openapi: 3.0.1
servers:
- url: https://{your-cm-server}
description: Consent manager for the tenant
info:
title: Ozone Connect - Service Initiation APIs
description: |
This document provides the OAS3 specification for Service Initiation APIs for Ozone Connect.
These APIs should be implemented by a Financial Institution so that Ozone can deliver Service Initiation capabilities to TPPs
#### Changes in Release 2024.34
Introduced new endpoint Get /payment-consents/{consentId}/refund.
Cosmetic changes - Request Response Changes
contact:
name: Ozone Financial Technology Limited
version: Release 2024.34
tags:
- name: payments
description: |
APIs that should be implemented by Financial Institutions to expose Service Initiation capability to TPPs.
paths:
/payments:
post:
tags:
- payments
summary: Make a payment
description: |
This API is called by Ozone Connect to instruct a Financial Institution to initiate a payment once it has received a payment
instruction from a TPP that has passed all local validations.
The Financial Institution must process the payment and indicate a failure response (if the payment fails technical validation) or a
success response (if the payment passess technical validation and is submitted to the payment rails for processing)
The Financial Institution must generate a unique `PaymentId` that can be sent on to the TPP as a reference for the payment.
If the underlying consent has been patched with a `bankConnectToken`, then the token is passed in as the authorization header.
operationId: makePayment
parameters:
# common header parameters that set context
- $ref: "#/components/parameters/providerId"
- $ref: "#/components/parameters/aspspId"
- $ref: "#/components/parameters/callerOrgId"
- $ref: "#/components/parameters/callerClientId"
- $ref: "#/components/parameters/callerSoftwareStatementId"
- $ref: "#/components/parameters/apiUri"
- $ref: "#/components/parameters/apiOperation"
- $ref: "#/components/parameters/consentId"
- $ref: "#/components/parameters/callerInteractionId"
- $ref: "#/components/parameters/ozoneInteractionId"
- $ref: "#/components/parameters/psuIdentifier"
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/PaymentPostRequest"
responses:
'201':
description: successful operation
content:
application/json:
schema:
$ref: "#/components/schemas/AEPaymentIdResponse"
'400':
description: failed operation
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
security:
- bearerAuth: []
/payments/:paymentId:
get:
operationId: getPayment
tags:
- payments
summary: Get a payment
description: |
Ozone can call this API from Financial Institutions to retrieve payment information.
parameters:
# common header parameters that set context
- $ref: "#/components/parameters/providerId"
- $ref: "#/components/parameters/aspspId"
- $ref: "#/components/parameters/callerOrgId"
- $ref: "#/components/parameters/callerClientId"
- $ref: "#/components/parameters/callerSoftwareStatementId"
- $ref: "#/components/parameters/apiUri"
- $ref: "#/components/parameters/apiOperation"
- $ref: "#/components/parameters/consentId"
- $ref: "#/components/parameters/callerInteractionId"
- $ref: "#/components/parameters/ozoneInteractionId"
- $ref: "#/components/parameters/psuIdentifier"
responses:
'200':
description: successful operation
content:
application/json:
schema:
$ref: "#/components/schemas/AEPaymentIdResponse"
'400':
description: failed operation
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
/payments/:paymentId/report-file:
get:
tags:
- payments
summary: report file for bulk payments
description: |
This API is called by Ozone Bank Connect to get a report file for a set of bulk payments
operationId: reportFile
parameters:
# common header parameters that set context
- $ref: "#/components/parameters/providerId"
- $ref: "#/components/parameters/aspspId"
- $ref: "#/components/parameters/callerOrgId"
- $ref: "#/components/parameters/callerClientId"
- $ref: "#/components/parameters/callerSoftwareStatementId"
- $ref: "#/components/parameters/apiUri"
- $ref: "#/components/parameters/apiOperation"
- $ref: "#/components/parameters/consentId"
- $ref: "#/components/parameters/callerInteractionId"
- $ref: "#/components/parameters/ozoneInteractionId"
- $ref: "#/components/parameters/psuIdentifier"
responses:
'200':
description: successful operation
content:
'*/*':
schema:
type: string
description: Any content type.
'400':
description: failed operation
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
security:
- bearerAuth: []
/payment-consents/{consentId}/refund:
get:
tags:
- payments
summary: Retrieve a Payment Consent
description: |
Ozone can call this API from Financial Institutions to retrieve payment information.
parameters:
# common header parameters that set context
- $ref: "#/components/parameters/providerId"
- $ref: "#/components/parameters/aspspId"
- $ref: "#/components/parameters/callerOrgId"
- $ref: "#/components/parameters/callerClientId"
- $ref: "#/components/parameters/callerSoftwareStatementId"
- $ref: "#/components/parameters/apiUri"
- $ref: "#/components/parameters/apiOperation"
- $ref: "#/components/parameters/consentId"
- $ref: "#/components/parameters/callerInteractionId"
- $ref: "#/components/parameters/ozoneInteractionId"
- $ref: "#/components/parameters/psuIdentifier"
- name: consentId
in: path
schema:
type: string
required: true
description: |
Identifies the consent by an id
responses:
'200':
description: successful operation
content:
application/json:
schema:
$ref: "#/components/schemas/RefundGetResponse"
'400':
description: failed operation
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
components:
schemas:
PaymentPostRequest:
type: object
properties:
requestUrl:
type: string
description: |
The (Ozone) URL at which the TPP requested for the payment
paymentType:
$ref: "#/components/schemas/PaymentType"
request:
$ref: "#/components/schemas/AEPaymentAndFilePaymentRequest"
requestHeaders:
$ref: "#/components/schemas/PaymentRequestHeaders"
tpp:
$ref: "#/components/schemas/tpp"
supplementaryInformation:
$ref: "#/components/schemas/SupplementaryInformation"
required:
- paymentType
- request
- requestHeaders
- tpp
additionalProperties: false
AEPaymentAndFilePaymentRequest:
description: The payment request body as received from the TPP
oneOf:
- $ref: "#/components/schemas/AEPaymentRequest"
- $ref: "#/components/schemas/AEFilePaymentRequest"
AEPaymentRequest:
description: |
Payment Request Schema
type: "object"
additionalProperties: false
required:
- "Data"
properties:
Data:
type: "object"
additionalProperties: false
required:
- "ConsentId"
- "Instruction"
- "PersonalIdentifiableInformation"
- "PaymentPurposeCode"
properties:
ConsentId:
$ref: "#/components/schemas/AEConsentId"
Instruction:
$ref: "#/components/schemas/AEPaymentInstruction"
CurrencyRequest:
$ref: "#/components/schemas/AECurrencyRequest"
PersonalIdentifiableInformation:
$ref: "#/components/schemas/AEJWEPaymentPII"
PaymentPurposeCode:
$ref: "#/components/schemas/AEPaymentPurposeCode"
DebtorReference:
$ref: "#/components/schemas/AEStructuredDebtorReference"
CreditorReference:
$ref: "#/components/schemas/AEStructuredCreditorReference"
AEJWEPaymentPII:
type: string
description: |2-
A JSON Web Encryption (JWE) object, which encapsulates a JWS. The value is a compact serialization
of a JWE, which is a string consisting of five base64url-encoded parts joined by dots. It encapsulates encrypted content using JSON data structures.
The decrypted JWS content has the structure of the AEPaymentPII schema.
AEConsentId:
type: string
minLength: 1
maxLength: 128
description: >-
Unique identification assigned by the TPP to identify the consent
resource.
AEFilePaymentRequest:
description: |
File Payment Request Schema
type: "object"
additionalProperties: false
required:
- "Data"
properties:
Data:
type: "object"
additionalProperties: false
required:
- "ConsentId"
- "PaymentPurposeCode"
properties:
ConsentId:
$ref: "#/components/schemas/AEConsentId"
Instruction:
$ref: "#/components/schemas/AEFilePaymentConsent"
PaymentPurposeCode:
$ref: "#/components/schemas/AEPaymentPurposeCode"
DebtorReference:
$ref: "#/components/schemas/AEStructuredDebtorReference"
AEFilePaymentConsent:
type: "object"
description: |
A file based payment consent.
A Consent definition for defining Multi Payments
required:
- "FileType"
- "FileHash"
- "NumberOfTransactions"
- "ControlSum"
properties:
FileType:
$ref: "#/components/schemas/AEFileType"
FileHash:
$ref: "#/components/schemas/AEFileHash"
FileReference:
$ref: "#/components/schemas/AEReference"
NumberOfTransactions:
$ref: "#/components/schemas/AEFileNumberOfTransactions"
ControlSum:
$ref: "#/components/schemas/AEControlSum"
RequestedExecutionDate:
$ref: "#/components/schemas/AERequestedExecutionDate"
additionalProperties: false
AERequestedExecutionDate:
description: |
The date when the TPP expects the LFI to execute the payment.
The date must be in the future and cannot be on the same day or a day in the past.
The maximum date in the future that can be specified is 1 year from the day of the consent of the User to the TPP.
All dates in the JSON payloads are represented in ISO 8601 date format.
type: "string"
format: "date"
AEFileNumberOfTransactions:
type: "integer"
description: |
Number of individual transactions contained in the payment information group.
AEControlSum:
description: |
Total of all individual amounts included in the group, irrespective of currencies.
type: "string"
pattern: "^\\d{1,16}\\.\\d{2}$"
example: "100.00"
AEReference:
description: |
A reason or reference in relation to a payment.
Reason or reference for the beneficiary regarding the Payment
type: "string"
minLength: 1
maxLength: 120
AEFileType:
type: "string"
description: "Specifies the payment file type"
minLength: 1
maxLength: 40
AEFileHash:
type: "string"
description: "A base64 encoding of a SHA256 hash of the file to be uploaded."
minLength: 1
maxLength: 44
AEStructuredCreditorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Creditor reference consisting of:
* TPP ID and BIC for the Debtor Account, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must first omit or truncate the freeform element of the reference.
type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
AEPaymentInstruction:
type: "object"
additionalProperties: false
required:
- "Amount"
- "PaymentSequenceNumber"
description: "The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor for a single payment."
properties:
Amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
PaymentSequenceNumber:
$ref: "#/components/schemas/AEPaymentSequenceNumber"
AEPaymentSequenceNumber:
type: "string"
description: |
This indicates the underlying sequence of the recurring payment that is being instructed.
For example:
* 1 can represent the first payment instruction
* 12 can represent the twelfth payment instruction
minLength: 1
maxLength: 10
pattern: "^[1-9]\\d*$"
RequestHeaders:
type: object
description: |
The entire set of HTTP request headers that was received by Ozone from the TPP
additionalProperties: true
Request:
type: object
description: |
The entire HTTP request body that was received by Ozone from the TPP.
The type can be used to identify the schema
that should be used to validate the request. (These schemas are defined by the
underlying standard)
additionalProperties: true
PaymentType:
type: string
description: |
The type of the payment that is being created.
Each LFI's instance may support a different set of payment types
depending on the standards supported.
For example,
- cbuae-payment (Single Instant Payment, Multi Payment - Fixed and Variable Recurring Payment, Future Dated Payment etc)
- cbuae-file-payment
PaymentRequestHeaders:
type: object
description: |
The entire set of HTTP request headers that was received by Ozone from the TPP
additionalProperties: true
tpp:
type: object
description: |
The TPP record as held by Ozone.
If Ozone TPP Connect has been integrated into a directory, the `directoryRecord` provides the TPP's directory record as held by Ozone in base 64 encoded format.
required:
- clientId
- orgId
- softwareStatementId
- tppName
properties:
clientId:
type: string
description: The clientId for the TPP as issued by Ozone
orgId:
type: string
description: The organization id for the TPP
softwareStatementId:
type: string
description: The organization id for the TPP
tppName:
type: string
description: The name of the TPP
directoryRecord:
type: string
description: The latest copy of the TPP directory record if the TPP has registered with a directory
additionalProperties: false
SupplementaryInformation:
type: object
description: |
The `SupplementaryInformation` object may have arbitrary custom fields that a Financial Institution may use
additionalProperties: true
AEPaymentIdResponse:
description: |
The payment response to be passed on to the TPP.
The structure of this response is aligned to the structure of the response for the CBUAE payment initiation API.
type: "object"
additionalProperties: false
required:
- "data"
properties:
data:
type: "object"
description: "Required fields are common for all the payments including file payment. Apart from that, paymentTransactionId is required for all payments except file payments"
additionalProperties: false
required:
- "id"
- "status"
- "statusUpdateDateTime"
- "creationDateTime"
- "paymentPurposeCode"
properties:
id:
type: string
consentId:
type: string
paymentTransactionId:
type: string
status:
type: string
enum:
- "Pending"
- "AcceptedSettlementCompleted"
- "AcceptedCreditSettlementCompleted"
- "AcceptedWithoutPosting"
- "Rejected"
- "Received"
statusUpdateDateTime:
type: string
format: date-time
creationDateTime:
type: string
format: date-time
charges:
$ref: "#/components/schemas/AECharges"
exchangeRate:
$ref: "#/components/schemas/AEExchangeRateInformation"
currencyRequest:
$ref: "#/components/schemas/AECurrencyRequest"
instruction:
$ref: "#/components/schemas/AEPaymentInstruction"
paymentPurposeCode:
$ref: "#/components/schemas/AEPaymentPurposeCode"
debtorReference:
$ref: "#/components/schemas/AEStructuredDebtorReference"
meta:
$ref: "#/components/schemas/Meta"
AECharges:
type: "array"
items:
type: "object"
additionalProperties: false
description: |
Set of elements used to provide details of a charge for the payment initiation.
* For Payments, these Charges are on the Debtor.
required:
- "chargeBearer"
- "type"
- "amount"
properties:
chargeBearer:
$ref: "#/components/schemas/AEChargeBearerType1Code"
type:
$ref: "#/components/schemas/AEExternalPaymentChargeTypeCode"
amount:
$ref: "#/components/schemas/AEActiveCurrencyAmount"
AEChargeBearerType1Code:
description: "Specifies which party/parties will bear the charges associated with the processing of the payment transaction."
type: "string"
enum:
- "BorneByCreditor"
- "BorneByDebtor"
- "FollowingServiceLevel"
- "Shared"
AEExternalPaymentChargeTypeCode:
description: "Charge type, in a coded form."
type: "string"
enum:
- "VAT"
- "Fees"
AEActiveCurrencyAmount:
description: |
The Currency and Amount relating to the Payment, Refund or Request to Pay
type: "object"
required:
- "amount"
- "currency"
properties:
amount:
$ref: "#/components/schemas/AEActiveOrHistoricAmount"
currency:
$ref: "#/components/schemas/AEActiveOrHistoricCurrencyCode"
AEActiveOrHistoricAmount:
description: "A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217."
type: "string"
pattern: "^\\d{1,16}\\.\\d{2}$"
example: "100.00"
AEActiveOrHistoricCurrencyCode:
description: "A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'."
type: "string"
pattern: "^[A-Z]{3,3}$"
example: "AED"
AEExchangeRateInformation:
type: "object"
additionalProperties: false
required:
- "unitCurrency"
- "ExchangeRate"
- "RateType"
description: "Further detailed information on the exchange rate that has been used in the payment transaction."
properties:
unitCurrency:
description: "Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP."
type: "string"
pattern: "^[A-Z]{3,3}$"
exchangeRate:
description: "The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency."
type: "number"
rateType:
description: "Specifies the type used to complete the currency exchange."
type: "string"
enum:
- "Actual"
- "Agreed"
- "Indicative"
contractIdentification:
description: "Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent."
type: "string"
minLength: 1
maxLength: 256
expirationDateTime:
description: "Specified date and time the exchange rate agreement will expire.All dates in the JSON payloads are represented in ISO 8601 date-time format. \nAll date-time fields in responses must include the timezone. An example is below:\n2017-04-05T10:43:07+00:00"
type: "string"
format: "date-time"
AECurrencyRequest:
description: |
The details of the non-local currency or FX request that has been agreed between the User and the TPP.
The requested ChargeBearer and ExchangeRateInformation are included in this object may be overwritten by the LFI in the returned Consent object.
type: "object"
additionalProperties: false
required:
- "currencyOfTransfer"
properties:
instructionPriority:
description: "Indicator of the urgency or order of importance that the instructing party would like the instructed party to apply to the processing of the instruction."
type: "string"
enum:
- "Normal"
- "Urgent"
extendedPurpose:
description: "Specifies the purpose of an international payment, when there is no corresponding 4 character code available in the ISO20022 list of Purpose Codes."
type: "string"
minLength: 1
maxLength: 140
chargeBearer:
$ref: "#/components/schemas/AEChargeBearerType1Code"
currencyOfTransfer:
description: "Specifies the currency of the to be transferred amount, which is different from the currency of the debtor's account."
type: "string"
pattern: "^[A-Z]{3,3}$"
destinationCountryCode:
description: "Country in which Credit Account is domiciled. Code to identify a country, a dependency, or another area of particular geopolitical interest, on the basis of country names obtained from the United Nations (ISO 3166, Alpha-2 code)."
type: "string"
pattern: "[A-Z]{2,2}"
exchangeRateInformation:
type: "object"
additionalProperties: false
required:
- "unitCurrency"
- "rateType"
description: "Provides details on the currency exchange rate and contract."
properties:
unitCurrency:
description: "Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP."
type: "string"
pattern: "^[A-Z]{3,3}$"
exchangeRate:
description: "The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency."
type: "number"
rateType:
description: "Specifies the type used to complete the currency exchange."
type: "string"
enum:
- "Actual"
- "Agreed"
- "Indicative"
contractIdentification:
description: "Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent."
type: "string"
minLength: 1
maxLength: 256
AEPaymentPurposeCode:
description: A category code that relates to the type of services or goods that corresponds to the underlying purpose of the payment. The code must conform to the published AANI payment purpose code list.
type: "string"
minLength: 1
maxLength: 4
pattern: "^[A-Z]{3}$"
AEStructuredDebtorReference:
description: |
A reason or reference in relation to a payment, set to facilitate a structured Debtor reference consisting of:
* For payments to Merchants: TPP ID, Merchant ID, BIC for the Creditor Account, followed by freeform text to a maximum of 120 characters.
* For other payments: TPP ID and BIC for the Creditor Account, followed by freeform text to a maximum of 120 characters.
The TPP ID value will match the organization ID value from the Trust Framework, and therefore will be a v4 UUID.
The Merchant ID wil be as per the existing IPP rules for the Merchant identification, and will incorporate the Trade License number for the Merchant.
A BIC is specific according to the standard format for ISO 20022, and can therefore be either 8 or 11 characters in length.
If the value of the concatenated string exceeds 120 characters, the TPP must omit or truncate the freeform element of the reference.
oneOf:
- type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},Merchant=[A-Z0-9]{3}-[A-Z]{4}-TL.+-[0-9]{4},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
- type: "string"
minLength: 1
maxLength: 120
pattern: "^TPP=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12},BIC=[A-Z0-9]{4}[A-Z0-9]{2}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}($|,.+$)"
RefundGetResponse:
type: object
properties:
data:
$ref: "#/components/schemas/RefundGetResponseBody"
meta:
$ref: "#/components/schemas/Meta"
RefundGetResponseBody:
type: object
required:
- refundAccount
properties:
consentId:
description: |
Unique identification assigned by the TPP to identify the consent resource.
type: "string"
minLength: 1
maxLength: 128
refundAccount:
$ref: "#/components/schemas/AEDebtorAccount"
AEDebtorAccount:
description: "Unambiguous identification of the account of the debtor to which a debit entry will be made."
type: "object"
required:
- "schemeName"
- "identification"
- "name"
properties:
schemeName:
description: "Name of the identification scheme, in a coded form as published in an external list."
type: "string"
enum:
- "IBAN"
- "AccountNumber"
identification:
description: |
Identification for the account assigned by the LFI based on the Account Scheme Name.
This identification is known by the User account owner.
type: "string"
minLength: 1
name:
$ref: "#/components/schemas/AEName"
AEName:
type: "object"
description: |
The Account Holder Name is the name or names of the Account owner(s) represented at the account level
properties:
en:
type: "string"
description: "English value of the string"
maxLength: 70
ar:
type: "string"
description: "Arabic value of the string"
maxLength: 70
additionalProperties: false
#
# Common types
#
Meta:
type: object
additionalProperties: false
Error:
type: object
properties:
errorCode:
type: string
description: Error code identifying the problem occured
errorMessage:
type: string
description: Message describing what problem has occured
propagateError:
type: boolean
description: optional field if error want to propagate
parameters:
providerId:
name: o3-provider-id
in: header
schema:
type: string
required: true
description: Identifier for the Financial Institution that the request is targetted to
aspspId:
name: o3-aspsp-id
in: header
schema:
type: string
required: true
deprecated: true
description:
Identifier for the financial institution that the request is targetted to.
This header is deprecated and will be removed in a future version of Ozone Connect. Use `o3-provider-id` instead.
callerOrgId:
name: o3-caller-org-id
in: header
schema:
type: string
required: true
description: An identifier for the organization calling the API
callerClientId:
name: o3-caller-client-id
in: header
schema:
type: string
required: true
description: An identifier for the OIDC clientId calling the API
callerSoftwareStatementId:
name: o3-caller-software-statement-id
in: header
schema:
type: string
required: true
description: An identifier for the software statement calling the API
apiUri:
name: o3-api-uri
in: header
schema:
type: string
required: true
description: The parameterised URL of the API being called by the caller
apiOperation:
name: o3-api-operation
in: header
schema:
type: string
required: true
description: The API operation carried out by the caller (e.g. GET, POST, PUT, DELETE, PATCH)
consentId:
name: o3-consent-id
in: header
schema:
type: string
required: true
description: The consentId for which this call is being made
callerInteractionId:
name: o3-caller-interaction-id
in: header
schema:
type: string
required: true
description: The interaction ID passed in by the caller, if any
ozoneInteractionId:
name: o3-ozone-interaction-id
in: header
schema:
type: string
required: true
description: An interaction ID generated by Ozone if the caller did not send in one. If the callerInteractionId is specified, this takes the same value.
psuIdentifier:
name: o3-psu-identifier
in: header
schema:
type: string
required: true
description: A Base64 encoded representation of the psuIdentifier JSON object.
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT |