Built by the community
Navigation
Metrics
Program
Service DeskPricingPoliciesDocument RepositoryLive Ecosystem
Developer Docs
TPP — Open Finance StandardsLFI — Integration GuideAPI SpecsKnowledge BaseRelease Notes & Erratas
NewsGitHub
Testing & Certification · Functional Evidence

Functional Evidence — Bank Data Sharing 2 min read

Complete this document and submit it as part of your integration review. All sections are required unless marked optional. Evidence must be from the AlTareq Model Bank sandbox environment.

01 1. Proposition Overview

Describe the product or service you are building and how Bank Data Sharing supports it

TPP / Application name
Proposition descriptionDescribe what your product does and the user need it serves
How data sharing is usedExplain which account data your proposition reads and why — e.g. “We read balances and transactions to generate a spending report for the user”
User typeRetail / SME / Corporate
OpenFinanceBilling PurposeThe Purpose value you set — e.g. AccountAggregation, BudgetingAnalysis
02 2. Consent Definition

Paste your authorization_details and justify every field

Paste the exact authorization_details object you send inside your PAR request JWT. Then describe every field you have set.

2a. Your authorization_details

authorization_detailsjson
// Paste your authorization_details here — do not redact any fields
{
  "type": "urn:openfinanceuae:account-access-consent:v2.1",
  "consent": {
    "ConsentId": "",
    "ExpirationDateTime": "",
    "Permissions": [],
    "OpenFinanceBilling": {
      "UserType": "",
      "Purpose": ""
    }
  }
}

2b. Field Justification

For every field you set, explain why it is present. For every permission in Permissions, state which API endpoint requires it.

FieldValue setJustification
ConsentIde.g. UUID generated at consent creation time by our system
ExpirationDateTimee.g. 90 days from consent creation — matches our session model
OpenFinanceBilling.UserType
OpenFinanceBilling.Purpose
FromDate (if set)
ToDate (if set)
AccountType (if set)
AccountSubType (if set)
BaseConsentId (if set)
OnBehalfOf (if set)

Permission justification — complete a row for each permission in your Permissions array:

PermissionEndpoint(s) that require itUsed by your proposition?Reason
ReadAccountsBasicGET/accounts
ReadAccountsDetailGET/accounts, GET/accounts/{AccountId}
ReadBalancesGET/accounts/{AccountId}/balances
ReadTransactionsBasicGET/accounts/{AccountId}/transactions
ReadTransactionsDetailGET/accounts/{AccountId}/transactions
ReadBeneficiariesBasicGET/accounts/{AccountId}/beneficiaries
ReadBeneficiariesDetailGET/accounts/{AccountId}/beneficiaries
ReadDirectDebitsGET/accounts/{AccountId}/direct-debits
ReadStandingOrdersBasicGET/accounts/{AccountId}/standing-orders
ReadStandingOrdersDetailGET/accounts/{AccountId}/standing-orders
ReadScheduledPaymentsBasicGET/accounts/{AccountId}/scheduled-payments
ReadScheduledPaymentsDetailGET/accounts/{AccountId}/scheduled-payments
ReadStatementsGET/accounts/{AccountId}/statements
ReadPartyUserGET/parties, GET/accounts/{AccountId}/parties
ReadPartyUserIdentityGET/parties, GET/accounts/{AccountId}/parties
ReadPartyGET/accounts/{AccountId}/parties
ReadProduct(product sub-resource)
ReadProductFinanceRates(product sub-resource)
Note

Remove any rows for permissions you do not request. Any permission present in Permissions must have a row here with a justification.

03 3. Model Bank Evidence

Successful 200 OK responses from the AlTareq Model Bank

For each endpoint your proposition calls, provide evidence of a successful 200 OK response from the AlTareq Model Bank. Include the full response body or a clearly readable excerpt. Use the Model Bank accounts for mits or rora — see Model Bank credentials.

3a. Consent Authorized

Provide the response from GET/account-access-consents/{ConsentId} showing Status: Authorized.

GET /account-access-consents/{ConsentId}json
// Paste GET /account-access-consents/{ConsentId} response here
FieldObserved value
ConsentId
StatusAuthorized
ExpirationDateTime
Permissions (list)

3b. GET /accounts

GET /accountsjson
// Paste response body (or excerpt showing at least one account)
HTTP status200
AccountId used in subsequent calls

3c. GET /accounts/{AccountId}/balances

GET /accounts/{AccountId}/balancesjson
// Paste response body
HTTP status200
AccountId

3d. GET /accounts/{AccountId}/transactions

GET /accounts/{AccountId}/transactionsjson
// Paste response body (excerpt of at least one transaction is sufficient)
HTTP status200
AccountId

3e. Additional endpoints (repeat for each endpoint your proposition calls)

For each additional endpoint (/beneficiaries, /direct-debits, /standing-orders, /scheduled-payments, /statements, /parties), add a section below in the same format as 3b–3d.

Additional endpoint evidencejson
// Endpoint: GET /accounts/{AccountId}/___________
// Paste response body
Endpoint
HTTP status200
AccountId
04 4. Consent State Handling

How your application tracks and responds to consent state changes

ScenarioHow your application handles it
Consent moves to Revoked
Consent moves to Expired
Access token expires mid-session
Refresh token is rejected (invalid_grant)
05 5. Minimum Permissions Declaration

Confirm you have requested only what you need

DeclarationYes / No
Every permission in my Permissions array has a corresponding row in the table in section 2b
I have not requested any permission for data that is not displayed or used within my proposition
I am not requesting permissions speculatively for future features not yet built

Signed off by: (name and role)

Date:

Note

Submit this document to the Open Finance team alongside your integration request. Incomplete submissions will be returned.