This is a draft of the UAE Open Finance Standards. It is intended for review only, not for implementation.
1. What's new?
Added data cluster permissions requirements to Customer Data.
Added example user journey of an LFI acting as a TPP and ingesting LFI data to Customer Data.
Added new motor insurance properties, structure, data clusters to Motor Insurance Data Sharing.
Added Event Notifications page to provide guidance on supported events emitted to TPP Webhooks.
Added new pagePay Request (PR) enabled by Open Finance with example of Pay Request functionality enabled by Open Finance
2. What’s changed?
Insurance API updated to include revised examples and guidance on retrieving customer payment details.
Insurance API - OpenAPI Documentation updated to include new motor insurance properties, structure, data clusters, and permissions.
Availability, Performance and Usage Benchmarks updated to define OFP vs LFI responsibilities.
Updated IdentificationType to SchemeName to align with ISO20022
Removed namespace for enumerations “UAEOF.” as there is no need for name-spacing in the UAE ecosystem
Bank Service Initiation updates including:
Updated Status enumeration for the File Payments endpoint /file-payments/{PaymentId} to only Received and Rejected
Updated PayerReference to CreditorReference, and BeneficiaryReference to DebtorReference to align with ISO20022
Add regular expressions that define required data for CreditorReference and DebtorReference to support structured statement narratives.
Removed the MobileNumber from the DebtorAccount and CreditorAccount - as is not required to initiate a payment
Clarified expectations of the x-idempotency-key behaviour - to be idempotent for 24 hours
Added the JSON Web Signature in the ConfirmationOfPayeeResponse for the BeneficiaryIndicators - so that the LFI can verify the Confirmation Of Payee check
Updated AuthorizationExpirationTimeWindow to AuthorizationExpirationDateTime to simplify implementation
Updated AcceptedAuthorizationType from an enumeration of Single, Multi, or Both to be a flag to represent if a Single Authorization flow is requested (IsSingleAuthorization)
Moved all
headoperations togetand refactored response to provide a JSON payload rather than aLocationheader to ensure behaviour is idiomatic.
All API description sequence diagrams have been moved to the API Hub Documentation.
Pushed Authorization Request Endpoint - OpenAPI Documentation updates:
Fixed
Permissionsproperty by move from a single value to an array.Added new Insurance data clusters to the Insurance Rich Authorization Request.
Refactored re-consent objects to only include the Property
ConsentIdfor Bank Data Sharing and Insurance.
Updates in the Limits and Constants page to remove unused definitions and separate Bank Channel limits for Open Finance Standard definitions.
Updates in the Common Rules and Guidelines to align Business Rules with the API specifications.
Changed Confirmation of Payee API and Confirmation of Payee - OpenAPI Documentation:
Use ISO 20022 properties for account details.
Remove support for domestic account numbers and bank codes.