Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

 MENU

Version

v1.1 2025.01.23

Publication Date

Classification

Public

1. Introduction

This release includes all API endpoints in version 1.1 of the standards, together with a number of fixes as outlined in https://openfinanceuae.atlassian.net/wiki/spaces/Internal/pages/301432852/API+Version+1.1+Release+Notes+and+Enhancements+for+2025#4.-Release-Notes

2. Bank Sandbox (AlTareq1)

2.1 TPP Client Registration

To register a client on the on the API Hub Sandbox, the following command can be used:

curl --location --request POST 'https://rs1.altareq1.sandbox.apihub.openfinance.ae/tpp-registration' \
--header 'x-fapi-interaction-id: {UUIDv4}' \
--cert /path/to/your_certificate.pem \
--key /path/to/your_private_key.pem \
--cacert /path/to/your_ca_certificate.pem

Parameters

Description

x-fapi-interaction-id

A UUIDv4 used for traceability. Each request should have a unique id.

--cert

Your OFTF Application Transport certificate

--key

Your OFTF Application Transport private key

--cacert

The OFTF CA Certificate

2.2 Environment Variables

Base URL

https://rs1.altareq1.sandbox.apihub.openfinance.ae

OIDC Discovery Endpoint

https://auth1.altareq1.sandbox.apihub.openfinance.ae/.well-known/openid-configuration

Postman Collection

2.3 Supported Endpoints

2.3.1 Trust Framework

  • POST /tpp-registration

2.3.2 Service Initiation

Single Instant Payments

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

Future Dated Payments

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

Recurring Payments

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

Variable Recurring Payments

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

International Payments

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

Bulk / Batch Payments

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

2.3.3 Bank Data Sharing

Accounts

  • POST /par

  • GET /accounts/{AccountId}

  • GET /accounts

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Balances

  • POST /par

  • GET /accounts/{AccountId}/balances

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Transactions

  • POST /par

  • GET /accounts/{AccountId}/transactions

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Parties

  • POST /par

  • GET /accounts/{AccountId}/parties

  • GET /parties

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Product

  • POST /par

  • GET /accounts/{AccountId}/product

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Beneficiaries

  • POST /par

  • GET /accounts/{AccountId}/beneficiaries

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Direct Debits

  • POST /par

  • GET /accounts/{AccountId}/direct-debits

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Scheduled Payments

  • POST /par

  • GET /accounts/{AccountId}/scheduled-payments

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Standing Orders

  • POST /par

  • GET /accounts/{AccountId}/standing-orders

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

2.3.4 Confirmation of Payee

  • POST /confirmation

  • POST /discovery

2.3.5 Balance Check

  • POST /par

  • GET /accounts/{AccountId}/balances

2.3.6 Refunds

  • POST /par

  • GET /payment-consents/{ConsentId}/refund

2.3.7 Health check

  • GET /healthz

3. Insurance Sandbox (AlTareq2)

3.1 TPP Client Registration

To register a client on the on the API Hub Sandbox, the following command can be used:

curl --location --request POST 'https://rs1.altareq2.sandbox.apihub.openfinance.ae/tpp-registration' \
--header 'x-fapi-interaction-id: {UUIDv4}' \
--cert /path/to/your_certificate.pem \
--key /path/to/your_private_key.pem \
--cacert /path/to/your_ca_certificate.pem

Parameters

Description

x-fapi-interaction-id

A UUIDv4 used for traceability. Each request should have a unique id.

--cert

Your OFTF Application Transport certificate

--key

Your OFTF Application Transport private key

--cacert

The OFTF CA Certificate

3.2 Environment Variables

Base URL

https://rs1.altareq2.sandbox.apihub.openfinance.ae

OIDC Discovery Endpoint

https://auth1.altareq2.sandbox.apihub.openfinance.ae/.well-known/openid-configuration

Postman Collection

3.3 Supported Endpoints

3.3.1 Trust Framework

  • POST /tpp-registration

3.3.2 Motor Insurance

  • POST /par

  • GET /insurance-policies/{InsurancePolicyId}/customer-payment-details

  • GET /insurance-policies

  • GET /insurance-policies/{InsurancePolicyId}

  • GET /insurance-consents

  • GET /insurance-consents/{ConsentId}

  • PATCH /insurance-consents/{ConsentId}

3.3.3 Health check

  • GET /healthz

4. Release Notes

Release 2025.03.0 provides enhancements, including OIDF Federal software statement integration, a declined payments collection for rejected payment tracking, and improved consent status management for expired authorisation windows. PATCH Consent now supports creation without selected accounts.

Notifications for consent status updates across bank data sharing, insurance, and service initiation consents are implemented, alongside an upgraded Insurance API (v1.2) and simplified logic for CBUAE consent expiration handling. Bug fixes address schema validation errors, insurance API issues, ISO 8601 date compliance, and incorrect HTTP status codes.

Postman updates include login_hint simulation guidance and alignment of AEPaymentConsentsPII as an array.

4.1 Enhancements

  1. OIDF Federal Software Statement Integration:

    • Support for OIDF Federal Client creation process has been added to the OFTF. As part of this, the TPP registration process has been updated to include a call to the Open Finance Trust Framework (OFTF) using the Federated Client ID (a URL).

  2. Healthz Endpoints:

    • Enhanced /healthz endpoints across all services to improve monitoring and diagnostics for system health.

  3. Support for PEM and JWE Formats:

    • Users can now configure JWT authentication using PEM and JWE formats, providing greater compatibility with widely-used cryptographic systems and enabling encrypted JWTs for enhanced security.

  4. LFI Consent Status Update Notifications:

    • Added notifications for Consent Status updates across the following:

      • Bank Data Sharing Consents

      • Insurance Consents

      • Bank Service Initiation Consents

  5. Insurance Specification Version Upgrade:

    • Upgraded the Insurance API specification to v1.2 to incorporate schema updates. The implementation is planned for the next release.

  6. Simplification of ConsentExpiryCronJob Logic:

    • Improved query logic in ConsentExpiryCronJob to better handle CBUAE consents, ensuring more reliable expiration processing.

  7. Direct Postman Environment Retrieval by Client ID

    • Introduced the ability to retrieve a Postman environment directly via an endpoint by providing the client ID as a query parameter, enabling seamless integration and faster setup.

4.2 Fixes

  1. Fixed issue where Patch consent returned 404 instead of 400.

  2. Corrected permissions for ReadPartyUserIdentity.

  3. Refactored cron job to use MongoDB aggregations for filtering consents in specific scenarios.

  4. Fixed Single Instant Payment (SIP) consent status update when '4xx' errors are returned by LFI.

  5. Updated default PAR validity expiration time.

  6. Resolved missing status in /consents/{consentId} response when called via Postman.

  7. Fixed Postman collection where AEPaymentConsentsPII was an object instead of an array.

4.3 Known Issues

  1. Status Change:
    Consent status is not turning to expired after the ExpirationDateTime has passed

  2. ExpirationDateTime Logic for a Past Date:
    Consent getting created even if ExpirationDateTime is a Past Date for FILE PAYMENT

  3. Validation of PII

Valid DebtorAccount details provided in the Encrypted PII request payload is not accepted on UI throws error of Invalid Debtor Account

4.4 Next Release

  1. Admin Portal 3 support:
    The next release includes full support for Admin Portal 3, enhancing the administrative capabilities of users. Admin Portal 3 offers improved UI/UX, better performance, and expanded features to streamline administrative operations.

  2. Integration of LFI Reports into Admin Portal 3:
    LFI (Licensed Financial Institution) Reports are now integrated into Admin Portal 3. This allows administrators to generate, view, and manage reports directly within the updated portal, improving reporting workflows and accessibility.

  3. Client Credentials Grant (CCG) Authentication Implementation:
    CCG has been implemented as a new authentication mechanism.This ensures seamless authentication for server-to-server communications, providing greater security and better alignment with industry standards.

  4. Product Endpoint Implementation:
    A new Product Endpoint has been introduced, allowing customers to retrieve product-related data.This endpoint improves access to product information, simplifying integrations for developers and third-party providers.

  5. Webhook Encryption:
    Webhook notifications will now be both signed and encrypted, meeting CBUAE standards. This enhancement ensures the integrity and confidentiality of webhook notifications, addressing critical compliance and security requirements.

  • No labels