eb0-b365-a8eac3032828"
},
"Meta": {}
} |
4.2 The TPP Requests the List of Insurance Policies Using an Expired Access Token
4.2.1 Request: insurance-policies collection
| Code Block |
|---|
GET /open-finance/insurance/v1.0-draft3/insurance-policies HTTP/1.1
Host: rs1.openfinanceplatform.ae
Content-Type: application/json
x-fapi-interaction-id: 9a371b79-4e79-4d7d-a77d-380c528ab8c0
Authorization: Bearer caa1b60d-61ff-4cd8-a4e1-2d18c8696de0 |
4.2.2 Response: 401 Unauthorized
| Code Block |
|---|
HTTP/1.1 401 Unauthorized
Content-Type: "AccountIdentifiers": [
{
application/json
x-fapi-interaction-id: 9a371b79-4e79-4d7d-a77d-380c528ab8c0 |
4.3 Webhooks
4.3.1 The TPP Creates an Insurance Consent Request with a Webhook Subscription
4.3.1.1 Request: Insurance Consent and Webhook Subscription
| Code Block |
|---|
{
"Name"typ": "Account 1JWT",
"IdentificationTypealg": "UAEOF.IBANPS256",
"Identificationkid": "00003130000001e4ce77c498e77000a25aa7b40e4a83f9"
}
]
.
{
}"iss": "s6BhdRkqt3",
"iat": 1669393154,
] "exp": }1669393496,
"Linksnbf": {
1669393154,
"Selfaud": "https://rs1server.openfinanceplatform.ae/open-finance/account-information/v1.0-draft3/accounts/f91d07d0-6d8f-4e0e-9fb4-0ac61f84d115"
}example.com",
"EventMetaresponse_type": {
"code",
"EventDateTimeredirect_uri": "2022-08-24T07:28:00.556Z",
https://openbanking.tpp1.ae/simple-redirect-url",
"EventResourcescope": "accountsinsurance",
"EventTypestate": "UAEOF.Resource.Created2616df22-899e-468b-b7af-927145b067cc",
"ConsentIdauthorization_details": "aac-1a672e83-d1e5-42bc-b8e1-60a490ec52fd"[
} } }{
.
<<signature>> |
4.3.4.3 Response: TPP validates the Self Signed JWT Authorization Token from LFI, stores data, and acknowledges a successful response to the OFP
| Code Block |
|---|
HTTP/1.1 202 Accepted
x-fapi-interaction-id: 77b0e830-b095-4c6c-94e8-20f83eaa799f |
4.3.5 Webhook Payload for a single resource collection associated with a single event type
The following non-normative example illustrates a OFP webhook payload for a collection of account ID transactions of the same event type: UAEOF.Resource.Created
| Code Block |
|---|
{
"alg": "PS256",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "string",
"exp": 1664950125,
"nbf": 1664950125,
"aud": [
"6uC8HSQ8C59SDSw43Cdm9YWxxjJmDV"
],
"iat": 1661378036,
"message": {
"Data": { "Type": "urn:openfinanceuae:insurance-consent:v1.0-draft3",
"Consent": {
"ConsentId": "6a6a826f-0930-4eb0-b365-a8eac3032828",
"Permissions": [
"ReadInsurancePoliciesMotor"
],
"AccountIdExpirationDateTime": "f91d07d02024-6d8f-4e0e-9fb4-0ac61f84d11503-28T15:27:13+030",
"Transaction": [ { "Purpose": [
"TransactionId": "668f2fc8-7aa8-411b-bb9f-7571a90e7512", "TransactionReference": "1852efce-bedc-4fda-ba51-0f76c9137f91",MotorInsuranceQuote"
"CreditDebitIndicator": "Debit",]
"Status": "Booked", },
"TransactionMutabilitySubscription": "", {
"BookingDateTimeWebhook": "2022-08-24T07:27:00.556Z", {
"ValueDateTimeUrl": "2022-08-24T07:27:00.556Z",https://api.tpp1.com/webhook/callbackUrl",
"TransactionInformation": "Foo Group ",
"IsActive": false
"Amount": { }
"Amount": "41.10", }
"Currency": "AED" }
]
},
"BankTransactionCode} |
4.3.2 The TPP updates a Webhook Subscription preference with the OFP
4.3.2.1 Request: Activate Webhook events
| Code Block |
|---|
PATCH /open-finance/insurance/v1.0-draft3/insurance-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa HTTP/1.1
Host: rs1.lab.api.openbanking.ae
Content-Type: application/json
x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead
Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1
{
"Subscription": {
"Webhook": {
"CodeIsActive": "CustomerCardTransactions",true
}
}
} |
4.3.2.2 Response: Webhook events activated
| Code Block |
|---|
HTTP/1.1 204 No Content
"SubCode": "CashWithdrawal"
},
"ProprietaryBankTransactionCodex-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead |
4.3.3 The TPP unsubscribes their Webhook Subscription with the OFP
4.3.3.1 Request: De-Activate Webhook events
| Code Block |
|---|
PATCH /open-finance/insurance/v1.0-draft3/insurance-consents/aac-69255d98-ab0e-4758-92a7-cacbf3073efa HTTP/1.1
Host: rs1.lab.api.openbanking.ae
Content-Type: application/json
x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead
Authorization: Bearer ad297304-1057-4c68-9e76-a96f300a27f1
{
"Subscription": {
"Webhook": {
"CodeIsActive": ""false
}
}
}
},
{
"TransactionId": "05b6bfde-ce5a-48e1-a448-66d75518f1e8",
"TransactionReference": "b5a6a869-730f-449d-badf-14ebf3980147",
"CreditDebitIndicator": "Debit",
"Status": "Booked",
"TransactionMutability": "",
"BookingDateTime": "2022-08-24T07:28:00.556Z",
"ValueDateTime": "2022-08-24T07:28:00.556Z",
"TransactionInformation": "Bar Holding",
"Amount": {
"Amount": "32.40",
"Currency": "AED"
},
"BankTransactionCode": {
"Code": "CustomerCardTransactions",
"SubCode": "CashWithdrawal"
}} |
4.3.3.2 Response: Webhook events de-activated
| Code Block |
|---|
HTTP/1.1 204 No Content
x-fapi-interaction-id: 3424a379-8274-4686-99bd-f420d08acead |
4.3.4 The TPP receives data from the OFP (specific to the consent and permissions) via its Webhook
4.3.4.1 The OFP generates a Self Signed JWT Authorization Token for Client Authentication with the TPP.
This JWT Authorization Token MUST be set in the Authorization Header.
| Code Block |
|---|
{
"alg": "PS256",
"typ": "JOSE",
"cty": "json",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "https://openbanking.masrif-ahmar.ae",
"sub": "e75c26bf-1682-401a-a227-ec125f6636ab",
"aud": "https://api.tpp.com/webhook/callbackUrl",
"exp": 1661378066,
"iat": 1661378036,
"nbf": 1661378036,
"jti": "274aa39d-d77a-46a9-b832-b2ced47919dd"
}
.
<<signature>> |
4.3.4.2 Request: OFP publishes signed/encrypted data to the registered Webhook Url provided by the TPP
The example below shows a signed and encrypted payload with the JWT Authorization Token set in the Authorization Header.
| Code Block |
|---|
POST /webhook/callbackUrl HTTP/1.1
Host: api.tpp.com
x-fapi-interaction-id: 77b0e830-b095-4c6c-94e8-20f83eaa799f
Content-Type: application/jwt
Date: Wed, 24 Aug 2022 07:28:00 AST
Authorization: Bearer eyJhbGciO9.eyJzdWImlhdCI6MTUxNjIzOTAyMn0.iOeN9eg
<<jwe>>
|
Here, <<jwe>> is a signed and encrypted payload. The JWS encapsulated by the JWE has the structure below:
| Code Block |
|---|
{
"alg": "PS256",
"kid": "e1be6bf3-76e6-4e53-92b9-c46423757ab1"
}
.
{
"iss": "string",
"exp": 1664950125,
"nbf": 1664950125,
"aud": [
"6uC8HSQ8C59SDSw43Cdm9YWxxjJmDV"
],
"iat": 1661378036,
"message": {
"Data": {
"PolicyType": "Motor",
"ProprietaryBankTransactionCodePolicyDetails": {
"CodeInsurancePolicyId": "176794ea-ee8c-4621-b824-b8cfa95db0ff",
"CustomerId": }"dcaaef9c-63cb-4c57-9f2a-a4986c4a958e",
...
} ]}
},
"Links": {
"Self": "https://rs1.openfinanceplatform.ae/open-finance/account-informationinsurance/v1.0-draft3/accountsinsurance-policies/f91d07d0176794ea-6d8fee8c-4e0e4621-9fb4b824-0ac61f84d115/transactionsb8cfa95db0ff"
},
"EventMeta": {
"EventDateTime": "2022-08-24T08:28:00.556Z",
"EventResource": "transactions",
"EventType": "UAEOF.Resource.Created24T07:28:00.556Z",
"ConsentIdEventResource": "aac-1a672e83-d1e5-42bc-b8e1-60a490ec52fd"insurance-policies",
} }
}
.
<<signature>> |
5. OpenAPI Specification
See the Bank Data API - Swagger page
6. Notes
IBAN
Passport, Driving Permit, IDCard, Residence Permit
ProprietaryBankTransactionCodes
This code is mandatory when the BenefeciaryCode with code specifying the Domain, Family, and SubFamily as per External Codes ISO20022 is absent. This code is a proprietary code from the LFI and does not have a defined code list.
7. Security
...
"EventType": "UAEOF.Resource.Updated",
"ConsentId": "6a6a826f-0930-4eb0-b365-a8eac3032828"
}
}
}
.
<<signature>> |
4.3.4.3 Response: TPP validates the Self Signed JWT Authorization Token from LFI, stores data, and acknowledges a successful response to the OFP
| Code Block |
|---|
HTTP/1.1 202 Accepted
x-fapi-interaction-id: 77b0e830-b095-4c6c-94e8-20f83eaa799f |
5. OpenAPI Specification
See the Insurance API - OpenAPI Documentation page.
6. Security
A insurance scope is used for accessing the insurance endpoints.
