Single Instant Payment — Requirements v2.16 min read

Must conform to the Request JWT requirements — correct aud, signing algorithm (PS256), and expiry window.

Must be included in the POST body (client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer). Authenticates the TPP application — see Client Assertion.

Must be payments openid. If consent.Permissions includes any of ReadAccountsBasic, ReadAccountsDetail, or ReadBalances, must be accounts payments openid — see Account Permissions in a Payment Consent.

Must be urn:openfinanceuae:service-initiation-consent:v2.1.

The consent version in authorization_details[0].type (e.g. urn:openfinanceuae:service-initiation-consent:v2.1) restricts the version of the Payment Initiation endpoints the consent can be used to call (specified in the path, e.g. /open-finance/payment/v2.1/payments). It MUST resolve to an ApiVersion the LFI has published in the Trust Framework for the Payment Initiation API family.

The request must conform exactly to the POST /par OpenAPI schema. No additional or undocumented parameters are permitted.

The decrypted PII payload must conform exactly to the Domestic Payment PII Schema Object (POST /par). All required properties must be present with values of the correct type, and no additional or undocumented properties are permitted (additionalProperties: false).

The Risk block must be fully populated — every field that is known or derivable from the TPP's system must be included. See Risk.

If provided, must reference a valid UAE IBAN held at the LFI and reachable through this API Hub. The account must be in a state that permits payment initiation (e.g. not blocked, dormant, or closed).

Required. Must contain exactly one creditor entry. The Creditor must be a valid UAE domestic creditor — the account must be reachable on a supported UAE domestic rail (AANI or UAEFTS) and, where the LFI can determine the state of the receiving account, in a state able to receive payments. Mandatory fields, IBAN, and BIC derivation rules apply — see creditor field validation requirements.

Must be "SingleInstantPayment". MultiPayment and FilePayment must not be present.

Required. Defines the exact amount for the payment.

Must be AED.

The LFI must advertise Single Instant Payment as supported via ApiMetadata.SingleInstantPayment.Supported on its authorisation server entry in the Trust Framework. If the payment type is not supported, the consent validation will fail.

If provided, must reference a previous consent belonging to the same end user. If the original consent in the chain already had a BaseConsentId, the TPP must reuse that same BaseConsentId rather than the immediate prior ConsentId.

Optional; default is false. Omitting or setting to false asserts that the TPP supports the multi-authorization flow — the consent may remain pending while additional authorizers approve before reaching Authorized. Setting to true requests that only accounts solely authorizable by the authenticated customer be offered. The LFI must not reject the consent based on its own platform capability — this is a TPP-side assertion. See Multi-Authorization.

If provided, must not be in the past. Must not be after consent.ExpirationDateTime.

Must not be in the past. Must be less than one year in the future.

If ReadBalances is included, at least one of ReadAccountsBasic or ReadAccountsDetail must also be present.

Must not be present. Domestic payments are denominated in AED only; CurrencyRequest is for non-local currency and international transfers.

If provided, must be a recognised AANI purpose code.

Should be included. Should be a valid UUID (RFC 4122). An invalid value will not cause a failure but tracing will not be possible.

Must contain a valid Bearer access token issued with the payments openid scope (or accounts payments openid where account permissions were included on the consent — see Account Permissions in a Payment Consent). The consent bound to the token must be in Authorized status and the ExpirationDateTime of the Consent must be in the future.

The TPP MUST submit POST /payments without undue delay after completing the token exchange that follows the authorization callback. Although the access token is valid for 10 minutes, a SingleInstantPayment is initiated with the User actively present and awaiting confirmation — avoidable delay creates uncertainty about whether the payment has been initiated and degrades the User experience.

The version in the request URL path (e.g. v2.1 in /open-finance/service-initiation/v2.1/payments) must match the version in the consent's authorization_details[0].type (urn:openfinanceuae:service-initiation-consent:v2.1).

Must match the ConsentId bound to the access token. The Consent must be in Authorized status and the ExpirationDateTime of the Consent must be in the future.

Must exactly match consent.ControlParameters.ConsentSchedule.SinglePayment.Amount.Amount.

Must exactly match consent.ControlParameters.ConsentSchedule.SinglePayment.Amount.Currency.

Must exactly match consent.PaymentPurposeCode.

Must exactly match consent.OpenFinanceBilling (including Type and, if present, MerchantId).

Must exactly match consent.DebtorReference.

Must exactly match consent.CreditorReference.

Only one payment may be made against this consent. A second POST /payments call will be rejected.

The request must conform exactly to the POST /payments OpenAPI schema. No additional or undocumented parameters are permitted.

The decrypted PII payload must conform exactly to the Domestic Payment PII Schema Object (POST /payments). All required properties must be present with values of the correct type, and no additional or undocumented properties are permitted (additionalProperties: false). Note that DebtorAccount is not part of the payment-time PII — the debtor is fixed by the consent, and Initiation.Creditor is a single object rather than an array.

The Risk block must be fully populated — every field that is known or derivable from the TPP's system must be included. See Risk.

Initiation.Creditor[] had exactly 1 entry at consent time. The submitted creditor must exactly match that consent-time entry. See Creditor.

Should be included. Should be a valid UUID (RFC 4122). An invalid value will not cause a failure but tracing will not be possible.

Must be included. Must be a stable, unique value per payment attempt — the same key must be reused on retries of the same payment.

Must be sent when the customer is authenticated at the time of the call. Must be a valid HTTP-date (RFC 7231), e.g. Tue, 11 Sep 2012 19:43:31 UTC.

Must be sent as the customer is actively present at the time of the call. Must be a valid IPv4 or IPv6 address.

Should be sent when the customer is actively present. Should reflect the user-agent of the customer's browser or device.