API Resources 2 min read
API Resources are registered under your Authorisation Server and describe the specific API endpoints your organisation exposes to TPPs. Each API resource is associated with a set of scopes and a base URL, allowing TPPs to discover what you offer and how to reach it.
TPPs can discover the endpoints you expose via GET/participants.
The directory record TPPs use to find your endpoints
An API resource entry in the Trust Framework directory tells TPPs:
- Which API family you support (e.g. banking data sharing, payment initiation)
- Where to send requests (the base URL for that API on your infrastructure)
- Which scopes are applicable for that API family
When a TPP dynamically registers with your authorisation server, it uses the API resource entries to understand which scopes to request and which base URL to call.
Grouped sets of endpoints exposed by the API Hub
The Open Finance UAE ecosystem organises APIs into API families. Each family groups a set of related endpoints that the API Hub exposes to TPPs. The Base URL for these TPP-facing endpoints is always your API Hub resource server:
| Environment | Base URL |
|---|---|
| Pre-production | https://rs1.{lfiCode}.preprod.apihub.openfinance.ae |
| Production | https://rs1.{lfiCode}.apihub.openfinance.ae |
When a TPP calls one of these endpoints, the API Hub validates the request and routes it to the corresponding endpoint on your Ozone Connect implementation. The tables below show each TPP-facing API resource and the Ozone Connect endpoint it maps to.
The structure and schema of all available API families can be retrieved from the Trust Framework via GET/references/apifamilies — this returns the family definitions, including their endpoint patterns and metadata schemas.
An LFI can only publish API resources to the production Trust Framework once they have completed Functional Certification. API resources MAY be published to the sandbox Trust Framework at any time for development and testing.
Endpoints marked API Hub default are delivered entirely by the API Hub — the LFI does not need to implement them in Ozone Connect. These endpoints MUST always be included when publishing the API family.
The following families are available in version 2.1.
account-information
Banking data sharing — account information, balances, transactions, beneficiaries, and related sub-resources.
payment
Payment initiation — domestic single payments and multi-payments.
| API Resource (TPP-facing) | Ozone Connect Endpoint |
|---|---|
POST/payments | POST/payments |
GET/payments/{PaymentId} | GET/payments/{paymentId} |
POST/payment-consents/{ConsentId}/refund | POST/payment-consents/{consentId}/refund |
GET/payment-consents | API Hub default |
GET/payment-consents/{ConsentId} | API Hub default |
confirmation
Confirmation of payee — payee name verification before initiating a payment.
| API Resource (TPP-facing) | Ozone Connect Endpoint |
|---|---|
POST/confirmation | POST/customers/action/cop-query |
GET/discovery | API Hub default |
product
Product catalogue and lead generation — publicly accessible product listings.
| API Resource (TPP-facing) | Ozone Connect Endpoint |
|---|---|
GET/products | GET/products |
POST/leads | POST/leads |
API families carry defined OAuth 2.0 scopes
Each API family carries a defined set of OAuth 2.0 scopes. When you register an API resource, the Trust Framework associates those scopes with your authorisation server. TPPs requesting tokens for a given scope will be directed to your server as the resource owner for that family.