...
Awesome api app render macro | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
openapi: 3.0.1 servers: - url: https://<your-ozone-connect-server> info: title: Ozone Connect - Service Initiation APIs description: | This document provides an API description in [OpenAPI](https://spec.openapis.org/oas/v3.0.1.html) for Service Initiation APIs for Ozone Connect. These APIs should be implemented by a Financial Institution so that Ozone can deliver Service Initiation capabilities to TPPs ### Changes in Release 2024.46.0 * Changed PersonalIdentifiableInformation to optional in AEPaymentRequest * Changed AERisk object to provide details of enhanced risk data encrypted as the payload of the JWE * Correct casing of properties in `post /payments` operation * Added payment file upload operation * Added file payment consent operation * Changed `tpp` property in `post /payments` to provide more information about the TPP and the Client software statement * Removed `FollowingServiceLevel` enum from `CurrencyRequest.ChargeBearer` * Removed `PaymentSequenceNumber` from `instruction.PaymentSequenceNumber` #### Changes in Release 2024.43.0 * Added `OpenFinanceBilling` object to request and response body of POST Payments and in GET Payments. #### Changes in Release 2024.37.0 * Added `default` response to each operation to aid understanding of error handling requirements. * Added missing `description` properties through the document. * Removed `additionalProperties: true` as not required and causes tooling issues #### Changes in Version 2024.34.1 * Removed propagateError field from the Error object. * Update exchangeRate and rateType properties * Refactored Security Scheme Objects to use common definitions across all API Hub APIs * Implemented the correct Security Requirements for this API description, reflecting security patterns available in API Hub #### Changes in Version 2024.34 * Introduced new endpoint Get /payment-consents/{consentId}/refund. * Cosmetic changes - Request Response Changes contact: name: Ozone Financial Technology Limited version: 2024.46.0 tags: - name: payments description: | APIs that should be implemented by Financial Institutions to expose Service Initiation capability to TPPs. security: - {} - OzoneConnectApiKey: [] - OzoneConnectClientCredentials: [ "placeholder" ] - OzoneConnectJwtAuth: [] paths: /payments: post: tags: - payments summary: Make a payment description: | This API is called by Ozone Connect to instruct a Financial Institution to initiate a payment once it has received a payment instruction from a TPP that has passed all local validations. The Financial Institution must process the payment and indicate a failure response (if the payment fails technical validation) or a success response (if the payment passess technical validation and is submitted to the payment rails for processing) The Financial Institution must generate a unique `PaymentId` that can be sent on to the TPP as a reference for the payment. If the underlying consent has been patched with a `bankConnectToken`, then the token is passed in as the authorization header. operationId: makePayment parameters: # common header parameters that set context - $ref: "#/components/parameters/providerId" - $ref: "#/components/parameters/aspspId" - $ref: "#/components/parameters/callerOrgId" - $ref: "#/components/parameters/callerClientId" - $ref: "#/components/parameters/callerSoftwareStatementId" - $ref: "#/components/parameters/apiUri" - $ref: "#/components/parameters/apiOperation" - $ref: "#/components/parameters/consentId" - $ref: "#/components/parameters/callerInteractionId" - $ref: "#/components/parameters/ozoneInteractionId" - $ref: "#/components/parameters/psuIdentifier" security: - {} - OzoneConnectApiKey: [] - OzoneConnectClientCredentials: [ "placeholder" ] - OzoneConnectJwtAuth: [] - OzoneConnectServiceInitiationToken: [] requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/PaymentPostRequest" responses: '201': description: successful operation content: application/json: schema: $ref: "#/components/schemas/AEPaymentIdResponse" '400': description: failed operation content: application/json: schema: $ref: "#/components/schemas/Error" default: $ref: "#/components/responses/Error" /payments/{paymentId}: get: operationId: getPayment tags: - payments summary: Get a payment description: | Ozone can call this API from Financial Institutions to retrieve payment information. parameters: # common header parameters that set context - $ref: "#/components/parameters/providerId" - $ref: "#/components/parameters/aspspId" - $ref: "#/components/parameters/callerOrgId" - $ref: "#/components/parameters/callerClientId" - $ref: "#/components/parameters/callerSoftwareStatementId" - $ref: "#/components/parameters/apiUri" - $ref: "#/components/parameters/apiOperation" - $ref: "#/components/parameters/consentId" - $ref: "#/components/parameters/callerInteractionId" - $ref: "#/components/parameters/ozoneInteractionId" - $ref: "#/components/parameters/psuIdentifier" - $ref: "#/components/parameters/paymentId" responses: '200': description: successful operation content: application/json: schema: $ref: "#/components/schemas/AEPaymentIdResponse" '400': description: failed operation content: application/json: schema: $ref: "#/components/schemas/Error" default: $ref: "#/components/responses/Error" /payments/{paymentId}/report-file: get: tags: - payments summary: report file for bulk payments description: | This API is called by Ozone Bank Connect to get a report file for a set of bulk payments operationId: reportFile parameters: # common header parameters that set context - $ref: "#/components/parameters/providerId" - $ref: "#/components/parameters/aspspId" - $ref: "#/components/parameters/callerOrgId" - $ref: "#/components/parameters/callerClientId" - $ref: "#/components/parameters/callerSoftwareStatementId" - $ref: "#/components/parameters/apiUri" - $ref: "#/components/parameters/apiOperation" - $ref: "#/components/parameters/consentId" - $ref: "#/components/parameters/callerInteractionId" - $ref: "#/components/parameters/ozoneInteractionId" - $ref: "#/components/parameters/psuIdentifier" - $ref: "#/components/parameters/paymentId" responses: '200': description: successful operation content: '*/*': schema: type: string description: Any content type. '400': description: failed operation content: application/json: schema: $ref: "#/components/schemas/Error" default: $ref: "#/components/responses/Error" /payment-consents/{consentId}/refund: getpost: tags: - payments summary: RetrieveCreate a Payment Consent payment consent for file payment operations description: | OzoneThis canoperation callallows thisa APIconsent fromto Financialbe Institutionscreated tofor retrieveBulk/Batch payment information.operations operationId: getRefund **ONLY**. This is supported due to the parameters:ordering of Bulk/Batch payment # common header parameters thatinstructions, setwhere contextthe Pushed Authorization Request is submitted and - $ref: "#/components/parameters/providerId" the payment file is -then $ref: "#/components/parameters/aspspId" uploaded before Authentication and Authorization - $ref: "#/components/parameters/callerOrgId" takes place. Creating the consent at the -LFI $ref: "#/components/parameters/callerClientId" allows the payment file data to - $ref: "#/components/parameters/callerSoftwareStatementId" be validated on receipt. - $ref: "#/components/parameters/apiUri" Please note that the Consent -Manager $ref: "#/components/parameters/apiOperation" API continues to be the source-of-truth for - $ref: "#/components/parameters/consentId" all consent types. - $ref: "#/components/parameters/callerInteractionId" operationId: createBulkBatchPaymentConsent - $refrequestBody: "#/components/parameters/ozoneInteractionId" description: Properties -of $ref: "#/components/parameters/psuIdentifier" the file payment consent. - namecontent: consentId application/json: in: path schema: type: string description: The properties of a file payment consent required: true descriptiontype: |object Identifies the consent byrequired: an id responses: - '200':consentId description: successful operation - request content: properties: application/json: consentId: schema: $ref: "#/components/schemas/RefundGetResponseAEConsentId" '400': request: description: failed operation content: $ref: '#/components/schemas/AEFilePaymentConsent' application/jsonparameters: - $ref: "#/components/parameters/providerId" schema: - $ref: "#/components/parameters/aspspId" - $ref: "#/components/schemasparameters/ErrorcallerOrgId" default- $ref: "#/components/parameters/callerClientId" - $ref: "#/components/responsesparameters/ErrorcallerSoftwareStatementId" components: responses: - Error$ref: "#/components/parameters/apiUri" - description$ref: Default error response"#/components/parameters/apiOperation" - content$ref: "#/components/parameters/consentId" application/json- $ref: "#/components/parameters/callerInteractionId" - schema$ref: "#/components/parameters/ozoneInteractionId" - $ref: "#/components/schemasparameters/ErrorpsuIdentifier" schemasresponses: PaymentPostRequest '201': description: The properties ofdescription: aFile payment requestconsent successfully created type: object '400': properties: description: failed requestUrl:operation typecontent: string descriptionapplication/json: | The (Ozone) URL at which the TPP requested for the payment schema: paymentType: $ref: "#/components/schemas/PaymentTypeError" requestdefault: $ref: "#/components/schemasresponses/AEPaymentAndFilePaymentRequestError" /payment-consents/{consentId}/file: post: requestHeaders: tags: $ref: "#/components/schemas/PaymentRequestHeaders" - payments tppsummary: Submit payment instruction file for bulk/batch payments $ref description: "#/components/schemas/tpp" supplementaryInformation: This operation allows a Bulk/Batch payment file to be transmitted to the LFI. The $ref: "#/components/schemas/SupplementaryInformation" required: data herein will be encoded according to the format already supported by the - paymentType LFI, with the API -Hub requestacting as a passthrough. - requestHeadersoperationId: createBulkBatchPaymentInstructionFile -requestBody: tpp additionalPropertiesdescription: falseFile containing payment instructions in LFI AEPaymentAndFilePaymentRequest:prescribed format description: The payment content: request body as received from the TPP '*/*': oneOf: - $refschema: "#/components/schemas/AEPaymentRequest" - $ref: "#/components/schemas/AEFilePaymentRequest" type: string AEPaymentRequest: parameters: description: | - $ref: Payment Request Schema"#/components/parameters/providerId" - type$ref: "object#/components/parameters/aspspId" additionalProperties: false - $ref: "#/components/parameters/callerOrgId" required: - "Data- $ref: "#/components/parameters/callerClientId" properties: - $ref: "#/components/parameters/callerSoftwareStatementId" Data: - $ref: "#/components/parameters/apiUri" description: Primary data for the- request $ref: "#/components/parameters/apiOperation" - type$ref: "object#/components/parameters/consentId" - additionalProperties$ref: false"#/components/parameters/callerInteractionId" - required$ref: "#/components/parameters/ozoneInteractionId" - $ref: - "ConsentId" "#/components/parameters/psuIdentifier" - "Instruction"name: consentId in: -path "PersonalIdentifiableInformation" schema: - "PaymentPurposeCode" type: string - "OpenFinanceBilling" propertiesrequired: true ConsentIddescription: | Identifies $ref: "#/components/schemas/AEConsentId" the consent by an id responses: Instruction: '204': $ref: "#/components/schemas/AEPaymentInstruction" description: File uploaded successfully CurrencyRequest'400': $refdescription: "#/components/schemas/AECurrencyRequest" failed operation content: PersonalIdentifiableInformation: application/json: $ref: "#/components/schemas/AEJWEPaymentPII" schema: PaymentPurposeCode: $ref: "#/components/schemas/AEPaymentPurposeCodeError" DebtorReferencedefault: $ref: "#/components/schemasresponses/AEStructuredDebtorReferenceError" /payment-consents/{consentId}/refund: get: CreditorReferencetags: - payments $ref: "#/components/schemas/AEStructuredCreditorReference" summary: Retrieve a Payment Consent OpenFinanceBillingdescription: | Ozone can call this API $ref: "#/components/schemas/AEServiceInitiationOpenFinancePaymentBilling" AEServiceInitiationOpenFinancePaymentBilling:from Financial Institutions to retrieve payment information. typeoperationId: objectgetRefund requiredparameters: -# Typecommon header parameters that set context properties: - Type$ref: "#/components/parameters/providerId" - enum$ref: "#/components/parameters/aspspId" - Collection $ref: "#/components/parameters/callerOrgId" - LargeValueCollection $ref: "#/components/parameters/callerClientId" - PushP2P $ref: "#/components/parameters/callerSoftwareStatementId" - PullP2P $ref: "#/components/parameters/apiUri" - $ref: - Me2Me"#/components/parameters/apiOperation" - description$ref: The type payment for billing"#/components/parameters/consentId" - $ref: "#/components/parameters/callerInteractionId" type: string - MerchantId$ref: "#/components/parameters/ozoneInteractionId" - description$ref: "MerchantId#/components/parameters/psuIdentifier" - typename: "string"consentId minLengthin: 8path maxLengthschema: 20 description: Billing parameters specified by thetype: TPPstring for a payment initiation additionalPropertiesrequired: falsetrue AEServiceInitiationOpenFinancePaymentBillingGet: description: | type: object required: Identifies the consent by an -id Type propertiesresponses: NumberOfSuccessfulTransactions'200': typedescription: successful "integer"operation descriptioncontent: | application/json: Number of individual transactions successfully executed by the LFI. schema: This is returned by the LFI after the file is fully processed.$ref: "#/components/schemas/RefundGetResponse" Type'400': enumdescription: failed operation content: - Collection application/json: - LargeValueCollection schema: - PushP2P - PullP2P$ref: "#/components/schemas/Error" default: - Me2Me $ref: "#/components/responses/Error" components: descriptionresponses: Error: The type payment for billing description: Default error response typecontent: string MerchantIdapplication/json: descriptionschema: "MerchantId" type$ref: "string#/components/schemas/Error" schemas: minLengthPaymentPostRequest: 8 description: The properties of a maxLength:payment 20request descriptiontype: Billingobject parameters specified by the TPP for aproperties: payment initiation additionalPropertiesrequestUrl: false AEJWEPaymentPII: type: string type: string description: |2- A JSON Web Encryption (JWE) object,The (Ozone) URL at which encapsulatesthe a JWS. The value is a compact serializationTPP requested for the payment paymentType: of a JWE, which is a string consisting of five base64url-encoded parts joined by dots. It encapsulates encrypted content using JSON data structures.$ref: "#/components/schemas/PaymentType" request: $ref: "#/components/schemas/AEPaymentAndFilePaymentRequest" The decryptedrequestHeaders: JWS content has the structure of the AEPaymentPII schema. $ref: "#/components/schemas/PaymentRequestHeaders" AEConsentId: typetpp: string minLength: 1 $ref: "#/components/schemas/tpp" maxLength: 128 descriptionsupplementaryInformation: >- Unique identification assigned by the TPP to identify the consent $ref: "#/components/schemas/SupplementaryInformation" required: resource. - paymentType AEFilePaymentRequest: - request description: | - requestHeaders File Payment Request Schema - tpp type: "object" additionalProperties: false requiredAEPaymentAndFilePaymentRequest: description: The -payment "Data"request body as received from the TPP properties: oneOf: Data: - $ref: "#/components/schemas/AEPaymentRequest" description: Primary data for the request - $ref: "#/components/schemas/AEFilePaymentRequest" AEPaymentRequest: type: "object" description: | additionalProperties: false Payment Request Schema requiredtype: "object" additionalProperties: false - "ConsentId" required: - "PaymentPurposeCodeData" properties: properties: Data: ConsentIddescription: Primary data for the request $reftype: "#/components/schemas/AEConsentIdobject" additionalProperties: false Instruction: required: $ref: "#/components/schemas/AEFilePaymentConsent" - "ConsentId" PaymentPurposeCode: - "Instruction" $ref: "#/components/schemas/AEPaymentPurposeCode" - "PaymentPurposeCode" DebtorReference: - "OpenFinanceBilling" $ref: "#/components/schemas/AEStructuredDebtorReference" properties: AEFilePaymentConsent: type ConsentId: "object" description: | $ref: "#/components/schemas/AEConsentId" A file based payment consent. Instruction: A Consent definition for defining Multi Payments requiredtype: "object" - "FileType" additionalProperties: false - "FileHash" - "NumberOfTransactions" required: - "ControlSum" properties: - "Amount" FileType: $refdescription: "#/components/schemas/AEFileType" FileHash: $ref: "#/components/schemas/AEFileHash" FileReference:The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor for a single payment." $ref: "#/components/schemas/AEReference" properties: NumberOfTransactions: $refAmount: "#/components/schemas/AEFileNumberOfTransactions" ControlSum: description: The Currency and $ref: "#/components/schemas/AEControlSum" Amount relating to the Payment RequestedExecutionDate: $reftype: "#/components/schemas/AERequestedExecutionDateobject" additionalProperties: false AERequestedExecutionDate: descriptionrequired: | The date when the TPP expects the LFI to execute the payment.- "Amount" The date must be in the future and cannot be on the same day- or"Currency" a day in the past. The maximum date in the future that can be specified is 1 year from the day of the consent of the User to the TPP. properties: Amount: All dates in the JSON payloads are represented in ISO 8601 date format. type$ref: "string#/components/schemas/AEActiveOrHistoricAmount" format: "date" AEFileNumberOfTransactions: typeCurrency: "integer" description: | Number of individual transactions contained in the payment information group.$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode" AEControlSum: CurrencyRequest: description: | Total ofdescription: allThe individualdetails amountsof includedthe innon-local thecurrency group,or irrespectiveFX ofrequest currencies.that has been agreed type: "string" pattern: "^\\d{1,16}\\.\\d{2}$" between the example: "100.00" AEReference:User and the TPP. The requested ChargeBearer and description: | A reasonExchangeRateInformation orare referenceincluded in relationthis object tomay abe payment.overwritten Reason or reference for the beneficiary regarding the Payment by the LFI in the returned type: "string"Consent object. minLength: 1 maxLengthtype: "object" 120 AEFileType: typeadditionalProperties: "string"false description: "Specifies the payment file type" required: minLength: 1 maxLength: 40 - AEFileHash:"ExtendedPurpose" type: "string" description: "A base64- encoding"CurrencyOfTransfer" of a SHA256 hash of the file to be uploaded." properties: minLength: 1 maxLength: 44 AEStructuredCreditorReferenceInstructionPriority: description: | A reason ordescription: reference"Indicator inof relationthe tourgency aor payment,order setof toimportance facilitatethat athe structuredinstructing Creditorparty referencewould consistinglike of:the instructed party to apply to the processing of the *instruction." TPP ID and BIC for the Debtor Account, followed by freeform text to a maximum of 120 characters. type: "string" The TPP ID value will match the organization ID value from theenum: Trust Framework, and therefore will be a v4 UUID. A BIC is- specific"Normal" according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length. - "Urgent" If the value of the concatenated string exceeds 120 characters, the TPP must first omit or truncate the freeform element of the reference. ExtendedPurpose: description: "Specifies the purpose of an international payment, when there is no corresponding 4 character code available in the ISO20022 list of Purpose Codes." type: "string" minLength: 1 maxLength: 120: 140 ChargeBearer: pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"$ref: "#/components/schemas/AEChargeBearerType1Code" AEPaymentInstruction: CurrencyOfTransfer: type: "object" additionalProperties: false requireddescription: "Specifies the currency of the to be transferred amount, -which "Amount"is different from the currency of the description: "The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor for a single payment."debtor's account." type: "string" properties: pattern: "^[A-Z]{3,3}$" Amount: $refDestinationCountryCode: "#/components/schemas/AEActiveCurrencyAmount" PaymentType: type: string description: "Country description:in |which Credit Account is domiciled. Code to identify a Thecountry, typea ofdependency, theor paymentanother thatarea isof beingparticular created.geopolitical interest, on the basis of country names obtained from Eachthe LFI'sUnited instanceNations may(ISO support a different set of payment types3166, Alpha-2 code)." depending on the standards supported. type: "string" For example, pattern: "[A- cbuae-payment (Single Instant Payment, Multi Payment - Fixed and Variable Recurring Payment, Future Dated Payment etc) Z]{2,2}" ExchangeRateInformation: - cbuae-file-payment PaymentRequestHeaders: type: "object" description: | The entire setadditionalProperties: offalse HTTP request headers that was received by Ozone from the TPP tpp: required: description: The TPP record as held by Ozone. If Ozone TPP Connect has been integrated into a- "UnitCurrency" directory, the `directoryRecord` provides the TPP's directory record as held by Ozone in- "RateType" base 64 encoded format. typedescription: object"Provides details on the currency exchange rate required:and contract." - clientId - orgIdproperties: - softwareStatementId - tppId UnitCurrency: - tppName - decodedSsa description: "Currency in properties:which the rate of exchange is expressed in clientId: description: The client identifier for the TPP as issued by the Trust Frameworka currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP." type: "string" pattern: '^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$' pattern: "^[A-Z]{3,3}$" tppId: descriptionExchangeRate: The identifier used by the API Hub to uniquely identify the TPP typedescription: string"The factor used for conversion of an amount from tppName:one currency to another. This reflects the price at which one description:currency Thewas TPPbought namewith recorded in the Trust Frameworkanother currency." type: string obieTppIdtype: "number" description: The UK market TPP identifier. This property is not used forRateType: CBUAE and is therefore marked as deprecated. description: "Specifies the type used to complete the type: stringcurrency exchange." deprecated: true softwareStatementId: type: "string" description: The software statement identifier for the Client. enum: type: string obieSoftwareStatementId: description: The- UK"Actual" market software statement identifier. This property is not used for CBUAE and is- therefore"Agreed" marked as deprecated. type: string - deprecated:"Indicative" true obieSoftwareStatementName: descriptionContractIdentification: The UK market software statement name. This property is not used for CBUAE and description: "Unique and unambiguous reference isto thereforethe markedforeign asexchange deprecated.contract agreed between the initiating party/creditor and the debtor agent." type: string deprecated: true directoryRecordtype: "string" type: string descriptionminLength: The1 latest copy of the TPP directory record retrieve from the CBUAE Trust Framework maxLength: 256 directory, encoded as a Base 64 string PersonalIdentifiableInformation: format: base64 description: Personal Identifiable Information, represented in both encoded and decoded form ssa: description: The encodedusing Softwarea Statement`oneOf`, Assertion.to Thishelp propertyimplementers isreadily notunderstand usedboth forthe CBUAEstructure and is thereforeserialized form markedof asthe deprecatedproperty. type: string **Implementations MUST reflect the AEJWEPaymentPII Schema Object** deprecated: true decodedSsa: **structure and the notes provided $ref: "#/components/schemas/softwareStatementProperties" on implementing a JWS and JWE** orgId: description: **The decoded organizationform AEPaymentPII identifieris for the TPP guidance on content only** typeoneOf: string pattern: '^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$'- $ref: "#/components/schemas/AEJWEPaymentPII" softwareStatementProperties: - description$ref: |"#/components/schemas/AEPaymentPII" The decoded software statement retrievedPaymentPurposeCode: from the Trust Framework that provides the properties of the Client.$ref: "#/components/schemas/AEPaymentPurposeCode" DebtorReference: Please note: $ref: "#/components/schemas/AEStructuredDebtorReference" - The JSON payload will contain other propertiesCreditorReference: in addition to those listed $ref: "#/components/schemas/AEStructuredCreditorReference" here. The properties listed here are considered most relevant for activitiesOpenFinanceBilling: such as TPP logo retrieval and JWS verification. $ref: "#/components/schemas/AEServiceInitiationOpenFinancePaymentBilling" AEServiceInitiationOpenFinancePaymentBilling: type: object - The content reflects elements ofrequired: discovery metadata, which in generally - Type properties: defined as a file rather than an API. ProvidingType: constraints such as enum: `minLength` and `maxLength` is impractical in this context - Collection The full software statement record is- alsoLargeValueCollection available in the Trust Framework. - PleasePushP2P also refer the Registration Framework page in the CBUAE standards for - PullP2P additional guidance on these properties. - Me2Me type: object propertiesdescription: The type payment for billing redirect_uris: descriptiontype: Thestring redirect URIs registered by the TPP at the Trust FrameworkMerchantId: typedescription: array"MerchantId" itemstype: "string" typeminLength: string8 client_name: maxLength: 20 description: Billing Nameparameters specified ofby the ClientTPP for toa bepayment presentedinitiation to the End-User. additionalProperties: false typeAEServiceInitiationOpenFinancePaymentBillingGet: string type: object client_uri: required: description: URL of- theType home page of the Client. properties: typeNumberOfSuccessfulTransactions: string logo_uritype: "integer" description: URL| of the Client logo. Number of type:individual stringtransactions successfully executed by the LFI. jwks_uri: This description:is URLreturned ofby the ClientLFI JSONafter Webthe Keyfile Setis (JWKS) at the Trust Frameworkfully processed. Type: type: string client_idenum: description: Unique- ClientCollection Identifier. type: string- LargeValueCollection roles: - PushP2P description: The roles under which the organization is registered- atPullP2P the Trust Framework. - type: arrayMe2Me itemsdescription: The type payment for billing type: string sector_identifier_uriMerchantId: description: URL"MerchantId" using the https scheme to be used in calculating Pseudonymous Identifierstype: "string" minLength: 8 by the OP. Allows redirect URI values to be grouped, easingmaxLength: registration20 description: Billing parameters specified by the management.TPP for a payment initiation typeadditionalProperties: stringfalse AEJWEPaymentPII: application_type: type: string description: Client|2- application type. type:A stringJSON Web Encryption (JWE) object, which encapsulates a organisation_id: JWS. The value is a compact serialization description: Organization identifier for organization thatof ownsa theJWE, Client.which is a string consisting of five base64url-encoded parts joined by type:dots. stringIt encapsulates encrypted content using JSON SupplementaryInformation:data structures. type: object description:The |decrypted JWS content has the structure of the AEPaymentPII Theschema. `SupplementaryInformation` object may have arbitraryAEPaymentPII: custom fields that a Financial Institution may usetype: "object" AEPaymentIdResponseadditionalProperties: false description: | "Elements of Personal Identifiable Information data" Theproperties: payment response to be passed on to the TPP.Initiation: The structure of this response is aligned to the structure of the response for the CBUAE payment initiation API.type: "object" additionalProperties: false typedescription: "object"The Initiation payload is sent by the initiating additionalProperties:party falseto the LFI. It is used to required:request movement of funds from the debtor account to -a "datacreditor." properties: properties: data: CreditorAgent: type: "object" description$ref: "Required fields are common for all the payments including file payment. Apart from that, paymentTransactionId is required for all payments except file payments""#/components/schemas/AECreditorAgent" Creditor: type: "object" additionalProperties: false required: description: "Party to which an amount of money is due." - "id" properties: - "status" Name: - "statusUpdateDateTime" - "creationDateTime" description: | - "paymentPurposeCode" Name properties:by which a party is known and which is usually used to identify id:that party. description: An API specific unique identification as assignedThis bymay thebe LFIused to identify the Creditor domesticfor Paymentinternational resourcepayments. type: "string" consentId: minLength: 1 description: Unique identification assigned by the TPP to identify the consent resource.maxLength: 140 type: string PostalAddress: paymentTransactionId: $ref: "#/components/schemas/AEAddress" description: | CreditorAccount: This is an end-to-end identifier that is generated by the underlying payment rails when it is sent from an Originating LFI to a Receiving LFI. $ref: "#/components/schemas/AECreditorAccount" ConfirmationOfPayeeResponse: $ref: "#/components/schemas/AEConfirmationOfPayeeResponse" For IPP transactions, thisRisk: is the IPP generated identifier. $ref: "#/components/schemas/AERisk" AECreditorAgent: This propertydescription: is| not the same as the `transactionId` in the BankRefers Datato Sharingthe TransactionsFinancial APIInstitution. type: "object" required: The `paymentTransactionId` must be populated if the- payment"SchemeName" is processed by the LFI, and updated at the- Consent"Identification" Manager Payment Log API using the `patch`properties: operation. typeSchemeName: string statustype: "string" description: | Refers to the Identification Specifiesscheme thefor statusuniquely ofidentifying the paymentAgent. information group * BICFI: The BIC/SWIFT Code * Pending: Payment initiation or individual transaction included in the payment initiation is* pending.Other: FurtherThe checksID; andA statusCountry updateCode willfollowed beby performed.a Bank Code (4 character code). The full list of LFI names and 6 digits IDs are *as Rejectedfollows: The payment initiation has been rejected enum: * AcceptedSettlementCompleted: Settlement of the Debtor's account has been completed- "BICFI" - "Other" * AcceptedCreditSettlementCompletedIdentification: When the Creditor account has been credited with the funds ofdescription: the| payment initiated via the TPP The Agent is the Country Code followed by a *Bank AcceptedWithoutPosting:Code" When the Recipient Bank has accepted the payment but has not applied the credit to the Creditor account yet. type: "string" Name: description: "Name by type:which stringan agent is known and which is usually used to identify that agent." enum: type: "string" - "Pending" minLength: 1 maxLength: 140 - "AcceptedSettlementCompleted" PostalAddress: -$ref: "AcceptedCreditSettlementCompleted#/components/schemas/AEAddress" AECreditorAccount: description: "Unambiguous identification of the -account "AcceptedWithoutPosting"of the creditor to which a credit entry will be posted." -type: "Rejected" object" additionalProperties: false required: - "ReceivedSchemeName" - "Identification" statusUpdateDateTime: - "Name" descriptionproperties: Date and time at which the resource status wasSchemeName: updated. $ref: "#/components/schemas/AECreditorExternalAccountIdentificationCode" type: string Identification: format: date-time$ref: "#/components/schemas/AEIdentification" Name: creationDateTime: $ref: "#/components/schemas/AEName" description TradingName: Date and time at which the message was created. $ref: "#/components/schemas/AETradingName" AEAddress: typedescription: | string (Array) Address information that locates and identifes a specific address, as format: date-time defined by a national or international postal service." type: "array" charges minItems: 1 items: $ref type: "#/components/schemas/AECharges"object" required: exchangeRate: - "AddressType" $ref:- "#/components/schemas/AEExchangeRateInformation"Country" properties: currencyRequest: AddressType: $ref: "#/components/schemas/AECurrencyRequestAEAddressTypeCode" instructionShortAddress: $ref: "#/components/schemas/AEPaymentInstructionAEShortAddress" paymentPurposeCodeUnitNumber: $ref: "#/components/schemas/AEPaymentPurposeCodeAEUnitNumber" debtorReferenceFloorNumber: $ref: "#/components/schemas/AEStructuredDebtorReferenceAEFloorNumber" openFinanceBillingBuildingNumber: $ref: "#/components/schemas/AEServiceInitiationOpenFinancePaymentBillingGetAEBuildingNumber" metaStreetName: $ref: "#/components/schemas/MetaAEStreetName" AECharges: SecondaryNumber: description: List of charges associated with the payment request type$ref: "array#/components/schemas/AESecondaryNumber" items: District: type: "object" $ref: additionalProperties: false"#/components/schemas/AEDistrict" descriptionPostalCode: | Set of elements used to provide details of a charge for the payment initiation.$ref: "#/components/schemas/AEPostalCode" POBox: * For Payments, these Charges are on the Debtor.$ref: "#/components/schemas/AEPOBox" ZipCode: required: -$ref: "chargeBearer"#/components/schemas/AEZipCode" City: - "type" -$ref: "amount#/components/schemas/AECity" properties: chargeBearerRegion: $ref: "#/components/schemas/AEChargeBearerType1CodeAERegion" typeCountry: $ref: "#/components/schemas/AEExternalPaymentChargeTypeCodeAECountryCode" amountadditionalProperties: false AEAddressTypeCode: $refdescription: "#/components/schemas/AEActiveCurrencyAmount" AEChargeBearerType1Code:Specifies the nature of the Address." description: "Specifies which party/parties will bear the charges associated with the processing of the payment transaction."type: "string" enum: - "Business" type: "string" - enum:"Correspondence" - "BorneByCreditorResidential" example: "Residential" - "BorneByDebtor" AEShortAddress: -description: "Shared"A short address consists of four AEExternalPaymentChargeTypeCodeletters: region code, branch code, division description: "Charge type, in a coded formcode, unique code and a four-digit number for the building." type: "string" enumminLength: 1 - "VAT"maxLength: 8 example: - "FeesABCD1234" AEActiveCurrencyAmountAEUnitNumber: description: |"Identifies the unit or apartment number." The Currency and Amount relating to the Payment, Refund or Request to Paytype: "string" minLength: 1 typemaxLength: "object"10 requiredexample: "6" AEFloorNumber: - "amount" description: "Identifies the building floor number." -type: "currencystring" propertiesminLength: 1 amountmaxLength: 10 example: "2" $ref: "#/components/schemas/AEActiveOrHistoricAmount" AEBuildingNumber: currencydescription: "Identifies the building number." $reftype: "#/components/schemas/AEActiveOrHistoricCurrencyCodestring" AEActiveOrHistoricAmount minLength: 1 description maxLength: "A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 421710 example: "34" AEStreetName: description: "Identifies the street name or road." type: "string" patternminLength: "^\\d{1,16}\\.\\d{2}$"1 maxLength: 70 example: "100.00Omar Bin Hassan Street" AEActiveOrHistoricCurrencyCodeAEDistrict: description: "AIdentifies 3the characterdistrict alphabeticof code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'a city." type: "string" minLength: 1 maxLength: 35 example: "Olaya Dist." AECountryCode: description: "Indicates the country code in which the address is located (References ISO 3166-1 alpha-2)." type: "string" pattern: "^[A-Z]{32,32}$" example: "AEDSA" AEExchangeRateInformationAEPostalCode: typedescription: "object" additionalProperties: false required: Identifies the postal code; a unique code assigned to a specific geographic area for efficient mail sorting and delivery purposes." -type: "unitCurrencystring" minLength: 1 - "exchangeRate" maxLength: 10 - "rateType" example: "12345" description: "Further detailedAEPOBox: information on the exchange rate that has beendescription: used" inIdentifies the payment transactionPOBox." properties:type: "string" minLength: 1 unitCurrency: maxLength: 10 descriptionexample: "11562"Currency in which the rate ofAEZipCode: exchange is expressed in a currency exchange. Indescription: "Identifies the example 1GBP = xxxCUR, the unit currency is GBP." ZIP code; a unique code assigned to a specific geographic area for efficient mail sorting and delivery purposes." type: "string" minLength: 1 patternmaxLength: "^[A-Z]{3,3}$"10 example: "12366" exchangeRate: AESecondaryNumber: description: "The factor used for conversion4 numbers representing the accurate location coordinates of anthe amountaddress" from one currency to another. This reflects the price at which one currency was bought with another currency." type: "string" minLength: 4 maxLength: 4 typeexample: "number1233" rateTypeAECity: description: "SpecifiesIdentifies the typename usedof tothe completecity theor currencytown exchange."where the address is situated." type: "string" minLength: 1 enum: maxLength: 35 example: - "ActualRiyadh" AERegion: - "Agreeddescription: "Identifies the region." type: "string" - "Indicative" minLength: 1 contractIdentificationmaxLength: 35 descriptionexample: "UniqueNorth" and unambiguous reference to theAEDebtorIndicators: foreign exchange contract agreed between the initiating party/creditor and the debtor agent."type: "object" description: | type: "string" Debtor (User) Indicators minLengthproperties: 1 Authentication: maxLength: 256 type: "object" expirationDateTime: description: "SpecifiedThe authentication datemethod andused timeby the exchangeUser rateto agreementaccess willtheir expire.All dates inaccount with the JSONTPP" payloads are represented in ISO 8601 date-time format. \nAll date-time fieldsproperties: in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00" AuthenticationChannel: type: "string" description: Channel on which the format: "date-time" User was authenticated AECurrencyRequest: description: | type: string The details of the non-local currency or FX request thatenum: has been agreed between the User and the TPP. - TheApp requested ChargeBearer and ExchangeRateInformation are included in this object may be overwritten by the LFI in the- returnedWeb Consent object. type: "object" additionalPropertiesPossessionFactor: false required: type: - "currencyOfTransferobject" properties: instructionPrioritydescription: "The User's possession, that only the User possesses" descriptionproperties: "Indicator of the urgency or order of importance that the instructing party would like the instructed partyIsUsed: to apply to the processing of the instruction." type: "stringboolean" enum: Type: - "Normal" -type: "Urgentstring" extendedPurpose: descriptionenum: "Specifies the purpose of an international payment, when there is no corresponding 4 character code available in the ISO20022 list of- PurposeFIDO2SecurityKey Codes." type: "string" - Passkey minLength: 1 maxLength: 140 - OTPDevice chargeBearer: $ref: "#/components/schemas/AEChargeBearerType1Code" - OTPApp currencyOfTransfer: description: "Specifies the currency of the to be transferred amount,- whichSMSOTP is different from the currency of the debtor's account." type: "string"- EmailOTP pattern: "^[A-Z]{3,3}$" destinationCountryCode: - PushNotification description: "Country in which Credit Account is domiciled. Code to identify a country,- aWebauthnToken dependency, or another area of particular geopolitical interest, on the basis of country names obtained from the United Nations (ISO 3166, Alpha-2 code)."SecureEnclaveKey type: "string" - pattern: "[A-Z]{2,2}"HardwareOTPKey exchangeRateInformation: type: "object"- TrustedDevice additionalProperties: false - Other required: KnowledgeFactor: - "unitCurrency" -type: "rateTypeobject" description: "Provides details onThe User's knowledge, that only the currencyUser knows" exchange rate and contract." properties: unitCurrency IsUsed: description type: "Currencyboolean" in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP." Type: type: "string" pattern: "^[A-Z]{3,3}$" enum: exchangeRate: - PIN description: "The factor used for conversion of an amount from one currency to another. This reflects the price- atPassword which one currency was bought with another currency." - SecurityQuestion type: "number" rateType: - SMSOTP description: "Specifies the type used to complete the currency exchange." - EmailOTP type: "string" - OTPPush enum: - "Actual"Other InherenceFactor: - "Agreed" type: "object" - "Indicative" description: "The User's inherance, that contractIdentification:is unique to the User's physical characteristics" description: "Unique and unambiguous reference to theproperties: foreign exchange contract agreed between the initiating party/creditor and the debtor agent." IsUsed: type: "stringboolean" minLength Type: 1 maxLengthtype: 256"string" AEPaymentPurposeCode: description: A category code thatenum: relates to the type of services or goods that corresponds to the underlying purpose of the payment. The code must conform- toBiometric the published AANI payment purpose code list. type: "string" - minLength:Fingerprint 1 maxLength: 4 pattern: "^[A-Z]{3}$" - FaceRecognition AEStructuredDebtorReference: description: | A reason or reference- inIrisScan relation to a payment, set to facilitate a structured Debtor reference consisting of: - VoiceRecognition * For payments to Merchants: TPP ID, Merchant ID, BIC for the Creditor Account, followed by freeform text to a maximum- ofFIDOBiometric 120 characters. * For other payments: TPP ID and BIC for the- CreditorDeviceBiometrics Account, followed by freeform text to a maximum of 120 characters. The- TPPOther ID value will match the organization ID value from the Trust Framework, andChallengeOutcome: therefore will be a v4 UUID. type: The"string" Merchant ID wil be as per the existing IPP rules for the Merchant identification, anddescription: will"The incorporateresult theof Trademulti-factor Licenseauthentication numberperformed forby the Merchant.TPP, with NotPerformed indication the User was not required to Aauthenticate BIC is specific accordingbefore consenting to the standardrequested formatpayment" for ISO 20022, and can therefore be either 8 or 11 characters in length. enum: If the value of the concatenated string exceeds 120- characters,Pass the TPP must omit or truncate the freeform element of the reference. - Fail oneOf: - description: Merchant-initiated payment, containing Merchant identifier - NotPerformed AuthenticationFlow: type: "string" enum: minLength: 1 - MFA - Other AuthenticationValue: maxLength: 120type: "string" pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},Merchant=[A-Z0-9]{3}-[A-Z]{4}-TL.+-[0-9]{4},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)" - description: Non-merchant payment, containing TPP ID, BIC, and free form text type: "string" minLength: 1 maxLength: 120 description: "Cryptographic proof of authentication where supported by the device and protocol." ChallengeDateTime: type: "string" format: "date-time" UserName: type: "object" description: "The Name of the User initiating the Payment" properties: en: type: "string" description: "English value of the string" ar: type: "string" description: "Arabic value of the string" GeoLocation: type: "object" description: "GPS to identify and track the whereabouts of the connected electronic device." required: - Latitude - Longitude properties: Latitude: type: "string" description: "latitude" Longitude: type: "string" description: "longitude" DeviceInformation: type: "object" description: "Detailed device information" properties: DeviceId: type: "string" description: "IMEISV number of the connected electronic device" AlternativeDeviceId: type: "string" description: "Alternative identifier for the connected electronic device" DeviceOperatingSystem: type: "string" description: "Device operating system" DeviceOperatingSystemVersion: type: "string" description: "Device operating system version" DeviceBindingId: type: "string" description: "An identifier that associates a device uniquely with a specific application" LastBindingDateTime: type: "string" format: "date-time" description: "Date and time when the device was last bound to the application" BindingDuration: type: "string" format: "duration" description: "ISO 8601 duration since device was last bound (e.g., P30D for 30 days)" BindingStatus: type: "string" description: "Current status of the device binding" enum: - Active - Expired - Revoked - Suspended DeviceType: type: "string" description: "Type of device used" enum: - Mobile - Desktop - Tablet - Wearable - Other DeviceManufacturer: type: "object" properties: Model: type: "string" description: "Device model name" maxLength: 50 Manufacturer: type: "string" description: "Device manufacturer" maxLength: 50 DeviceLanguage: type: "string" description: "Device language" DeviceLocalDateTime: type: "string" description: "Device local time" ConnectionType: type: "string" description: "Type of connection to the internet" enum: - WiFi - Cellular - Other ScreenInformation: type: "object" properties: PixelDensity: type: "number" description: "Screen pixel density" Orientation: type: "string" enum: - Portrait - Landscape BatteryStatus: type: "object" properties: Level: type: "number" minimum: 0 maximum: 100 IsCharging: type: "boolean" TouchSupport: type: "object" properties: Supported: type: "boolean" MaxTouchPoints: type: "integer" minimum: 0 MotionSensors: type: "object" properties: Status: type: "string" enum: - InMotion - Stationary Accelerometer: type: "boolean" Gyroscope: type: "boolean" DeviceEnvironmentContext: type: "array" description: "List of device environment context" items: type: "string" enum: - VPNDetected - EmulatorDetected BiometricCapabilities: type: "object" description: "Device biometric capabilities" properties: SupportsBiometric: type: "boolean" description: "Whether device supports biometric authentication" BiometricTypes: type: "array" description: "Types of biometric authentication supported" items: type: "string" enum: - Fingerprint - FacialRecognition - Iris - VoicePrint - Other AppInformation: type: "object" description: "Mobile application specific information" properties: AppVersion: type: "string" description: "Version of the mobile application" PackageName: type: "string" description: "Application package identifier" BuildNumber: type: "string" description: "Application build number" BrowserInformation: type: "object" description: "Browser-specific information" properties: UserAgent: type: "string" description: "Complete browser user agent string" IsCookiesEnabled: type: "boolean" description: "Whether cookies are enabled in the browser" AvailableFonts: type: "array" description: "List of available fonts" items: type: "string" Plugins: type: "array" description: "List of installed browser plugins" items: type: "string" PixelRatio: type: "number" description: "Device pixel ratio for scaling" UserBehavior: type: "object" description: "User behavior indicators" properties: ScrollBehavior: type: "object" properties: Direction: type: "string" enum: - Up - Down - Both Speed: type: "number" description: "Average scroll speed in pixels per second" Frequency: type: "number" description: "Number of scroll events per minute" AccountRiskIndicators: type: "object" description: "Risk indicators related to the account" properties: UserOnboardingDateTime: type: "string" format: "date-time" description: "The exact date and time when the User account was activated with the TPP." LastAccountChangeDate: type: "string" format: "date" description: "Date that the User's account was last changed" LastPasswordChangeDate: type: "string" format: "date" description: "Date of the last password change by the User" SuspiciousActivity: type: "string" description: "Indicates any suspicious activity associated with the account" enum: - NoSuspiciousActivity - SuspiciousActivityDetected TransactionHistory: type: "object" properties: LastDay: type: "integer" description: "Total transactions made by the account in the last 24 hours" minimum: 0 LastYear: type: "integer" description: "Total transactions made by the account in the past year" minimum: 0 SupplementaryData: type: "object" description: | Additional information that cannot be captured in the structured fields and/or any other specific block This may include information that is not available in the structured fields, such as a user's behavioural data like their typing speed and typing patterns. properties: {} AETransactionIndicators: type: "object" description: | Transaction Indicators properties: IsCustomerPresent: description: "This field differentiates between automatic and manual payment initiation." type: boolean IsContractPresent: description: "Indicates if the Creditor has a contractual relationship with the TPP." type: boolean Channel: description: "Where the payment has been initiated from." type: "string" enum: - Web - Mobile ChannelType: type: "string" description: "The channel through which the transaction is being conducted" enum: - ECommerce - InStore - InApp - Telephone - Mail - RecurringPayment - Other SubChannelType: type: "string" description: "More specific classification of the transaction channel" enum: - WebBrowser - MobileApp - SmartTV - WearableDevice - POSTerminal - ATM - KioskTerminal - Other PaymentProcess: type: "object" description: "Metrics related to the payment process duration and attempts" properties: TotalDuration: type: "integer" description: "Total time in seconds from payment initiation to completion" minimum: 0 CurrentSessionAttempts: type: "integer" description: "Number of payment attempts in the current session" minimum: 1 CurrentSessionFailedAttempts: type: "integer" description: "Number of failed payment attempts in the current session" minimum: 0 Last24HourAttempts: type: "integer" description: "Number of payment attempts in the last 24 hours" minimum: 0 Last24HourFailedAttempts: type: "integer" description: "Number of failed payment attempts in the last 24 hours" minimum: 0 MerchantRisk: type: "object" description: "Risk indicator details provided by the merchant" properties: DeliveryTimeframe: type: "string" description: "Timeframe for the delivery of purchased items" enum: - ElectronicDelivery - SameDayShipping - OvernightShipping - MoreThan1DayShipping ReorderItemsIndicator: type: "string" description: "Indicates if the transaction is a reorder" enum: - FirstTimeOrder - Reorder PreOrderPurchaseIndicator: type: "string" description: "Indicates if this is a pre-ordered item" enum: - MerchandiseAvailable - FutureAvailability IsGiftCardPurchase: type: "boolean" description: "Indicates if the transaction includes a gift card" IsDeliveryAddressMatchesBilling: type: "boolean" description: "Indicates if delivery address matches billing address" AddressMatchLevel: type: "string" description: "Level of match between delivery and billing addresses" enum: - FullMatch - PartialMatch - NoMatch - NotApplicable SupplementaryData: type: "object" description: | Additional information that cannot be captured in the structured fields and/or any other specific block properties: {} AECreditorIndicators: type: "object" description: | Creditor Indicators properties: AccountType: $ref: "#/components/schemas/AEAccountTypeCode" IsCreditorPrePopulated: $ref: "#/components/schemas/AEIsCreditorPrePopulated" TradingName: $ref: "#/components/schemas/AETradingName" IsVerifiedByTPP: $ref: "#/components/schemas/AEIsVerifiedbyTPP" AdditionalAccountHolderIdentifiers: $ref: "#/components/schemas/AEAdditionalAccountHolderIdentifiers" MerchantDetails: type: "object" description: | Details of the Merchant involved in the transaction. Merchant Details are specified only for those merchant categories that are generally expected to originate retail financial transactions properties: MerchantId: description: "MerchantId" type: "string" minLength: 8 maxLength: 20 MerchantName: description: "Name by which the merchant is known." type: "string" minLength: 1 maxLength: 350 MerchantSICCode: description: | SIC code stands for standard industrial classification (SIC) code. This four digit-number identifies a very specific short descriptor of the type of business a company is engaged in. SIC can be obtained from the Chamber of Commerce. type: "string" minLength: 3 maxLength: 4 MerchantCategoryCode: description: > Category code values are used to enable the classification of merchants into specific categories based on the type of business, trade or services supplied. Category code conforms to ISO 18245, related to the type of services or goods the merchant provides for the transaction." type: string minLength: 3 maxLength: 4 additionalProperties: false IsCreditorConfirmed: description: Creditor account details have been confirmed successfully using Confirmation of Payee type: boolean ConfirmationOfPayeeResponse: $ref: "#/components/schemas/AEConfirmationOfPayeeResponse" SupplementaryData: type: "object" description: | Additional information that cannot be captured in the structured fields and/or any other specific block properties: {} AEAccountTypeCode: type: string enum: - Retail - SME - Corporate description: Specifies the type of account (Retail, SME or Corporate). AEIsCreditorPrePopulated: description: "Is Creditor populated" type: "boolean" AEIsVerifiedbyTPP: description: "The TPP has onboarded the Creditor" type: "boolean" AEAdditionalAccountHolderIdentifiers: type: "array" items: type: "object" description: "Provides the details to identify an account." required: - "SchemeName" - "Identification" properties: SchemeName: $ref: "#/components/schemas/AERiskExternalAccountIdentificationCode" Identification: $ref: "#/components/schemas/AEIdentification" Name: $ref: "#/components/schemas/AEName" additionalProperties: false AERiskExternalAccountIdentificationCode: description: "Name of the identification scheme, in a coded form as published in an external list." type: "string" enum: - "EmiratesID" - "TradeLicenceNumber" AEConfirmationOfPayeeResponse: description: The JSON Web Signature returned by the Payee Confirmation operation at the Confirmation of Payee API. The value must be the full JWS string, including the header and signature, without decoding to an object. If Confirmation of Payee is not performed this property can be omitted type: string pattern: '^.+\..+\..+$' AECreditorExternalAccountIdentificationCode: description: "Name of the identification scheme, in a coded form as published in an external list." type: "string" enum: - "IBAN" - "AccountNumber" AEIdentification: description: | Identification for the account assigned by the LFI based on the Account Scheme Name. This identification is known by the User account owner. type: "string" minLength: 1 AETradingName: type: "object" description: | The Trading Brand Name (if applicable) for the Creditor. Applicable to Payments. properties: en: type: "string" description: "English value of the string" maxLength: 70 ar: type: "string" description: "Arabic value of the string" maxLength: 70 additionalProperties: false AERisk: additionalProperties: false description: | The Risk section is sent by the TPP to the LFI. It is used to specify additional details for risk/fraud scoring regarding Payments. type: "object" properties: DebtorIndicators: $ref: "#/components/schemas/AEDebtorIndicators" DestinationDeliveryAddress: type: "object" description: | Destination Delivery Address properties: RecipientType: type: "string" description: "The recipient of the goods whether an individual or a corporation." enum: - "Individual" - "Corporate" RecipientName: type: "object" description: "The name of the recipient of the goods, whether an individual or a corporation." properties: en: type: "string" description: "English value of the string" ar: type: "string" description: "Arabic value of the string" NationalAddress: $ref: "#/components/schemas/AEAddress" TransactionIndicators: $ref: "#/components/schemas/AETransactionIndicators" CreditorIndicators: $ref: "#/components/schemas/AECreditorIndicators" AEConsentId: type: string minLength: 1 maxLength: 128 description: >- Unique identification assigned by the TPP to identify the consent resource. AEFilePaymentRequest: description: | File Payment Request Schema type: "object" additionalProperties: false required: - "Data" properties: Data: description: Primary data for the request type: "object" additionalProperties: false required: - "ConsentId" - "PaymentPurposeCode" properties: ConsentId: $ref: "#/components/schemas/AEConsentId" Instruction: $ref: "#/components/schemas/AEFilePaymentConsent" PaymentPurposeCode: $ref: "#/components/schemas/AEPaymentPurposeCode" DebtorReference: $ref: "#/components/schemas/AEStructuredDebtorReference" AEFilePaymentConsent: type: "object" description: | A file based payment consent. A Consent definition for defining Multi Payments required: - "FileType" - "FileHash" - "NumberOfTransactions" - "ControlSum" properties: FileType: $ref: "#/components/schemas/AEFileType" FileHash: $ref: "#/components/schemas/AEFileHash" FileReference: $ref: "#/components/schemas/AEReference" NumberOfTransactions: $ref: "#/components/schemas/AEFileNumberOfTransactions" ControlSum: $ref: "#/components/schemas/AEControlSum" RequestedExecutionDate: $ref: "#/components/schemas/AERequestedExecutionDate" additionalProperties: false AERequestedExecutionDate: description: | The date when the TPP expects the LFI to execute the payment. The date must be in the future and cannot be on the same day or a day in the past. The maximum date in the future that can be specified is 1 year from the day of the consent of the User to the TPP. All dates in the JSON payloads are represented in ISO 8601 date format. type: "string" format: "date" AEFileNumberOfTransactions: type: "integer" description: | Number of individual transactions contained in the payment information group. AEControlSum: description: | Total of all individual amounts included in the group, irrespective of currencies. type: "string" pattern: "^\\d{1,16}\\.\\d{2}$" example: "100.00" AEReference: description: | A reason or reference in relation to a payment. Reason or reference for the beneficiary regarding the Payment type: "string" minLength: 1 maxLength: 120 AEFileType: type: "string" description: "Specifies the payment file type" minLength: 1 maxLength: 40 AEFileHash: type: "string" description: "A base64 encoding of a SHA256 hash of the file to be uploaded." minLength: 1 maxLength: 44 AEStructuredCreditorReference: description: | A reason or reference in relation to a payment, set to facilitate a structured Creditor reference consisting of: * TPP ID and BIC for the Debtor Account, followed by freeform text to a maximum of 120 characters. The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID. A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length. If the value of the concatenated string exceeds 120 characters, the TPP must first omit or truncate the freeform element of the reference. type: "string" minLength: 1 maxLength: 120 pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)" AEPaymentInstruction: type: "object" additionalProperties: false required: - "Amount" description: "The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor for a single payment." properties: Amount: $ref: "#/components/schemas/AEActiveCurrencyAmount" PaymentType: type: string description: | The type of the payment that is being created. Each LFI's instance may support a different set of payment types depending on the standards supported. For example, - cbuae-payment (Single Instant Payment, Multi Payment - Fixed and Variable Recurring Payment, Future Dated Payment etc) - cbuae-file-payment PaymentRequestHeaders: type: object description: | The entire set of HTTP request headers that was received by Ozone from the TPP tpp: description: The TPP record as held by Ozone. If Ozone TPP Connect has been integrated into a directory, the `directoryRecord` provides the TPP's directory record as held by Ozone in base 64 encoded format. type: object required: - clientId - orgId - softwareStatementId - tppId - tppName - decodedSsa properties: clientId: description: The client identifier for the TPP as issued by the Trust Framework type: string pattern: '^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$' tppId: description: The identifier used by the API Hub to uniquely identify the TPP type: string tppName: description: The TPP name recorded in the Trust Framework type: string obieTppId: description: The UK market TPP identifier. This property is not used for CBUAE and is therefore marked as deprecated. type: string deprecated: true softwareStatementId: description: The software statement identifier for the Client. type: string obieSoftwareStatementId: description: The UK market software statement identifier. This property is not used for CBUAE and is therefore marked as deprecated. type: string deprecated: true obieSoftwareStatementName: description: The UK market software statement name. This property is not used for CBUAE and is therefore marked as deprecated. type: string deprecated: true directoryRecord: type: string description: The latest copy of the TPP directory record retrieve from the CBUAE Trust Framework directory, encoded as a Base 64 string format: base64 ssa: description: The encoded Software Statement Assertion. This property is not used for CBUAE and is therefore marked as deprecated. type: string deprecated: true decodedSsa: $ref: "#/components/schemas/softwareStatementProperties" orgId: description: The organization identifier for the TPP type: string pattern: '^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$' softwareStatementProperties: description: | The decoded software statement retrieved from the Trust Framework that provides the properties of the Client. Please note: - The JSON payload will contain other properties in addition to those listed here. The properties listed here are considered most relevant for activities such as TPP logo retrieval and JWS verification. - The content reflects elements of discovery metadata, which in generally defined as a file rather than an API. Providing constraints such as `minLength` and `maxLength` is impractical in this context The full software statement record is also available in the Trust Framework. Please also refer the Registration Framework page in the CBUAE standards for additional guidance on these properties. type: object properties: redirect_uris: description: The redirect URIs registered by the TPP at the Trust Framework type: array items: type: string client_name: description: Name of the Client to be presented to the End-User. type: string client_uri: description: URL of the home page of the Client. type: string logo_uri: description: URL of the Client logo. type: string jwks_uri: description: URL of the Client JSON Web Key Set (JWKS) at the Trust Framework. type: string client_id: description: Unique Client Identifier. type: string roles: description: The roles under which the organization is registered at the Trust Framework. type: array items: type: string sector_identifier_uri: description: URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. Allows redirect URI values to be grouped, easing registration management. type: string application_type: description: Client application type. type: string organisation_id: description: Organization identifier for organization that owns the Client. type: string SupplementaryInformation: type: object description: | The `SupplementaryInformation` object may have arbitrary custom fields that a Financial Institution may use AEPaymentIdResponse: description: | The payment response to be passed on to the TPP. The structure of this response is aligned to the structure of the response for the CBUAE payment initiation API. type: "object" additionalProperties: false required: - "data" properties: data: type: "object" description: "Required fields are common for all the payments including file payment. Apart from that, paymentTransactionId is required for all payments except file payments" additionalProperties: false required: - "id" - "status" - "statusUpdateDateTime" - "creationDateTime" - "paymentPurposeCode" properties: id: description: An API specific unique identification as assigned by the LFI to identify the domestic Payment resource. type: string consentId: description: Unique identification assigned by the TPP to identify the consent resource. type: string paymentTransactionId: description: | This is an end-to-end identifier that is generated by the underlying payment rails when it is sent from an Originating LFI to a Receiving LFI. For IPP transactions, this is the IPP generated identifier. This property is not the same as the `transactionId` in the Bank Data Sharing Transactions API. The `paymentTransactionId` must be populated if the payment is processed by the LFI, and updated at the Consent Manager Payment Log API using the `patch` operation. type: string status: description: | Specifies the status of the payment information group * Pending: Payment initiation or individual transaction included in the payment initiation is pending. Further checks and status update will be performed. * Rejected: The payment initiation has been rejected * AcceptedSettlementCompleted: Settlement of the Debtor's account has been completed * AcceptedCreditSettlementCompleted: When the Creditor account has been credited with the funds of the payment initiated via the TPP * AcceptedWithoutPosting: When the Recipient Bank has accepted the payment but has not applied the credit to the Creditor account yet. type: string enum: - "Pending" - "AcceptedSettlementCompleted" - "AcceptedCreditSettlementCompleted" - "AcceptedWithoutPosting" - "Rejected" - "Received" statusUpdateDateTime: description: Date and time at which the resource status was updated. type: string format: date-time creationDateTime: description: Date and time at which the message was created. type: string format: date-time charges: $ref: "#/components/schemas/AECharges" exchangeRate: $ref: "#/components/schemas/AEExchangeRateInformation" currencyRequest: $ref: "#/components/schemas/AECurrencyRequest" instruction: $ref: "#/components/schemas/AEPaymentInstruction" paymentPurposeCode: $ref: "#/components/schemas/AEPaymentPurposeCode" debtorReference: $ref: "#/components/schemas/AEStructuredDebtorReference" openFinanceBilling: $ref: "#/components/schemas/AEServiceInitiationOpenFinancePaymentBillingGet" meta: $ref: "#/components/schemas/Meta" AECharges: description: List of charges associated with the payment request type: "array" items: type: "object" additionalProperties: false description: | Set of elements used to provide details of a charge for the payment initiation. * For Payments, these Charges are on the Debtor. required: - "chargeBearer" - "type" - "amount" properties: chargeBearer: $ref: "#/components/schemas/AEChargeBearerType1Code" type: $ref: "#/components/schemas/AEExternalPaymentChargeTypeCode" amount: $ref: "#/components/schemas/AEActiveCurrencyAmount" AEChargeBearerType1Code: description: "Specifies which party/parties will bear the charges associated with the processing of the payment transaction." type: "string" enum: - "BorneByCreditor" - "BorneByDebtor" - "Shared" AEExternalPaymentChargeTypeCode: description: "Charge type, in a coded form." type: "string" enum: - "VAT" - "Fees" AEActiveCurrencyAmount: description: The Currency and Amount relating to the Payment type: "object" required: - "amount" - "currency" properties: amount: $ref: "#/components/schemas/AEActiveOrHistoricAmount" currency: $ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode" AEActiveOrHistoricAmount: description: "A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217." type: "string" pattern: "^\\d{1,16}\\.\\d{2}$" example: "100.00" AEActiveOrHistoricCurrencyCode: description: "A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'." type: "string" pattern: "^[A-Z]{3,3}$" example: "AED" AEExchangeRateInformation: type: "object" additionalProperties: false required: - "unitCurrency" - "exchangeRate" - "rateType" description: "Further detailed information on the exchange rate that has been used in the payment transaction." properties: unitCurrency: description: "Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP." type: "string" pattern: "^[A-Z]{3,3}$" exchangeRate: description: "The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency." type: "number" rateType: description: "Specifies the type used to complete the currency exchange." type: "string" enum: - "Actual" - "Agreed" - "Indicative" contractIdentification: description: "Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent." type: "string" minLength: 1 maxLength: 256 expirationDateTime: description: "Specified date and time the exchange rate agreement will expire.All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00" type: "string" format: "date-time" AECurrencyRequest: description: | The details of the non-local currency or FX request that has been agreed between the User and the TPP. The requested ChargeBearer and ExchangeRateInformation are included in this object may be overwritten by the LFI in the returned Consent object. type: "object" additionalProperties: false required: - "currencyOfTransfer" properties: instructionPriority: description: "Indicator of the urgency or order of importance that the instructing party would like the instructed party to apply to the processing of the instruction." type: "string" enum: - "Normal" - "Urgent" extendedPurpose: description: "Specifies the purpose of an international payment, when there is no corresponding 4 character code available in the ISO20022 list of Purpose Codes." type: "string" minLength: 1 maxLength: 140 chargeBearer: $ref: "#/components/schemas/AEChargeBearerType1Code" currencyOfTransfer: description: "Specifies the currency of the to be transferred amount, which is different from the currency of the debtor's account." type: "string" pattern: "^[A-Z]{3,3}$" destinationCountryCode: description: "Country in which Credit Account is domiciled. Code to identify a country, a dependency, or another area of particular geopolitical interest, on the basis of country names obtained from the United Nations (ISO 3166, Alpha-2 code)." type: "string" pattern: "[A-Z]{2,2}" exchangeRateInformation: type: "object" additionalProperties: false required: - "unitCurrency" - "rateType" description: "Provides details on the currency exchange rate and contract." properties: unitCurrency: description: "Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP." type: "string" pattern: "^[A-Z]{3,3}$" exchangeRate: description: "The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency." type: "number" rateType: description: "Specifies the type used to complete the currency exchange." type: "string" enum: - "Actual" - "Agreed" - "Indicative" contractIdentification: description: "Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent." type: "string" minLength: 1 maxLength: 256 AEPaymentPurposeCode: description: A category code that relates to the type of services or goods that corresponds to the underlying purpose of the payment. The code must conform to the published AANI payment purpose code list. type: "string" minLength: 1 maxLength: 4 pattern: "^[A-Z]{3}$" AEStructuredDebtorReference: description: | A reason or reference in relation to a payment, set to facilitate a structured Debtor reference consisting of: * For payments to Merchants: TPP ID, Merchant ID, BIC for the Creditor Account, followed by freeform text to a maximum of 120 characters. * For other payments: TPP ID and BIC for the Creditor Account, followed by freeform text to a maximum of 120 characters. The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID. The Merchant ID wil be as per the existing IPP rules for the Merchant identification, and will incorporate the Trade License number for the Merchant. A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length. If the value of the concatenated string exceeds 120 characters, the TPP must omit or truncate the freeform element of the reference. type: "string" minLength: 1 maxLength: 120 pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},(Merchant=[A-Z0-9]{3}-[A-Z]{4}-TL.+-[0-9]{4},|)BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)" RefundGetResponse: description: Response to a request to the Debtor details for a given payment, in order to initiate a refund. Requires the consent of the Debtor to be retrieved, enforced at the API Hub. type: object properties: data: $ref: "#/components/schemas/RefundGetResponseBody" meta: $ref: "#/components/schemas/Meta" RefundGetResponseBody: description: Primary data for the response type: object required: - refundAccount properties: consentId: description: | Unique identification assigned by the TPP to identify the consent resource. type: "string" minLength: 1 maxLength: 128 refundAccount: $ref: "#/components/schemas/AEDebtorAccount" AEDebtorAccount: description: "Unambiguous identification of the account of the debtor to which a debit entry will be made." type: "object" required: - "schemeName" - "identification" - "name" properties: schemeName: description: "Name of the identification scheme, in a coded form as published in an external list." type: "string" enum: - "IBAN" - "AccountNumber" identification: description: | Identification for the account assigned by the LFI based on the Account Scheme Name. This identification is known by the User account owner. type: "string" minLength: 1 name: $ref: "#/components/schemas/AEName" AEName: type: "object" description: | The Account Holder Name is the name or names of the Account owner(s) represented at the account level properties: en: type: "string" description: "English value of the string" maxLength: 70 ar: type: "string" description: "Arabic value of the string" maxLength: 70 additionalProperties: false # # Common types # Meta: description: Metadata relevant to the resource. type: object additionalProperties: false Error: description: Default error response payload structure for Ozone Connect type: object properties: errorCode: type: string description: Error code identifying the problem that occurred errorMessage: type: string description: Message describing what problem has occurred parameters: providerId: name: o3-provider-id in: header schema: type: string required: true description: Identifier for the Financial Institution that the request is targetted to aspspId: name: o3-aspsp-id in: header schema: type: string required: true deprecated: true description: Identifier for the financial institution that the request is targetted to. This header is deprecated and will be removed in a future version of Ozone Connect. Use `o3-provider-id` instead. callerOrgId: name: o3-caller-org-id in: header schema: type: string required: true description: An identifier for the organization calling the API callerClientId: name: o3-caller-client-id in: header schema: type: string required: true description: An identifier for the OIDC clientId calling the API callerSoftwareStatementId: name: o3-caller-software-statement-id in: header schema: type: string required: true description: An identifier for the software statement calling the API apiUri: name: o3-api-uri in: header schema: type: string required: true description: The parameterised URL of the API being called by the caller apiOperation: name: o3-api-operation in: header schema: type: string required: true description: The API operation carried out by the caller (e.g. GET, POST, PUT, DELETE, PATCH) consentId: name: o3-consent-id in: header schema: type: string required: true description: The consentId for which this call is being made callerInteractionId: name: o3-caller-interaction-id in: header schema: type: string required: true description: The interaction ID passed in by the caller, if any ozoneInteractionId: name: o3-ozone-interaction-id in: header schema: type: string required: true description: An interaction ID generated by Ozone if the caller did not send in one. If the callerInteractionId is specified, this takes the same value. psuIdentifier: name: o3-psu-identifier in: header schema: type: string required: true description: A Base64 encoded representation of the psuIdentifier JSON object. paymentId: name: paymentId description: The identifier for a given payment instruction in: path required: true schema: type: string securitySchemes: OzoneConnectApiKey: description: Communications between the API Hub and the LFI Ozone Connect implementation are secured using an API Key, which is a secret shared between the API Hub and the LFI. type: apiKey in: header name: Authorization OzoneConnectClientCredentials: type: oauth2 description: | Communications between the API Hub and the LFI Ozone Connect implementation are secured using a Client Credentials grant type. LFIs must host an OAuth 2.0 Authorization Server to utilise this security pattern. Scope values are set during the onboarding process, and represented by a placeholder in this API description. flows: clientCredentials: tokenUrl: "https://example.lfi.ae/token" scopes: placeholder: Placeholder for scopes, which are set by the LFI during onboarding OzoneConnectJwtAuth: description: | Communications between the API Hub and the LFI Ozone Connect implementation are secured using the "JWT Auth" mechanism, where the Client presents a signed JSON Web Token as a credential. The Server MUST verify the signature in order to authenticate the Client. Please note that the value of the `scheme` parameter is not a registered HTTP Authentication Scheme, to indicate it is specific to Ozone Connect. Please refer to API Hub documentation for further details. type: http scheme: Ozone-Connect-JWT-Auth OzoneConnectServiceInitiationToken: description: | Communications between the API Hub and the LFI Ozone Connect implementation are secured using a Service Initiation Token. The API Hub will set an Access Token based on a value set by the LFI, which has been patched onto the associated consent. The value will be transmitted in the `Authorization` header, which is represented as a `Bearer` in this Security Scheme Object. type: http scheme: Bearer |
...