Version | v1.1 2024.11.19 |
|---|---|
Publication Date |
|
Classification | Public |
1. Introduction
This release includes additional endpoints and fixes as outlined below.
2. Postman Files
The Postman files can be downloaded here
Postman Collection TBC
Environment File TBC
3. Supported Endpoints
The above Postman Collection supports the following API endpoints:
3.1 Trust Framework
POST /tpp-registration
3.2 Service Initiation
Single Instant Payment
POST /par
GET /payments
GET /payments/{PaymentId}
GET /payment-consents
GET /payment-consents/{ConsentId}
PATCH /payment-consents/{ConsentId}
POST /payments
Future Dated Payment
POST /par
GET /payments
GET /payments/{PaymentId}
GET /payment-consents
GET /payment-consents/{ConsentId}
PATCH /payment-consents/{ConsentId}
POST /payments
3.3 Bank Data Sharing
Account Data
POST /par
GET /accounts/{AccountId}
GET /accounts
GET /account-access-consents
GET /account-access-consents/{ConsentId}
GET /accounts/{AccountId}/consents
PATCH /account-access-consents/{ConsentId}
Balance Data
POST /par
GET /accounts/{AccountId}/balances
GET /account-access-consents
GET /account-access-consents/{ConsentId}
GET /accounts/{AccountId}/consents
PATCH /account-access-consents/{ConsentId}
Transaction Data
POST /par
GET /accounts/{AccountId}/transactions
GET /account-access-consents
GET /account-access-consents/{ConsentId}
GET /accounts/{AccountId}/consents
PATCH /account-access-consents/{ConsentId}
Customer and Meta Data
POST /par
GET /accounts/{AccountId}/parties
GET /parties
GET /account-access-consents
GET /account-access-consents/{ConsentId}
GET /accounts/{AccountId}/consents
PATCH /account-access-consents/{ConsentId}
Product Data
POST /par
GET /accounts/{AccountId}/product
GET /account-access-consents
GET /account-access-consents/{ConsentId}
GET /accounts/{AccountId}/consents
PATCH /account-access-consents/{ConsentId}
Beneficiaries
POST /par
GET /accounts/{AccountId}/beneficiaries
GET /account-access-consents
GET /account-access-consents/{ConsentId}
GET /accounts/{AccountId}/consents
PATCH /account-access-consents/{ConsentId}
Direct Debits
POST /par
GET /accounts/{AccountId}/direct-debits
GET /account-access-consents
GET /account-access-consents/{ConsentId}
GET /accounts/{AccountId}/consents
PATCH /account-access-consents/{ConsentId}
Scheduled Payments
POST /par
GET /accounts/{AccountId}/scheduled-payments
GET /account-access-consents
GET /account-access-consents/{ConsentId}
GET /accounts/{AccountId}/consents
PATCH /account-access-consents/{ConsentId}
Standing Orders
POST /par
GET /accounts/{AccountId}/standing-orders
GET /account-access-consents
GET /account-access-consents/{ConsentId}
GET /accounts/{AccountId}/consents
PATCH /account-access-consents/{ConsentId}
3.4 Insurance Data Sharing
Motor Insurance
GET/insurance-consents
GET/insurance-consents/{ConsentId}
PATCH/insurance-consents/{ConsentId}
4. Release Notes
4.1 Extended Features and Enhacements
Standards and Spec Updates (v1.1):
Updates for the Ozone API Hub and Consent Manager APIs, including GET/POST requests and response format changes.
Integration of new data-sharing, consent management, and service initiation functionalities.
FAPI :
Enhancements made to ensure compliance with CBUAE FAPI standards..
Payment Consent
Additional updates for sequential user authorisations in payment consent workflows.
PAR and Consent Updates:
Changes to PAR authorisation details, JWT payload validation, and common claim checks.
Expanded support for consent event tracking and new consent data requirements.
API Validation & Error Handling:
Validation checks added for Single Instant Payment, Future-Dated Payment, and Data Sharing endpoints.
Error handling improvements for ‘x-idempotency-key’, JSON, and JWT flows across several endpoints, including Payments, Accounts, and Direct Debits.
Schema Validation Updates:
Schema validation fixes for endpoints such as Scheduled Payments, Standing Orders, Direct Debits, and Beneficiaries.
4.2 Fixes
Resolved issue with receiving /par URL in the Link.self field for the consent endpoint.
Fixed issue where transaction responses were returned despite invalid fromBookingDateTime or toBookingDateTime values.
Addressed the problem of receiving response_type as undefined in auth during headless-Heimdall flow
4.3 Known Issues
While creating a PAR, the parameters "nonce" and "aud" are optional. However, removing them from the request body results in an error.
When the "ReadTransactionsDebits" permission is granted, Credit Transactions are also reflects in response.
When creating consent with varying values, the payment is successfully processed.
Payments may still be initiated even when the Personally Identifiable Information (PII) provided during the consent request differs from the PII used during the actual payment initiation.
Roles are displayed as "undefined" for the Ozone API Test 1 TPP on the admin portal.
IsSingleAuthorisation:falsegets an error while patching the consent.In the
PATCH /consentAPI call, setting the status to "Suspended" results in an error.The endpoint processes requests even when invalid values are provided for optional headers.
The authorisation request without a nonce fails when using the FAPI 2.0 Security Profile
The
fapi2-security-profile-id2requires that an unsigned request to the PAR (Payment Initiation Request) endpoint fails, but currently, unsigned requests may not trigger a failure as expected.In the FAPI 2.0 Security Profile, JWT client assertions with a "Not Before" (nbf) claim set more than 60 seconds into the future fails.