1. Introduction

This release includes all API endpoints in version 1.1 of the standards, together with a number of fixes as outlined in https://openfinanceuae.atlassian.net/wiki/spaces/OF/pages/302448641/API+Hub+Sandbox+v1.1+2025.01.23#4.-Release-Notes

2. Bank Sandbox (AlTareq1)

2.1 TPP Client Registration

To register a client on the on the API Hub Sandbox, the following command can be used:

2.2 Environment Variables

2.3 Supported Endpoints

2.3.1 Trust Framework

• POST /tpp-registration

2.3.2 Service Initiation

Single Instant Payments

• POST /par

• GET /payments

• GET /payments/{PaymentId}

• GET /payment-consents

• GET /payment-consents/{ConsentId}

• PATCH /payment-consents/{ConsentId}

• POST /payments

Future Dated Payments

• POST /par

• GET /payments

• GET /payments/{PaymentId}

• GET /payment-consents

• GET /payment-consents/{ConsentId}

• PATCH /payment-consents/{ConsentId}

• POST /payments

Recurring Payments

• POST /par

• GET /payments

• GET /payments/{PaymentId}

• GET /payment-consents

• GET /payment-consents/{ConsentId}

• PATCH /payment-consents/{ConsentId}

• POST /payments

Variable Recurring Payments

• POST /par

• GET /payments

• GET /payments/{PaymentId}

• GET /payment-consents

• GET /payment-consents/{ConsentId}

• PATCH /payment-consents/{ConsentId}

• POST /payments

International Payments

• POST /par

• GET /payments

• GET /payments/{PaymentId}

• GET /payment-consents

• GET /payment-consents/{ConsentId}

• PATCH /payment-consents/{ConsentId}

• POST /payments

Bulk / Batch Payments

• POST /par

• GET /payments

• GET /payments/{PaymentId}

• GET /payment-consents

• GET /payment-consents/{ConsentId}

• PATCH /payment-consents/{ConsentId}

• POST /payments

2.3.3 Bank Data Sharing

Accounts

• POST /par

• GET /accounts/{AccountId}

• GET /accounts

• GET /account-access-consents

• GET /account-access-consents/{ConsentId}

• GET /accounts/{AccountId}/consents

• PATCH /account-access-consents/{ConsentId}

Balances

• POST /par

• GET /accounts/{AccountId}/balances

• GET /account-access-consents

• GET /account-access-consents/{ConsentId}

• GET /accounts/{AccountId}/consents

• PATCH /account-access-consents/{ConsentId}

Transactions

• POST /par

• GET /accounts/{AccountId}/transactions

• GET /account-access-consents

• GET /account-access-consents/{ConsentId}

• GET /accounts/{AccountId}/consents

• PATCH /account-access-consents/{ConsentId}

Parties

• POST /par

• GET /accounts/{AccountId}/parties

• GET /parties

• GET /account-access-consents

• GET /account-access-consents/{ConsentId}

• GET /accounts/{AccountId}/consents

• PATCH /account-access-consents/{ConsentId}

Product

• POST /par

• GET /accounts/{AccountId}/product

• GET /account-access-consents

• GET /account-access-consents/{ConsentId}

• GET /accounts/{AccountId}/consents

• PATCH /account-access-consents/{ConsentId}

Beneficiaries

• POST /par

• GET /accounts/{AccountId}/beneficiaries

• GET /account-access-consents

• GET /account-access-consents/{ConsentId}

• GET /accounts/{AccountId}/consents

• PATCH /account-access-consents/{ConsentId}

Direct Debits

• POST /par

• GET /accounts/{AccountId}/direct-debits

• GET /account-access-consents

• GET /account-access-consents/{ConsentId}

• GET /accounts/{AccountId}/consents

• PATCH /account-access-consents/{ConsentId}

Scheduled Payments

• POST /par

• GET /accounts/{AccountId}/scheduled-payments

• GET /account-access-consents

• GET /account-access-consents/{ConsentId}

• GET /accounts/{AccountId}/consents

• PATCH /account-access-consents/{ConsentId}

Standing Orders

• POST /par

• GET /accounts/{AccountId}/standing-orders

• GET /account-access-consents

• GET /account-access-consents/{ConsentId}

• GET /accounts/{AccountId}/consents

• PATCH /account-access-consents/{ConsentId}

2.3.4 Confirmation of Payee

• POST /confirmation

• POST /discovery

2.3.5 Balance Check

• POST /par

• GET /accounts/{AccountId}/balances

2.3.6 Refunds

• POST /par

• GET /payment-consents/{ConsentId}/refund

2.3.7 Health check

• GET /healthz

3. Insurance Sandbox (AlTareq2)

3.1 TPP Client Registration

To register a client on the on the API Hub Sandbox, the following command can be used:

3.2 Environment Variables

3.3 Supported Endpoints

3.3.1 Trust Framework

• POST /tpp-registration

3.3.2 Motor Insurance

• POST /par

• GET /insurance-policies/{InsurancePolicyId}/customer-payment-details

• GET /insurance-policies

• GET /insurance-policies/{InsurancePolicyId}

• GET /insurance-consents

• GET /insurance-consents/{ConsentId}

• PATCH /insurance-consents/{ConsentId}

3.3.3 Health check

• GET /healthz

4. Release Notes

Release 2025.03.0 provides enhancements, including OIDF Federal software statement integration, a declined payments collection for rejected payment tracking, and improved consent status management for expired authorisation windows. PATCH Consent now supports creation without selected accounts.

Notifications for consent status updates across bank data sharing, insurance, and service initiation consents are implemented, alongside an upgraded Insurance API (v1.2) and simplified logic for CBUAE consent expiration handling. Bug fixes address schema validation errors, insurance API issues, ISO 8601 date compliance, and incorrect HTTP status codes.

Postman updates include login_hint simulation guidance and alignment of AEPaymentConsentsPII as an array.

4.1 Enhancements

1. OIDF Federal Software Statement Integration:

   • Support for OIDF Federal Client creation process has been added to the OFTF. As part of this, the TPP registration process has been updated to include a call to the Open Finance Trust Framework (OFTF) using the Federated Client ID (a URL).

2. Healthz Endpoints:

   • Enhanced /healthz endpoints across all services to improve monitoring and diagnostics for system health.

3. Support for PEM and JWE Formats:

   • Users can now configure JWT authentication using PEM and JWE formats, providing greater compatibility with widely-used cryptographic systems and enabling encrypted JWTs for enhanced security.

4. LFI Consent Status Update Notifications:

   • Added notifications for Consent Status updates across the following:

     • Bank Data Sharing Consents

     • Insurance Consents

     • Bank Service Initiation Consents

5. Insurance Specification Version Upgrade:

   • Upgraded the Insurance API specification to v1.2 to incorporate schema updates. The implementation is planned for the next release.

6. Simplification of ConsentExpiryCronJob Logic:

   • Improved query logic in ConsentExpiryCronJob to better handle CBUAE consents, ensuring more reliable expiration processing.

7. Direct Postman Environment Retrieval by Client ID

   • Introduced the ability to retrieve a Postman environment directly via an endpoint by providing the client ID as a query parameter, enabling seamless integration and faster setup.

4.2 Fixes

1. SDT-478 Resolved inconsistencies in the {{/consents/{consentId}}} endpoint behavior, including missing implementation for {{ReadPartyUserIdentity}} permissions and corrected data structure for {{creditor}} in {{AEPaymentConsentsPII}}.

2. SDT-671 Updated the POST Payments request in the E2E Postman collection to include the latest PII payload structure, ensuring compatibility with the latest API specifications.

3. SDT2-25 The problem where dates in the correct ISO 8601 format were causing errors has been fixed. Dates are now accepted and processed properly.

4. SDT2-29 The issue has been resolved, and the flow will now function smoothly.

5. SDT2-32 The issue issue is fixed by disabling the button as soon as it's clicked. This stops users from clicking it multiple times and ensures the action is completed correctly without any errors.

6. SDT2-33 The issue issue is fixed by disabling the button as soon as it's clicked. This stops users from clicking it multiple times and ensures the action is completed correctly without any errors.

4.3 Known Issues to be fixed in next release (12 Feb)

1. Status Change:
   Consent status is not turning to expired after the ExpirationDateTime has passed

2. ExpirationDateTime Logic for a Past Date:
   Consent getting created even if ExpirationDateTime is a Past Date for FILE PAYMENT

3. Validation of PII

Valid DebtorAccount details provided in the Encrypted PII request payload is not accepted on UI throws error of Invalid Debtor Account

4.4 Next Release

1. Admin Portal 3 support:
   The next release includes full support for Admin Portal 3, enhancing the administrative capabilities of users. Admin Portal 3 offers improved UI/UX, better performance, and expanded features to streamline administrative operations.

2. Integration of LFI Reports into Admin Portal 3:
   LFI (Licensed Financial Institution) Reports are now integrated into Admin Portal 3. This allows administrators to generate, view, and manage reports directly within the updated portal, improving reporting workflows and accessibility.

3. Client Credentials Grant (CCG) Authentication Implementation:
   CCG has been implemented as a new authentication mechanism.This ensures seamless authentication for server-to-server communications, providing greater security and better alignment with industry standards.

4. Product Endpoint Implementation:
   A new Product Endpoint has been introduced, allowing customers to retrieve product-related data.This endpoint improves access to product information, simplifying integrations for developers and third-party providers.

5. Webhook Encryption:
   Webhook notifications will now be both signed and encrypted, meeting CBUAE standards. This enhancement ensures the integrity and confidentiality of webhook notifications, addressing critical compliance and security requirements.