openapi: 3.0.0
info:
title: UAE Confirmation of Payee API
description: '## UAE Open Finance Confirmation of Payee API Specification'
version: v1.0-draft4
tags:
- name: Discovery Operations
description: Discovery operations and resources
- name: Verification Confirmation Operations
description: Payee confirmation operations and resources
paths:
/confirmation-of-payee/v1/discovery:
post:
tags:
- Confirmation DiscoveryOperations
operationId: ConfirmationOfPayeeDiscoveryConfirmationOfPayeeConfirmation_signedDiscoveryRequestsignedConfirmationRequest
summary: DiscoverConfirm the account details LFIare thatcorrect willbased confirmon the payeeparameters attributessupplied
description: >-
BeforeProvide athe Confirmationproperties ofthat Payeecan (CoP)be operationused takesto placeverify the TPPpayee willaccount.
need to resolveAt the LFI thatversion 1.0.0 this will servicebe the account propertiesname and either IBAN or
request. This requirement isAccount basedNumber. onFuture the separationversion of concernsthis API may support verification
implemented in the OFP, whichthrough ensuresother thatidentifiers.
the APIs for a given LFI areparameters:
always- physically separated.$ref: '#/components/parameters/Authorization'
- At version 1.0.0 the TPP will call this endpoint with the account IBAN,$ref: '#/components/parameters/x-customer-user-agent'
- $ref: '#/components/parameters/x-fapi-auth-date'
- which will be used to resolve the correct URL with which to make the CoP$ref: '#/components/parameters/x-fapi-customer-ip-address'
- $ref: '#/components/parameters/x-fapi-interaction-id'
responses:
operation. '200':
parameters: - $ref: '#/components/parameters/Authorization'description: The request has succeeded.
- $refheaders: '#/components/parameters/x-customer-user-agent'
- $ref: '#/components/parameters/x-fapi-auth-date'interaction-id:
- $refrequired: '#/components/parameters/x-fapi-customer-ip-address'false
- $ref: '#/components/parameters/x-fapi-interaction-id' description: An RFC4122 responses:UID used as a correlation id.
'200': descriptionschema:
The request has succeeded. headerstype: string
x-fapi-interaction-idcontent:
required: falseapplication/jwt:
descriptionschema: An
RFC4122 UID used as a correlation id. $ref: '#/components/schemas/NameConfirmationResponseBodySigned'
schema: '400':
typedescription: Bad stringrequest
contentheaders:
application/jwtx-fapi-interaction-id:
schemarequired: true
$refdescription: >-An RFC4122 UID used as a correlation id.
#/components/schemas/DiscoverVerificationSourceResponseBodySigned schema:
'400': descriptiontype: Bad requeststring
headerscontent:
x-fapi-interaction-idapplication/jwt:
requiredschema:
true description$ref: An RFC4122 UID used as a correlation id.
'#/components/schemas/AEErrorSignedResponse'
'401':
schemadescription: Unauthorized
headers:
type: string x-fapi-interaction-id:
content: application/jwt:required: true
schemadescription: An RFC4122 UID used as a correlation id.
schema:
$reftype: '#/components/schemas/AEErrorSignedResponse'string
'401403':
description: UnauthorizedForbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403'content:
description: Forbidden application/jwt:
headers: schema:
x-fapi-interaction-id: $ref: '#/components/schemas/AEErrorSignedResponse'
required: true '404':
description: Not Anfound
RFC4122 UID used as a correlation id. headers:
schema: x-fapi-interaction-id:
typerequired: stringtrue
content: description: An RFC4122 UID used as a application/jwt:correlation id.
schema:
$reftype: '#/components/schemas/AEErrorSignedResponse'string
'404405':
description: Method Not foundAllowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405406':
description: Method Not AllowedAcceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406415':
description: NotUnsupported Media AcceptableType
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415429':
description: UnsupportedToo MediaMany TypeRequests
headers:
x-fapi-interaction-idretry-after:
required: true
description: AnNumber RFC4122in UIDseconds used as a correlation id.to wait
schema:
type: stringinteger
'429': descriptionformat: Tooint64
Many Requests headers:
retry-afterx-fapi-interaction-id:
required: true
description: Number in seconds to waitAn RFC4122 UID used as a correlation id.
schema:
type: string
integer '500':
format: int64 description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500'content:
description application/jwt:
Internal Server Error headersschema:
x-fapi-interaction-id: $ref: '#/components/schemas/AEErrorSignedResponse'
requestBody:
required: true required: true
descriptioncontent:
An RFC4122 UID used as a correlation id. application/jwt:
schema:
$ref: type: string'#/components/schemas/NameConfirmationRequestBodySigned'
security:
content: - TPPOAuth2Security:
application/jwt: - openid
schema: - confirmation-of-payee
/discovery:
$refpost:
'#/components/schemas/AEErrorSignedResponse' requestBodytags:
required:- trueDiscovery Operations
contentoperationId: ConfirmationOfPayeeDiscovery_signedDiscoveryRequest
summary: Discover the application/jwt:LFI that will confirm the payee attributes
schemadescription: >-
Before a Confirmation of Payee $ref: '#/components/schemas/DiscoverVerificationSourceRequestBodySigned'
security:(CoP) operation takes place the TPP will
need to -resolve TPPOAuth2Security:the LFI that will service the account properties
- openid request. This requirement is based on the separation of concerns
- confirmation-of-payee /confirmation-of-payee/v1/verification:
post:
tags:
implemented in the OFP, which ensures that the APIs for a given LFI are
- Verification always physically separated.
operationId: ConfirmationOfPayeeVerification_signedVerificationRequest At summary: Verifyversion 1.0.0 the accountTPP detailswill basedcall onthis theendpoint parameterswith suppliedthe account IBAN,
description: >- which will be used to Provideresolve the propertiescorrect thatURL canwith be usedwhich to verifymake the CoP
payee account. operation.
At version 1.0.0 this will be the account name and IBAN. Future version
of this API may support verification through other identifiers.
parameters:
- $ref: '#/components/parameters/Authorization'
- $ref: '#/components/parameters/x-customer-user-agent'
- $ref: '#/components/parameters/x-fapi-auth-date'
- $ref: '#/components/parameters/x-fapi-customer-ip-address'
- $ref: '#/components/parameters/x-fapi-interaction-id'
responses:
'200':
description: The request has succeeded.
headers:
x-fapi-interaction-id:
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: ' >-
#/components/schemas/NameVerificationResponseBodySigned'DiscoverConfirmationSourceResponseBodySigned
'400':
description: Bad request
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/AEErrorSignedResponse'
'401':
description: Unauthorized
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'403':
description: Forbidden
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/AEErrorSignedResponse'
'404':
description: Not found
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'405':
description: Method Not Allowed
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'406':
description: Not Acceptable
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'415':
description: Unsupported Media Type
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'429':
description: Too Many Requests
headers:
retry-after:
required: true
description: Number in seconds to wait
schema:
type: integer
format: int64
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
'500':
description: Internal Server Error
headers:
x-fapi-interaction-id:
required: true
description: An RFC4122 UID used as a correlation id.
schema:
type: string
content:
application/jwt:
schema:
$ref: '#/components/schemas/AEErrorSignedResponse'
requestBody:
required: true
content:
application/jwt:
schema:
$ref: '#/components/schemas/NameVerificationRequestBodySignedDiscoverConfirmationSourceRequestBodySigned'
security:
- TPPOAuth2Security:
- openid
- confirmation-of-payee
components:
parameters:
Authorization:
name: authorization
in: header
required: true
description: An authorization Token as per https://tools.ietf.org/html/rfc6750
schema:
type: string
x-customer-user-agent:
name: x-customer-user-agent
in: header
required: false
description: Indicates the user-agent that the User is using.
schema:
type: string
x-fapi-auth-date:
name: x-fapi-auth-date
in: header
required: false
description: >-
The time when the User last logged in with the TPP.
All dates in the HTTP headers are represented as RFC 7231 Full Dates. An
example is below:
Sun, 10 Sep 2017 19:43:31 UTC
schema:
type: string
pattern: >-
^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2}
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4}
\d{2}:\d{2}:\d{2} (GMT|UTC)$
x-fapi-customer-ip-address:
name: x-fapi-customer-ip-address
in: header
required: false
description: The User's IP address if the User is currently logged in with the TPP.
schema:
type: string
x-fapi-interaction-id:
name: x-fapi-interaction-id
in: header
required: false
description: An RFC4122 UID used as a correlation id.
schema:
type: string
schemas:
AEAccountDiscoveryAEAccountConfirmationRequest:
type: object
required:
- IdentificationTypeData
properties:
- Identification propertiesData:
IdentificationType: $ref: '#/components/schemas/AEAccountConfirmationRequestProperties'
additionalProperties: type:false
string AEAccountConfirmationRequestProperties:
enumoneOf:
- $ref: '#/components/schemas/AEIbanConfirmationProperties'
- UAEOF.IBAN - $ref: '#/components/schemas/AEAccountNumberConfirmationProperties'
Identification: discriminator:
type: string propertyName: IdentificationType
minLengthmapping:
1 maxLengthUAEOF.IBAN: 400'#/components/schemas/AEIbanConfirmationProperties'
descriptionUAEOF.AccountNumber: >-'#/components/schemas/AEAccountNumberConfirmationProperties'
AEAccountConfirmationResponse:
type: Identificationobject
for the account assigned by the LFIrequired:
based on the - Data
Account Scheme Name, and- asLinks
understood by the payer. This - Meta
properties:
identification is known by the User account owner. For IBAN, refer Data:
$ref: '#/components/schemas/AEAccountConfirmationResponseProperties'
toLinks:
the ISO Standard 13616. additionalProperties: false$ref: '#/components/schemas/LinksSelf'
AEAccountNameMatchIndicatorsMeta:
type: string $ref: '#/components/schemas/Meta'
additionalProperties: false
enum AEAccountConfirmationResponseProperties:
type: object
- UAEOF.ConfirmationOfPayee.Yes required:
- UAEOF.ConfirmationOfPayee.No - AEAccountNameVerificationProperties:AccountNameMatchIndicator
oneOfproperties:
- $refAccountNameMatchIndicator:
'#/components/schemas/AEPersonalAccountNameVerificationProperties' - $ref: '#/components/schemas/AEBusinessAccountNameVerificationPropertiesAEAccountNameMatchIndicators'
AEAccountVerificationProperties: MaskedAccountName:
type: object requiredtype: string
- IdentificationType minLength: 1
- Identification maxLength: 70
- Name description: properties:>-
IdentificationType: The masked matched account name. This is type:provided stringto allow the User
enum: to review the account name return from the -Confirmation UAEOFoperation.IBAN
additionalProperties: false
Identification: AEAccountDiscoveryByBankCode:
type: stringobject
required:
minLength: 1 - IdentificationType
maxLength: 400 - BankCode
descriptionproperties:
>- IdentificationType:
Identification for the account assigned bytype: thestring
LFI based on the enum:
Account Scheme Name, and as understood by the- payerUAEOF.BankCode
This BankCode:
identification is known by the User account owner. For IBAN, refer type: string
pattern: ^[0-9]{3}$
description: >-
Bank identification tocode theissued ISOby StandardCBUAE 13616.that identifies the LFI at
Name: which the account $ref: '#/components/schemas/AEAccountNameVerificationProperties'is held
additionalProperties: false
AEBusinessAccountNameVerificationPropertiesAEAccountDiscoveryByIban:
type: object
required:
- BusinessName IdentificationType
- Identification
properties:
BusinessNameIdentificationType:
type: string
minLengthenum:
1 maxLength: 140- UAEOF.IBAN
descriptionIdentification:
The business name of the account holder, as understood bytype: thestring
payer description: The properties requiredminLength: to1
verify a business account additionalPropertiesmaxLength: false
400
AEError: typedescription: object>-
required: Identification for the -account Codeassigned by the LFI based on the
- Message properties: Account Scheme Name, and as understood Code:by the payer. This
allOf: identification is known by the User account owner. -For $ref: '#/components/schemas/AEErrorCode'IBAN, refer
description: Low levelto textualthe errorISO code,Standard e13616.g.,
UAEOF.Field.Missing additionalProperties: false
Message: AEAccountNameConfirmationProperties:
typeoneOf:
string - minLength$ref: 1'#/components/schemas/AEPersonalAccountNameConfirmationProperties'
- maxLength: 500$ref: '#/components/schemas/AEBusinessAccountNameConfirmationProperties'
AEAccountNameMatchIndicators:
descriptiontype: >-string
enum:
A description of the error that occurred. e.g., 'A mandatory field- UAEOF.ConfirmationOfPayee.Yes
- UAEOF.ConfirmationOfPayee.No
isn't supplied' or 'RequestedExecutionDateTime must be in future' description: >-
Indicator for whether the payee name is matched with the UAEOFaccount doesn'tname
standardise this field held at the LFI
Path: AEAccountNumberConfirmationProperties:
type: stringobject
required:
minLength: 1 - IdentificationType
maxLength: 500 - Identification
description: >- BankCode
- Name
Recommended but optional referenceproperties:
to the JSON Path of the field IdentificationType:
withtype: error, e.g., Data.Initiation.InstructedAmount.Currencystring
Urlenum:
type: string - UAEOF.AccountNumber
descriptionIdentification:
>- type: string
URL to help remediate the problem, or provide more information,minLength: or1
maxLength: 400
to API Reference, or help etc description: Error>-
additionalProperties: false AEErrorCode:Identification for the account assigned by the LFI based type: stringon the
enum: Account Scheme Name, and as understood by -the UAEOF.AccessToken.Unauthorizedpayer. This
- UAEOF.AccessToken.InvalidScope identification is known by the User -account UAEOF.Consentowner.Revoked For IBAN, refer
- UAEOF.Consent.TransientAccountAccessFailure to the ISO -Standard UAEOF.Consent.AccountTemporarilyBlocked13616.
BankCode:
- UAEOF.Consent.PermanentAccountAccessFailure type: string
- UAEOF.Consent.Invalid pattern: ^[0- UAEOF.JWS.InvalidSignature9]{3}$
description: >-
UAEOF.JWS.Malformed - UAEOF.JWS.InvalidClaim
- UAEOF.JWS.InvalidHeader Bank identification code issued by CBUAE that identifies the LFI at
- UAEOF.GenericRecoverableError which the account is held
- UAEOF.GenericError Name:
- UAEOF.JWE.DecryptionError $ref: '#/components/schemas/AEAccountNameConfirmationProperties'
- UAEOF.JWE.InvalidHeader additionalProperties: false
- UAEOF.Event.UnexpectedEvent AEBusinessAccountNameConfirmationProperties:
type: object
- UAEOF.Body.InvalidFormat required:
- UAEOF.Resource.InvalidResourceId - BusinessName
- UAEOF.Resource.InvalidFormat properties:
- UAEOF.Consent.BusinessRuleViolation BusinessName:
AEErrorResponse: type: objectstring
required: minLength: 1
- Errors propertiesmaxLength: 140
Errors: description: The business name of the account holder, type:as arrayunderstood by the payer
itemsdescription: The properties required to verify a business account
$ref: '#/components/schemas/AEError' additionalProperties: false
minItemsAEConfirmationDiscovery:
1 descriptiononeOf:
>- - An array of detail error codes, and messages, and URLs to documentation
$ref: '#/components/schemas/AEAccountDiscoveryByIban'
- $ref: '#/components/schemas/AEAccountDiscoveryByBankCode'
discriminator:
to help remediation. additionalPropertiespropertyName: falseIdentificationType
AEErrorSignedResponse: mapping:
type: object requiredUAEOF.IBAN: '#/components/schemas/AEAccountDiscoveryByIban'
- iss UAEOF.BankCode: '#/components/schemas/AEAccountDiscoveryByBankCode'
AEConfirmationDiscoveryRequest:
- exp type: object
- nbfrequired:
- messageData
properties:
issData:
type$ref: string'#/components/schemas/AEConfirmationDiscovery'
additionalProperties: false
descriptionAEConfirmationDiscoveryResponse:
>- type: object
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1) required:
exp:- Data
type: number- Links
- Meta
description: >-properties:
Data:
[https$ref: '#//www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)components/schemas/AEConfirmationSourceProperties'
nbfLinks:
type: number$ref: '#/components/schemas/LinksSelf'
Meta:
description$ref: >-'#/components/schemas/Meta'
additionalProperties: false
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)AEConfirmationSourceProperties:
type: object
required:
- AuthorizationServerUrl
- ResourceServerUrl
properties:
AuthorizationServerUrl:
type: string
minLength: 1
maxLength: 500
description: >-
Authorization Server URL at which an Access Token to invoke the
Confirmation of Payee operation should be sought
ResourceServerUrl:
type: string
minLength: 1
maxLength: 500
description: >-
Resource Server URL at which the Confirmation of Payee operation
should be invoked
additionalProperties: false
AEError:
type: object
required:
- Code
- Message
properties:
Code:
allOf:
- $ref: '#/components/schemas/AEErrorCode'
description: Low level textual error code, e.g., UAEOF.Field.Missing
Message:
type: string
minLength: 1
maxLength: 500
description: >-
A description of the error that occurred. e.g., 'A mandatory field
isn't supplied' or 'RequestedExecutionDateTime must be in future'
UAEOF doesn't standardise this field
Path:
type: string
minLength: 1
maxLength: 500
description: >-
Recommended but optional reference to the JSON Path of the field
with error, e.g., Data.Initiation.InstructedAmount.Currency
Url:
type: string
description: >-
URL to help remediate the problem, or provide more information, or
to API Reference, or help etc
description: Error
additionalProperties: false
AEErrorCode:
type: string
enum:
- UAEOF.AccessToken.Unauthorized
- UAEOF.AccessToken.InvalidScope
- UAEOF.Consent.Revoked
- UAEOF.Consent.TransientAccountAccessFailure
- UAEOF.Consent.AccountTemporarilyBlocked
- UAEOF.Consent.PermanentAccountAccessFailure
aud:- UAEOF.Consent.Invalid
- UAEOF.JWS.InvalidSignature
type: array - UAEOF.JWS.Malformed
items: - UAEOF.JWS.InvalidClaim
type: string - UAEOF.JWS.InvalidHeader
description: >- UAEOF.GenericRecoverableError
- UAEOF.GenericError
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
- UAEOF.JWE.DecryptionError
iat: - UAEOF.JWE.InvalidHeader
type: number- UAEOF.Event.UnexpectedEvent
- UAEOF.Body.InvalidFormat
description: >- - UAEOF.Resource.InvalidResourceId
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6) - UAEOF.Resource.InvalidFormat
message: - UAEOF.Consent.BusinessRuleViolation
$ref: '#/components/schemas/AEErrorResponse'AEErrorResponse:
descriptiontype: Signedobject
error response payload required:
additionalProperties: false - AENameVerificationRequest:Errors
typeproperties:
object requiredErrors:
- Data type: array
properties: items:
Data: $ref: '#/components/schemas/AEAccountVerificationPropertiesAEError'
additionalProperties: false minItems: 1
AENameVerificationResponsedescription: >-
An array of detail error type:codes, objectand messages, and URLs to documentation
required: to help -remediation.
Data additionalProperties: false
- Links AEErrorSignedResponse:
-type: Metaobject
propertiesrequired:
- iss
Data: - exp
$ref: '#/components/schemas/AEVerifiedProperties' - nbf
Links: - message
$ref: '#/components/schemas/LinksSelf' properties:
Metaiss:
$reftype: '#/components/schemas/Meta'string
additionalProperties: false description: >-
AEPersonalAccountNameVerificationProperties: type: object [https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
required: exp:
- GivenName type: number
- LastName properties: description: >-
GivenName: type: string[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
minLength: 1nbf:
maxLengthtype: 70number
description: >-
The given or first name of the account holder, as understood by the[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
payer LastName:
type: string items:
minLengthtype: 1string
maxLengthdescription: 70>-
description: >-[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
The family or surname of thetype: accountnumber
holder, as understood by the description: >-
payer description: The properties required to verify a personal account
additionalProperties: false
AEVerificationDiscovery:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/AEAccountDiscoveryAEErrorResponse'
AEVerificationDiscoveryRequest: description: Signed error response type:payload
object requiredadditionalProperties: false
AEIbanConfirmationProperties:
- Data type: object
properties: required:
Data: - IdentificationType
$ref: '#/components/schemas/AEVerificationDiscovery' - Identification
additionalProperties: false - AEVerificationDiscoveryResponse:Name
typeproperties:
object requiredIdentificationType:
- Data type: string
- Links enum:
- Meta - properties:UAEOF.IBAN
DataIdentification:
$reftype: '#/components/schemas/AEVerificationSourceProperties'string
LinksminLength: 1
$refmaxLength: '#/components/schemas/LinksSelf' 400
Meta:description: >-
Identification for $ref: '#/components/schemas/Meta'
additionalProperties: falsethe account assigned by the LFI based on the
AEVerificationSourceProperties: type:Account objectScheme Name, and as understood by the required:payer. This
- AuthorizationServerUrl identification is known by the -User ResourceServerUrlaccount owner. For IBAN, refer
properties: AuthorizationServerUrl: to the ISO Standard 13616.
type: string Name:
minLength: 1 $ref: '#/components/schemas/AEAccountNameConfirmationProperties'
maxLengthadditionalProperties: 500false
descriptionAEPersonalAccountNameConfirmationProperties:
>- type: object
Authorization Serverrequired:
URL at which an Access Token to invoke the - GivenName
- LastName
Confirmation of Payee operation should be soughtproperties:
ResourceServerUrlGivenName:
type: string
minLength: 1
maxLength: 50070
description: >-
ResourceThe Servergiven URLor at which the Confirmationfirst name of Payeethe operationaccount holder, as understood by the
should be invoked payer
additionalProperties: false AEVerifiedPropertiesLastName:
type: object requiredtype: string
- AccountNameMatchIndicator propertiesminLength: 1
AccountNameMatchIndicator: allOfmaxLength: 70
- $refdescription: '#/components/schemas/AEAccountNameMatchIndicators'>-
description: >- The family or surname of the account holder, as understood by the
Indicator for whether the payee name is matched with the account payer
description: The properties required nameto heldverify ata thepersonal LFIaccount
additionalProperties: false
DiscoverVerificationSourceRequestBodySignedDiscoverConfirmationSourceRequestBodySigned:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/AEVerificationDiscoveryRequestAEConfirmationDiscoveryRequest'
additionalProperties: false
DiscoverVerificationSourceResponseBodySignedDiscoverConfirmationSourceResponseBodySigned:
type: object
required:
- iss
- exp
- nbf
- message object
propertiesrequired:
- iss:
- exp
type: string - nbf
description: >- - message
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)properties:
expiss:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.41](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.41)
nbfexp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
items:
nbf:
type: stringnumber
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.35](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)5)
aud:
type: array
iatitems:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.63](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.63)
messageiat:
$ref: '#/components/schemas/AEVerificationDiscoveryResponse'
additionalProperties: false
DiscoverVerificationSourceSignedRequest:
type: number
type: object required: description: >-
- requestBody properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
requestBodymessage:
$ref: '#/components/schemas/DiscoverVerificationSourceRequestBodySignedAEConfirmationDiscoveryResponse'
additionalProperties: false
LinksSelf:
type: object
required:
- Self
properties:
Self:
$ref: '#/components/schemas/Self'
description: Links relevant to the resource
additionalProperties: false
Meta:
type: object
description: Metadata relevant to the resource
additionalProperties: false
NameVerificationRequestBodySignedNameConfirmationRequestBodySigned:
type: object
required:
- iss
- exp
- nbf
- message
properties:
iss:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)
exp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
nbf:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array
items:
type: string
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)
iat:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
message:
$ref: '#/components/schemas/AENameVerificationRequestAEAccountConfirmationRequest'
additionalProperties: false
NameVerificationResponseBodySignedNameConfirmationResponseBodySigned:
type: object
required:
- iss
- exp
- nbf
- message object
propertiesrequired:
- iss:
- exp
type: string - nbf
description: >- - message
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1)properties:
expiss:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.41](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.41)
nbfexp:
type: number
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
aud:
type: array4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
itemsnbf:
type: stringnumber
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.35](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3)5)
aud:
type: array
iatitems:
type: numberstring
description: >-
[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.63](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.63)
messageiat:
$ref: '#/components/schemas/AENameVerificationResponse'
additionalProperties: false
NameVerificationSignedRequest:
type: number
type: object required: description: >-
- requestBody properties:[https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6)
requestBodymessage:
$ref: '#/components/schemas/NameVerificationRequestBodySignedAEAccountConfirmationResponse'
additionalProperties: false
Self:
type: string
format: uri
description: A link to the current resource
securitySchemes:
TPPOAuth2Security:
type: oauth2
description: >-
TPP confidential client authorization with the LFI to stage a consent.
**Please refer to [OpenID FAPI Security Profile 1.0 -Part 2
Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-server)
- 5.2.2 point 14 - shall authenticate the confidential client using one
of the following methods private_key_jwt and [OpenID Connect Core
1.0](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
9. Client Authentication private_key_jwt**
flows:
clientCredentials:
tokenUrl: https://authserver.example/token
scopes:
openid: Activates OpenID Connect Support
confirmation-of-payee: Right to invoke a Confirmation of Payee operation
accounts: Ability to read Accounts Information
insurance: Right to read insurance policies
servers:
- url: /open-finance/confirmation-of-payee/v1.0-draft4
description: Default URL
variables: {}
| 