Built by the community
Navigation
Metrics
Program
Service DeskPricingPoliciesDocument RepositoryLive Ecosystem
Developer Docs
TPP — Open Finance StandardsLFI — Integration GuideAPI SpecsKnowledge BaseRelease Notes & Erratas
NewsGitHub
Validate · Enforce · Trust

Confirmation of Payee — Requirements v2.12 min read

The User Journeys for this service also apply and must be adhered to.

The tables below list the validation rules that apply to Confirmation of Payee. The Validated by column indicates where each rule is enforced. All requests require an active Trust Framework application with the BSIP role, a valid transport certificate presented on every request via mTLS, and an active signing key for JWT signing.

01 Section

Mandatory CoP Requirement

For all Open Finance account-to-account transfers where the creditor is unknown to the TPP — for example, entered by the customer at the time of payment — a Confirmation of Payee request must be made prior to consent creation, provided the receiving bank supports the CoP service. A creditor is considered unknown when the TPP does not already hold a verified record of the payee (for example, a pre-enrolled beneficiary confirmed by a prior successful CoP check). Where CoP has been performed, the full raw JWS response from the /confirmation endpoint must be included in the ConfirmationOfPayeeResponse field of the creditor entry in the payment consent PII.

02 Endpoint

Payee Discovery

POST/discovery
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token obtained via a client_credentials grant with the confirmation-of-payee scope.
API Hub
2
Request body
Must be a compact signed JWT (Content-Type: application/jwt).
API Hub
3
message.Data.Identification
Required. Must be a valid UAE IBAN.
API Hub
4
OpenAPI schema
The request must conform exactly to the POST /discovery OpenAPI schema. No additional or undocumented parameters are permitted.
API Hub
5
x-fapi-interaction-id
Should be included. Should be a valid UUID (RFC 4122). An invalid value will not cause a failure but tracing will not be possible.
N/A
03 Endpoint

Name Match

POST/confirmation
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token obtained via a client_credentials grant with the confirmation-of-payee scope.
API Hub
2
Request body
Must be a compact signed JWT (Content-Type: application/jwt).
API Hub
3
message.Data.Identification
Required. Must be a valid UAE IBAN.
API Hub
4
ConfirmationOfPayeeResponse in PII
Where CoP has been performed, the full raw JWS response string from /confirmation must be included in the ConfirmationOfPayeeResponse field of the creditor entry in the payment consent PII.
TPP
5
OpenAPI schema
The request must conform exactly to the POST /confirmation OpenAPI schema. No additional or undocumented parameters are permitted.
API Hub
6
IBAN not recognised
If the IBAN is not recognised, the response will be 204 with no body.
LFI
7
Account state
The account identified by the IBAN must not be blocked from receiving payments. If the account is blocked for a temporary reason (e.g. account status is Suspended), the response will be 403 with errorCode: Consent.AccountTemporarilyBlocked and errorMessage: The account is blocked from receiving payments. If the account is blocked permanently (e.g. account status is Closed, Deceased, or Unclaimed), the response will be 403 with errorCode: Consent.PermanentAccountAccessFailure and errorMessage: The account is blocked from receiving payments.
LFI
8
x-fapi-interaction-id
Should be included. Should be a valid UUID (RFC 4122). An invalid value will not cause a failure but tracing will not be possible.
N/A