Built by the community
Navigation
Metrics
Program
Service DeskPricingPoliciesDocument RepositoryLive Ecosystem
Developer Docs
TPP — Open Finance StandardsLFI — Integration GuideAPI SpecsKnowledge BaseRelease Notes & Erratas
NewsGitHub
LFI · CAAP

Central Authentication and Authorization Platform 3 min read

CAAP is a Nebras-operated platform that handles the customer-facing authentication and consent authorisation experience on behalf of an LFI.

01 What CAAP is

A Nebras-operated authentication and consent experience

When a TPP creates a consent and the end user is redirected for authentication and authorisation, a CAAP-adopting LFI sends the end user to CAAP rather than to an LFI-operated authorization endpoint. CAAP authenticates the end user (via EFR or UAE Pass), presents the consent for approval, and completes the interaction with the API Hub on the LFI's behalf.

CAAP also presents the consent management interface end users use to review and revoke their consents. The LFI does not build or operate either of these experiences. The LFI's integration with CAAP is server-to-server only: CAAP calls a set of CAAP Operations endpoints on the LFI's Ozone Connect server to drive identification, validation, and account / policy selection against the LFI's systems of record.

02 What CAAP replaces

The work an LFI no longer has to deliver

Adopting CAAP removes two substantial pieces of Open Finance delivery from the LFI's scope. The documentation for these areas remains in this site for LFIs that operate their own implementations, but is not applicable if you adopt CAAP:

CapabilityWho delivers it without CAAPWho delivers it with CAAP
Authentication and consent authorisation UXLFI — see Consent Journey → Authentication and Authorization Endpoint.CAAP
Consent Management InterfaceLFI — see Consent Management Interface.CAAP
Headless Heimdall and Consent Manager integrationLFI — see Headless Heimdall and Consent Manager.CAAP
Still in scope for the LFI

The LFI MUST still implement its Ozone Connect endpoints for Bank Data Sharing, Bank Service Initiation, Insurance Data Sharing, and the other Ozone Connect APIs. CAAP handles authentication and consent, not data and payments. In addition, the LFI MUST implement the CAAP Operations APIs documented in this section so that CAAP can drive end user verification, registration, PII decryption, and consent validation against the LFI's own systems of record.

Browse this section

Where to go next

User Experience

User Experience

The end-to-end end user journey CAAP delivers — EFR / UAE Pass authentication, OTP, consent review, and the authorization page itself.

Open
API Guide

API Guide

Implementation guide for the CAAP Operations endpoints the LFI MUST build on Ozone Connect — registration, account and policy selection, and validation.

Open
Pricing

Pricing

Commercial terms for adopting CAAP, including what is included in the service and what remains the LFI’s responsibility.

Open