openapi: 3.0.0
info:
title: UAE Confirmation of Payee API
description: '## UAE Open Finance Confirmation of Payee API Specification'
version: v1.0-draft4
tags:
- name: Discovery Operations
description: Discovery operations and resources
- name: Confirmation Operations
description: Verification Payee confirmation operations and resources
paths:
/confirmation-of-payee/discovery:
post:
tags:
- Confirmation DiscoveryOperations
operationId: ConfirmationOfPayeeDiscoveryConfirmationOfPayeeConfirmation_signedDiscoveryRequestsignedConfirmationRequest
summary: DiscoverConfirm the LFI that will confirmaccount details are correct based on the payeeparameters attributessupplied
description: >-
BeforeProvide athe Confirmationproperties ofthat Payeecan (CoP)be operationused takesto placeverify the TPPpayee willaccount.
need to resolveAt the LFI thatversion 1.0.0 this will servicebe the account propertiesname and either IBAN or
request. This requirement is basedAccount onNumber. theFuture separationversion of concernsthis API may support verification
implemented in the OFP, whichthrough ensuresother thatidentifiers.
the APIs for a given LFI areparameters:
always- physically separated.$ref: '#/components/parameters/Authorization'
- At version 1.0.0 the TPP will call this endpoint with the account IBAN,$ref: '#/components/parameters/x-customer-user-agent'
- $ref: '#/components/parameters/x-fapi-auth-date'
- which will be used to resolve the correct URL with which to make the CoP$ref: '#/components/parameters/x-fapi-customer-ip-address'
- $ref: '#/components/parameters/x-fapi-interaction-id'
responses:
operation. '200':
parameters: - $ref: '#/components/parameters/Authorization'description: The request has succeeded.
- $refheaders: '#/components/parameters/x-customer-user-agent'
- $ref: '#/components/parameters/x-fapi-auth-date'interaction-id:
- $ref: '#/components/parameters/x-fapi-customer-ip-address' required: false
- $ref: '#/components/parameters/x-fapi-interaction-id' responsesdescription: An RFC4122 UID used as a correlation id.
'200': descriptionschema:
The request has succeeded. headerstype: string
x-fapi-interaction-idcontent:
requiredapplication/jwt:
false descriptionschema:
An RFC4122 UID used as a correlation id. $ref: '#/components/schemas/NameConfirmationResponseBodySigned'
schema: '400':
description: Bad type:request
string contentheaders:
application/jwtx-fapi-interaction-id:
schemarequired: true
$refdescription: >-An RFC4122 UID used as a correlation id.
#/components/schemas/DiscoverVerificationSourceResponseBodySigned schema:
'400': descriptiontype: Bad requeststring
headerscontent:
x-fapi-interaction-idapplication/jwt:
requiredschema:
true description$ref: An RFC4122 UID used as a correlation id.
'#/components/schemas/AEErrorSignedResponse'
'401':
schemadescription: Unauthorized
headers:
type: string x-fapi-interaction-id:
content: application/jwt:required: true
schemadescription: An RFC4122 UID used as a correlation id.
schema:
$reftype: '#/components/schemas/AEErrorSignedResponse'string
'401403':
description: UnauthorizedForbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403'content:
description: Forbidden application/jwt:
headers: schema:
x-fapi-interaction-id: $ref: '#/components/schemas/AEErrorSignedResponse'
required: true '404':
description: AnNot RFC4122found
UID used as a correlation id. headers:
schema: x-fapi-interaction-id:
typerequired: stringtrue
content: description: An RFC4122 UID used as a application/jwt:correlation id.
schema:
$reftype: '#/components/schemas/AEErrorSignedResponse'string
'404405':
description: Method Not foundAllowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405406':
description: Method Not AllowedAcceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406415':
description: Unsupported NotMedia AcceptableType
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415429':
description: UnsupportedToo MediaMany TypeRequests
headers:
x-fapi-interaction-idretry-after:
required: true
description: AnNumber RFC4122in UIDseconds usedto as await
correlation id. schema:
type: stringinteger
'429': format: int64
description: Too Many Requests x-fapi-interaction-id:
headers: retry-after:required: true
requireddescription: trueAn RFC4122 UID used as a correlation id.
description: Number in secondsschema:
to wait schematype: string
'500':
type: integer description: Internal Server Error
formatheaders: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500': content:
descriptionapplication/jwt:
Internal Server Error headersschema:
x-fapi-interaction-id: $ref: '#/components/schemas/AEErrorSignedResponse'
requestBody:
required: true required: true
descriptioncontent:
An RFC4122 UID used as a correlation id. application/jwt:
schema:
$ref: type: string'#/components/schemas/NameConfirmationRequestBodySigned'
security:
content: - TPPOAuth2Security:
application/jwt: - openid
schema: - confirmation-of-payee
/discovery:
post:
$reftags:
'#/components/schemas/AEErrorSignedResponse' requestBody:- Discovery Operations
requiredoperationId: trueConfirmationOfPayeeDiscovery_signedDiscoveryRequest
contentsummary: Discover the LFI that will confirm the payee attributes
application/jwt: description: >-
schema: Before a Confirmation of Payee (CoP) operation takes place the TPP will
$ref: '#/components/schemas/DiscoverVerificationSourceRequestBodySigned' need security:to resolve the LFI that will service the account -properties
TPPOAuth2Security: request. This requirement is based -on openidthe separation of concerns
implemented - confirmation-of-payee
/confirmation-of-payee/verification:
post:
in the OFP, which ensures that the APIs for a given LFI are
tags: always physically separated.
-
Verification operationId: ConfirmationOfPayeeVerification_signedVerificationRequestAt version 1.0.0 the TPP will call this summary:endpoint Verifywith the account detailsIBAN,
based on the parameters supplied which will be description:used >-to resolve the correct URL with which to Providemake the propertiesCoP
that can be used to verify the payee accountoperation.
parameters:
At version 1.0.0 this will be the account name and IBAN. Future version
of this API may support verification through other identifiers.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/x-customer-user-agent'
- $ref: '#/components/parameters/x-fapi-auth-date'
- $ref: '#/components/parameters/x-fapi-customer-ip-address'
- $ref: '#/components/parameters/x-fapi-interaction-id'
responses:
'200':
description: The request has succeeded.
headers:
x-fapi-interaction-id:
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: ' >-
#/components/schemas/NameVerificationResponseBodySigned'DiscoverConfirmationSourceResponseBodySigned
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/AEErrorSignedResponse'
'401':
description: Unauthorized
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403':
description: Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/AEErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415':
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500':
description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/AEErrorSignedResponse'
requestBody:
required: true
content:
application/jwt:
schema:
$ref: '#/components/schemas/NameVerificationRequestBodySignedDiscoverConfirmationSourceRequestBodySigned'
security:
- TPPOAuth2Security:
- openid
- confirmation-of-payee
components:
parameters:
Authorization:
name: authorization
in: header
required: true
description: An authorization Token as per https://tools.ietf.org/html/rfc6750
schema:
type: string
x-customer-user-agent:
name: x-customer-user-agent
in: header
required: false
description: Indicates the user-agent that the User is using.
schema:
type: string
x-fapi-auth-date:
name: x-fapi-auth-date
in: header
required: false
description: >-
The time when the User last logged in with the TPP.
All dates in the HTTP headers are represented as RFC 7231 Full Dates. An
example is below:
Sun, 10 Sep 2017 19:43:31 UTC
schema:
type: string
pattern: >-
^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4}
\d{2}:\d{2}:\d{2} (GMT|UTC)$
x-fapi-customer-ip-address:
name: x-fapi-customer-ip-address
in: header
required: false
description: The User's IP address if the User is currently logged in with the TPP.
schema:
type: string
x-fapi-interaction-id:
name: x-fapi-interaction-id
in: header
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
schemas:
AEAccountDiscoveryAEAccountConfirmationRequest:
type: object
required:
- IdentificationTypeData
properties:
- Identification propertiesData:
IdentificationType: $ref: '#/components/schemas/AEAccountConfirmationRequestProperties'
typeadditionalProperties: stringfalse
AEAccountConfirmationRequestProperties:
enum oneOf:
- $ref: '#/components/schemas/AEIbanConfirmationProperties'
- UAEOF.IBAN - $ref: '#/components/schemas/AEAccountNumberConfirmationProperties'
Identification: discriminator:
type: string propertyName: IdentificationType
minLengthmapping:
1 maxLengthUAEOF.IBAN: 400'#/components/schemas/AEIbanConfirmationProperties'
descriptionUAEOF.AccountNumber: >-'#/components/schemas/AEAccountNumberConfirmationProperties'
AEAccountConfirmationResponse:
type: Identificationobject
for the account assigned by the LFIrequired:
based on the - Data
Account Scheme Name, and- asLinks
understood by the payer. This - Meta
properties:
identification is known by the User account owner. ForData:
IBAN, refer $ref: '#/components/schemas/AEAccountConfirmationResponseProperties'
to the ISO Standard 13616. Links:
additionalProperties: false AEAccountNameMatchIndicators$ref: '#/components/schemas/LinksSelf'
type: string enumMeta:
- UAEOF.ConfirmationOfPayee.Yes $ref: '#/components/schemas/Meta'
- UAEOF.ConfirmationOfPayee.NoadditionalProperties: false
AEAccountVerificationPropertiesAEAccountConfirmationResponseProperties:
type: object
required:
- IdentificationTypeAccountNameMatchIndicator
properties:
- Identification AccountNameMatchIndicator:
- Name properties$ref: '#/components/schemas/AEAccountNameMatchIndicators'
IdentificationType MaskedAccountName:
type: string
enumminLength: 1
maxLength: 70
- UAEOF.IBAN Identificationdescription: >-
type: string The masked matched account name. This is provided to minLength:allow 1the User
maxLength: 400 to review the account name return from the Confirmation description:operation.
>- additionalProperties: false
AEAccountDiscoveryByBankCode:
Identification for the account assigned by thetype: LFIobject
based on the required:
Account- SchemeIdentificationType
Name, and as understood by the payer. This - BankCode
properties:
identification is known by the UserIdentificationType:
account owner. For IBAN, refer type: string
to the ISO Standard 13616. enum:
Name: - UAEOF.BankCode
type: string BankCode:
minLength: 1 type: string
maxLengthpattern: 70^[0-9]{3}$
description: >-
TheBank accountidentification namecode isissued theby nameCBUAE orthat names ofidentifies the UserLFI accountat
owner(s) which represented at anthe account level,is asheld
understood by the payer additionalProperties: false
AEErrorAEAccountDiscoveryByIban:
type: object
required:
- CodeIdentificationType
- MessageIdentification
properties:
CodeIdentificationType:
allOftype: string
- $refenum:
'#/components/schemas/AEErrorCode' description: Low level textual error code, e.g., UAEOF.Field.Missing - UAEOF.IBAN
MessageIdentification:
type: string
minLength: 1
maxLength: 500400
description: >-
AIdentification descriptionfor of the erroraccount thatassigned occurred. e.g., 'A mandatory field
by the LFI based on the
isn't supplied'Account orScheme 'RequestedExecutionDateTimeName, mustand beas inunderstood future'by the payer. This
UAEOF doesn't standardiseidentification thisis fieldknown by the User account owner. For IBAN, refer
Path: type: stringto the ISO Standard 13616.
minLengthadditionalProperties: false
1 AEAccountNameConfirmationProperties:
maxLengthoneOf:
500 - $ref: description: >-'#/components/schemas/AEPersonalAccountNameConfirmationProperties'
- $ref: '#/components/schemas/AEBusinessAccountNameConfirmationProperties'
Recommended butAEAccountNameMatchIndicators:
optional reference to the JSON Path oftype: thestring
field enum:
with error, e.g., Data.Initiation.InstructedAmount.Currency - UAEOF.ConfirmationOfPayee.Yes
Url:
- UAEOF.ConfirmationOfPayee.No
description: >-
type: string Indicator for whether the payee description:name >-is matched with the account name
URL toheld helpat remediatethe theLFI
problem, or provide more information,AEAccountNumberConfirmationProperties:
or type: object
to APIrequired:
Reference, or help etc - IdentificationType
description: Error additionalProperties:- falseIdentification
AEErrorCode: - BankCode
type: string - enum:Name
properties:
- UAEOF.AccessToken.Unauthorized IdentificationType:
- UAEOF.AccessToken.InvalidScope type: string
- UAEOF.Consent.Revoked enum:
- UAEOF.Consent.TransientAccountAccessFailure - UAEOF.Consent.AccountTemporarilyBlockedAccountNumber
- UAEOF.Consent.PermanentAccountAccessFailureIdentification:
- UAEOF.Consent.Invalid
type: string
- UAEOF.JWS.InvalidSignature minLength: 1
- UAEOF.JWS.Malformed maxLength: 400
- UAEOF.JWS.InvalidClaim description: >-
UAEOF.JWS.InvalidHeader - UAEOF.GenericRecoverableError Identification for the account assigned by the -LFI UAEOF.GenericErrorbased on the
- UAEOF.JWE.DecryptionError Account Scheme Name, - UAEOF.JWE.InvalidHeaderand as understood by the payer. This
- UAEOF.Event.UnexpectedEvent identification is known by the User -account UAEOF.Bodyowner.InvalidFormat For IBAN, refer
- UAEOF.Resource.InvalidResourceId to the ISO -Standard UAEOF.Resource.InvalidFormat13616.
BankCode:
- UAEOF.Consent.BusinessRuleViolation AEErrorResponse: type: string
type: object requiredpattern: ^[0-9]{3}$
- Errors description: >-
properties: Errors:Bank identification code issued by CBUAE that identifies the LFI at
type: array items:which the account is held
$refName:
' $ref: '#/components/schemas/AEErrorAEAccountNameConfirmationProperties'
additionalProperties: false
minItemsAEBusinessAccountNameConfirmationProperties:
1 descriptiontype: >-object
required:
An array of detail error codes, and messages,- andBusinessName
URLs to documentation properties:
to help remediation. BusinessName:
additionalProperties: false AEErrorSignedResponsetype: string
type: object minLength: 1
required: -maxLength: iss140
- exp description: The business name of the account holder, -as nbfunderstood by the payer
- messagedescription: The properties required to verify a properties:business account
issadditionalProperties: false
AEConfirmationDiscovery:
type: string oneOf:
- description$ref: >-'#/components/schemas/AEAccountDiscoveryByIban'
- [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)$ref: '#/components/schemas/AEAccountDiscoveryByBankCode'
discriminator:
exppropertyName: IdentificationType
typemapping:
number description: >-UAEOF.IBAN: '#/components/schemas/AEAccountDiscoveryByIban'
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)UAEOF.BankCode: '#/components/schemas/AEAccountDiscoveryByBankCode'
AEConfirmationDiscoveryRequest:
nbf: type: object
typerequired:
number - Data
description: >- properties:
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)Data:
aud: $ref: '#/components/schemas/AEConfirmationDiscovery'
additionalProperties: type:false
array AEConfirmationDiscoveryResponse:
itemstype: object
required:
type: string - Data
description: >- Links
- Meta
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)properties:
iatData:
type: number$ref: '#/components/schemas/AEConfirmationSourceProperties'
Links:
description$ref: >-'#/components/schemas/LinksSelf'
Meta:
[https$ref: '#//www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)components/schemas/Meta'
additionalProperties: false
AEConfirmationSourceProperties:
type: object
required:
- AuthorizationServerUrl
- ResourceServerUrl
properties:
AuthorizationServerUrl:
type: string
minLength: 1
maxLength: 500
description: >-
Authorization Server URL at which an Access Token to invoke the
Confirmation of Payee operation should be sought
ResourceServerUrl:
type: string
minLength: 1
maxLength: 500
description: >-
Resource Server URL at which the Confirmation of Payee operation
should be invoked
additionalProperties: false
AEError:
type: object
required:
- Code
- Message
properties:
Code:
allOf:
- $ref: '#/components/schemas/AEErrorCode'
description: Low level textual error code, e.g., UAEOF.Field.Missing
Message:
type: string
minLength: 1
maxLength: 500
description: >-
A description of the error that occurred. e.g., 'A mandatory field
isn't supplied' or 'RequestedExecutionDateTime must be in future'
UAEOF doesn't standardise this field
Path:
type: string
minLength: 1
maxLength: 500
description: >-
Recommended but optional reference to the JSON Path of the field
with error, e.g., Data.Initiation.InstructedAmount.Currency
Url:
type: string
description: >-
URL to help remediate the problem, or provide more information, or
to API Reference, or help etc
description: Error
additionalProperties: false
AEErrorCode:
type: string
enum:
- UAEOF.AccessToken.Unauthorized
- UAEOF.AccessToken.InvalidScope
- UAEOF.Consent.Revoked
- UAEOF.Consent.TransientAccountAccessFailure
- UAEOF.Consent.AccountTemporarilyBlocked
- UAEOF.Consent.PermanentAccountAccessFailure
- UAEOF.Consent.Invalid
- UAEOF.JWS.InvalidSignature
- UAEOF.JWS.Malformed
- UAEOF.JWS.InvalidClaim
- UAEOF.JWS.InvalidHeader
- UAEOF.GenericRecoverableError
- UAEOF.GenericError
- UAEOF.JWE.DecryptionError
- UAEOF.JWE.InvalidHeader
- UAEOF.Event.UnexpectedEvent
- UAEOF.Body.InvalidFormat
- UAEOF.Resource.InvalidResourceId
- UAEOF.Resource.InvalidFormat
- UAEOF.Consent.BusinessRuleViolation
AEErrorResponse:
type: object
required:
- Errors
properties:
Errors:
type: array
items:
$ref: '#/components/schemas/AEError'
minItems: 1
description: >-
An array of detail error codes, and messages, and URLs to documentation
to help remediation.
additionalProperties: false
AEErrorSignedResponse:
type: object
required:
message: - iss
$ref: '#/components/schemas/AEErrorResponse' - exp
description: Signed error response payload - nbf
additionalProperties: false - AENameVerificationRequest:message
typeproperties:
object requirediss:
- Data type: string
properties: description: >-
Data: $ref: '#/components/schemas/AEAccountVerificationProperties'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
additionalPropertiesexp:
false AENameVerificationResponse: type: number
type: object requireddescription: >-
- Data [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
- Links nbf:
- Meta type: number
properties: Datadescription: >-
$ref: '#/components/schemas/AEVerifiedProperties' [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
Linksaud:
$reftype: '#/components/schemas/LinksSelf' array
Metaitems:
$reftype: '#/components/schemas/Meta' string
additionalPropertiesdescription: >-
false AEVerificationDiscovery: $ref: '#/components/schemas/AEAccountDiscovery'[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
AEVerificationDiscoveryRequestiat:
type: number
object required: description: >-
- Data properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
Datamessage:
$ref: '#/components/schemas/AEVerificationDiscoveryAEErrorResponse'
description: Signed error response payload
additionalProperties: false
AEVerificationDiscoveryResponseAEIbanConfirmationProperties:
type: object
required:
- DataIdentificationType
- LinksIdentification
- MetaName
properties:
DataIdentificationType:
$reftype: '#/components/schemas/AEVerificationSourceProperties' string
Linksenum:
$ref: '#/components/schemas/LinksSelf'- UAEOF.IBAN
Identification:
Metatype: string
$refminLength: '#/components/schemas/Meta'1
additionalProperties: false maxLength: 400
AEVerificationSourceProperties: type: object description: >-
required: -Identification AuthorizationServerUrlfor the account assigned by the LFI based on -the
ResourceServerUrl properties: Account Scheme Name, and AuthorizationServerUrl:as understood by the payer. This
type: string identification is known by the minLength:User 1account owner. For IBAN, refer
maxLength: 500 to the ISO Standard 13616.
description: >- Name:
Authorization Server URL at which an Access Token to invoke the
$ref: '#/components/schemas/AEAccountNameConfirmationProperties'
additionalProperties: false
AEPersonalAccountNameConfirmationProperties:
Confirmation of Payeetype: operationobject
should be sought required:
ResourceServerUrl: - GivenName
type: string - LastName
minLengthproperties:
1 maxLengthGivenName:
500 type: description:string
>- minLength: 1
Resource Server URL at which the Confirmation of Payee operationmaxLength: 70
description: should>-
be invoked additionalProperties: false The given AEVerifiedProperties:or first name of the account holder, type:as objectunderstood by the
required: payer
- AccountNameMatchIndicator propertiesLastName:
AccountNameMatchIndicator: type: string
allOf: minLength: 1
- $ref: '#/components/schemas/AEAccountNameMatchIndicators' maxLength: 70
description: >-
The Indicatorfamily or forsurname whetherof the payeeaccount nameholder, isas matchedunderstood withby the account
payer
description: The properties required nameto heldverify ata thepersonal LFIaccount
additionalProperties: false
DiscoverVerificationSourceRequestBodySignedDiscoverConfirmationSourceRequestBodySigned:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/AEVerificationDiscoveryRequestAEConfirmationDiscoveryRequest'
additionalProperties: false
DiscoverVerificationSourceResponseBodySignedDiscoverConfirmationSourceResponseBodySigned:
type: object
required:
- iss
- exp
- nbf
- message
propertiesrequired:
- iss:
- exp
type: string - nbf
description: >- - message
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)properties:
expiss:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.41](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.41)
nbfexp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
itemsnbf:
type: stringnumber
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.35](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)5)
aud:
iattype: array
items:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.63](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.63)
messageiat:
$reftype: '#/components/schemas/AEVerificationDiscoveryResponse'number
additionalProperties: false
DiscoverVerificationSourceSignedRequest:
type: object
required: description: >-
- requestBody properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
requestBodymessage:
$ref: '#/components/schemas/DiscoverVerificationSourceRequestBodySignedAEConfirmationDiscoveryResponse'
additionalProperties: false
LinksSelf:
type: object
required:
- Self
properties:
Self:
$ref: '#/components/schemas/Self'
description: Links relevant to the resource
additionalProperties: false
Meta:
type: object
description: Metadata relevant to the resource
additionalProperties: false
NameVerificationRequestBodySignedNameConfirmationRequestBodySigned:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/AENameVerificationRequestAEAccountConfirmationRequest'
additionalProperties: false
NameVerificationResponseBodySignedNameConfirmationResponseBodySigned:
type: object
required:
- iss
- exp
- nbf
- message
propertiesrequired:
- iss:
- exp
type: string - nbf
description: >- - message
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)properties:
expiss:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.41](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.41)
nbfexp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
itemsnbf:
type: stringnumber
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.35](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)5)
aud:
iattype: array
items:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.63](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.63)
messageiat:
$reftype: '#/components/schemas/AENameVerificationResponse'number
additionalProperties: false NameVerificationSignedRequest:
type: object
required:
description: >-
- requestBody properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
requestBodymessage:
$ref: '#/components/schemas/NameVerificationRequestBodySignedAEAccountConfirmationResponse'
additionalProperties: false
Self:
type: string
format: uri
description: A link to the current resource
securitySchemes:
TPPOAuth2Security:
type: oauth2
description: >-
TPP confidential client authorization with the LFI to stage a consent.
**Please refer to [OpenID FAPI Security Profile 1.0 -Part 2
Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-server)
- 5.2.2 point 14 - shall authenticate the confidential client using one
of the following methods private_key_jwt and [OpenID Connect Core
1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
9. Client Authentication private_key_jwt**
flows:
clientCredentials:
tokenUrl: https://authserver.example/token
scopes:
openid: Activates OpenID Connect Support
confirmation-of-payee: Right to invoke a Confirmation of Payee operation
accounts: Ability to read Accounts Information
insurance: Right to read insurance policies
servers:
- url: /open-finance/confirmation-of-payee/v1.0-draft4
description: Default URL
variables: {}
| 