/
Integration Overview

This space is deprecated and no longer supported. Please use the latest available version here.

Integration Overview

Owned by Chris Michael
Last updated: 15 Aug 2024
6 min read

1. Introduction

This document describes the different components involved in delivering the integration between the API Hub and a LFI. The goal is to give a clear picture of which components exist, how they are used and what is expected to be delivered by each party.

2. Open Finance Authorisation Flow

As defined in the CBUAE Open Finance Standards, the Authorisation flow is the process that a User undergoes to authorise consent for a TPP to access account(s) held at an LFI.

A simple representation of the authorisation flow is as follows:

  1. A User will initiate a consent from a TPP's mobile or web app.

  2. The User will be redirected to the LFI's mobile or web app to authorise the consent.

    1. The LFI needs to adapt their mobile and/or web app to receive the redirect and parameters passed over from the TPP.

    2. The LFI will use the API Hub Authorisation Server to verify the request and the parameters.

  3. The User will go through SCA (Strong Customer Authentication), review the consent, and authorise/reject it.

    1. The LFI needs to adapt their mobile and/or web app to display the consent authorisation screens.

    2. Each consent type will have different information to display to the user.

    3. All screens and the required UX guideline will be provided as part of the Open Finance Standards.

    4. The LFI will use the Consent Manager and the Authorisation Server to communicate the outcome of the consent authorisation.

    5. The User will be redirected back to the TPP's mobile or web app.

    6. The API Hub will generate the redirect url & access token.

  4. The TPP will receive an access token to allow appropriate actions under the conditions of the consent on the User's account(s).

    1. The Ozone Connect API will be responsible for serving data for action service initiation.

For a visualisation of this flow please see this figma presentation

3. The API Hub

The API Hub is a fully featured Open API platform, developed and maintained by Ozone, which sits between each LFI’s network and the TPPs. It includes a number of components or modules which work together to take away all the complexity from the LFIs in providing an Open Finance API.

3.1 API Hub Network Diagram

 

Screenshot 2024-07-09 at 09.42.17.png

3.2 Infrastructure

Each LFI will have two environments that will be integrated with the API Hub, Pre-Production and Production.

All two-way traffic between the API Hub and the LFI environments will be secured using MTLS. Certificates will be issued by the OFTF, and Ozone will provide one-on-one guidance throughout this process.

3.3 Role of the API Hub

The API Hub will:

  1. Provide a single industry sandbox which simulates a single LFI, with rich synthetic data and a postman collection for each API request/response defined in the Open Finance Standard.

  2. Provide each LFI with dedicated Pre-Production and Production API gateways accessible to TPPs.

  3. Ensure that the externally facing API adheres strictly to the Open Finance Standard, including the FAPI security profile, data model, and API operations for each endpoint.

  4. Integrate with the Open Finance Trust Framework (OFTF) to ensure that ONLY licensed TPPs can access the APIs and that they can ONLY access API sets within the scope of their licensed role(s).

  5. Manage the User’s consent, to act as the single source of truth regarding this consent and to ensure that the TPP can only access APIs (for data sharing, service initiation or insurance) within the parameters of this consent.

  6. Provide the CBUAE with all required reporting regarding usage, availability and performance.

As a result, LFIs are not required to provide an externally facing API, manage TPP identities or permissions, or handle consent parameters for each API request.

3.4 Sequence Diagrams

The following sequence diagrams explain the interactions between the User, the TPP, the API Hub and the LFI.

3.5 Key API Hub Components

In order to deliver the end to end journey for the User, the following APIs will be deployed.

  • The Authorisation Server and Consent Manager is built, deployed and maintained by Ozone. The consumer of these APIs are the LFIs.

  • The LFI is expected to build, deploy and maintain screens on their mobile and/or web app to support the Consent Authorisation flow.

  • The LFI is expected to build, deploy and maintain the Ozone Connect API for Data Sharing and Service Initiation.

Component

Provider

Consumer

Interface

Description

Connection

Usage

Component

Provider

Consumer

Interface

Description

Connection

Usage

Authorisation Server

API Hub

LFI

API

  • Swagger specification will be made available.

  • Exposes endpoints to the LFI to support:

    • Consent Authorisation.

    • Access token issuing.

MTLS

Authorisation Flow

Consent Manager

API Hub

LFI

API

  • Swagger specification will be made available.

  • TPPs do not connect to the consent manager directly.

  • Exposes endpoints to the LFI to support:

    • Consent Authorisation.

    • Consent management and reporting.

MTLS

Authorisation Flow

Consent Dashboard

Ozone Connect

LFI

API Hub

API

  • Swagger specification will be made available for Data Sharing, Service Initiation and Insurance.

  • TPPs do not connect to the Ozone Connect API directly.

  • The Ozone Connect API is an interface on top of the LFI core banking system. LFIs will be responsible for the mapping between their core banking system and the Ozone Connect API specification.

  • LFIs only implement the Ozone Connect API endpoints to support their existing offering i.e:
    Data Sharing: Accounts, Balance, Transactions etc.

    Service Initiation: Domestic payment, Standing Orders, International Payments etc.
    Insurance: Motor insurance quotes.

MTLS

Data Sharing

Service Initiation

Insurance

Health Check API APIs

LFI

API HUB

API

  • Swagger specification will be made available.

  • These APIs should be implemented by the LFI so that the API Hub can ensure that the institution's Ozone Connect implementation is up and running.

  • Integration testing and verifications.

  • Health checks.

MTLS

Service Availability

Health Checks

Integration QA

Consent Event & Action APIs

LFI

API HUB

API

  • Swagger specification will be made available.

  • Optional. Used by financial institution to get a notification for updated consent.

  • Optional. Consent augmentation for LFIs to add additional information for some use cases.

  • Optional. Consent validation for LFI to apply additional validation before the consent is created.

MTLS

Event notifications

Action calls

4. LFI Integration Guide

4.1 LFI Responsibilities

In summary, LFIs need to do three things:

  1. Provide a connection from their own Pre-Production and Production systems into the API Hub’s Pre-Production and Production environments. These connections will be secured using MTLS.

  2. Build an integration into the API Hub based on the Ozone Connect API specification.

  3. Adapt their own existing web and mobile apps to:

    1. accept a redirection from the User into their web/mobile app.

    2. provide consent authorisation screen(s) to enable the User to authorise each relevant API request.

    3. provide a consent dashboard to allow Users to view or revoke consents.

4.2 LFI and API Hub Integration Lifecycle

  1. LFI and Ozone each deploy environment infrastructure for Pre-Production and Production.

  2. LFI creates certificates using the OFTF - Ozone to provide guidance.

  3. LFI and Ozone verifies MTLS connectivity in both directions:

    1. LFI to the Consent Manager and Authorisation server.

    2. Ozone to the LFI Ozone Connect server.

  4. LFI builds the Consent Authorisation flows by adapting their existing mobile and/or web apps.

  5. LFI builds the Ozone Connect API integrated with their Core Banking systems.

  6. Testing, CX certification.

  7. Go live.

4.3 API Hub User Guide

The API Hub Software Development Kit (SDK) will include:

  1. API Hub LFI Implementation Plan

  2. Integration Overview

  3. Keys, Certificates & CSRs

  4. Application Layer Authentication

  5. JWT Authorization

  6. Ozone API Hub Specifications

    1. Bank Service Initiation OpenAPI

    2. Bank Data Sharing OpenAPI

    3. Insurance Data Sharing OpenAPI

    4. Consent Manager OpenAPI

    5. Authorization Server OpenAPI

    6. Health Checks OpenAPI

    7. Consent Event & Actions OpenAPI

  7. Sequence Diagrams

  8. Questionnaires and Configuration Guides

  9. https://openfinanceuae.atlassian.net/wiki/spaces/APIHubDocsv3/pages/150962372

  10. https://openfinanceuae.atlassian.net/wiki/spaces/APIHubDocsv3/pages/134939310

  11. https://openfinanceuae.atlassian.net/wiki/spaces/APIHubDocsv3/pages/149782647

Additionally the Open Finance Standards will define the required UX for Consent Authorisation including:

4.4 Support for LFIs

Ozone will engage with LFIs who are onboarding onto the OFP via a series of open engagement sessions. These will be technically focused session and should be attended by the LFI’s technical teams. They will run from Jul 2, 2024 to Aug 6, 2024. Ozone will then conduct bilateral sessions providing one-to-one support and guidance to LFIs through the integration lifecycle. These will start from the week commencing Aug 19, 2024.

 

© Ozone Financial Technology Limited 2024
Ozone Non Commercial Software EULA