Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

 MENU

Version

v1.1 2024.11.19

Publication Date

Classification

Public

1. Introduction

This release includes additional endpoints and fixes as outlined below.

2. Environments

There are two Sandbox environments

Sandbox Environment

Base URL

OIDC Discovery Endpoint

Postman Collection

Notes

Banking

https://rs1.altareq1.sandbox.apihub.openfinance.ae
https://auth1.altareq1.sandbox.apihub.openfinance.ae/.well-known/openid-configuration

Insurance

TBC

TBC

Due

3. Supported Endpoints

The above Postman Collection supports the following API endpoints:

3.1 Trust Framework

  • POST /tpp-registration

3.2 Service Initiation

Single Instant Payment

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

Future Dated Payment

  • POST /par

  • GET /payments

  • GET /payments/{PaymentId}

  • GET /payment-consents

  • GET /payment-consents/{ConsentId}

  • PATCH /payment-consents/{ConsentId}

  • POST /payments

3.3 Bank Data Sharing

Account Data

  • POST /par

  • GET /accounts/{AccountId}

  • GET /accounts

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Balance Data

  • POST /par

  • GET /accounts/{AccountId}/balances

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Transaction Data

  • POST /par

  • GET /accounts/{AccountId}/transactions

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Customer and Meta Data

  • POST /par

  • GET /accounts/{AccountId}/parties

  • GET /parties

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Product Data

  • POST /par

  • GET /accounts/{AccountId}/product

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Beneficiaries

  • POST /par

  • GET /accounts/{AccountId}/beneficiaries

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Direct Debits

  • POST /par

  • GET /accounts/{AccountId}/direct-debits

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Scheduled Payments

  • POST /par

  • GET /accounts/{AccountId}/scheduled-payments

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

Standing Orders

  • POST /par

  • GET /accounts/{AccountId}/standing-orders

  • GET /account-access-consents

  • GET /account-access-consents/{ConsentId}

  • GET /accounts/{AccountId}/consents

  • PATCH /account-access-consents/{ConsentId}

3.4 Insurance Data Sharing

These endpoints will be included in the next release due on

4. Release Notes

4.1 Extended Features and Enhacements

  • Standards and Spec Updates (v1.1):

    • Updates for the Ozone API Hub and Consent Manager APIs, including GET/POST requests and response format changes.

    • Integration of new data-sharing, consent management, and service initiation functionalities.

  • FAPI :

    • Enhancements made to ensure compliance with CBUAE FAPI standards..

  • Payment Consent

    • Additional updates for sequential user authorisations in payment consent workflows.

  • PAR and Consent Updates:

    • Changes to PAR authorisation details, JWT payload validation, and common claim checks.

    • Expanded support for consent event tracking and new consent data requirements.

  • API Validation & Error Handling:

    • Validation checks added for Single Instant Payment, Future-Dated Payment, and Data Sharing endpoints.

    • Error handling improvements for ‘x-idempotency-key’, JSON, and JWT flows across several endpoints, including Payments, Accounts, and Direct Debits.

  • Schema Validation Updates:

    • Schema validation fixes for endpoints such as Scheduled Payments, Standing Orders, Direct Debits, and Beneficiaries.

4.2 Fixes

  • Resolved issue with receiving /par URL in the Link.self field for the consent endpoint.

  • Fixed issue where transaction responses were returned despite invalid fromBookingDateTime or toBookingDateTime values.

  • Addressed the problem of receiving response_type as undefined in auth during headless-Heimdall flow

4.3 Known Issues

  • While creating a PAR, the parameters "nonce" and "aud" are optional. However, removing them from the request body results in an error.

  • When the "ReadTransactionsDebits" permission is granted, Credit Transactions are also reflects in response.

  • When creating consent with varying values, the payment is successfully processed.

  • Payments may still be initiated even when the Personally Identifiable Information (PII) provided during the consent request differs from the PII used during the actual payment initiation.

  • Roles are displayed as "undefined" for the Ozone API Test 1 TPP on the admin portal.

  • IsSingleAuthorisation: false gets an error while patching the consent.

  • In the PATCH /consent API call, setting the status to "Suspended" results in an error.

  • The endpoint processes requests even when invalid values are provided for optional headers.

  • The authorisation request without a nonce fails when using the FAPI 2.0 Security Profile

  • The fapi2-security-profile-id2 requires that an unsigned request to the PAR (Payment Initiation Request) endpoint fails, but currently, unsigned requests may not trigger a failure as expected.

  • In the FAPI 2.0 Security Profile, JWT client assertions with a "Not Before" (nbf) claim set more than 60 seconds into the future fails.

  • No labels