Versions Compared

Version Old Version 6 New Version Current
Changes made by

David Plews

Chris Michael

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Author

...

Chris Michael David Plews

...

Version

...

1.0

...

Classification

...

Public

...

  1. A User will initiate a consent from a TPP's mobile or web app.

  2. The User will be redirected to the LFI's mobile or web app to authorise the consent.

    1. The LFI need to adapt their mobile and/or web app to receive the redirect and parameters passed over from the TPP

    2. The LFI will use the API Hub Authorisation Server to verify the request and the parameters

  3. The User will go through SCA (Strong Customer Authentication), review the consent, and authorise/reject it.

    1. The LFI needs to adapt their mobile and/or web app to display the consent authorisation screens.

    2. Each consent type will have different information to display to the user

    3. All screens and the required UX guideline will be provided as part of the Open Finance Standards

    4. The LFI will use the Consent Manager and the Authorisation Server to communicate the outcome of the consent authorisation.

    5. The User will be redirected back to the TPP's mobile or web app.

    6. The API Hub will generate the redirect url & access token

  4. The TPP will receive an access token to allow appropriate actions under the conditions of the consent on the User's account(s).

    1. The Ozone Connect API will be responsible for serving data for action service initiation

...

3.1 API Hub Network Diagram

APIHubNetwordDiagram.pngImage RemovedAPIHubNetwordDiagram.pngImage Added

3.2 Infrastructure

...

  1. Provide a single industry sandbox which simulates a single LFI, with rich synthetic data and a postman collection for each API request/response defined in the Open Finance Standard.

  2. Provide each LFI with dedicated Pre-Production and Production API gateways accessible to TPPs.

  3. Ensure that the externally facing API adheres strictly to the Open Finance Standard, including the FAPI security profile, data model, and API operations for each endpoint.

  4. Integrate with the Open Finance Trust Framework (OFTF) to ensure that ONLY licensed TPPs can access the APIs and that they can ONLY access API sets within the scope of their licensed role(s).

  5. Manage the User’s consent, to act as the single source of truth regarding this consent and to ensure that the TPP can only access APIs (for account informationdata sharing, service initiation or insurance) within the parameters of this consent.

  6. Provide the CBUAE with all required reporting regarding usage, availability and performance.

...

The following sequence diagrams explain the interactions between the User, the TPP, the API Hub and the LFI.

AccountInformationServices.pngImage Removed
Expand
titleAccount Information Services
Bank Data Sharing
AccountInformationServices.pngImage Added

Expand
titleBank Payment initiation
PaymentInitiation.pngImage RemovedPaymentInitiation.pngImage Added

3.5 Key API Hub Components

In order to deliver the end to end journey for the User, the following APIs will be deployed.

  • The Authorisation Server and Consent Manager is built, deployed and maintained by Ozone.

  • The LFI is expected to build, deploy and maintain screens on their mobile and/or web app to support the Consent Authorisation flow.

  • The LFI is expected to build, deploy and maintain the Ozone Connect API for Data Sharing and Service Initiation.

Component

Provider

Consumer

Interface

Description

Connection

Usage

Authorisation Server

API Hub

LFI

API

  • Swagger specification will be made available

  • Exposes endpoints to the LFI to support:

    • Consent Autorisation FlowAuthorisation

    • Access token issuing

MTLS

Authorisation Flow

Consent Manager

API Hub

LFI

API

  • Swagger specification will be made available

  • TPPs do not connect to the consent manager directly

  • Exposes endpoints to the LFI to support:

    • Consent Autorisation FlowAuthorisation

    • Consent management and reporting

MTLS

Authorisation Flow

Consent Dashboard

Ozone Connect

LFI

API Hub

API

  • Swagger specification will be made available for Account InformationData Sharing, Service Initiation and Insurance

  • TPPs do not connect to the Ozone Connect API directly

  • The Ozone Connect API is an interface on top of the LFI core banking system. LFIs will be responsible for the mapping between their core banking system and the Ozone Connect API specification

  • LFIs only implement the Ozone Connect API endpoints to support their existing offering i.e
    Account InformationData Sharing: Accounts, Balance, Transactions etc

    Service Initiation: Domestic payment, Standing Orders, International Payments etc
    Insurance: Motor insurance quotes

MTLSAccount

InformationData Sharing

Service Initiation

Insurance

...

  1. LFI and Ozone each deploy environment infrastructure for Pre-Production and Production

  2. LFI creates certificates using the OFTF - Ozone to provide guidance

  3. LFI and Ozone verifies MTLS connectivity in both directions

    1. LFI to the Consent Manager and Authorisation server

    2. Ozone to the LFI Ozone Connect server

  4. LFI builds the Consent Authorisation flows by adapting their existing mobile and/or web apps

  5. LFI builds the Ozone Connect API integrated with their Core Banking systems

  6. Certification and go Testing, CX certification

  7. Go live

4.3 API Hub

...

User Guide

The API Hub Software Development Kit (SDK) will include:

  1. Detailed Sequence Diagrams

  2. API Hub Integration Overview for LFIs

  3. https://openfinanceuae.atlassian.net/wiki/spaces/OFPDocv1/pages/edit-v2/101482510#3.4-Sequence-Diagrams

  4. API Hub LFI Implementation Plan

  5. API Hub Consent Manager API Specification

  6. API Hub Authorisation Server API Specification

  7. API Hub Ozone Connect API Specification Connectivity Requirements & Guides- Data Sharing

  8. API Hub Ozone Connect API Specification - Service Initiation

  9. API Hub Admin Portal - LFI User Guide

  10. API Hub Reporting Datasets

  11. Postman collection to simulate TPP journey and LFI / Ozone integration

  12. Supporting documentation - FAQs, video tutorials, data mapping etc

  13. API Hub Admin Portal User Guide

Additionally the Open Finance Standards will define the required UX for Consent Authorisation including

4.4 Support for LFIs

Ozone will engage with LFIs who are onboarding onto the OFP via a series of open engagement sessions. These will be technically focused session and should be attended by the LFI’s technical teams. Dates and timing will be comminuted in due course. Ozone will then conduct bilateral sessions providing one-to-one support and guidance to LFIs through the integration lifecycle.

...