Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

 MENU

Version

v1.1 2024.11.19

Publication Date

Classification

Public

1. Introduction

This release includes additional endpoints and fixes as outlined in https://openfinanceuae.atlassian.net/wiki/spaces/Internal/pages/252018689/API+Hub+Sandbox+v1.1+2024.11.19#4.-Release-Notes

2. Environments

There are two Sandbox environments.

Sandbox Environment

Base URL

OIDC Discovery Endpoint

Postman Collection

Notes

Banking

https://rs1.altareq1.sandbox.apihub.openfinance.ae
https://auth1.altareq1.sandbox.apihub.openfinance.ae/.well-known/openid-configuration

Insurance

TBC

TBC

Due

3. Supported Endpoints

The above Postman Collection supports the following API endpoints:

3.1 Trust Framework

  • POST /tpp-registration

3.2 Service Initiation

Single Instant Payment

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

Future Dated Payment

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

3.3 Bank Data Sharing

Account Data

  • POST /par

  • GET /accounts/{AccountId}

  • GET /accounts

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Balance Data

  • POST /par

  • GET /accounts/{AccountId}/balances

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Transaction Data

  • POST /par

  • GET /accounts/{AccountId}/transactions

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Customer and Meta Data

  • POST /par

  • GET /accounts/{AccountId}/parties

  • GET /parties

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Product Data

  • POST /par

  • GET /accounts/{AccountId}/product

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Beneficiaries

  • POST /par

  • GET /accounts/{AccountId}/beneficiaries

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Direct Debits

  • POST /par

  • GET /accounts/{AccountId}/direct-debits

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Scheduled Payments

  • POST /par

  • GET /accounts/{AccountId}/scheduled-payments

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Standing Orders

  • POST /par

  • GET /accounts/{AccountId}/standing-orders

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

3.4 Insurance Data Sharing

These endpoints will be included in the next release due on

4. Release Notes

4.1 Extended Features and Enhacements

  • Standards and Spec Updates (v1.1):

    • Updates for the Ozone API Hub and Consent Manager APIs, including GET/POST requests and response format changes.

    • Integration of new data-sharing, consent management, and service initiation functionalities.

  • FAPI :

    • Enhancements made to ensure compliance with CBUAE FAPI standards..

  • Payment Consent

    • Additional updates for sequential user authorisations in payment consent workflows.

  • PAR and Consent Updates:

    • Changes to PAR authorisation details, JWT payload validation, and common claim checks.

    • Expanded support for consent event tracking and new consent data requirements.

  • API Validation & Error Handling:

    • Validation checks added for Single Instant Payment, Future-Dated Payment, and Data Sharing endpoints.

    • Error handling improvements for ‘x-idempotency-key’, JSON, and JWT flows across several endpoints, including Payments, Accounts, and Direct Debits.

  • Schema Validation Updates:

    • Schema validation fixes for endpoints such as Scheduled Payments, Standing Orders, Direct Debits, and Beneficiaries.

4.2 Fixes

  • Resolved issue with receiving /par URL in the Link.self field for the consent endpoint.

  • Fixed issue where transaction responses were returned despite invalid fromBookingDateTime or toBookingDateTime values.

  • Addressed the problem of receiving response_type as undefined in auth during headless-Heimdall flow

4.3 Known Issues

  • While creating a PAR, the parameters "nonce" and "aud" are optional. However, removing them from the request body results in an error.

  • When the "ReadTransactionsDebits" permission is granted, Credit Transactions are also reflects in response.

  • When creating consent with varying values, the payment is successfully processed.

  • Payments may still be initiated even when the Personally Identifiable Information (PII) provided during the consent request differs from the PII used during the actual payment initiation.

  • Roles are displayed as "undefined" for the Ozone API Test 1 TPP on the admin portal.

  • IsSingleAuthorisation: false gets an error while patching the consent.

  • In the PATCH /consent API call, setting the status to "Suspended" results in an error.

  • The endpoint processes requests even when invalid values are provided for optional headers.

  • The authorisation request without a nonce fails when using the FAPI 2.0 Security Profile

  • The fapi2-security-profile-id2 requires that an unsigned request to the PAR (Payment Initiation Request) endpoint fails, but currently, unsigned requests may not trigger a failure as expected.

  • In the FAPI 2.0 Security Profile, JWT client assertions with a "Not Before" (nbf) claim set more than 60 seconds into the future fails.

  • No labels