Viewing the specifications
The pages under each section render every spec inline. To view a spec directly from the repository, Redocly gives a clean, navigable rendering of any YAML file — paste its raw GitHub URL into the Redocly viewer.
Source of truth · OpenAPI 3.x
API Specifications
The official UAE Open Finance OpenAPI specifications are maintained in a single repository. The OpenAPI YAML files are the source of truth for every API in the ecosystem — where a guide or this site disagrees with a spec, the spec wins.
Nebras-Open-Finance / api-specs
The canonical OpenAPI repository. All specs on this site are fetched from its dist/ directory at build time — no YAML is committed here.
dist/standards/APIs the API Hub exposes to TPPs.dist/api-hub/APIs the API Hub exposes to LFIs.dist/ozone-connect/APIs LFIs must implement for the API Hub to call.main Live source of truth — published, authoritative, externally consumable. New implementers should work from the latest version on
main.other branches Drafts of future content (for example a forthcoming
v2.2). The Nebras Open Finance team will announce when draft content is ready for ecosystem review. Specifications by audience
Sections
Specifications are organised by the audience that consumes them. The current version across the TPP, API Hub, and Ozone Connect categories is v2.1; the Trust Framework directory follows its own release cycle.
Open Finance Standards
TPP→API Hub
The APIs the API Hub exposes to TPPs. TPPs use these endpoints to access financial data and initiate services on behalf of their customers — Trust Framework discovery, registration, token exchange, consent, bank data sharing, service initiation, Confirmation of Payee, ATMs, and event notifications.
Browse specs→
API Hub
LFI→API Hub
The APIs the API Hub exposes to LFIs. An LFI calls these endpoints during the authorization journey — notably Headless Heimdall (for delegating end user authentication) and the Consent Manager (for looking up and updating consents).
Browse specs→
Ozone Connect
API Hub→LFI
The APIs LFIs must implement for the API Hub to call. When a TPP makes a valid request to the API Hub, the Hub proxies that request to the relevant LFI using these endpoints — consent events, data sharing, service initiation, Confirmation of Payee, products & leads, and ATMs.
Browse specs→
Trust Framework
Application→Directory
The Raidiam-operated directory APIs that underpin the Open Finance ecosystem — participant discovery, organisation and software statement registration, authorisation server metadata, and the OAuth token endpoint used for mTLS-authenticated calls. These specifications are not version-bound to the UAE Open Finance release cycle.
Browse specs→
CAAP Operations
CAAP→LFI
The endpoints LFIs must implement on Ozone Connect when adopting CAAP, the Nebras-operated authentication and consent authorisation platform. Includes user verification and registration, PII decryption, consent validation and augmentation, and the CAAP-specific account and insurance policy GETs that drive the end user's consent journey.
Browse specs→
Reference
How the repository works
Versioning & errata
Specifications follow a vMAJOR.MINOR scheme. The same logical release spans all three categories — dist/api-hub/v2.1.x/, dist/ozone-connect/v2.1.x/, and dist/standards/v2.1/. Errata releases (for example dist/standards/v2.1-errata1/) contain targeted corrections; where an errata folder exists, the files inside it supersede the corresponding base version.
Governance folders
The repository's supporting/ directory holds material alongside the specs: breaking-changes/ records breaking changes knowingly accepted within an errata (enforced by an oasdiff test), and future-updates/ is a forward-looking design backlog for the next major version.
Watch for updates Implementers are encouraged to watch the repository on GitHub to stay informed of new versions and changes as the specification evolves.