/
API Hub Sandbox v1.2 2025.12.0

API Hub Sandbox v1.2 2025.12.0

Owned by Rajeev Walia
Last updated: 03 Apr 2025

 

Version

v1.2 2025.12.0

Publication Date

Mar 26, 2025

Classification

Public

1. Introduction

This document details what is included in release 2025.12.0 and provides updated postman collections for both banking and insurance.

2. Bank Sandbox (AlTareq1)

2.1 TPP Client Registration

To register a client on the on the API Hub Sandbox, the following command can be used:

curl --location --request POST 'https://rs1.altareq1.sandbox.apihub.openfinance.ae/tpp-registration' \ --header 'x-fapi-interaction-id: {UUIDv4}' \ --cert /path/to/your_certificate.pem \ --key /path/to/your_private_key.pem \ --cacert /path/to/your_ca_certificate.pem

Parameters

Description

Parameters

Description

x-fapi-interaction-id

A UUIDv4 used for traceability. Each request should have a unique id.

--cert

Your OFTF Application Transport certificate

--key

Your OFTF Application Transport private key

--cacert

The OFTF CA Certificate

2.2 Environment Variables

Base URL

https://rs1.altareq1.sandbox.apihub.openfinance.ae

OIDC Discovery Endpoint

https://auth1.altareq1.sandbox.apihub.openfinance.ae/.well-known/openid-configuration

Postman Collection

2.3 Supported Endpoints

2.3.1 Trust Framework

  • POST /tpp-registration

2.3.2 Service Initiation

Single Instant Payments

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

Future Dated Payments

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

Recurring Payments

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

Variable Recurring Payments

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

International Payments

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

Bulk / Batch Payments

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

2.3.3 Bank Data Sharing

Accounts

  • POST /par

  • GET /accounts/{AccountId}

  • GET /accounts

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Balances

  • POST /par

  • GET /accounts/{AccountId}/balances

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Transactions

  • POST /par

  • GET /accounts/{AccountId}/transactions

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Parties

  • POST /par

  • GET /accounts/{AccountId}/parties

  • GET /parties

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Product

  • POST /par

  • GET /accounts/{AccountId}/product

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Beneficiaries

  • POST /par

  • GET /accounts/{AccountId}/beneficiaries

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Direct Debits

  • POST /par

  • GET /accounts/{AccountId}/direct-debits

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Scheduled Payments

  • POST /par

  • GET /accounts/{AccountId}/scheduled-payments

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Standing Orders

  • POST /par

  • GET /accounts/{AccountId}/standing-orders

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Open Product Data

  • GET /products

  • POST /leads

2.3.4 Confirmation of Payee

  • POST /confirmation

  • POST /discovery

2.3.5 Balance Check

  • POST /par

  • GET /accounts/{AccountId}/balances

2.3.6 Refunds

  • POST /par

  • GET /payment-consents/{ConsentId}/refund

2.3.7 Health check

  • GET /healthz

3. Insurance Sandbox (AlTareq2)

3.1 TPP Client Registration

To register a client on the on the API Hub Sandbox, the following command can be used:

curl --location --request POST 'https://rs1.altareq2.sandbox.apihub.openfinance.ae/tpp-registration' \ --header 'x-fapi-interaction-id: {UUIDv4}' \ --cert /path/to/your_certificate.pem \ --key /path/to/your_private_key.pem \ --cacert /path/to/your_ca_certificate.pem

Parameters

Description

Parameters

Description

x-fapi-interaction-id

A UUIDv4 used for traceability. Each request should have a unique id.

--cert

Your OFTF Application Transport certificate

--key

Your OFTF Application Transport private key

--cacert

The OFTF CA Certificate

3.2 Environment Variables

Base URL

https://rs1.altareq2.sandbox.apihub.openfinance.ae

OIDC Discovery Endpoint

https://auth1.altareq2.sandbox.apihub.openfinance.ae/.well-known/openid-configuration

Postman Collection

3.3 Supported Endpoints

3.3.1 Trust Framework

  • POST /tpp-registration

3.3.2 Motor Insurance

  • POST /par

  • GET /insurance-policies/{InsurancePolicyId}/customer-payment-details

  • GET /insurance-policies

  • GET /insurance-policies/{InsurancePolicyId}

  • GET /insurance-consents

  • GET /insurance-consents/{ConsentId}

  • PATCH /insurance-consents/{ConsentId}

3.3.3 Health check

  • GET /healthz

4. Release Notes

  • Consent Management:

    • Enabled the ability to create consent with current Period Start Dates for Fixed and Variable On-Demand Payments.

    • Updated refund account retrieval for 'Consumed' payment consents.

  • API Enhancements:

    • Improved pagination handling in the /parties endpoint by removing unnecessary parameters.

    • Strengthened date validation in the Transactions API to align with consent timeframes.

    • Updated decryption algorithm issue by switching to A256GCM.

  • Schema Compliance:

    • Updated schema validation for AEStructuredDebtorReference by removing incorrect oneOf condition.

    • Ensured Insurance API compliance by including policyId in responses for ReadMotorInsuranceCustomerBasic permission.

4.1 Enhancements

  • Consent Creation Issue

    • An issue affecting consent creation for Fixed On-Demand Payment and Variable On-Demand Payment has been updated.

    • Users are now able to create consents when the Period Start Date is set to the current date.

  • Pagination Fix for /parties Endpoint

    • This release enhances the handling of pagination parameters (page and page-size) in the /parties endpoint.

    • For TPP-facing endpoints, these parameters are now excluded in the Links section of the response.

  • Transactions API Date Filters

    • This release strengthened the validation logic within the Transactions API to ensure that date parameters provided in transaction requests align with the consented timeframe.

    • The API Hub now rigorously checks fromBookingDateTime and toBookingDateTime against the TransactionFromDateTime and TransactionToDateTime within the Consent record before processing requests.

  • Refund Request Handling

    • A issue identified that the API Hub was rejecting refund account retrieval requests when the payment consent status was in the Consumed state.

    • This issue affected Third-Party Providers (TPPs) using the GET /payment-consents/{ConsentId}/refund endpoint.

  • Decryption Algorithm Fix

    • This release addressed an issue related to the encryption and decryption of Personally Identifiable Information (PII).

    • Previously, the system defaulted to using the A128CBC-HS256 algorithm, which resulted in encryption and decryption failures. However, when using the A256GCM algorithm, encryption and decryption worked correctly.

  • Schema Validation Correction

    • The release addressed the issue related to AEStructuredDebtorReference field in the uae-bank-initiation-openapi.yaml was incorrectly defined using oneOf, causing failures in the POST /payments API.

    • The oneOf condition has been removed, and validation will now be handled through business rules.

    • API consumers should update their implementations accordingly.

  • Insurance API Schema Compliance

    • This release addressed a compliance issue related to the ReadMotorInsuranceCustomerBasic permission.

    • Previously, when this permission was granted, the API response did not include the mandatory policyId field, leading to schema non-compliance for Third-Party Providers (TPPs).

    • This update ensures that the response now includes policyId, aligning with the required schema and improving integration reliability.

4.2 Documentation Changes

Updated Endpoints:

  1. Postman Environment & Collection

    • Updated Patch Consent API base URL for Data Sharing with Service Initiation

    • {{rs}}/open-finance/account-information/v1.2/account-access-consents/{{service-initiation-consent-id}} to {{rs}}/open-finance/payment/v1.2/payment-consents/{{service-initiation-consent-id}}

© CBUAE 2025