TPP Standards v2.1
The Open Finance Standards in the United Arab Emirates form the technical and operational foundation for secure, interoperable, and customer-consented data sharing across the financial ecosystem. Led by the Central Bank of the UAE (CBUAE), the framework extends beyond traditional open banking to enable broader financial data access, payment initiation, and value-added services — all built on strong security, governance, and consumer protection principles.
This documentation is for Third-Party Providers (TPPs) consuming Open Finance capabilities — including account information services, payment initiation, and other regulated financial data use cases.
Sections
Work through each area of the TPP integration. Start with Getting Started to register your sandbox client and generate a ready-to-use Postman collection, then progress through Trust Framework registration, security profile, consent, and the banking APIs.
Getting Started
Enter your sandbox client details and generate a ready-to-use Postman collection so you can call the APIs end-to-end in minutes. Includes the Sandbox Quickstart, the Postman Guide, and the Sandbox Model Bank reference data.
Trust Framework
The participant directory that underpins the ecosystem. Register your organisation, nominate Organisation Admins, create applications, upload transport/signing/encryption keys, and discover authorisation servers, roles, and API resources for every LFI you intend to call.
Registration
How your TPP registers a client dynamically with each LFI's authorisation server via /tpp-registration. Covers the request contract, the software statement, and the registration response you use to call downstream APIs.
Security, Auth & Headers
The FAPI security profile TPPs must implement — request-object JWTs, message signing and encryption, receiving event notifications, and handling authorization callbacks — plus token exchange, client assertions, and the standard request headers every call must carry.
Consent
Create, manage, and revoke customer consents through the API Hub. Covers PAR, account-access and payment consents, the Consent Management Interface your customers see, and the patch flow for consent state transitions.
Banking
The banking APIs the API Hub exposes to TPPs on behalf of authorised customers.
- Data Sharingaccounts, balances, transactions, beneficiaries, statements, parties→
- Payments (Service Initiation)single instant & multi-payments, refunds, PII, multi-authorization→
- Confirmation of Payeepre-payment payee verification→
- Products and Leadsopen product catalogue, lead capture→
- ATMsATM location data→
Insurance
The insurance APIs the API Hub exposes to TPPs on behalf of authorised customers.
Open Finance overview→Event Notifications & Webhooks
Receive real-time notifications from the API Hub when consent or payment state changes. Covers the webhook payload contracts, delivery guarantees, and the validation your endpoint must perform.
Testing & Certification
The required certifications before going live — Trust Framework checklist, functional evidence, user experience evidence, FAPI conformance, and security validation — followed by the production live-proving step.