openapi: 3.0.0 info: title: Ozone Connect - UAE CAAP Operations API Description description: > ## Ozone Connect - UAE CAAP Operations API Description This document provides an API description in [OpenAPI](https://spec.openapis.org/oas/v3.0.1.html) for CAAP Operations API for Ozone Connect that support interactions with services hosted on the API Hub. These APIs should be implemented by a financial institution to facilitate integration with the API Hub. ### Versioning The `version` property implements the following pattern `{standards-major}.{standards-minor}.{ozone-connect-version}`, where: * `standards-major` is the major version of the latest UAE standard that the API description implements. * `standards-minor` is the minor version of the latest UAE standard that the API description implements. * `ozone-connect-version` is the version of the Ozone Connect API description. So, for example, `v2.0.1` indicates the first version of the Ozone Connect API description that implements the UAE standard version 2.0. ### v2.1.4 * Renamed API from User Operations to CAAP Operations. * Added `get /accounts` and `get /accounts/{accountId}` operations (previously on Bank Data Sharing), carrying the CAAP-specific `o3-is-caap-consent-operation` and `o3-caap-consent-use-case` headers and the `availableBalance` property on the account. * Added `get /{insurance-type}-insurance-policies` operations for Employment, Health, Home, Life, Motor, Renters, and Travel insurance (previously on Insurance), carrying the CAAP-specific `o3-is-caap-consent-operation` header and CAAP-only response properties (`PolicyEndDate`, `ProductName`, `BodyType`, `PlateNumber`). ### v2.1.3 * Changed `pattern` regexes on the `AEActiveOrHistoricAmount`, `ControlSum`, and `Amount` schemas, which were over-escaped in YAML and failed to validate decimal monetary values. ### v2.1.2 * Added Validate API operation for executing BAU processes at LFI based on Consent and user identification. * Added Augment API operation for updating the Consent with authorization properties. ### v2.1.1 * Added initial version for compatibility with v2.1-rc2 of standards. version: v2.1.4 tags: - name: User Verification description: Operations that allow a User to be verified in the API Hub - name: User Registration description: Operations that allow a User to be registered for services at the API Hub - name: PII Decryption description: Operations that allow a PII to be decrypted for use at the API Hub - name: Consent Augmentation description: >- Operations that allow Consent to be updated based on the requested consent type or process at the financial institution. - name: Consent Validation description: Operations that allow a Consent to be validated at the financial institution. - name: accounts description: Operations to support returning accounts data with CAAP-specific properties for Consent operations - name: Employment Insurance description: Employment Insurance Operations - name: Health Insurance description: Health Insurance Operations - name: Home Insurance description: Home Insurance Operations - name: Life Insurance description: Life Insurance Operations - name: Motor Insurance description: Motor Insurance Operations - name: Renters Insurance description: Renters Insurance Operations - name: Travel Insurance description: Travel Insurance Operations paths: /consent/actions/augment: post: operationId: AugmentConsentOperation summary: Provide data to update a given Consent description: >- Provides data that will applied to a given Consent through a patch. The Consent object is provided in operation request body. The following are scenarios where data can be returned that is used to update a Consent: * International Payments: Provide foreign exchange and charges information. * Debtor Account set at the TPP: The Debtor Account is set at the TPP as part of Personal Identifiable Information and can be mapped to an `accountId`. CAAP will call this operation selectively, based on the conditions for the scenarios above being met. If no update to the Consent is required a 200 response can be provided with an empty payload. parameters: - $ref: '#/components/parameters/OzoneConnect.providerId' - $ref: '#/components/parameters/OzoneConnect.callerOrgId' - $ref: '#/components/parameters/OzoneConnect.callerClientId' - $ref: '#/components/parameters/OzoneConnect.callerSoftwareStatementId' - $ref: '#/components/parameters/OzoneConnect.apiUri' - $ref: '#/components/parameters/OzoneConnect.apiOperation' - $ref: '#/components/parameters/OzoneConnect.callerInteractionId' - $ref: '#/components/parameters/OzoneConnect.ozoneInteractionId' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/AugmentConsentResponse' '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - Consent Augmentation requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AugmentConsentRequest' /consent/actions/validate: post: operationId: ValidateConsentOperation summary: Validate a given Consent description: >- Validate a given Consent at the financial institution, based on the Consent properties and the User identifier. Financial institutions can return the following when a Consent fails validation: * `errorCode`: A means to deterministically identify a given validation error. * `errorMessage`: Additional information that describes the error condition. * `userMessage`: A message display to the User in the CAAP App, explaining the reason the Consent could not be validated. Note that validation is binary in nature, and if a given Consent fails validation the journey **will not** continue. Messages provided for Users must therefore be clear, with sufficient explanation as to why validation failed. Where a given Consent contains encrypted Personal Identifiable Information (PII), financial institutions must decrypt the PII data and return it in the response, to allow CAAP to provide the correct experience to the User. parameters: - $ref: '#/components/parameters/OzoneConnect.providerId' - $ref: '#/components/parameters/OzoneConnect.callerOrgId' - $ref: '#/components/parameters/OzoneConnect.callerClientId' - $ref: '#/components/parameters/OzoneConnect.callerSoftwareStatementId' - $ref: '#/components/parameters/OzoneConnect.apiUri' - $ref: '#/components/parameters/OzoneConnect.apiOperation' - $ref: '#/components/parameters/OzoneConnect.callerInteractionId' - $ref: '#/components/parameters/OzoneConnect.ozoneInteractionId' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/ValidateConsentResponse' '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - Consent Validation requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ValidateConsentRequest' /users/actions/challenge/complete: post: operationId: CompleteUserChallenge_completeUserChallenge summary: Complete a user challenge description: |- Complete the User Challenge. This operation does not require a consent, as the challenge may be requested during onboarding before a consent is granted. This is implemented as an RPC operation to remove any requirement for LFIs to implement a REST model for their Users, which is subject to significant variance across providers. If the challenge data is not matched an error response MUST not be returned. The response data MUST be returned as a 200 response. All other error conditions should be returned based on Ozone Connect guidance using an appropriate HTTP return code. parameters: [] responses: '200': description: The request has succeeded. headers: x-fapi-interaction-id: required: false description: An RFC4122 UID used as a correlation ID. schema: type: string content: application/json: schema: type: object properties: data: type: object properties: challengeId: allOf: - $ref: '#/components/schemas/OzoneConnectUserChallengeIdType' description: A unique identifier that allows the challenge to be tracked in the application. challengeType: type: string minLength: 1 maxLength: 70 description: The challenge type, set by the LFI. status: allOf: - $ref: '#/components/schemas/OzoneConnectUserChallengeStatusCodes' description: | The status of the challenge. Supported values are as follows: * Pending: The challenge has not been sent or returned. * Sent: The challenge has been sent or returned. * Passed: The challenge has been verified. * TransmissionFailed: The challenge failed to be sent due a business or technical failure. * VerificationFailed: Verification of the challenge failed. lastStatusUpdateDateTime: type: string format: date-time description: The last status update to the challenge by the LFI. message: type: string description: Optional diagnostic message indicating failure reason. required: - challengeId - challengeType - status - lastStatusUpdateDateTime description: Properties of the user challenge. required: - data '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - User Verification requestBody: required: true content: application/json: schema: type: object properties: data: type: object properties: userId: type: string description: A user identifier value that uniquely identifies a given User at the LFI. challengeId: allOf: - $ref: '#/components/schemas/OzoneConnectUserChallengeIdType' description: A unique identifier that allows the challenge to be tracked in the application. challengeResponseData: type: string description: >- Challenge data as entered in OzoneConnect. Format is non-specific to accommodate variations between LFIs. required: - userId - challengeId - challengeResponseData description: Properties of the challenge data submitted by the User. required: - data description: Response data supplied by the User at the API Hub /users/actions/challenge/initialize: post: operationId: CreateUserChallenge_initializeUserChallenge summary: Create a user challenge resource description: |- Create a user challenge through a means supported at the LFI. A unique identifier must be generated by the LFI and returned to the API Hub for tracking purposes. This operation does not require a consent, as the challenge may be requested during onboarding before a consent is granted. This is implemented as an RPC operation to absolve the LFI of the requirement to implement a REST model for their Users and to accommodate variations in User management across LFIs. parameters: [] responses: '200': description: The request has succeeded. headers: x-fapi-interaction-id: required: false description: An RFC4122 UID used as a correlation ID. schema: type: string content: application/json: schema: type: object properties: data: type: object properties: challengeId: allOf: - $ref: '#/components/schemas/OzoneConnectUserChallengeIdType' description: A unique identifier that allows the challenge to be tracked in the application. status: allOf: - $ref: '#/components/schemas/OzoneConnectUserChallengeStatusCodes' description: | The status of the challenge. Supported values are as follows: * Pending: The challenge has not been sent or returned. * Sent: The challenge has been sent or returned. * Passed: The challenge has been verified. * TransmissionFailed: The challenge failed to be sent due a business or technical failure. * VerificationFailed: Verification of the challenge failed. message: type: string description: Message providing diagnostic information if initialization of the challenge failed. required: - challengeId - status description: Properties of the user challenge resource. required: - data '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - User Verification requestBody: required: true content: application/json: schema: type: object properties: data: type: object properties: userId: type: string description: A user identifier value that uniquely identifies a given User at the LFI. required: - userId description: |- Properties of the requested challenge. Only the LFI user identifier is required. The type of challenge is selected by the LFI, based on their internal implementation. It must, however, be on the basis of a code that can be submitted by API Hub services for verification. required: - data description: Request a new user challenge. Data will contain properties of User held at API Hub /users/actions/challenge/query: post: operationId: QueryUserChallenge_queryUserChallenge summary: Query an outstanding user challenge description: |- Query the current state of the user challenge instance. This operation does not require a consent, as the challenge may be requested during onboarding before a consent is granted by the User. This is implemented as an RPC operation to remove any requirement for LFIs to implement a REST model for their Users, which is subject to significant variance across providers. parameters: [] responses: '200': description: The request has succeeded. headers: x-fapi-interaction-id: required: false description: An RFC4122 UID used as a correlation ID. schema: type: string content: application/json: schema: type: object properties: data: type: object properties: challengeId: allOf: - $ref: '#/components/schemas/OzoneConnectUserChallengeIdType' description: A unique identifier that allows the challenge to be tracked in the application. challengeType: type: string minLength: 1 maxLength: 70 description: The challenge type, set by the LFI. status: allOf: - $ref: '#/components/schemas/OzoneConnectUserChallengeStatusCodes' description: | The status of the challenge. Supported values are as follows: * Pending: The challenge has not been sent or returned. * Sent: The challenge has been sent or returned. * Passed: The challenge has been verified. * TransmissionFailed: The challenge failed to be sent due a business or technical failure. * VerificationFailed: Verification of the challenge failed. lastStatusUpdateDateTime: type: string format: date-time description: The last status update to the challenge by the LFI. message: type: string description: Optional diagnostic message indicating failure reason. required: - challengeId - challengeType - status - lastStatusUpdateDateTime description: Properties of the user challenge. required: - data '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - User Verification requestBody: required: true content: application/json: schema: type: object properties: data: type: object properties: userId: type: string description: A user identifier value that uniquely identifies a given User at the LFI. challengeId: allOf: - $ref: '#/components/schemas/OzoneConnectUserChallengeIdType' description: A unique identifier that allows the challenge to be tracked in the application. required: - userId - challengeId description: Properties of the requested challenge. required: - data description: Query an existing challenge. Data will contain properties of User held at API Hub /users/actions/deregister: post: operationId: DeregistrationUser_deregisterUser summary: Deregistration of a User description: |- Deregister a User at the API Hub for services such as CAAP. This is implemented as an RPC operation to remove any requirement for LFIs to implement a REST model for their Users, which is subject to significant variance across providers. parameters: [] responses: '204': description: No content headers: x-fapi-interaction-id: required: false description: An RFC4122 UID used as a correlation ID. schema: type: string '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - User Registration requestBody: required: true content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/OzoneConnectUserDeregistrationRequestBody' required: - data /users/actions/pii/decrypt: post: operationId: DecryptPii_decryptPii summary: Decrypt PII associated with a given user. description: |2- Decrypt Personal Identifiable Information (PII) sent by the API Hub. The financial institution must implement based on the guidance provided with by Open Finance Framework. ## Usage This operation is invoked when decryption of PII data is required by CAAP out-of-band of Consent Validation. ## Behaviour The financial institution should respond with the decrypted JSON object, or respond with an appropriate error code if they cannot decrypt the data. Error codes for decryption failures are provided with the Ozone Connect implementation guidance. The structure of the decoded JSON object is intentionally left open in this design, to ensure that new PII objects can be added or existing PII objects updated without needing to implement a new version of this API description. Financial institutions **MUST** ensure they respond with a parsed, valid JSON object, **exactly** reflecting the JWE/JWS payload, to ensure the content can be correctly interpreted by the API Hub. parameters: [] responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/PiiDecryptionResponseProperties' '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - PII Decryption requestBody: required: true content: application/json: schema: type: object properties: data: type: object properties: personalIdentifiableInformation: type: string description: A JWE transmitted by a TPP to the API Hub with a given consent. tpp: allOf: - $ref: '#/components/schemas/ConsentManagerAPI.tpp' description: >- Metadata captured by the API Hub relating to the TPP, which allows cross-referencing of the entity that transmitted the data. required: - personalIdentifiableInformation - tpp required: - data /users/actions/register/complete: post: operationId: CompleteUserRegistration_completeRegistration summary: Complete the registration of a User description: |- Complete the registration of a User at the API Hub for services such as CAAP. Only required if the response from `post /users/actions/register/initialize` indicated the requirement for a challenge to be sent to the User. This is implemented as an RPC operation to remove any requirement for LFIs to implement a REST model for their Users, which is subject to significant variance across providers. If the challenge data is not matched an error response MUST not be returned. The response data MUST be returned as a 200 response. All other error conditions should be returned based on Ozone Connect guidance using an appropriate HTTP return code. parameters: [] responses: '200': description: The request has succeeded. content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/OzoneConnectCompleteUserRegistrationResponseBody' required: - data '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - User Registration requestBody: required: true content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/OzoneConnectCompleteUserRegistrationRequestBody' required: - data /users/actions/register/initialize: post: operationId: InitializeUserRegistration_initializeRegistration summary: Initialize the registration of a User description: |- Initialize the registration of a User at the API Hub for services such as CAAP. This is implemented as an RPC operation to remove any requirement for LFIs to implement a REST model for their Users, which is subject to significant variance across providers. The response status indicates next steps to the API Hub. If the `Complete` status is returned then no step-up is feasible or is required, and the complete operation can be omitted. If resolution of the User at the LFI an error response MUST be returned, in line with guidance on HTTP response codes and error structures prescribed by Ozone Connect. parameters: [] responses: '201': description: The request has succeeded and a new resource has been created as a result. content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/OzoneConnectInitializeUserRegistrationResponseBody' required: - data '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - User Registration requestBody: required: true content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/OzoneConnectInitializeUserRegistrationRequestBody' required: - data /accounts: get: tags: - accounts summary: Retrieve accounts description: | Return the list of accounts that either: * Match the value of the `accountIds` parameter. * Are in scope for Bank Data Sharing and must be displayed to the User in CAAP, where `o3-is-caap-consent-operation` is set to `true` and `accountIds` not sent. The API Hub will ensure that one of these conditions is met consistently, but LFIs should reject API operations that do not meet either requirement. operationId: caapFindAccounts parameters: - $ref: '#/components/parameters/OzoneConnect.providerId' - $ref: '#/components/parameters/OzoneConnect.aspspId' - $ref: '#/components/parameters/OzoneConnect.callerOrgId' - $ref: '#/components/parameters/OzoneConnect.callerClientId' - $ref: '#/components/parameters/OzoneConnect.callerSoftwareStatementId' - $ref: '#/components/parameters/OzoneConnect.apiUri' - $ref: '#/components/parameters/OzoneConnect.apiOperation' - $ref: '#/components/parameters/OzoneConnect.consentId' - $ref: '#/components/parameters/OzoneConnect.callerInteractionId' - $ref: '#/components/parameters/OzoneConnect.ozoneInteractionId' - $ref: '#/components/parameters/OzoneConnect.psuIdentifier' - $ref: '#/components/parameters/accountIds' - $ref: '#/components/parameters/OzoneConnect.page' - $ref: '#/components/parameters/OzoneConnect.page-size' - $ref: '#/components/parameters/isCaapConsentOperation' - $ref: '#/components/parameters/caapConsentUseCase' responses: '200': description: successful operation content: application/json: schema: $ref: '#/components/schemas/AccountsResponse' '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' /accounts/{accountId}: get: tags: - accounts summary: Retrieve an account description: Return the account details for the account indicated by the value of the `accountId` parameter. operationId: caapFindByAccountId parameters: - $ref: '#/components/parameters/OzoneConnect.providerId' - $ref: '#/components/parameters/OzoneConnect.aspspId' - $ref: '#/components/parameters/OzoneConnect.callerOrgId' - $ref: '#/components/parameters/OzoneConnect.callerClientId' - $ref: '#/components/parameters/OzoneConnect.callerSoftwareStatementId' - $ref: '#/components/parameters/OzoneConnect.apiUri' - $ref: '#/components/parameters/OzoneConnect.apiOperation' - $ref: '#/components/parameters/OzoneConnect.consentId' - $ref: '#/components/parameters/OzoneConnect.callerInteractionId' - $ref: '#/components/parameters/OzoneConnect.ozoneInteractionId' - $ref: '#/components/parameters/OzoneConnect.psuIdentifier' - $ref: '#/components/parameters/accountId' - $ref: '#/components/parameters/isCaapConsentOperation' - $ref: '#/components/parameters/caapConsentUseCase' responses: '200': description: successful operation content: application/json: schema: $ref: '#/components/schemas/AccountResponse' '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' /employment-insurance-policies: get: operationId: CaapEmploymentInsuranceReadInsurancePoliciesOperation summary: Retrieve employment insurance policies description: Retrieve all insurance policies to which access has been granted by the User parameters: - $ref: '#/components/parameters/OzoneConnect.providerId' - $ref: '#/components/parameters/OzoneConnect.callerOrgId' - $ref: '#/components/parameters/OzoneConnect.callerClientId' - $ref: '#/components/parameters/OzoneConnect.callerSoftwareStatementId' - $ref: '#/components/parameters/OzoneConnect.apiUri' - $ref: '#/components/parameters/OzoneConnect.apiOperation' - $ref: '#/components/parameters/OzoneConnect.callerInteractionId' - $ref: '#/components/parameters/OzoneConnect.ozoneInteractionId' - $ref: '#/components/parameters/OzoneConnect.consentId' - $ref: '#/components/parameters/OzoneConnect.psuIdentifier' - $ref: '#/components/parameters/InsurancePolicyIds' - $ref: '#/components/parameters/isCaapConsentOperation' - $ref: '#/components/parameters/OzoneConnect.page' - $ref: '#/components/parameters/OzoneConnect.page-size' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/AEReadInsurancePolicies1' '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - Employment Insurance /health-insurance-policies: get: operationId: CaapHealthInsuranceReadInsurancePoliciesOperation summary: Retrieve health insurance policies description: Retrieve all insurance policies to which access has been granted by the User parameters: - $ref: '#/components/parameters/OzoneConnect.providerId' - $ref: '#/components/parameters/OzoneConnect.callerOrgId' - $ref: '#/components/parameters/OzoneConnect.callerClientId' - $ref: '#/components/parameters/OzoneConnect.callerSoftwareStatementId' - $ref: '#/components/parameters/OzoneConnect.apiUri' - $ref: '#/components/parameters/OzoneConnect.apiOperation' - $ref: '#/components/parameters/OzoneConnect.callerInteractionId' - $ref: '#/components/parameters/OzoneConnect.ozoneInteractionId' - $ref: '#/components/parameters/OzoneConnect.consentId' - $ref: '#/components/parameters/OzoneConnect.psuIdentifier' - $ref: '#/components/parameters/InsurancePolicyIds' - $ref: '#/components/parameters/isCaapConsentOperation' - $ref: '#/components/parameters/OzoneConnect.page' - $ref: '#/components/parameters/OzoneConnect.page-size' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/AEReadInsurancePolicies1' '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - Health Insurance /home-insurance-policies: get: operationId: CaapHomeInsuranceReadInsurancePoliciesOperation summary: Retrieve home insurance policies description: Retrieve all insurance policies to which access has been granted by the User parameters: - $ref: '#/components/parameters/OzoneConnect.providerId' - $ref: '#/components/parameters/OzoneConnect.callerOrgId' - $ref: '#/components/parameters/OzoneConnect.callerClientId' - $ref: '#/components/parameters/OzoneConnect.callerSoftwareStatementId' - $ref: '#/components/parameters/OzoneConnect.apiUri' - $ref: '#/components/parameters/OzoneConnect.apiOperation' - $ref: '#/components/parameters/OzoneConnect.callerInteractionId' - $ref: '#/components/parameters/OzoneConnect.ozoneInteractionId' - $ref: '#/components/parameters/OzoneConnect.consentId' - $ref: '#/components/parameters/OzoneConnect.psuIdentifier' - $ref: '#/components/parameters/InsurancePolicyIds' - $ref: '#/components/parameters/isCaapConsentOperation' - $ref: '#/components/parameters/OzoneConnect.page' - $ref: '#/components/parameters/OzoneConnect.page-size' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/AEReadInsurancePolicies1' '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - Home Insurance /life-insurance-policies: get: operationId: CaapLifeInsuranceReadInsurancePoliciesOperation summary: Retrieve life insurance policies description: Retrieve all insurance policies to which access has been granted by the User parameters: - $ref: '#/components/parameters/OzoneConnect.providerId' - $ref: '#/components/parameters/OzoneConnect.callerOrgId' - $ref: '#/components/parameters/OzoneConnect.callerClientId' - $ref: '#/components/parameters/OzoneConnect.callerSoftwareStatementId' - $ref: '#/components/parameters/OzoneConnect.apiUri' - $ref: '#/components/parameters/OzoneConnect.apiOperation' - $ref: '#/components/parameters/OzoneConnect.callerInteractionId' - $ref: '#/components/parameters/OzoneConnect.ozoneInteractionId' - $ref: '#/components/parameters/OzoneConnect.consentId' - $ref: '#/components/parameters/OzoneConnect.psuIdentifier' - $ref: '#/components/parameters/InsurancePolicyIds' - $ref: '#/components/parameters/isCaapConsentOperation' - $ref: '#/components/parameters/OzoneConnect.page' - $ref: '#/components/parameters/OzoneConnect.page-size' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/AEReadLifeInsurancePolicies1' '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - Life Insurance /motor-insurance-policies: get: operationId: CaapMotorInsuranceReadInsurancePoliciesOperation summary: Retrieve motor insurance policies description: Retrieve all insurance policies to which access has been granted by the User parameters: - $ref: '#/components/parameters/OzoneConnect.providerId' - $ref: '#/components/parameters/OzoneConnect.callerOrgId' - $ref: '#/components/parameters/OzoneConnect.callerClientId' - $ref: '#/components/parameters/OzoneConnect.callerSoftwareStatementId' - $ref: '#/components/parameters/OzoneConnect.apiUri' - $ref: '#/components/parameters/OzoneConnect.apiOperation' - $ref: '#/components/parameters/OzoneConnect.callerInteractionId' - $ref: '#/components/parameters/OzoneConnect.ozoneInteractionId' - $ref: '#/components/parameters/OzoneConnect.consentId' - $ref: '#/components/parameters/OzoneConnect.psuIdentifier' - $ref: '#/components/parameters/InsurancePolicyIds' - $ref: '#/components/parameters/isCaapConsentOperation' - $ref: '#/components/parameters/OzoneConnect.page' - $ref: '#/components/parameters/OzoneConnect.page-size' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/AEReadMotorInsurancePolicies1' '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - Motor Insurance /renters-insurance-policies: get: operationId: CaapRentersInsuranceReadInsurancePoliciesOperation summary: Retrieve renters insurance policies description: Retrieve all insurance policies to which access has been granted by the User parameters: - $ref: '#/components/parameters/OzoneConnect.providerId' - $ref: '#/components/parameters/OzoneConnect.callerOrgId' - $ref: '#/components/parameters/OzoneConnect.callerClientId' - $ref: '#/components/parameters/OzoneConnect.callerSoftwareStatementId' - $ref: '#/components/parameters/OzoneConnect.apiUri' - $ref: '#/components/parameters/OzoneConnect.apiOperation' - $ref: '#/components/parameters/OzoneConnect.callerInteractionId' - $ref: '#/components/parameters/OzoneConnect.ozoneInteractionId' - $ref: '#/components/parameters/OzoneConnect.consentId' - $ref: '#/components/parameters/OzoneConnect.psuIdentifier' - $ref: '#/components/parameters/InsurancePolicyIds' - $ref: '#/components/parameters/isCaapConsentOperation' - $ref: '#/components/parameters/OzoneConnect.page' - $ref: '#/components/parameters/OzoneConnect.page-size' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/AEReadInsurancePolicies1' '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - Renters Insurance /travel-insurance-policies: get: operationId: CaapTravelInsuranceReadInsurancePoliciesOperation summary: Retrieve travel insurance policies description: Retrieve all insurance policies to which access has been granted by the User parameters: - $ref: '#/components/parameters/OzoneConnect.providerId' - $ref: '#/components/parameters/OzoneConnect.callerOrgId' - $ref: '#/components/parameters/OzoneConnect.callerClientId' - $ref: '#/components/parameters/OzoneConnect.callerSoftwareStatementId' - $ref: '#/components/parameters/OzoneConnect.apiUri' - $ref: '#/components/parameters/OzoneConnect.apiOperation' - $ref: '#/components/parameters/OzoneConnect.callerInteractionId' - $ref: '#/components/parameters/OzoneConnect.ozoneInteractionId' - $ref: '#/components/parameters/OzoneConnect.consentId' - $ref: '#/components/parameters/OzoneConnect.psuIdentifier' - $ref: '#/components/parameters/InsurancePolicyIds' - $ref: '#/components/parameters/isCaapConsentOperation' - $ref: '#/components/parameters/OzoneConnect.page' - $ref: '#/components/parameters/OzoneConnect.page-size' responses: '200': description: The request has succeeded. content: application/json: schema: $ref: '#/components/schemas/AEReadInsurancePolicies1' '400': $ref: '#/components/responses/error400Response' '403': $ref: '#/components/responses/error403Response' '409': $ref: '#/components/responses/error409Response' '500': $ref: '#/components/responses/error500Response' default: $ref: '#/components/responses/errorResponse' tags: - Travel Insurance components: parameters: OzoneConnect.apiOperation: name: o3-api-operation in: header required: true description: The API operation carried out by the caller (e.g. GET, POST, PUT, DELETE, PATCH) schema: type: string OzoneConnect.apiUri: name: o3-api-uri in: header required: true description: The URL of the API being called by the caller schema: type: string OzoneConnect.callerClientId: name: o3-caller-client-id in: header required: true description: An identifier for the OIDC clientId calling the API schema: type: string OzoneConnect.callerInteractionId: name: o3-caller-interaction-id in: header required: false description: The interaction ID passed in by the caller, if any schema: type: string OzoneConnect.callerOrgId: name: o3-caller-org-id in: header required: true description: An identifier for the organization calling the API schema: type: string OzoneConnect.callerSoftwareStatementId: name: o3-caller-software-statement-id in: header required: true description: An identifier for the software statement calling the API schema: type: string OzoneConnect.ozoneInteractionId: name: o3-ozone-interaction-id in: header required: true description: >- An interaction ID generated by Ozone if the caller did not send in one. If the callerInteractionId is specified, this takes the same value. schema: type: string OzoneConnect.providerId: name: o3-provider-id in: header required: true description: Identifier for the financial institution that the request is targeted to schema: type: string OzoneConnect.aspspId: name: o3-aspsp-id in: header required: true deprecated: true description: >- Identifier for the financial institution that the request is targeted to. This header is deprecated and will be removed in a future version of Ozone Connect. Use `o3-provider-id` instead. schema: type: string OzoneConnect.consentId: name: o3-consent-id in: header required: true description: The consentId for which this call is being made schema: type: string OzoneConnect.psuIdentifier: name: o3-psu-identifier in: header required: true description: A Base64 encoded representation of the psuIdentifier JSON object. schema: type: string OzoneConnect.page: name: page in: query required: true description: Page of results to request (standard pagination) schema: type: integer default: 1 OzoneConnect.page-size: name: page-size in: query required: true description: Page size to request. Default is 100 to comply with the Operating Guidelines for the Open Finance Framework. schema: type: integer default: 100 isCaapConsentOperation: name: o3-is-caap-consent-operation in: header required: false description: | Flag to indicate that query originates from CAAP and is invoked to get available accounts or policies. LFIs must return all eligible accounts/policies and/or populate all CAAP-specific response properties when the value is `true` to facilitate User selection or Consent operations. schema: type: boolean caapConsentUseCase: name: o3-caap-consent-use-case in: header required: false description: > Value that indicates the use case for a given CAAP consent request, sent when a list of eligible accounts is required for a consent authorized through CAAP, or specific properties are required for a Consent operation. Supported values are: - `accounts`: Consent for a Bank Data Sharing use case. - `payments`: Consent for a Bank Service Initiation use case. LFIs **MUST** return the accounts that are eligible based on the use case and their understanding of the Open Finance Framework requirements. schema: type: string enum: - accounts - payments accountId: name: accountId in: path description: Id of the account to be queried required: true schema: type: string accountIds: name: accountIds in: query description: >- Comma separated ids of the accounts to be returned. **MUST** be supplied when `o3-is-caap-consent-operation` is `false` or omitted. May be empty when `o3-is-caap-consent-operation` is `true`, since account selection has not been completed at CAAP. schema: type: string minLength: 1 required: false InsurancePolicyIds: name: insurancePolicyIds in: query required: true description: >- A comma-separated list of insurance policy identifiers. Used to retrieve all insurance policies authorized by the User, which matches the `insurancePolicyIds` data for a given Consent at Consent Manager. This parameter is **mandatory**. However, where `o3-is-caap-consent-operation` is `true` an empty value will be sent, as insurance policy selection has not been completed at CAAP. LFIs using CAAP **MUST** follow the guidance in `o3-is-caap-consent-operation` parameter. schema: type: string explode: false schemas: AECustomErrorCode: type: string pattern: ^[A-Za-z]+\.[A-Za-z0-9]+$ AEError400Codes: type: string enum: - Consent.Invalid - Consent.BusinessRuleViolation - Consent.FailsControlParameters - Consent.InvalidUserIdentifier - JWS.InvalidSignature - JWS.Malformed - JWS.InvalidClaim - JWS.InvalidHeader - JWS.InvalidPayload - JWE.DecryptionError - JWE.InvalidHeader - GenericRecoverableError - GenericError - Event.UnexpectedEvent - Body.InvalidFormat - Resource.InvalidFormat AEError403Codes: type: string enum: - AccessToken.InvalidScope - Consent.TransientAccountAccessFailure - Consent.AccountTemporarilyBlocked - Consent.PermanentAccountAccessFailure - GenericRecoverableError - GenericError AEErrorGenericCodes: type: string enum: - GenericRecoverableError - GenericError AugmentConsentRequest: type: object required: - data properties: data: $ref: '#/components/schemas/AugmentConsentRequestProperties' AugmentConsentRequestProperties: type: object required: - id - consentType - request - requestHeaders - consentBody - tpp properties: id: type: string description: A unique identifier for the consent in uuid-v4 format. parId: type: string description: |- A unique identifier for the PAR request that created this consent. The value matches the value of the request_uri returned by the post call to the PAR endpoint. rarType: type: string pattern: ^urn:openfinanceuae:(?:account-access|insurance|service-initiation)-consent:v[0-9]+\.[0-9]+$ description: |- The authorization detail type of the RAR request that resulted in this consent. This value matches the Type of the authorization_details element of the RAR request. Its value will be one of the authorization_details_types_supported on the well-known endpoint. standardVersion: type: string description: >- The standardVersion field specifies the standardized version of an API set. An API set refers to a group of APIs designed to deliver a specific functionality (e.g., accounts, payments, insurance). Example values: 'v1.0', 'v2.1', or 'insurance:v1.1'." consentGroupId: type: string description: |- A unique identifier for the consent group in uuid-v4 format. The consent group id is used to group together consents that are related to each other. requestUrl: type: string format: uri description: The request url of Http request that was received by Ozone from the TPP consentType: type: string description: >- The type of the consent that is being created. Each financial institution's instance may support a different set of consent types The Consent Manager supports the creation of consents of different consent types depending on the standards supported. - cbuae-account-access-consents - cbuae-service-initiation-consents - cbuae-insurance-consents status: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEConsentStatus' request: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AuthorizationDetails' requestHeaders: type: object description: The entire set of Http request headers that was received by Ozone from the TPP consentBody: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.cbuaeConsentBody' interactionId: type: string description: The Heimdall `interactionId` that this consent is associated with. tpp: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.tpp' ozoneSupplementaryInformation: type: object updatedAt: type: number description: When the consent was last updated, as an epoch-based date/time psuIdentifiers: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.psuIdentifiers' accountIds: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.ConsentManager.AccountIdentifiers' insurancePolicyIds: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.insurancePolicyIds' supplementaryInformation: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.ConsentManager.SupplementaryInformation' paymentContext: type: object ConnectToken: type: string description: >- A bearer token that will be sent as the `Authorization` header for calls to Ozone Connect made under this consent. consentUsage: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEConsentUsage' authorizationChannel: type: string enum: - App - Web debtorAccount: type: object properties: SchemeName: type: string enum: - IBAN Identification: type: string minLength: 1 Name: type: object properties: en: type: string maxLength: 70 ar: type: string maxLength: 70 required: - SchemeName - Identification description: >- Debtor Account, where set in Service Initiation PII by the TPP. This data is returned by the Validate operation. AugmentConsentResponse: type: object properties: data: $ref: '#/components/schemas/AugmentConsentResponseProperties' AugmentConsentResponseProperties: type: object properties: Charges: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AECharges' ExchangeRate: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEExchangeRateInformation' OpenFinanceBilling: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.ConsentManager.AEOpenFinanceBillingUpdateProperties' accountId: type: string description: Account identifier that matches the Debtor Account set by the TPP. ConsentManagerAPI.softwareStatementProperties: type: object properties: redirect_uris: type: array items: type: string description: The redirect URIs registered by the TPP at the Trust Framework client_name: type: string description: Name of the Client to be presented to the End-User. client_uri: type: string description: URL of the home page of the Client. logo_uri: type: string description: URL of the Client logo. jwks_uri: type: string description: URL of the Client JSON Web Key Set (JWKS) at the Trust Framework. client_id: type: string description: Unique Client Identifier. roles: type: array items: type: string description: The roles under which the organization is registered at the Trust Framework. sector_identifier_uri: type: string description: >- URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. Allows redirect URI values to be grouped, easing registration management. application_type: type: string description: Client application type. organisation_id: type: string description: Organization identifier for organization that owns the Client. description: |- The decoded software statement retrieved from the Trust Framework that provides the properties of the Client. Please note: - The JSON payload will contain other properties in addition to those listed here. The properties listed here are considered most relevant for activities such as TPP logo retrieval and JWS verification. - The content reflects elements of discovery metadata, which in generally defined as a file rather than an API. Providing constraints such as `minLength` and `maxLength` is impractical in this context The full software statement record is also available in the Trust Framework. Please also refer the Registration Framework page in the CBUAE standards for additional guidance on these properties. ConsentManagerAPI.tpp: type: object required: - clientId - tppId - tppName - softwareStatementId - decodedSsa - orgId properties: clientId: type: string pattern: ^.*[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$ description: The client identifier for the TPP as issued by the Trust Framework tppId: type: string description: The identifier used by the API Hub to uniquely identify the TPP tppName: type: string description: The TPP name recorded in the Trust Framework obieTppId: type: string description: The UK market TPP identifier. This property is not used for CBUAE and is therefore marked as deprecated. softwareStatementId: type: string description: The software statement identifier for the Client. obieSoftwareStatementId: type: string description: >- The UK market software statement identifier. This property is not used for CBUAE and is therefore marked as deprecated. obieSoftwareStatementName: type: string description: >- The UK market software statement name. This property is not used for CBUAE and is therefore marked as deprecated. directoryRecord: type: string format: base64 description: >- The latest copy of the TPP directory record retrieve from the CBUAE Trust Framework directory, encoded as a Base 64 string ssa: type: string description: >- The encoded Software Statement Assertion. This property is not used for CBUAE and is therefore marked as deprecated. decodedSsa: $ref: '#/components/schemas/ConsentManagerAPI.softwareStatementProperties' orgId: type: string pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$ description: The organization identifier for the TPP description: >- The TPP record as held by Ozone. If Ozone TPP Connect has been integrated into a directory, the `directoryRecord` provides the TPP's directory record as held by Ozone in base 64 encoded format. OzoneConnect.AEDefaultErrorCode: type: string description: Custom error code without prefix, retained for compatibility with version 1.2. OzoneConnect.DefaultError: type: object properties: errorCode: allOf: - $ref: '#/components/schemas/OzoneConnect.AEDefaultErrorCode' description: >- Generic error code set by the LFI. Non-namespaced error codes are allowed for compatibility versions prior to v2.0. errorMessage: type: string description: Message describing what problem has occurred OzoneConnect.Error400: type: object required: - errorCode - errorMessage properties: errorCode: anyOf: - $ref: '#/components/schemas/AEError400Codes' - $ref: '#/components/schemas/AECustomErrorCode' - $ref: '#/components/schemas/OzoneConnect.AEDefaultErrorCode' description: >- Error code identifying the problem that occurred. This may either be one of the prescribed Error Code(s) or a namespaced Error Code where the namespace is the system or organisation that has responded with the error, and the code is the code specific to the system or organisation. organisation or system. LFIs should implement error codes based on the prescribed codes or guidance in the standards, with non-specific codes maintained for backward compatibility with version 1.2. errorMessage: type: string description: Message describing what problem has occurred description: Default error response payload structure for Ozone Connect OzoneConnect.Error403: type: object required: - errorCode - errorMessage properties: errorCode: anyOf: - $ref: '#/components/schemas/AEError403Codes' - $ref: '#/components/schemas/AECustomErrorCode' - $ref: '#/components/schemas/OzoneConnect.AEDefaultErrorCode' description: >- Error code identifying the problem that occurred. This may either be one of the prescribed Error Code(s) or a namespaced Error Code where the namespace is the system or organisation that has responded with the error, and the code is the code specific to the system or organisation. LFIs should implement error codes based on the prescribed codes or guidance in the standards, with non-specific codes maintained for backward compatibility with version 1.2. errorMessage: type: string description: Message describing what problem has occurred description: >- Error code identifying the problem that occurred. The first part of the code is the namespace, which is the name of the organisation or system that is rejecting the payment, and the second part is the specific rejection reason code for the originating organisation or system. OzoneConnect.Error409: type: object required: - errorCode - errorMessage properties: errorCode: anyOf: - $ref: '#/components/schemas/AEErrorGenericCodes' - $ref: '#/components/schemas/AECustomErrorCode' - $ref: '#/components/schemas/OzoneConnect.AEDefaultErrorCode' description: >- Error code identifying the problem that occurred. This may either be one of the prescribed Error Code(s) or a namespaced Error Code where the namespace is the system or organisation that has responded with the error, and the code is the code specific to the system or organisation. LFIs should implement error codes based on the prescribed codes or guidance in the standards, with non-specific codes maintained for backward compatibility with version 1.2. errorMessage: type: string description: Message describing what problem has occurred description: >- Error code identifying the problem that occurred. The first part of the code is the namespace, which is the name of the organisation or system that is rejecting the payment, and the second part is the specific rejection reason code for the originating organisation or system. OzoneConnect.Error500: type: object required: - errorCode - errorMessage properties: errorCode: anyOf: - $ref: '#/components/schemas/AEErrorGenericCodes' - $ref: '#/components/schemas/AECustomErrorCode' - $ref: '#/components/schemas/OzoneConnect.AEDefaultErrorCode' description: >- Error code identifying the problem that occurred. This may either be one of the prescribed Error Code(s) or a namespaced Error Code where the namespace is the system or organisation that has responded with the error, and the code is the code specific to the system or organisation. LFIs should implement error codes based on the prescribed codes or guidance in the standards, with non-specific codes maintained for backward compatibility with version 1.2. errorMessage: type: string description: Message describing what problem has occurred description: >- Error code identifying the problem that occurred. The first part of the code is the namespace, which is the name of the organisation or system that is rejecting the payment, and the second part is the specific rejection reason code for the originating organisation or system. OzoneConnectCompleteUserRegistrationRequestBody: type: object required: - userId - challengeResponse properties: userId: type: string description: A user identifier value that uniquely identifies a given User at the LFI. challengeResponse: type: string description: The challenge response data, as entered by the User using API Hub services. OzoneConnectCompleteUserRegistrationResponseBody: type: object required: - registrationStatus properties: registrationStatus: allOf: - $ref: '#/components/schemas/OzoneConnectUserRegistrationStatusCodes' description: Status of the user registration request. registrationStatusMessage: type: string description: Optional message providing information on the status of the user registration request. OzoneConnectConsentEventActionAPIs.AEAcceptedAuthorizationType: type: string enum: - Single - Multi description: |- Specifies to the LFI the type of consent authorization accepted by the TPP when staging the consent * Single - The consent should incur a single authorization Step with the LFI * Multi - The consent should incur a multi-authorization Step with the LFI OzoneConnectConsentEventActionAPIs.AEAccountAccessAuthorizationDetailProperties: type: object properties: BaseConsentId: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEBaseConsentId' ExpirationDateTime: type: string format: date-time description: |- Specified date and time the permissions will expire. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 TransactionFromDateTime: type: string format: date-time description: |- Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 **DEPRECATED AT V2.1, REPLACED BY `FromDate`** TransactionToDateTime: type: string format: date-time description: |- Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 **DEPRECATED AT V2.1, REPLACED BY `ToDate`** FromDate: $ref: >- #/components/schemas/OzoneConnectConsentEventActionAPIs.AEBankDataSharingRichAuthorizationRequests.AEBankDataSharingFromDate ToDate: $ref: >- #/components/schemas/OzoneConnectConsentEventActionAPIs.AEBankDataSharingRichAuthorizationRequests.AEBankDataSharingToDate AccountType: type: array items: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAccountTypeCode' AccountSubType: type: array items: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAccountSubTypeCode' OnBehalfOf: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEOnBehalfOf' Status: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAccountAccessConsentStatus' RevokedBy: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AERevokedBy' CreationDateTime: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AECreationDateTime' OzoneConnectConsentEventActionAPIs.AEAccountAccessConsentBody: type: object required: - Data properties: Data: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAccountAccessAuthorizationDetailProperties' Meta: type: object properties: MultipleAuthorizers: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEMetaMultiAuthorization' Subscription: type: object properties: Webhook: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.Webhook' required: - Webhook OzoneConnectConsentEventActionAPIs.AEAccountAccessConsentPermissionCodes: type: string enum: - ReadAccountsBasic - ReadAccountsDetail - ReadBalances - ReadBeneficiariesBasic - ReadBeneficiariesDetail - ReadFXTransactionsBasic - ReadFXTransactionsDetail - ReadTransactionsBasic - ReadTransactionsDetail - ReadProduct - ReadScheduledPaymentsBasic - ReadScheduledPaymentsDetail - ReadDirectDebits - ReadStandingOrdersBasic - ReadStandingOrdersDetail - ReadConsents - ReadPartyUser - ReadPartyUserIdentity - ReadParty description: |- Specifies the permitted account access policy data types. This is a list of the data groups being consented by the User, and requested for authorization with the LFI. OzoneConnectConsentEventActionAPIs.AEAccountAccessConsentStatus: type: string enum: - Authorized - AwaitingAuthorization - Rejected - Revoked - Expired - Suspended description: Consent Status is set to either Authorized ,Revoked ,Rejected or AwaitingAuthorization OzoneConnectConsentEventActionAPIs.AEAccountAccessOpenFinanceBillingPost: type: object required: - UserType - Purpose properties: UserType: type: string enum: - Retail - SME - Corporate description: Type of Customer Purpose: type: string enum: - AccountAggregation - RiskAssessment - TaxFiling - Onboarding - Verification - QuoteComparison - BudgetingAnalysis - FinancialAdvice - AuditReconciliation description: Purpose of data sharing request description: Billing parameters specified by the TPP OzoneConnectConsentEventActionAPIs.AEAccountSubTypeCode: type: string enum: - CurrentAccount - Savings - CreditCard - Mortgage - Finance description: Specifies the sub type of account (product family group) OzoneConnectConsentEventActionAPIs.AEAccountTypeCode: type: string enum: - Retail - Corporate description: Specifies the type of account (Retail or Corporate). OzoneConnectConsentEventActionAPIs.AEActiveCurrencyAmount: type: object required: - Amount - Currency properties: Amount: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEActiveOrHistoricAmount' Currency: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEActiveOrHistoricCurrencyCode' description: The Currency and Amount relating to the Payment OzoneConnectConsentEventActionAPIs.AEActiveOrHistoricAmount: type: string pattern: ^\d{1,16}\.\d{2}$ description: >- A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217. OzoneConnectConsentEventActionAPIs.AEActiveOrHistoricCurrencyCode: type: string pattern: ^[A-Z]{3,3}$ description: >- A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'. OzoneConnectConsentEventActionAPIs.AEAdditionalAccountHolderIdentifiers: type: array items: type: object properties: SchemeName: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AERiskExternalAccountIdentificationCode' Identification: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEIdentification' Name: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEName' required: - SchemeName - Identification OzoneConnectConsentEventActionAPIs.AEAddress: type: array items: type: object properties: AddressType: type: string enum: - Billing - Business - Correspondence - DeliveryTo - MailTo - POBox - Postal - Permanent - Residential - Statement - Other AddressLine: type: array items: type: string minItems: 1 maxItems: 7 BuildingNumber: type: string minLength: 1 maxLength: 16 BuildingName: type: string minLength: 1 maxLength: 140 Floor: type: string minLength: 1 maxLength: 70 StreetName: type: string minLength: 1 maxLength: 140 DistrictName: type: string minLength: 1 maxLength: 140 PostBox: type: string minLength: 1 maxLength: 16 TownName: type: string minLength: 1 maxLength: 140 CountrySubDivision: anyOf: - type: string enum: - AbuDhabi - Ajman - Dubai - Fujairah - RasAlKhaimah - Sharjah - UmmAlQuwain - type: string Country: type: string pattern: ^[A-Z]{2}$ required: - AddressType - AddressLine - Country minItems: 1 OzoneConnectConsentEventActionAPIs.AEAddressItem: type: array items: type: object properties: AddressType: type: string enum: - Billing - Business - Correspondence - DeliveryTo - MailTo - POBox - Postal - Permanent - Residential - Statement - Other AddressLine: type: array items: type: string minItems: 1 maxItems: 7 BuildingNumber: type: string minLength: 1 maxLength: 16 BuildingName: type: string minLength: 1 maxLength: 140 Floor: type: string minLength: 1 maxLength: 70 StreetName: type: string minLength: 1 maxLength: 140 DistrictName: type: string minLength: 1 maxLength: 140 PostBox: type: string minLength: 1 maxLength: 16 TownName: type: string minLength: 1 maxLength: 140 CountrySubDivision: anyOf: - type: string enum: - AbuDhabi - Ajman - Dubai - Fujairah - RasAlKhaimah - Sharjah - UmmAlQuwain - type: string Country: type: string pattern: ^[A-Z]{2}$ required: - AddressType - AddressLine - Country minItems: 1 OzoneConnectConsentEventActionAPIs.AEAmountAndCurrency: type: object required: - Currency - Amount properties: Currency: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.CurrencyCode' Amount: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.Amount' description: The Currency and Amount relating to the Payment OzoneConnectConsentEventActionAPIs.AEAuthorizationExpirationDateTime: type: string format: date-time description: The date and time by which a Consent (in AwaitingAuthorization status) must be Authorized by the User. OzoneConnectConsentEventActionAPIs.AEBankDataSharingRichAuthorizationRequests.AEBankDataSharingFromDate: type: string format: date description: >- Specified start date for the transaction or statement query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction or statement. All dates in the JSON payloads are represented in ISO 8601 date format. For example: 2025-01-01 OzoneConnectConsentEventActionAPIs.AEBankDataSharingRichAuthorizationRequests.AEBankDataSharingToDate: type: string format: date description: >- Specified end date for the transaction or statement query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction or the last statement generated. All dates in the JSON payloads are represented in ISO 8601 date format. For example: 2025-12-31 OzoneConnectConsentEventActionAPIs.AEBaseConsentId: type: string minLength: 1 maxLength: 128 description: The original ConsentId assigned by the TPP OzoneConnectConsentEventActionAPIs.AEChargeBearerType1Code: type: string enum: - BorneByCreditor - BorneByDebtor - Shared description: Specifies which party/parties will bear the charges associated with the processing of the payment transaction. OzoneConnectConsentEventActionAPIs.AECharges: type: array items: type: object properties: ChargeBearer: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEChargeBearerType1Code' Type: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEExternalPaymentChargeTypeCode' Amount: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEActiveCurrencyAmount' required: - ChargeBearer - Type - Amount OzoneConnectConsentEventActionAPIs.AEConfirmationOfPayeeResponse: type: string pattern: ^.+\..+\..+$ description: >- The JSON Web Signature returned by the Payee Confirmation operation at the Confirmation of Payee API. The value must be the full JWS string, including the header and signature, without decoding to an object. If Confirmation of Payee is not performed this property can be omitted OzoneConnectConsentEventActionAPIs.AEConsentExpirationDateTime: type: string format: date-time description: |- Specified date and time the consent will expire. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00 OzoneConnectConsentEventActionAPIs.AEConsentId: type: string minLength: 1 maxLength: 128 description: Unique identification assigned by the TPP to identify the consent resource. OzoneConnectConsentEventActionAPIs.AEConsentPermissions: type: array items: type: string enum: - ReadAccountsBasic - ReadAccountsDetail - ReadBalances - ReadRefundAccount minItems: 1 description: |- Specifies the permitted Account Access data types. This is a list of the data groups being consented by the User, and requested for authorization with the LFI. This allows a TPP to request a balance check permission. OzoneConnectConsentEventActionAPIs.AEConsentStatus: type: string enum: - AwaitingAuthorization - Authorized - Rejected - Revoked - Expired - Consumed - Suspended description: |- Specifies the status of a payment consent. | Consent Status| State Type| Description| |---------------|-----------|------| | AwaitingAuthorization | Pending | The consent is awaiting authorization.| | Authorized | In Use | The consent has been successfully authorized.| | Rejected | Terminal | The unauthorized consent has been rejected at the LFI.| | Revoked | Terminal | The consent has been revoked at the TPP or LFI.| | Expired | Terminal | The consent is now expired.| | Consumed | Terminal | The consented action(s) have either been completed successfully.| | Suspended | In Use | The consent has been suspended, pending further enquiries.| OzoneConnectConsentEventActionAPIs.AEConsentUsage: type: object properties: lastDataShared: type: string format: date-time description: >- The last time the data was shared with the TPP. This is updated by the CM when the data is shared with the TPP. lastServiceInitiationAttempt: type: string format: date-time description: The last time the payment was initiated by TPP. This is updated by the CM when payment is initiated by TPP. description: Contains information about the last time the consent was used. OzoneConnectConsentEventActionAPIs.AECreationDateTime: type: string format: date-time description: >- Date and time at which the message was created. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2023-04-05T10:43:07+00:00 OzoneConnectConsentEventActionAPIs.AECreditor: type: object properties: CreditorAgent: type: object properties: SchemeName: type: string enum: - BICFI - Other Identification: type: string Name: type: string minLength: 1 maxLength: 140 PostalAddress: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAddressItem' required: - SchemeName - Identification description: Refers to the Financial Institution. Creditor: type: object properties: Name: type: string minLength: 1 maxLength: 140 PostalAddress: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAddressItem' description: Party to which an amount of money is due. CreditorAccount: type: object properties: SchemeName: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AECreditorExternalAccountIdentificationCode' Identification: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEIdentification' Name: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEName' TradingName: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AETradingName' Type: type: string enum: - Individual - Merchant - Business - Charity - GovernmentBody - Other required: - SchemeName - Identification - Name - Type description: Unambiguous identification of the account of the creditor to which a credit entry will be posted. ConfirmationOfPayeeResponse: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEConfirmationOfPayeeResponse' description: Identification elements for a Creditor. OzoneConnectConsentEventActionAPIs.AECreditorExternalAccountIdentificationCode: type: string enum: - IBAN - AccountNumber description: Name of the identification scheme, in a coded form as published in an external list. OzoneConnectConsentEventActionAPIs.AECreditorIndicators: type: object properties: AccountType: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAccountTypeCode' IsCreditorPrePopulated: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEIsCreditorPrePopulated' TradingName: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AETradingName' IsVerifiedByTPP: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEIsVerifiedbyTPP' AdditionalAccountHolderIdentifiers: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAdditionalAccountHolderIdentifiers' MerchantDetails: type: object properties: MerchantId: type: string minLength: 8 maxLength: 20 MerchantName: type: string minLength: 1 maxLength: 350 MerchantSICCode: type: string minLength: 3 maxLength: 4 MerchantCategoryCode: type: string minLength: 3 maxLength: 4 description: >- Details of the Merchant involved in the transaction. Merchant Details are specified only for those merchant categories that are generally expected to originate retail financial transactions IsCreditorConfirmed: type: boolean description: Creditor account details have been confirmed successfully using Confirmation of Payee SupplementaryData: type: object description: Additional information that cannot be captured in the structured fields and/or any other specific block description: Creditor Indicators OzoneConnectConsentEventActionAPIs.AECurrencyRequest: type: object required: - CurrencyOfTransfer properties: InstructionPriority: type: string enum: - Normal - Urgent description: >- Indicator of the urgency or order of importance that the instructing party would like the instructed party to apply to the processing of the instruction. ExtendedPurpose: type: string minLength: 1 maxLength: 140 description: Specifies the purpose of an international payment. ChargeBearer: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEChargeBearerType1Code' CurrencyOfTransfer: type: string pattern: ^[A-Z]{3,3}$ description: >- Specifies the currency of the to be transferred amount, which is different from the currency of the debtor's account. DestinationCountryCode: type: string pattern: '[A-Z]{2,2}' description: >- Country in which Credit Account is domiciled. Code to identify a country, a dependency, or another area of particular geopolitical interest, on the basis of country names obtained from the United Nations (ISO 3166, Alpha-2 code). ExchangeRateInformation: type: object properties: UnitCurrency: type: string pattern: ^[A-Z]{3,3}$ ExchangeRate: type: number RateType: type: string enum: - Actual - Agreed - Indicative ContractIdentification: type: string minLength: 1 maxLength: 256 required: - UnitCurrency - RateType description: Provides details on the currency exchange rate and contract. FxQuoteId: type: string minLength: 1 maxLength: 128 description: >- Required where the consent or payment initiation request relates to a previously quoted FX trade. The TPP must provide the `QuoteId` value where a long-lived consent exists, meaning that each payment initiation request will relate to a different `QuoteId` value. description: >- The details of the non-local currency or FX request that has been agreed between the User and the TPP. The requested ChargeBearer and ExchangeRateInformation are included in this object may be overwritten by the LFI in the returned Consent object. OzoneConnectConsentEventActionAPIs.AEDebtorIndicators: type: object properties: Authentication: type: object properties: AuthenticationChannel: type: string enum: - App - Web PossessionFactor: type: object properties: IsUsed: type: boolean Type: type: string enum: - FIDO2SecurityKey - Passkey - OTPDevice - OTPApp - SMSOTP - EmailOTP - PushNotification - WebauthnToken - SecureEnclaveKey - HardwareOTPKey - TrustedDevice - Other KnowledgeFactor: type: object properties: IsUsed: type: boolean Type: type: string enum: - PIN - Password - SecurityQuestion - SMSOTP - EmailOTP - OTPPush - Other InherenceFactor: type: object properties: IsUsed: type: boolean Type: type: string enum: - Biometric - Fingerprint - FaceRecognition - IrisScan - VoiceRecognition - FIDOBiometric - DeviceBiometrics - Other ChallengeOutcome: type: string enum: - Pass - Fail - NotPerformed AuthenticationFlow: type: string enum: - MFA - Other AuthenticationValue: type: string ChallengeDateTime: type: string format: date-time description: The authentication method used by the User to access their account with the TPP UserName: type: object properties: en: type: string ar: type: string description: The Name of the User initiating the Payment GeoLocation: type: object properties: Latitude: type: string Longitude: type: string required: - Latitude - Longitude description: GPS to identify and track the whereabouts of the connected electronic device. DeviceInformation: type: object properties: DeviceId: type: string AlternativeDeviceId: type: string DeviceOperatingSystem: type: string DeviceOperatingSystemVersion: type: string DeviceBindingId: type: string LastBindingDateTime: type: string format: date-time BindingDuration: type: string format: duration BindingStatus: type: string enum: - Active - Expired - Revoked - Suspended DeviceType: type: string enum: - Mobile - Desktop - Tablet - Wearable - Other DeviceManufacturer: type: object properties: Model: type: string maxLength: 50 Manufacturer: type: string maxLength: 50 DeviceLanguage: type: string DeviceLocalDateTime: type: string ConnectionType: type: string enum: - WiFi - Cellular - Other ScreenInformation: type: object properties: PixelDensity: type: number Orientation: type: string enum: - Portrait - Landscape BatteryStatus: type: object properties: Level: type: number minimum: 0 maximum: 100 IsCharging: type: boolean TouchSupport: type: object properties: Supported: type: boolean MaxTouchPoints: type: integer minimum: 0 MotionSensors: type: object properties: Status: type: string enum: - InMotion - Stationary Accelerometer: type: boolean Gyroscope: type: boolean DeviceEnvironmentContext: type: array items: type: string enum: - VPNDetected - EmulatorDetected description: Detailed device information BiometricCapabilities: type: object properties: SupportsBiometric: type: boolean BiometricTypes: type: array items: type: string enum: - Fingerprint - FacialRecognition - Iris - VoicePrint - Other description: Device biometric capabilities AppInformation: type: object properties: AppVersion: type: string PackageName: type: string BuildNumber: type: string description: Mobile application specific information BrowserInformation: type: object properties: UserAgent: type: string IsCookiesEnabled: type: boolean AvailableFonts: type: array items: type: string Plugins: type: array items: type: string PixelRatio: type: number description: Browser-specific information UserBehavior: type: object properties: ScrollBehavior: type: object properties: Direction: type: string enum: - Up - Down - Both Speed: type: number Frequency: type: number description: User behavior indicators AccountRiskIndicators: type: object properties: UserOnboardingDateTime: type: string format: date-time LastAccountChangeDate: type: string format: date LastPasswordChangeDate: type: string format: date SuspiciousActivity: type: string enum: - NoSuspiciousActivity - SuspiciousActivityDetected TransactionHistory: type: object properties: LastDay: type: integer minimum: 0 LastYear: type: integer minimum: 0 description: Risk indicators related to the account SupplementaryData: type: object description: >- Additional information that cannot be captured in the structured fields and/or any other specific block This may include information that is not available in the structured fields, such as a user's behavioural data like their typing speed and typing patterns. description: Debtor (User) Indicators OzoneConnectConsentEventActionAPIs.AEEventNotification: type: object required: - Webhook properties: Webhook: type: object properties: Url: type: string IsActive: type: boolean required: - Url - IsActive description: A Webhook Schema description: A Webhook Subscription Schema OzoneConnectConsentEventActionAPIs.AEExchangeRateInformation: type: object required: - UnitCurrency - ExchangeRate - RateType properties: UnitCurrency: type: string pattern: ^[A-Z]{3,3}$ description: >- Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP. ExchangeRate: type: number description: >- The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency. RateType: type: string enum: - Actual - Agreed - Indicative description: Specifies the type used to complete the currency exchange. ContractIdentification: type: string minLength: 1 maxLength: 256 description: >- Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent. ExpirationDateTime: type: string format: date-time description: >- Specified date and time the exchange rate agreement will expire.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 description: Further detailed information on the exchange rate that has been used in the payment transaction. OzoneConnectConsentEventActionAPIs.AEExternalAccountTypeCode: type: string enum: - Retail - SME - Corporate description: Specifies the type of account (Retail, SME or Corporate). OzoneConnectConsentEventActionAPIs.AEExternalPaymentChargeTypeCode: type: string enum: - VAT - Fees description: Charge type, in a coded form. OzoneConnectConsentEventActionAPIs.AEIdentification: type: string minLength: 1 description: |- Identification for the account assigned by the LFI based on the Account Scheme Name. This identification is known by the User account owner. OzoneConnectConsentEventActionAPIs.AEInsuranceAuthorizationDetailProperties: type: object required: - ExpirationDateTime properties: BaseConsentId: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEBaseConsentId' ExpirationDateTime: type: string format: date-time description: |- Specified date and time the permissions will expire. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 OnBehalfOf: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEOnBehalfOf' Status: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAccountAccessConsentStatus' RevokedBy: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AERevokedBy' CreationDateTime: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AECreationDateTime' OzoneConnectConsentEventActionAPIs.AEInsuranceConsentBody: type: object required: - Data properties: Data: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEInsuranceAuthorizationDetailProperties' Meta: type: object properties: MultipleAuthorizers: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEMetaMultiAuthorization' Subscription: type: object properties: Webhook: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.Webhook' required: - Webhook OzoneConnectConsentEventActionAPIs.AEInsuranceConsentPermissionCodes: type: string enum: - ReadInsurancePolicies - ReadCustomerBasic - ReadCustomerDetail - ReadCustomerPaymentDetails - ReadInsuranceProduct - ReadCustomerClaims - ReadInsurancePremium OzoneConnectConsentEventActionAPIs.AEInsuranceConsentPermissions: type: object required: - InsuranceType - Permissions properties: InsuranceType: type: string enum: - Employment - Health - Home - Life - Motor - Renters - Travel description: The insurance sector to which the permissions relate. Permissions: type: array items: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEInsuranceConsentPermissionCodes' minItems: 1 description: >- The data clusters requested by the TPP, based on agreement with the User. Data will be returned based on the selected permissions. description: >- The permissions codes available to TPPs. Codes are qualified by insurance type which allows multiple sets of permissions to be selected in each consent. OzoneConnectConsentEventActionAPIs.AEInsuranceOpenFinanceBillingPost: type: object required: - Purpose properties: Purpose: type: string enum: - AccountAggregation - RiskAssessment - PremiumHistory - ClaimHistory - Onboarding - Verification - QuoteComparison - FinancialAdvice description: Purpose of data sharing request description: Billing parameters specified by the TPP OzoneConnectConsentEventActionAPIs.AEIsCreditorPrePopulated: type: boolean description: Is Creditor populated OzoneConnectConsentEventActionAPIs.AEIsVerifiedbyTPP: type: boolean description: The TPP has onboarded the Creditor OzoneConnectConsentEventActionAPIs.AEJWEPaymentPII: type: string description: |- A JSON Web Encryption (JWE) object, which encapsulates a JWS. The value is a compact serialization of a JWE, which is a string consisting of five base64url-encoded parts joined by dots. It encapsulates encrypted content using JSON data structures. The decrypted JWS content has the structure of the AEPaymentPII schema. OzoneConnectConsentEventActionAPIs.AEMetaMultiAuthorization: type: object properties: TotalRequired: type: number description: The total number of Authorizers required to process the request Authorizations: type: array items: type: object properties: AuthorizerId: type: string AuthorizerType: type: string AuthorizationDate: type: string format: date-time AuthorizationStatus: type: string enum: - Pending - Approved - Rejected description: >- Meta Data with Multi-Authorization relevant to the payload. For a payment, it represents any Authorizers within the financial institution domain that are involved in approving the payment request. OzoneConnectConsentEventActionAPIs.AEName: type: object properties: en: type: string maxLength: 70 description: English value of the string ar: type: string maxLength: 70 description: Arabic value of the string description: The Account Holder Name is the name or names of the Account owner(s) represented at the account level OzoneConnectConsentEventActionAPIs.AEOnBehalfOf: type: object properties: TradingName: type: string description: Trading Name LegalName: type: string description: Legal Name IdentifierType: allOf: - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEOnBehalfOfIdentifierType' description: Identifier Type Identifier: type: string description: Identifier OzoneConnectConsentEventActionAPIs.AEOnBehalfOfIdentifierType: type: string enum: - Other OzoneConnectConsentEventActionAPIs.AEPaymentConsentPII: type: object properties: Initiation: type: object properties: DebtorAccount: type: object properties: SchemeName: type: string enum: - IBAN Identification: type: string minLength: 1 Name: type: object properties: en: type: string maxLength: 70 ar: type: string maxLength: 70 required: - SchemeName - Identification Creditor: type: array items: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AECreditor' minItems: 1 description: >- The Initiation payload is sent by the initiating party to the LFI. It is used to request movement of funds from the debtor account to a creditor. Risk: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AERisk' description: Elements of Personal Identifiable Information data OzoneConnectConsentEventActionAPIs.AEPaymentConsentResponse: type: object required: - Data properties: Data: type: object properties: ConsentId: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEConsentId' BaseConsentId: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEBaseConsentId' IsSingleAuthorization: type: boolean AuthorizationExpirationDateTime: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAuthorizationExpirationDateTime' Permissions: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEConsentPermissions' AcceptedAuthorizationType: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAcceptedAuthorizationType' ExpirationDateTime: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEConsentExpirationDateTime' Status: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEConsentStatus' RevokedBy: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AERevokedBy' CreationDateTime: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AECreationDateTime' StatusUpdateDateTime: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEStatusUpdateDateTime' Charges: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AECharges' ExchangeRate: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEExchangeRateInformation' CurrencyRequest: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AECurrencyRequest' ControlParameters: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationConsentControlParameters' DebtorReference: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationDebtorReference' CreditorReference: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationCreditorReference' PaymentPurposeCode: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEPaymentPurposeCode' SponsoredTPPInformation: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AESponsoredTPPInformation' PaymentConsumption: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEPaymentConsumption' OpenFinanceBilling: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationOpenFinanceBilling' required: - ConsentId - ExpirationDateTime - Status Subscription: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEEventNotification' Meta: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEMetaMultiAuthorization' description: Payment Consent Response Schema OzoneConnectConsentEventActionAPIs.AEPaymentConsumption: type: object required: - CumulativeNumberOfPayments - CumulativeValueOfPayments properties: CumulativeNumberOfPayments: type: number description: >- The cumulative number of payment instructions initiated under the consent schedule, excluding instructions in a Rejected state. CumulativeValueOfPayments: type: object properties: Amount: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEActiveOrHistoricAmount' Currency: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEActiveOrHistoricCurrencyCode' required: - Amount - Currency description: >- The cumulative value of payment instructions initiated under the consent schedule, excluding instructions in a Rejected state. A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217." CumulativeNumberOfPaymentsInCurrentPeriod: type: number description: >- The cumulative number of payment instructions in the current period initiated under the consent schedule, excluding instructions in a Rejected state. CumulativeValueOfPaymentsInCurrentPeriod: type: object properties: Amount: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEActiveOrHistoricAmount' Currency: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEActiveOrHistoricCurrencyCode' required: - Amount - Currency description: >- The cumulative value of payment instructions in the current period initiated under the consent schedule, excluding instructions in a Rejected state. A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217." description: Data to track the consumption of Payments in relation to an authorized Consent Schedule OzoneConnectConsentEventActionAPIs.AEPaymentPurposeCode: type: string minLength: 1 maxLength: 4 pattern: ^[A-Z]{3}$ description: >- A category code that relates to the type of services or goods that corresponds to the underlying purpose of the payment. The code must conform to the published AANI payment purpose code list. OzoneConnectConsentEventActionAPIs.AEPeriodStartDate: type: string format: date description: '* Payments: Specifies the start date of when a payment schedule begins.' OzoneConnectConsentEventActionAPIs.AEPeriodType: type: string enum: - Day - Week - Month - Year description: >- A Period may begin from the Consent CreationDateTime if a PeriodStartDate is not provided. |Period Type|Description| |-----------|-----------| |Day|A continuous period of time, consisting of 24 consecutive hours, starting from midnight (00:00:00) and finishing at 23:59:59 of the same day. | |Week|A continuous period of time, consisting of seven consecutive days, starting from midnight (00:00:00) and finishing at 23:59:59 of the 7th day. | |Month|A continuous period of time starting from midnight (00:00:00) of the first day of a month and finishing at 23:59:59 of the last day of that month.| |Year|A continuous period of time, consisting of 12 months.| OzoneConnectConsentEventActionAPIs.AERequestedExecutionDate: type: string format: date description: >- The date when the TPP expects the LFI to execute the payment. The date must be in the future and cannot be on the same day or a day in the past. The maximum date in the future that can be specified is 1 year from the day of the consent of the User to the TPP. All dates in the JSON payloads are represented in ISO 8601 date format. OzoneConnectConsentEventActionAPIs.AERevokedBy: type: string enum: - LFI - TPP - LFI.InitiatedByUser - TPP.InitiatedByUser description: |- Denotes the Identifier of the revocation. | Identifier| Description| |-----------|------------| | LFI | Revoked by LFI without User initiation| | TPP | Revoked by TPP without User initiation| | LFI.InitiatedByUser | Initiated by User via the LFI| | TPP.InitiatedByUser | Initiated by User via the TPP| OzoneConnectConsentEventActionAPIs.AERisk: type: object properties: DebtorIndicators: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEDebtorIndicators' DestinationDeliveryAddress: type: object properties: RecipientType: type: string enum: - Individual - Corporate RecipientName: type: object properties: en: type: string ar: type: string NationalAddress: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAddress' description: Destination Delivery Address TransactionIndicators: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AETransactionIndicators' CreditorIndicators: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AECreditorIndicators' description: >- The Risk section is sent by the TPP to the LFI. It is used to specify additional details for risk/fraud scoring regarding Payments. OzoneConnectConsentEventActionAPIs.AERiskExternalAccountIdentificationCode: type: string enum: - EmiratesID - TradeLicenceNumber description: Name of the identification scheme, in a coded form as published in an external list. OzoneConnectConsentEventActionAPIs.AEServiceInitiationAuthorizationDetailProperties: type: object required: - ConsentId - ExpirationDateTime - PersonalIdentifiableInformation - ControlParameters - PaymentPurposeCode properties: ConsentId: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEConsentId' BaseConsentId: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEBaseConsentId' IsSingleAuthorization: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.IsSingleAuthorization' AuthorizationExpirationDateTime: type: string format: date-time description: >- A time by which a Consent (in AwaitingAuthorization status) must be Authorized by the User. The time window starts from the actual CreationDateTime (when the Consent is staged with the LFI). If the current time window exceeds the Authorization Expiration Time Window (and the Consent status is AwaitingAuthorization) then the Consent Status must be set to Rejected. The time window is based on a custom time format hhh:mm:ss. e.g. 720:00:00 represents a time window of 720 hours, 00 minutes, 00 seconds (30 days) after the CreationDateTime to Authorize the Consent. ExpirationDateTime: allOf: - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.ARConsentExpirationDateTime' description: |- Specified date and time the consent will expire. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00 Permissions: type: array items: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationConsentPermissionCodes' description: |- Specifies the permitted Account Access data types. This is a list of the data groups being consented by the User, and requested for authorization with the LFI. This allows a TPP to request a balance check permission. CurrencyRequest: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AECurrencyRequest' PersonalIdentifiableInformation: oneOf: - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEJWEPaymentPII' - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEPaymentConsentPII' description: >- Personal Identifiable Information, represented in both encoded and decoded form using a `oneOf`, to help implementers readily understand both the structure and serialized form of the property. **Implementations MUST reflect the AEJWEPaymentPII Schema Object** **structure and the notes provided on implementing a JWS and JWE** **The decoded form AEPaymentConsentPII is for guidance on content only** ControlParameters: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationConsentControlParameters' DebtorReference: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationDebtorReference' CreditorReference: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationCreditorReference' PaymentPurposeCode: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationPaymentPurposeCode' SponsoredTPPInformation: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationSponsoredTPPInformation' OzoneConnectConsentEventActionAPIs.AEServiceInitiationConsentControlParameters: type: object properties: IsDelegatedAuthentication: type: boolean description: >- Indicates whether the all payment controls will be defined and managed by the TPP under the Payment with Delegated Authentication capability ConsentSchedule: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationConsentSchedule' description: Control Parameters set the overall rules for the Payment Schedule OzoneConnectConsentEventActionAPIs.AEServiceInitiationConsentPermissionCodes: type: string enum: - ReadAccountsBasic - ReadAccountsDetail - ReadBalances - ReadRefundAccount OzoneConnectConsentEventActionAPIs.AEServiceInitiationConsentSchedule: type: object properties: SinglePayment: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationSinglePayment' MultiPayment: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationLongLivedPaymentConsent' FilePayment: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationFilePaymentConsent' description: |- The various payment types that can be initiated: * A Single Payment * A Multi-Payment * A Combined Payment (one SinglePayment and one MultiPayment) OzoneConnectConsentEventActionAPIs.AEServiceInitiationCreditorReference: type: string minLength: 1 maxLength: 35 description: |- A Creditor Reference is a note for a given Creditor or Creditor LFI that supports reconciliation of a given payment instruction. OzoneConnectConsentEventActionAPIs.AEServiceInitiationDebtorReference: type: string minLength: 1 maxLength: 35 description: |- A Debtor Reference is a note is for the reference of a given User that may be available as additional information in relation to a given payment instruction. OzoneConnectConsentEventActionAPIs.AEServiceInitiationFilePaymentConsent: type: object required: - FileType - FileHash - NumberOfTransactions - ControlSum properties: FileType: type: string minLength: 1 maxLength: 40 description: Specifies the payment file type FileHash: type: string minLength: 1 maxLength: 44 description: A base64 encoding of a SHA256 hash of the file to be uploaded. FileReference: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationReference' NumberOfTransactions: type: integer description: Number of individual transactions contained in the payment information group. ControlSum: type: string pattern: ^\d{1,16}\.\d{2}$ description: Total of all individual amounts included in the group, irrespective of currencies. RequestedExecutionDate: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AERequestedExecutionDate' description: A Consent definition for defining Bulk/Batch Payments OzoneConnectConsentEventActionAPIs.AEServiceInitiationFixedDefinedSchedule: type: object required: - Type - Schedule properties: Type: type: string enum: - FixedDefinedSchedule description: The Periodic Schedule Type Schedule: type: array items: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationFixedSchedule' minItems: 1 maxItems: 53 description: Payment Schedule denoting a list of pre-defined future dated payments all with fixed amounts and dates. OzoneConnectConsentEventActionAPIs.AEServiceInitiationFixedOnDemand: type: object required: - Type - PeriodType - PeriodStartDate - Amount - Controls properties: Type: type: string enum: - FixedOnDemand PeriodType: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEPeriodType' PeriodStartDate: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEPeriodStartDate' Amount: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAmountAndCurrency' Controls: type: object properties: MaximumCumulativeValueOfPaymentsPerPeriod: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAmountAndCurrency' MaximumCumulativeNumberOfPaymentsPerPeriod: type: integer description: >- Payment Controls that apply to all payment instructions in a given period under this payment consent. The payments for this consent may be executed on any date, as long as they are within the Controls for a PeriodType OzoneConnectConsentEventActionAPIs.AEServiceInitiationFixedPeriodicSchedule: type: object required: - Type - PeriodType - PeriodStartDate - Amount properties: Type: type: string enum: - FixedPeriodicSchedule PeriodType: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEPeriodType' PeriodStartDate: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEPeriodStartDate' Amount: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAmountAndCurrency' description: >- Payment Controls that apply to all payment instructions in a given period under this payment consent. The payments for this consent must be executed only on the PeriodStartDate, and dates recurring based on the PeriodType. OzoneConnectConsentEventActionAPIs.AEServiceInitiationFixedSchedule: type: object required: - PaymentExecutionDate - Amount properties: PaymentExecutionDate: type: string format: date description: |- Used to specify the expected payment execution date/time. All dates in the JSON payloads are represented in ISO 8601 date format. An example is: 2023-04-05 Amount: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAmountAndCurrency' OzoneConnectConsentEventActionAPIs.AEServiceInitiationFutureDatedPayment: type: object required: - Type - Amount - RequestedExecutionDate properties: Type: type: string enum: - SingleFutureDatedPayment Amount: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAmountAndCurrency' RequestedExecutionDate: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AERequestedExecutionDate' description: >- A single payment consent that MUST be used for a single payment executed by the LFI on a future date. This payment consent will be authorized by the User during the payment journey, and the payment will be executed by the TPP immediately. **Support for Single Future-Dated Payments warehoused at the LFI is removed from v2.1 of the standards.** **This property is therefore deprecated, and the Schema Object is retained to provide compatibility with** **existing consent resources.** OzoneConnectConsentEventActionAPIs.AEServiceInitiationLongLivedPaymentConsent: type: object required: - PeriodicSchedule properties: MaximumCumulativeValueOfPayments: allOf: - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAmountAndCurrency' description: >- The maximum cumulative value of all successful payment rails executions under the Consent. Each successful payment rails execution amount (related to the Consent) is added to the total cumulative value of the Consent which cannot exceed the maximum value agreed with the User at the point of consent. MaximumCumulativeNumberOfPayments: type: integer description: >- The maximum cumulative number of all successful payment rails executions under the Consent. Each successful payment rails execution (related to the Consent) is added to the total cumulative number of payments for the Consent which cannot exceed the maximum value agreed with the User at the point of consent. PeriodicSchedule: $ref: >- #/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule description: A Consent definition for defining Multi Payments OzoneConnectConsentEventActionAPIs.AEServiceInitiationLongLivedPaymentConsentPeriodicSchedule: type: object oneOf: - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationFixedDefinedSchedule' - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationVariableDefinedSchedule' - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationFixedPeriodicSchedule' - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationVariablePeriodicSchedule' - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationFixedOnDemand' - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationVariableOnDemand' discriminator: propertyName: Type mapping: FixedDefinedSchedule: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationFixedDefinedSchedule' VariableDefinedSchedule: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationVariableDefinedSchedule' FixedPeriodicSchedule: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationFixedPeriodicSchedule' VariablePeriodicSchedule: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationVariablePeriodicSchedule' FixedOnDemand: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationFixedOnDemand' VariableOnDemand: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationVariableOnDemand' description: The definition for a schedule OzoneConnectConsentEventActionAPIs.AEServiceInitiationOpenFinanceBilling: type: object properties: IsLargeCorporate: type: boolean description: Customer has more than 100 million AED turnover description: Billing parameters specified by the LFI OzoneConnectConsentEventActionAPIs.AEServiceInitiationPaymentPurposeCode: type: string minLength: 1 maxLength: 3 pattern: ^[A-Z]{3}$ description: >- A category code that relates to the type of services or goods that corresponds to the underlying purpose of the payment. The code must conform to the published Aani payment purpose code list. OzoneConnectConsentEventActionAPIs.AEServiceInitiationReference: type: string minLength: 1 maxLength: 35 description: A reason or reference in relation to a payment. OzoneConnectConsentEventActionAPIs.AEServiceInitiationSingleInstantPayment: type: object required: - Type - Amount properties: Type: type: string enum: - SingleInstantPayment description: The Payment Type Amount: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAmountAndCurrency' description: >- A single immediate payment consent that MUST be used for a single payment which will be initiated immediately after User authorization at the LFI. OzoneConnectConsentEventActionAPIs.AEServiceInitiationSinglePayment: type: object oneOf: - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationSingleInstantPayment' - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationFutureDatedPayment' discriminator: propertyName: Type mapping: SingleInstantPayment: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationSingleInstantPayment' SingleFutureDatedPayment: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationFutureDatedPayment' description: A Consent definition for defining Single Payments OzoneConnectConsentEventActionAPIs.AEServiceInitiationSponsoredTPPInformation: type: object required: - Name - Identification properties: Name: type: string minLength: 1 maxLength: 50 description: The Sponsored TPP Name Identification: type: string minLength: 1 maxLength: 50 description: The Sponsored TPP Identification description: |- The Sponsored TPP is: * A TPP that itself has no direct Open Banking API integrations. * A TPP that is using the integration of another TPP that does have direct Open Banking API integrations. OzoneConnectConsentEventActionAPIs.AEServiceInitiationVariableDefinedSchedule: type: object required: - Type - Schedule properties: Type: type: string enum: - VariableDefinedSchedule description: The Periodic Schedule Type Schedule: type: array items: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationVariableSchedule' minItems: 1 maxItems: 53 description: Payment Schedule denoting a list of pre-defined future dated payments all with variable amounts and dates. OzoneConnectConsentEventActionAPIs.AEServiceInitiationVariableOnDemand: type: object required: - Type - PeriodType - PeriodStartDate - Controls properties: Type: type: string enum: - VariableOnDemand PeriodType: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEPeriodType' PeriodStartDate: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEPeriodStartDate' Controls: type: object properties: MaximumIndividualAmount: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAmountAndCurrency' MaximumCumulativeValueOfPaymentsPerPeriod: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAmountAndCurrency' MaximumCumulativeNumberOfPaymentsPerPeriod: type: integer description: >- Payment Controls that apply to all payment instructions in a given period under this payment consent. The payments for this consent may be executed on any date, as long as they are within the Controls for a PeriodType OzoneConnectConsentEventActionAPIs.AEServiceInitiationVariablePeriodicSchedule: type: object required: - Type - PeriodType - PeriodStartDate - MaximumIndividualAmount properties: Type: type: string enum: - VariablePeriodicSchedule PeriodType: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEPeriodType' PeriodStartDate: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEPeriodStartDate' MaximumIndividualAmount: allOf: - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAmountAndCurrency' description: This is the Maximum amount a variable payment can take per period. description: >- Payment Controls that apply to all payment instructions in a given period under this payment consent. The payments for this consent must be executed only on the PeriodStartDate, and dates recurring based on the PeriodType. OzoneConnectConsentEventActionAPIs.AEServiceInitiationVariableSchedule: type: object required: - PaymentExecutionDate - MaximumIndividualAmount properties: PaymentExecutionDate: type: string format: date description: >- Used to specify the expected payment execution date/time. All dates in the JSON payloads are represented in ISO 8601 date format. An example is: 2023-04-05 MaximumIndividualAmount: allOf: - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAmountAndCurrency' description: This is the Maximum amount a variable payment can take per period. OzoneConnectConsentEventActionAPIs.AESponsoredTPPInformation: type: object properties: Name: type: string minLength: 1 maxLength: 50 description: The Sponsored TPP Name Identification: type: string minLength: 1 maxLength: 50 description: The Sponsored TPP Identification description: |- The Sponsored TPP is: * A TPP that itself has no direct Open Banking API integrations. * A TPP that is using the integration of another TPP that does have direct Open Banking API integrations. OzoneConnectConsentEventActionAPIs.AEStatusUpdateDateTime: type: string format: date-time description: >- Date and time at which the resource status was updated.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2023-04-05T10:43:07+00:00 OzoneConnectConsentEventActionAPIs.AETradingName: type: object properties: en: type: string maxLength: 70 description: English value of the string ar: type: string maxLength: 70 description: Arabic value of the string description: |- The Trading Brand Name (if applicable) for the Creditor. Applicable to Payments. OzoneConnectConsentEventActionAPIs.AETransactionIndicators: type: object properties: IsCustomerPresent: type: boolean description: This field differentiates between automatic and manual payment initiation. IsContractPresent: type: boolean description: Indicates if the Creditor has a contractual relationship with the TPP. Channel: type: string enum: - Web - Mobile description: Where the payment has been initiated from. ChannelType: type: string enum: - ECommerce - InStore - InApp - Telephone - Mail - RecurringPayment - Other description: The channel through which the transaction is being conducted SubChannelType: type: string enum: - WebBrowser - MobileApp - SmartTV - WearableDevice - POSTerminal - ATM - KioskTerminal - Other description: More specific classification of the transaction channel PaymentProcess: type: object properties: TotalDuration: type: integer minimum: 0 CurrentSessionAttempts: type: integer minimum: 1 CurrentSessionFailedAttempts: type: integer minimum: 0 Last24HourAttempts: type: integer minimum: 0 Last24HourFailedAttempts: type: integer minimum: 0 description: Metrics related to the payment process duration and attempts MerchantRisk: type: object properties: DeliveryTimeframe: type: string enum: - ElectronicDelivery - SameDayShipping - OvernightShipping - MoreThan1DayShipping ReorderItemsIndicator: type: string enum: - FirstTimeOrder - Reorder PreOrderPurchaseIndicator: type: string enum: - MerchandiseAvailable - FutureAvailability IsGiftCardPurchase: type: boolean IsDeliveryAddressMatchesBilling: type: boolean AddressMatchLevel: type: string enum: - FullMatch - PartialMatch - NoMatch - NotApplicable description: Risk indicator details provided by the merchant SupplementaryData: type: object description: Additional information that cannot be captured in the structured fields and/or any other specific block description: Transaction Indicators OzoneConnectConsentEventActionAPIs.ARConsentExpirationDateTime: type: string format: date-time OzoneConnectConsentEventActionAPIs.Amount: type: string pattern: ^\d{1,16}\.\d{2}$ description: >- A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217. OzoneConnectConsentEventActionAPIs.AuthorizationDetails: oneOf: - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.DataSharingAuthorizationDetails' - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.InsuranceAuthorizationDetails' - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.ServiceInitiationAuthorizationDetails' description: |- The request body for creating a new consent. The body consists of the RAR request that is sent by the TPP to the authorization server. OzoneConnectConsentEventActionAPIs.AuthorizationDetailsDataSharingConsent: type: object required: - ConsentId - Permissions - OpenFinanceBilling properties: BaseConsentId: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEBaseConsentId' ExpirationDateTime: type: string format: date-time description: |- Specified date and time the permissions will expire. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 TransactionFromDateTime: type: string format: date-time description: |- Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 **DEPRECATED AT V2.1, REPLACED BY `FromDate`** TransactionToDateTime: type: string format: date-time description: |- Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 **DEPRECATED AT V2.1, REPLACED BY `ToDate`** FromDate: $ref: >- #/components/schemas/OzoneConnectConsentEventActionAPIs.AEBankDataSharingRichAuthorizationRequests.AEBankDataSharingFromDate ToDate: $ref: >- #/components/schemas/OzoneConnectConsentEventActionAPIs.AEBankDataSharingRichAuthorizationRequests.AEBankDataSharingToDate AccountType: type: array items: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEExternalAccountTypeCode' AccountSubType: type: array items: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAccountSubTypeCode' OnBehalfOf: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEOnBehalfOf' ConsentId: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEConsentId' Permissions: type: array items: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAccountAccessConsentPermissionCodes' minItems: 1 OpenFinanceBilling: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAccountAccessOpenFinanceBillingPost' OzoneConnectConsentEventActionAPIs.AuthorizationDetailsInsuranceConsent: type: object required: - ExpirationDateTime - ConsentId - Permissions - OpenFinanceBilling properties: BaseConsentId: type: string description: The original ConsentId assigned by the TPP ExpirationDateTime: type: string format: date-time description: >- Specified date and time the permissions will expire. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 OnBehalfOf: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.OnBehalfOf' ConsentId: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEConsentId' Permissions: type: array items: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEInsuranceConsentPermissions' minItems: 1 OpenFinanceBilling: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEInsuranceOpenFinanceBillingPost' OzoneConnectConsentEventActionAPIs.ConsentManager.AEOpenFinanceBillingUpdateProperties: type: object required: - IsLargeCorporate properties: IsLargeCorporate: type: boolean description: Customer has more than 100 million AED turnover description: Billing parameters specified by the LFI OzoneConnectConsentEventActionAPIs.ConsentManager.AccountIdentifiers: type: array items: type: string minItems: 1 description: >- An array of Account Identifier values associated with the Consent, which must be populated once consent has been authorised. For Bank Service Initiation, the array must always have one element, which is the debtor account from which the payment will be made For Bank Data Sharing requests, the array may contain multiple values, representing each of the payment accounts for which an data will be provide. Insurance Data Sharing does not require `accountIds` to be patched, and will instead use `insurancePolicyIds`. `accountIds` will, however, be populated with the value of `insurancePolicyIds` by a trigger in the Consent Manager, which ensures a consistent set of identifiers are available across different consent types. OzoneConnectConsentEventActionAPIs.ConsentManager.SupplementaryInformation: type: object description: Contains additional information at the discretion of the financial institution. OzoneConnectConsentEventActionAPIs.CurrencyCode: type: string pattern: ^[A-Z]{3}$ description: >- A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'. OzoneConnectConsentEventActionAPIs.DataSharingAuthorizationDetails: type: object properties: type: type: string pattern: ^urn:openfinanceuae:(?:account-access|insurance|service-initiation)-consent:v[0-9]+\.[0-9]+$ description: The Rich Authorization Request (RAR) type consent: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AuthorizationDetailsDataSharingConsent' subscription: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.EventNotification' OzoneConnectConsentEventActionAPIs.EventNotification: type: object required: - Webhook properties: Webhook: type: object properties: Url: type: string IsActive: type: boolean required: - Url - IsActive description: A Webhook Schema description: A Webhook Subscription Schema OzoneConnectConsentEventActionAPIs.InsuranceAuthorizationDetails: type: object properties: type: type: string pattern: ^urn:openfinanceuae:(?:account-access|insurance|service-initiation)-consent:v[0-9]+\.[0-9]+$ description: The Rich Authorization Request (RAR) type consent: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AuthorizationDetailsInsuranceConsent' subscription: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.EventNotification' OzoneConnectConsentEventActionAPIs.IsSingleAuthorization: type: boolean description: |- Specifies to the LFI that the consent authorization must be completed in a single authorization Step with the LFI OzoneConnectConsentEventActionAPIs.OnBehalfOf: type: object properties: TradingName: type: string description: Trading Name LegalName: type: string description: Legal Name IdentifierType: type: string enum: - Other description: Identifier Type Identifier: type: string description: Identifier description: On Behalf Of OzoneConnectConsentEventActionAPIs.ServiceInitiationAuthorizationDetails: type: object properties: type: type: string pattern: ^urn:openfinanceuae:(?:account-access|insurance|service-initiation)-consent:v[0-9]+\.[0-9]+$ description: The Rich Authorization Request (RAR) type consent: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEServiceInitiationAuthorizationDetailProperties' subscription: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.EventNotification' OzoneConnectConsentEventActionAPIs.ValidateResponseStatusEnum: type: string enum: - valid - invalid OzoneConnectConsentEventActionAPIs.Webhook: type: object required: - Url - IsActive properties: Url: type: string description: The TPP Callback URL being registered with the LFI IsActive: type: boolean description: >- The TPP specifying whether the LFI should send (IsActive true) or not send (IsActive false) Webhook Notifications to the TPP's Webhook URL description: A Webhook Subscription Schema OzoneConnectConsentEventActionAPIs.cbuaeConsentBody: oneOf: - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEAccountAccessConsentBody' - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEInsuranceConsentBody' - $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEPaymentConsentResponse' description: |- An object representing the current state of the consent. This includes the entire request, augmented by additional computed properties (e.g. ids, charges etc) OzoneConnectConsentEventActionAPIs.insurancePolicyIds: type: array items: type: string minItems: 1 description: >- List of insurance policy identifiers that have been selected and authorized by the User when consenting to insurance policy access. The LFI **MUST** patch these values onto the consent after the User has selected them, to ensure the policies are correctly retrieved based on the consent in operations such as `get /life-insurance-policies`. OzoneConnectConsentEventActionAPIs.psuIdentifiers: type: object required: - userId properties: userId: type: string description: |- The PSU that is associated with this consent. The `PSUIdentifiers` object may have artitrary custom fields that an financial institution may use to identify the PSU. However, all `PSUIdentifiers` must have a mandatory `userId` field that provides a unique user id for the PSU. The consent is initially created without a PSU identified. The value must be specified once the consent is authorised. OzoneConnectConsentEventActionAPIs.softwareStatementProperties: type: object properties: redirect_uris: type: array items: type: string description: The redirect URIs registered by the TPP at the Trust Framework client_name: type: string description: Name of the Client to be presented to the End-User. client_uri: type: string description: URL of the home page of the Client. logo_uri: type: string description: URL of the Client logo. jwks_uri: type: string description: URL of the Client JSON Web Key Set (JWKS) at the Trust Framework. client_id: type: string description: Unique Client Identifier. roles: type: array items: type: string description: The roles under which the organization is registered at the Trust Framework. sector_identifier_uri: type: string description: >- URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. Allows redirect URI values to be grouped, easing registration management. application_type: type: string description: Client application type. organisation_id: type: string description: Organization identifier for organization that owns the Client. description: |- The decoded software statement retrieved from the Trust Framework that provides the properties of the Client. Please note: - The JSON payload will contain other properties in addition to those listed here. The properties listed here are considered most relevant for activities such as TPP logo retrieval and JWS verification. - The content reflects elements of discovery metadata, which in generally defined as a file rather than an API. Providing constraints such as `minLength` and `maxLength` is impractical in this context The full software statement record is also available in the Trust Framework. Please also refer the Registration Framework page in the CBUAE standards for additional guidance on these properties. OzoneConnectConsentEventActionAPIs.tpp: type: object required: - clientId - tppId - tppName - softwareStatementId - decodedSsa - orgId properties: clientId: type: string pattern: ^.*[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$ description: The client identifier for the TPP as issued by the Trust Framework tppId: type: string description: The identifier used by the API Hub to uniquely identify the TPP tppName: type: string description: The TPP name recorded in the Trust Framework obieTppId: type: string description: The UK market TPP identifier. This property is not used for CBUAE and is therefore marked as deprecated. softwareStatementId: type: string description: The software statement identifier for the Client. obieSoftwareStatementId: type: string description: >- The UK market software statement identifier. This property is not used for CBUAE and is therefore marked as deprecated. obieSoftwareStatementName: type: string description: >- The UK market software statement name. This property is not used for CBUAE and is therefore marked as deprecated. directoryRecord: type: string format: base64 description: >- The latest copy of the TPP directory record retrieve from the CBUAE Trust Framework directory, encoded as a Base 64 string ssa: type: string description: >- The encoded Software Statement Assertion. This property is not used for CBUAE and is therefore marked as deprecated. decodedSsa: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.softwareStatementProperties' orgId: type: string pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$ description: The organization identifier for the TPP description: >- The TPP record as held by Ozone. If Ozone TPP Connect has been integrated into a directory, the `directoryRecord` provides the TPP's directory record as held by Ozone in base 64 encoded format. OzoneConnectInitializeUserRegistrationPersonalIdentifiableInformation: oneOf: - type: string - type: object properties: emiratesId: type: string description: Emirates ID emiratesIdExpirationDate: type: string format: date description: Emirates ID Expiration Date required: - emiratesId description: Request to initialize user registration. OzoneConnectInitializeUserRegistrationRequestBody: type: object required: - verificationTypes - personalIdentifiableInformation properties: verificationTypes: type: array items: $ref: '#/components/schemas/OzoneConnectUserVerificationCodes' minItems: 1 description: Verification performed by API Hub services. personalIdentifiableInformation: allOf: - $ref: '#/components/schemas/OzoneConnectInitializeUserRegistrationPersonalIdentifiableInformation' description: User personal information encrypted by API Hub services and transmitted to the LFI. OzoneConnectInitializeUserRegistrationResponseBody: type: object required: - user - registrationStatus properties: user: allOf: - $ref: '#/components/schemas/OzoneConnectProviderUserProperties' description: Properties of the User identified by the LFI, used to correlate User in all operations. registrationStatus: allOf: - $ref: '#/components/schemas/OzoneConnectUserRegistrationStatusCodes' description: Status of the user registration request. registrationStatusMessage: type: string description: Optional message providing information on the status of the user registration request. maskedEmailAddress: type: string description: >- Masked email address to which a challenge will be sent. The value must be sufficiently obfuscated to safeguard data privacy but allow recognition by the User. maskedPhoneNumber: type: string description: >- Masked phone number to which a challenge will be sent. The value must be sufficiently obfuscated to safeguard data privacy but allow recognition by the User. description: Response to a user registration request. OzoneConnectProviderUserIdentifier: type: object required: - userId properties: userId: type: string description: A user identifier value that uniquely identifies a given User at the LFI. supplementaryData: type: object additionalProperties: $ref: '#/components/schemas/SupplementaryData' description: Supplementary data relating the user as identified by the bank OzoneConnectProviderUserProperties: type: object required: - providerUserIdentifier - userIdentificationProperties properties: providerUserIdentifier: allOf: - $ref: '#/components/schemas/OzoneConnectProviderUserIdentifier' description: The identifier of the user at the financial institution userIdentificationProperties: type: string description: The encrypted properties of the user provided by the financial institution OzoneConnectUserChallengeIdType: type: string format: uuid OzoneConnectUserChallengeStatusCodes: type: string enum: - Pending - Sent - Passed - TransmissionFailed - VerificationFailed OzoneConnectUserDeregistrationRequestBody: type: object required: - userId properties: userId: type: string description: A user identifier value that uniquely identifies a given User at the LFI. OzoneConnectUserRegistrationStatusCodes: type: string enum: - AwaitingChallengeResponse - ChallengeFailed - Complete OzoneConnectUserVerificationCodes: type: string enum: - EFR - UAEPass - LivenessCheck PiiDecryptionResponseProperties: type: object required: - payload properties: jws: type: string description: >- The decrypted payload as a JWS, including both the header and signature. Financial institutions should return this value, if available through the decryption implementation, to support any additional verification actions at the CAAP Resource Server. payload: type: object description: >- The decrypted JWS payload as a JSON object or, if not wrapped in a JWS, the decrypted JSON object. This value MUST be a JSON object. SupplementaryData: type: object ValidateConsentRequest: type: object required: - data properties: data: $ref: '#/components/schemas/ValidateConsentRequestProperties' ValidateConsentRequestProperties: type: object required: - id - consentType - request - requestHeaders - consentBody - tpp properties: id: type: string description: A unique identifier for the consent in uuid-v4 format. parId: type: string description: |- A unique identifier for the PAR request that created this consent. The value matches the value of the request_uri returned by the post call to the PAR endpoint. rarType: type: string pattern: ^urn:openfinanceuae:(?:account-access|insurance|service-initiation)-consent:v[0-9]+\.[0-9]+$ description: |- The authorization detail type of the RAR request that resulted in this consent. This value matches the Type of the authorization_details element of the RAR request. Its value will be one of the authorization_details_types_supported on the well-known endpoint. standardVersion: type: string description: >- The standardVersion field specifies the standardized version of an API set. An API set refers to a group of APIs designed to deliver a specific functionality (e.g., accounts, payments, insurance). Example values: 'v1.0', 'v2.1', or 'insurance:v1.1'." consentGroupId: type: string description: |- A unique identifier for the consent group in uuid-v4 format. The consent group id is used to group together consents that are related to each other. requestUrl: type: string format: uri description: The request url of Http request that was received by Ozone from the TPP consentType: type: string description: >- The type of the consent that is being created. Each financial institution's instance may support a different set of consent types The Consent Manager supports the creation of consents of different consent types depending on the standards supported. - cbuae-account-access-consents - cbuae-service-initiation-consents - cbuae-insurance-consents status: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEConsentStatus' request: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AuthorizationDetails' requestHeaders: type: object description: The entire set of Http request headers that was received by Ozone from the TPP consentBody: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.cbuaeConsentBody' interactionId: type: string description: The Heimdall `interactionId` that this consent is associated with. tpp: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.tpp' ozoneSupplementaryInformation: type: object updatedAt: type: number description: When the consent was last updated, as an epoch-based date/time psuIdentifiers: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.psuIdentifiers' accountIds: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.ConsentManager.AccountIdentifiers' insurancePolicyIds: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.insurancePolicyIds' supplementaryInformation: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.ConsentManager.SupplementaryInformation' paymentContext: type: object ConnectToken: type: string description: >- A bearer token that will be sent as the `Authorization` header for calls to Ozone Connect made under this consent. consentUsage: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.AEConsentUsage' authorizationChannel: type: string enum: - App - Web ValidateConsentResponse: type: object required: - data properties: data: $ref: '#/components/schemas/ValidateConsentResponseProperties' ValidateConsentResponseProperties: type: object required: - status properties: status: $ref: '#/components/schemas/OzoneConnectConsentEventActionAPIs.ValidateResponseStatusEnum' pii: allOf: - $ref: '#/components/schemas/PiiDecryptionResponseProperties' description: Where a Consent contains PII, the decrypted PII data, to be used in the User journey in the CAAP App. errorCode: type: string description: An error code that allows a given negative validation condition to be identified. errorDescription: type: string description: An error message provides additional information as to why the Consent failed validation. userMessage: type: string minLength: 1 maxLength: 500 description: >- A message to be displayed at the CAAP App that describes to the User why validation of the Consent failed, and any steps they can take to resolve the validation issue. description: >- Properties of the CAAP Consent Validation operation at the LFI. Includes decrypted PII, where applicable, to be used in the CAAP User journey. AccountsResponse: type: object description: | A descriptor for an account. This is a composite object that may be expanded in the future to support additional account types for new API standards and account types. example: data: - id: string accountType: Retail accountSubType: CurrentAccount currency: GBP status: Active accountHolderName: string servicer: schemeName: BICFI identification: string accountNumbers: - name: string schemeName: IBAN identification: string product: id: string productName: string bundleName: string meta: {} properties: data: type: array items: $ref: '#/components/schemas/CbuaeAccount' description: Primary data for the resource meta: $ref: '#/components/schemas/Meta' AccountResponse: type: object description: | A descriptor for an account. This is a composite object that may be expanded in the future to support additional account types for new API standards and account types. properties: data: $ref: '#/components/schemas/CbuaeAccount' meta: $ref: '#/components/schemas/Meta' CbuaeAccount: type: object properties: id: type: string description: Unique identifier for the account resource product: $ref: '#/components/schemas/ProductIdentifier' multiAuth: type: boolean description: Indicator that labels the account as requiring multiple authorizers businessCustomer: type: array items: $ref: '#/components/schemas/CustomerIdentifier' description: Provides the customer identifiers for an account when the account is a business account customers: type: array items: $ref: '#/components/schemas/CustomerIdentifier' minItems: 1 description: Provides the customer identifiers for an account when the account is a non-business account accountHolderName: $ref: '#/components/schemas/AccountHolderName' accountHolderShortName: $ref: '#/components/schemas/AccountHolderShortName' status: description: > Specifies the status of account resource in code form. * Active: The account exist and is in an active state. * Inactive: The account is deemed not active by the LFI. Please refer to the [CBUAE Website](https://rulebook.centralbank.ae/en/rulebook/dormant-accounts-regulation) for qualification of Inactive status. * Dormant: Please refer to the [CBUAE Website](https://rulebook.centralbank.ae/en/rulebook/dormant-accounts-regulation) for the definition of Dormant status. * Unclaimed: Please refer to the [CBUAE Website](https://rulebook.centralbank.ae/en/rulebook/dormant-accounts-regulation) for the definition of Unclaimed status. * Deceased: The account holder has passed away. * Suspended: The account has been temporarily deactivated by the LFI for reasons such as suspicious activities or non-compliance with regulations. The account holder might be unable to access funds or perform transactions until the bank's requirements are met, and the suspension is lifted. * Closed: The account is closed type: string enum: - Active - Inactive - Dormant - Unclaimed - Deceased - Suspended - Closed statusUpdateDateTime: description: Date and time at which the resource status was updated. type: string format: date-time currency: $ref: '#/components/schemas/TCurrency' accountType: description: Specifies the type of account (Retail, SME or Corporate). type: string enum: - Retail - SME - Corporate accountSubType: $ref: '#/components/schemas/AEExternalAccountSubTypeCode' description: description: Specifies the description of the account sub-type. type: string nickName: description: >- The nickname of the account, assigned by User 1 to provide an additional and easier means of identification of the account at the financial instituation type: string openingDate: description: >- Date on which the account and its related basic services by financial institution started to be operational for User 1 type: string format: date-time maturityDate: description: | * Fixed Term Savings Account MaturityDate is the date on which the savings mature and the balance can be withdrawn by the User without penalty type: string format: date-time accountNumbers: type: array items: $ref: '#/components/schemas/AccountIdentifiers' minItems: 1 description: >- Provides the account numbers that identity the account. This is separate to the `accountId`, which uniquely identifies the account resource. servicer: $ref: '#/components/schemas/AEBranchAndFinancialInstitutionIdentification5_0' availableBalance: description: > Required where CAAP is implemented by an LFI and the value of the header field `o3-is-caap-consent-operation` is set to true. Omitted by non-CAAP users. Provides the available balance on the account for use in CAAP consent user journey. LFIs must provide the `balanceType` value equivalent to that which their customer would see in a internet or mobile banking payment journey. This property is specified as an array to future proof against changes to the CAAP customer experience, where more than one balance in the consent authorization screen may be required. minItems: 1 items: type: object required: - creditDebitIndicator - balanceType - timestamp - amount properties: creditDebitIndicator: $ref: '#/components/schemas/AECreditDebitIndicator' balanceType: $ref: '#/components/schemas/CbuaeBalanceType' timestamp: $ref: '#/components/schemas/AEBalanceCheckDateTime' amount: $ref: '#/components/schemas/OBActiveOrHistoricCurrencyAndAmount_8' creditLines: description: Credit line available to the customer for the given balance, provided to allow the available overdraft to be provided in the consent authorization user experience. type: array minItems: 1 items: $ref: '#/components/schemas/CbuaeCreditLine' # Extended Product Data Enhancement isShariaCompliant: $ref: '#/components/schemas/AEShariaFlag' required: - id additionalProperties: false description: The properties of an account AccountIdentifiers: type: object description: Provides the details to identify an account. required: - schemeName - identification properties: schemeName: $ref: '#/components/schemas/AEExternalAccountIdentificationCode' identification: $ref: '#/components/schemas/Identification_0' name: $ref: '#/components/schemas/Name_0' additionalProperties: false AEExternalAccountIdentificationCode: description: Name of the identification scheme for the account. Encoded with allowable values published in an external list. type: string enum: - IBAN - AccountNumber - MaskedPAN - MortgageReference - FinanceReference Identification_0: description: > Identification for the account assigned by the financial institution based on the Account Scheme Name. This identification is known by the User 1 account owner. For IBAN, refer to the ISO Standard 13616. type: string minLength: 1 maxLength: 400 Name_0: description: >- The account name is the name or names of the User 1 account owner(s) represented at an account level, as displayed by the financial institution's online channels. Note: The account name is not the product name or the nickname of the account. type: string minLength: 1 maxLength: 70 AEBranchAndFinancialInstitutionIdentification5_0: type: object required: - schemeName - identification description: >- Party that manages the account on behalf of the account owner, that is manages the registration and booking of entries on the account, calculates balances on the account and provides information about the account. properties: schemeName: $ref: '#/components/schemas/AEExternalFinancialInstitutionIdentificationCode' identification: $ref: '#/components/schemas/Identification_1' additionalProperties: false Identification_1: description: > * /accounts resource Unique and unambiguous identification of the financial institution as the account servicing institution for the Open Finance services. * /beneficiaries resource Unique and unambiguous identification of the Creditor Agency as the servicing institution of the Beneficiary. * /scheduled-payments resource Unique and unambiguous identification of the financial institution as the account servicing institution for the Open Finance services. * /standing-orders resource Unique and unambiguous identification of the financial institution as the account servicing institution for the Open Finance services. * /transactions resource Unique and unambiguous identification of the financial institution as the account servicing institution for the Open Finance services. * Notes: Based on the value of the field **IdentificationType**, this entry may be : * BICFI: The BIC/SWIFT Code * Other: Identification code that is not a BIC/SWIFT code and allows a financial institution to be identified. type: string minLength: 1 maxLength: 35 AEExternalFinancialInstitutionIdentificationCode: description: > * /accounts resource The name of the identification scheme for the financial institution as the account services provider. Encoded with allowable value as published in an external list. * /beneficiaries resource Refers to the Financial Institution that manages the account on behalf of the Beneficiary party, managing registration, booking of entries on the account, calculating balances on the account and providing information about the account. This is the servicing Financial Institution of the Beneficiary account. * /scheduled-payments resource Refers to the identification scheme for uniquely identifying the Creditor Agent. * /standing-orders resource Refers to the identification scheme for uniquely identifying the Creditor Agent. * /transactions resource Refers to the identification scheme for uniquely identifying the Creditor Agent. anyOf: - type: string enum: - BICFI - Other - deprecated: true type: string enum: - BICFI - OTHER ProductIdentifier: type: object properties: id: type: string description: Identifier within the LFI for the product. Must be unique in the organisation. productName: type: string description: Descriptive name for the product. bundleName: description: >- Optional field to indicate if this account is part of a bundle that is providing additional benefit for to the customer type: string description: Provides the details of a given product at the LFI CustomerIdentifier: type: object properties: id: type: string description: Identifier within the LFI for the customer. customerName: type: string description: Name of the customer. required: - id - customerName description: Provides the unique identifier and name for a given customer at the LFI CbuaeBalanceType: type: string enum: - ClosingAvailable - ClosingBooked - ClosingCleared - Expected - ForwardAvailable - Information - InterimAvailable - InterimBooked - InterimCleared - OpeningAvailable - OpeningBooked - OpeningCleared - PreviouslyClosedBooked description: > The type of balance for the account. Encoded with allowable values of: * 'ClosingAvailable' - end of day balance specifying the amount available to User 1 to withdraw or use. * 'ClosingBooked' - end of day balance including value of payments for cheques or payments which have not been cleared yet. * 'ClosingCleared' - end of day balance including value of payments for cheques or payments which have been cleared. * 'Expected' - intra day balance including value of payments for cheques or payments which have been cleared. * 'ForwardAvailable' - intraday balance specifying the amount available to User 1 to withdraw or use considering forward dated payments or other intraday payments or cheques that will be clearing to the account. * 'Information' - TBC. * 'InterimAvailable' - intraday balance specifying the amount available to User 1 to withdraw or use (most probably real-time.'InterimBooked' - intraday balance including value of payments for cheques or payments which have not been cleared yet. * 'InterimCleared' - intraday balance including value of payments for cheques or payments which have been cleared (probably real-time). * 'OpeningAvailable' - start of day balance specifying the amount available to User 1 to withdraw or use. * 'OpeningBooked' - start of day balance including value of payments for cheques or payments which have not been cleared yet. * 'OpeningCleared' - start of day balance including value of payments for cheques or payments which have been cleared. * 'PreviouslyClosedBooked' -TBC. Note: LFIs support different types for presenting account balance, so this list is used to support different LFI systems in UAE. CbuaeCreditLine: description: Set of elements used to provide details on the credit line. type: object required: - included - creditType - amount properties: included: description: Boolean flag to Indicate whether or not a credit line is included in the balance of the account. type: boolean creditType: description: > Type of credit line provided to the account. The enumerations values are defined as follows. - Available: The amount of credit limit available to the account holder - Credit: The amount of a credit limit that has been agreed with the account holder - Emergency: The amount of an arranged lending limit that can be borrowed on top of pre-agreed lending, that has been agreed with the account holder - Pre-Agreed: The amount of an arranged lending limit that has been agreed with the account holder - Temporary: The amount of a temporary lending limit that has been agreed with the account holder type: string enum: - Available - Credit - Emergency - Pre-Agreed - Temporary amount: $ref: '#/components/schemas/OBActiveOrHistoricCurrencyAndAmount_8' OBActiveOrHistoricCurrencyAndAmount_8: type: object required: - amount - currency properties: amount: $ref: '#/components/schemas/AEActiveCurrencyAndAmount_SimpleType' currency: $ref: '#/components/schemas/ActiveOrHistoricCurrencyCode_1' description: The amount and currency code for a given payment or transaction. AEActiveCurrencyAndAmount_SimpleType: description: >- A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217. type: string pattern: ^\d{1,13}$|^\d{1,13}\.\d{1,5}$ ActiveOrHistoricCurrencyCode_1: description: >- A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'. type: string pattern: ^[A-Z]{3,3}$ example: SAR TCurrency: type: string pattern: ^[A-Z]{3,3}$ description: Currency code for the account. AccountHolderName: type: string description: > The Account Holder Name is the name or names of the Beneficiary account owner(s) represented at the account level, as displayed by the Creditor Agent's online channels and as provided by the Beneficiary to the customer when adding the Beneficiary in the Beneficiary list. Note, the Account Holder Name is not the product name or the nickname of the account.d AccountHolderShortName: type: string description: | The Beneficiary account holder nick name Meta: type: object properties: totalPages: type: number description: | The number of expected pages for the query. totalRecords: type: number description: | The total number of records in the full set. description: Metadata relevant to the resource. AEShariaFlag: description: A flag to denote if the Product is Sharia Compliant type: boolean default: false AEExternalAccountSubTypeCode: description: Specifies the sub type of account (product family group). type: string enum: - CurrentAccount - Savings - CreditCard - Mortgage - Finance AECreditDebitIndicator: description: Indicates whether a given balance, transaction, or summarized amount is a credit or a debit. type: string enum: - Credit - Debit AEBalanceCheckDateTime: description: Indicates the date (and time) that the account balance was checked type: string format: date-time AEReadInsurancePolicies1: type: object required: - data properties: data: $ref: '#/components/schemas/AEInsurancePolicies1' meta: allOf: - $ref: '#/components/schemas/PaginatedMetadata' description: Metadata related to pagination. Can be omitted if response data is not paginated. AEReadLifeInsurancePolicies1: type: object required: - data properties: data: $ref: '#/components/schemas/AELifeInsurancePolicies1' meta: allOf: - $ref: '#/components/schemas/PaginatedMetadata' description: Metadata related to pagination. Can be omitted if response data is not paginated. AEReadMotorInsurancePolicies1: type: object required: - data properties: data: $ref: '#/components/schemas/AEMotorInsurancePolicies1' meta: allOf: - $ref: '#/components/schemas/PaginatedMetadata' description: Metadata related to pagination. Can be omitted if response data is not paginated. AEInsurancePolicies1: type: object required: - Policies properties: Policies: type: array items: $ref: '#/components/schemas/AEInsurancePolicyProperties' description: >- List of available of insurance policies. The following optional properties **MUST** be returned when the header field `o3-is-caap-consent-operation` is set to `true`: * `PolicyEndDate`. * `ProductName` AELifeInsurancePolicies1: type: object required: - Policies properties: Policies: type: array items: $ref: '#/components/schemas/AELifeInsurancePolicyProperties' description: >- List of available of insurance policies. The following optional properties **MUST** be returned when the header field `o3-is-caap-consent-operation` is set to `true`: * `PolicyEndDate`. * `ProductName` AEMotorInsurancePolicies1: type: object required: - Policies properties: Policies: type: array items: $ref: '#/components/schemas/AEMotorInsurancePolicyProperties' description: >- List of available of insurance policies. The following optional properties **MUST** be returned when the header field `o3-is-caap-consent-operation` is set to `true`: * `PolicyEndDate`. * `ProductName`. * `BodyType`. * `PlateNumber`. AEInsurancePolicyProperties: type: object required: - InsurancePolicyId - PolicyNumber - PolicyStatus - PolicyStartDate properties: InsurancePolicyId: allOf: - $ref: '#/components/schemas/AEInsurance.AEInsuranceResourceIdentifierType' description: Unique identifier for a given insurance policy example: d330c5bb-0889-4596-86bb-17cc9a4a17b5 PolicyNumber: type: string description: The policy number assigned by the LFI. PolicyStatus: allOf: - $ref: '#/components/schemas/AEInsurance.AEInsurancePolicyStatusCodes' description: The current status of the policy. PolicyStartDate: type: string format: date description: Policy start date PolicyEndDate: type: string format: date description: Policy end date ProductName: type: string description: Business name of the policy product as provided externally to the customer. AELifeInsurancePolicyProperties: type: object required: - InsurancePolicyId - PolicyNumber - PolicyStatus - PolicyStartDate properties: InsurancePolicyId: allOf: - $ref: '#/components/schemas/AEInsurance.AEInsuranceResourceIdentifierType' description: Unique identifier for a given insurance policy example: d330c5bb-0889-4596-86bb-17cc9a4a17b5 PolicyNumber: type: string description: The policy number assigned by the LFI. PolicyStatus: allOf: - $ref: '#/components/schemas/AEInsurance.AELifeInsurancePolicyStatusCodes' description: The current status of the policy. PolicyStartDate: type: string format: date description: Policy start date PolicyEndDate: type: string format: date description: Policy end date ProductName: type: string description: Business name of the policy product as provided externally to the customer. AEMotorInsurancePolicyProperties: type: object required: - InsurancePolicyId - PolicyNumber - PolicyStatus - PolicyStartDate properties: InsurancePolicyId: allOf: - $ref: '#/components/schemas/AEInsurance.AEInsuranceResourceIdentifierType' description: Unique identifier for a given insurance policy example: d330c5bb-0889-4596-86bb-17cc9a4a17b5 PolicyNumber: type: string description: The policy number assigned by the LFI. PolicyStatus: allOf: - $ref: '#/components/schemas/AEInsurance.AEInsurancePolicyStatusCodes' description: The current status of the policy. PolicyStartDate: type: string format: date description: Policy start date PolicyEndDate: type: string format: date description: Policy end date ProductName: type: string description: Business name of the policy product as provided externally to the customer. BodyType: type: string enum: - Saloon - 4WD - Pickup - Truck - TrailerHead - Trailer - Water - Fuel Tanker - Buses - Dumper - Agriculture - Forklift - Heavy Equipment - Motorcycle - Others description: 'The type motor vehicle like saloon, Station/SUV, coupe ' PlateNumber: type: string description: Vehicle registration plate number AEInsurance.AEInsuranceResourceIdentifierType: type: string minLength: 1 maxLength: 128 format: uuid description: Unique identifier for a given insurance policy AEInsurance.AEInsurancePolicyStatusCodes: type: string enum: - New - Renewed - Expired - Lapsed - Cancelled - PaidUp - Converted - Surrendered - DeathClaim - RiderClaim description: | The status of the policy, with the following definitions: * `New`: New policy issued * `Renewed`: The reissuing of the same policy for a subsequent term * `Expired`: Policy has been expired by date * `Lapsed`: No longer valid policy * `Cancelled`: Policy cancelled by insurer or insured * `PaidUp`: Policy paid up in full * `Converted`: Policy converted to another plan * `Surrendered`: Policy has been surrendered * `DeathClaim`: Policy paid due to death (only for Life) * `RiderClaim`: Rider paid (only for Life) AEInsurance.AELifeInsurancePolicyStatusCodes: type: string enum: - New - Renewed - Expired - Lapsed - Cancelled - PaidUp - Converted - Surrendered - DeathClaim - RiderClaim - InForce PaginatedMetadata: type: object required: - page - pageSize - totalPages - totalRecords properties: page: type: integer minimum: 1 description: The current page number. pageSize: type: integer minimum: 1 description: Number of records in the current page. totalPages: type: integer minimum: 1 description: Total number of pages available for response. totalRecords: type: integer minimum: 1 description: Total number of records across all pages description: Provides information on paginated data responses: error400Response: description: Operation failed due to a invalid request parameter content: application/json: schema: $ref: '#/components/schemas/OzoneConnect.Error400' error403Response: description: Operation failed as access to the requested resource is forbidden content: application/json: schema: $ref: '#/components/schemas/OzoneConnect.Error403' error409Response: description: Operation failed due to a conflict content: application/json: schema: $ref: '#/components/schemas/OzoneConnect.Error409' error500Response: description: Operation failed due to an internal server error content: application/json: schema: $ref: '#/components/schemas/OzoneConnect.Error500' errorResponse: description: Default error response content: application/json: schema: $ref: '#/components/schemas/OzoneConnect.DefaultError' securitySchemes: OzoneConnectApiKey: description: >- Communications between the API Hub and the LFI Ozone Connect implementation are secured using an API Key, which is a secret shared between the API Hub and the LFI. type: apiKey in: header name: Authorization OzoneConnectClientCredentials: type: oauth2 description: > Communications between the API Hub and the LFI Ozone Connect implementation are secured using a Client Credentials grant type. LFIs must host an OAuth 2.0 Authorization Server to utilise this security pattern. Scope values are set during the onboarding process, and represented by a placeholder in this API description. flows: clientCredentials: tokenUrl: https://example.lfi.ae/token scopes: placeholder: Placeholder for scopes, which are set by the LFI during onboarding OzoneConnectJwtAuth: description: > Communications between the API Hub and the LFI Ozone Connect implementation are secured using the "JWT Auth" mechanism, where the Client presents a signed JSON Web Token as a credential. The Server MUST verify the signature in order to authenticate the Client. Please note that the value of the `scheme` parameter is not a registered HTTP Authentication Scheme, to indicate it is specific to Ozone Connect. Please refer to API Hub documentation for further details. type: http scheme: Ozone-Connect-JWT-Auth OzoneConnectServiceInitiationToken: description: > Communications between the API Hub and the LFI Ozone Connect implementation are secured using a Service Initiation Token. The API Hub will set an Access Token based on a value set by the LFI, which has been patched onto the associated consent. The value will be transmitted in the `Authorization` header, which is represented as a `Bearer` in this Security Scheme Object. type: http scheme: Bearer servers: - url: https:// description: '' variables: {} security: - {} - OzoneConnectApiKey: [] - OzoneConnectClientCredentials: - placeholder - OzoneConnectJwtAuth: []