Please try out our
Advanced Search
function.
Overview
Spaces
Apps
Templates
Create
Knowledge Base
All content
Space settings
Content
Results will update as you type.
Frequently Asked Questions
Engagement Round 1
Engagement Round 2
Engagement Round 3
Engagement Round 4
LFI Integration Sessions
•
How do we ensure that event notifications to LFIs are not lost due to circumstances like network error?
•
How does a TPP know the customer segment for redirect? For example Retail vs Corporate
•
When subscribing to events, will a separate URL be used?
•
Are there procedures in place for Disaster Recovery and monitoring in production?
•
Does the API Hub have responsibility for warehousing or scheduling future-dated or recurring payment initiation requests?
•
When consent is revoked at the LFI does the Access Token need to be revoked?
•
What is the LFI Authorization Endpoint?
•
What is the difference between the interaction-id and the x-fapi-interaction-id?
•
How long are tokens valid for that are issued by the Authorisation Server?
•
How does the API Hub Ozone Connect Testing Tool work?
•
Will Event API calls between the API Hub and the LFI be secured with JWT?
•
What are the customer endpoints in the Ozone Connect Specifications used for?
•
How will data be secured during transit over the internet between the API Hub and LFI?
•
Can the API Hub support IP Whitelisting?
•
How is data stored at rest in the API Hub?
•
What version of Transport Layer Security (TLS) does the API Hub implement?
•
Is the Health Check API mandatory?
•
Is an identifier for a customer sent as part of the Pushed Authorization Request?
•
Is access to the API Hub restricted to users in the UAE?
•
Where are the Discovery Endpoints hosted?
•
Can the Ozone Connect Testing Tool be used without certificates?
•
Can an LFI be notified when a given consent changes?
•
Where can I find more information about JWT Auth for API Hub Integration APIs?
•
What is the process of certification for TPP?
•
What is the process of certification for LFI?
•
What are the SLAs for an a API response and how does it split between the API Hub and the LFI?
•
What is the difference between request and consent body in the Consent Manager (CM) specification?
•
What are the delivery timelines for the LFIs?
•
Can the Consent Manager be used to manage consents that are outside of Open Finance Ecosystem?
•
What is the format/standard for the Bulk/Batch payment report file?
•
If a Customer has already authenticated, should they be forced to authenticate again to authorise consent?
•
What is the format / standard for the payment report file?
•
When a payment instruction has yet to complete, what HTTP status code should be returned from Ozone Connect?
•
When a TPP redirects a User to an LFI, how will the URL be constructed?
•
Who undertakes the Online Certificate Status Protocol (OCSP) checks for revocation?
•
Does data returned in an API response need to be sorted in a specific order?
•
What options are available for application layer security?
•
How are Organization Administrators Defined when the LFI is registered on the OFTF
•
What happens if the Organization Administrator leaves the company? How a New Admin can be Nominated.
•
How can I add a Technical User to the Platform?
•
Who should sign the Terms & Conditions Document?
•
How Many Legal Representatives should be configured when issuing the Open Finance Terms & Conditions Document?
•
Why do I receive an error when uploading the CSR during certificate generation?
•
Why is the Trust Framework not accepting my TOTP during account registration?
•
Why am I receiving notifications about admins or users being added to the platform?
•
Why am I receiving a 401 error when calling the Trust Framework APIs?
•
What is the redirect_uri that is required when creating an application?
•
How do you add contacts to your organization in the participant Trust Framework?
•
What information should I provide when registering a contact?
•
What is a technical user in the participant Trust Framework?
•
How do you validate your information during the registration process?
•
How can a user reset their OTP in case you lose or change your mobile device during the registration process?
•
What should be done if a user cannot access the Trust Framework even after registering itself?
•
What steps should be taken if a user receives an error message stating they need to be an active user in the Trust Framework?
•
What steps should be followed if a user cannot create an account due to an error?
•
How can an LFI discover Third Party Providers (TPPs) within the Trust Framework?
•
How can an LFI define which TPPs it should accept?
•
Who is capable of accessing information about Administrators and Technical Users?
•
When Registering a new Application, what is the use of mtls_endpoint_aliases in the Trust Framework?
•
When Registering a new Application, what is the token_endpoint_auth_method in the CBUAE ecosystem?
•
When Registering a new Application, what are authorization_detail_types in the Trust Framework?
•
When Accessing the Trust Framework U.I. and APis i'm receiving a 403 - Forbidden Error
•
When Accessing the Trust Framework U.I. i'm receiving a Session Expired/Not Found Error
•
Failure to Load TF U.I. when using a VPN
•
Why can't I find an API Family on the Trust Framework's dropdown list when attempting to register?
•
What is the difference between PaymentId and PaymentTransactionId attributes.
•
What is the purpose of "status" and "consentBody.Data.Status" on the Consent body?
•
What is an example of a data cluster that does NOT require a customer to select an account before authorisation?
•
Will reports from the admin portal be available via APIs?
•
What are the field size limits for Ozone Connect headers or body parameters?
•
Should the LFI's Open Finance channel provide a similar feature set than the existing digital channels?
•
When will domains be confirmed?
•
Is there a list of validations undertaken by the API Hub?
•
How long is an authorization code valid for?
•
Can a Future Dated Payment be cancelled by revoking the consent?
•
Who is responsible for performing a balance check?
•
What verified claims data do we provide in the get /customer operation?
•
Can the accounts associated with a data sharing consent be changed at the LFI?
•
Does the API Hub throttle requests?
•
Does an LFI need to validate an Authorization Request before invoking the getAuth operation?
Show more below
You‘re viewing this with anonymous access, so some content might be blocked.
Close
Knowledge Base
/
LFI Integration Sessions
LFI Integration Sessions
Chris Michael
Owned by
Chris Michael
Last updated:
30 Aug 2024
Loading data...
© CBUAE 2025
{"serverDuration": 12, "requestCorrelationId": "64ab2dfc09d34cc58f6242b3ef6a8088"}
Please try out our Advanced Search function.