Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

 MENU

Version

v1.1 2024.12.17

Publication Date

Classification

Public

1. Introduction

This release includes additional endpoints and fixes as outlined in https://openfinanceuae.atlassian.net/wiki/spaces/OF/pages/277446657/Copy+of+API+Hub+Sandbox+v1.1+2024.12.17#4.-Release-Notes

2. Bank Sandbox (AlTareq1)

2.1 TPP Client Registration

To register a client on the on the API Hub Sandbox, the following command can be used:

curl --location --request POST 'https://rs1.altareq1.sandbox.apihub.openfinance.ae/tpp-registration' \
--header 'x-fapi-interaction-id: {UUIDv4}' \
--cert /path/to/your_certificate.pem \
--key /path/to/your_private_key.pem \
--cacert /path/to/your_ca_certificate.pem

Parameters

Description

x-fapi-interaction-id

A UUIDv4 used for traceability. Each request should have a unique id.

--cert

Your OFTF Application Transport certificate

--key

Your OFTF Application Transport private key

--cacert

The OFTF CA Certificate

2.2 Environment Variables

Base URL

https://rs1.altareq1.sandbox.apihub.openfinance.ae

OIDC Discovery Endpoint

https://auth1.altareq1.sandbox.apihub.openfinance.ae/.well-known/openid-configuration

Postman Collection

Notes

n/a

2.3 Supported Endpoints

2.3.1 Trust Framework

  • POST /tpp-registration

2.3.2 Service Initiation

Single Instant Payment

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

Future Dated Payment

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

2.3.3 Bank Data Sharing

Account Data

  • POST /par

  • GET /accounts/{AccountId}

  • GET /accounts

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Balance Data

  • POST /par

  • GET /accounts/{AccountId}/balances

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Transaction Data

  • POST /par

  • GET /accounts/{AccountId}/transactions

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Customer and Meta Data

  • POST /par

  • GET /accounts/{AccountId}/parties

  • GET /parties

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Product Data

  • POST /par

  • GET /accounts/{AccountId}/product

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Beneficiaries

  • POST /par

  • GET /accounts/{AccountId}/beneficiaries

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Direct Debits

  • POST /par

  • GET /accounts/{AccountId}/direct-debits

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Scheduled Payments

  • POST /par

  • GET /accounts/{AccountId}/scheduled-payments

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Standing Orders

  • POST /par

  • GET /accounts/{AccountId}/standing-orders

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

3. Insurance Sandbox (AlTareq2)

This Sandbox will be included in the next release due on

4. Release Notes

4.1 Extended Features and Enhancements

  • Standards and Spec Updates (v1.1):

    • Updates for the Ozone API Hub and Consent Manager APIs, including GET/POST requests and response format changes.

    • Integration of new data-sharing, consent management, and service initiation functionalities.

  • FAPI :

    • Enhancements made to ensure compliance with CBUAE FAPI standards..

  • Payment Consent

    • Additional updates for sequential user authorisations in payment consent workflows.

  • PAR and Consent Updates:

    • Changes to PAR authorisation details, JWT payload validation, and common claim checks.

    • Expanded support for consent event tracking and new consent data requirements.

  • API Validation & Error Handling:

    • Validation checks added for Single Instant Payment, Future-Dated Payment, and Data Sharing endpoints.

    • Error handling improvements for ‘x-idempotency-key’, JSON, and JWT flows across several endpoints, including Payments, Accounts, and Direct Debits.

  • Schema Validation Updates:

    • Schema validation fixes for endpoints such as Scheduled Payments, Standing Orders, Direct Debits, and Beneficiaries.

4.2 Fixes

  • Resolved issue with receiving /par URL in the Link.self field for the consent endpoint.

  • Fixed issue where transaction responses were returned despite invalid fromBookingDateTime or toBookingDateTime values.

  • Addressed the problem of receiving response_type as undefined in auth during headless-Heimdall flow

4.3 Known Issues

  • While creating a PAR, the parameters "nonce" and "aud" are optional. However, removing them from the request body results in an error.

  • When the "ReadTransactionsDebits" permission is granted, Credit Transactions are also reflects in response.

  • When creating consent with varying values, the payment is successfully processed.

  • Payments may still be initiated even when the Personally Identifiable Information (PII) provided during the consent request differs from the PII used during the actual payment initiation.

  • Roles are displayed as "undefined" for the Ozone API Test 1 TPP on the admin portal.

  • IsSingleAuthorisation: false gets an error while patching the consent.

  • In the PATCH /consent API call, setting the status to "Suspended" results in an error.

  • The endpoint processes requests even when invalid values are provided for optional headers.

  • The authorisation request without a nonce fails when using the FAPI 2.0 Security Profile

  • The fapi2-security-profile-id2 requires that an unsigned request to the PAR (Payment Initiation Request) endpoint fails, but currently, unsigned requests may not trigger a failure as expected.

  • In the FAPI 2.0 Security Profile, JWT client assertions with a "Not Before" (nbf) claim set more than 60 seconds into the future fails.

  • No labels

© CBUAE 2025