> ## Documentation Index > Fetch the complete documentation index at: https://docs.openfinance-hackathon.com/llms.txt > Use this file to discover all available pages before exploring further. # Pushed Authorization Request endpoint > Submit a Rich Authorization Request (RAR) to the Pushed Authorization Request (PAR) Endpoint, as defined in [RFC 9126](https://datatracker.ietf.org/doc/html/rfc9126). The `application/json` Content Type is included in the Request Body for tooling compatibility, but requests **MUST** be sent using the Content Type `application/x-www-form-urlencoded`. ## OpenAPI ````yaml open-finance-api/yaml/uae-authorization-endpoints-openapi-dual-consents.yaml post /par openapi: 3.0.0 info: title: UAE Authorization Endpoints API description: >- ## UAE Open Finance Authorization Endpoints Specification This API description provides the API descriptions for two OAuth 2.0 operations included in the FAPI 2.0 Security Profile: * [Pushed Authorization Requests](https://datatracker.ietf.org/doc/html/rfc9126), which implement [Rich Authorization Requests](https://datatracker.ietf.org/doc/html/rfc9396) (RAR) payloads to provide Consent for a given use case. * Token operations that provide details of the RAR associated with a given Access Token request. Please note that the Authorization Request is provided as a plain JSON object, which only describes the payload of a signed JSON Web Token (JWS). Users of this API description must ensure they implement the Authorization Request as a JWS, encoding the payload as described by [RFC 7515](https://datatracker.ietf.org/doc/html/rfc7515) and reflecting the requirements of the API Security Profile for the UAE Open Finance Framework. version: v2.1 servers: - url: /open-finance/auth/v2.1 security: [] tags: - name: Pushed Authorization Requests description: Operations to support Pushed Authorization Requests (PAR) - name: Token Endpoint description: Operations for creating OAuth 2.0 Access Tokens paths: /par: post: tags: - Pushed Authorization Requests summary: Pushed Authorization Request endpoint description: >- Submit a Rich Authorization Request (RAR) to the Pushed Authorization Request (PAR) Endpoint, as defined in [RFC 9126](https://datatracker.ietf.org/doc/html/rfc9126). The `application/json` Content Type is included in the Request Body for tooling compatibility, but requests **MUST** be sent using the Content Type `application/x-www-form-urlencoded`. operationId: CreatePushedAuthorizationRequestV21 parameters: [] requestBody: required: true content: application/json: schema: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.PushedAuthorizationRequestBody application/x-www-form-urlencoded: schema: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.PushedAuthorizationRequestBody responses: '200': description: The request has succeeded. content: application/json: schema: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEPushedAuthorizationResponseBody '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/OAuthBadRequestErrorResponse' '405': description: Method Not Allowed '413': description: Content Too Large '429': description: Too Many Requests headers: retry-after: required: true description: Number in seconds to wait schema: type: integer format: int64 components: schemas: AEPushedAuthorizationRequests.PushedAuthorizationRequestBody: type: object required: - client_assertion_type - client_assertion - request properties: client_assertion_type: type: string enum: - urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer description: >- Client Assertion using JWT Authentication, as described by [RFC 7523](https://datatracker.ietf.org/doc/html/rfc7523#section-2.2) client_assertion: type: string description: private_key_jwt client assertion request: allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEPushedAuthorizationRequestConsentScenarios description: > Authorization Request for submitting one-or-more Rich Authorization Request (RAR) objects that encapsulate the consent agreed between the TPP and the User. This object defines the required JSON Web Token (JWT) payload. This **does not** represent a correctly serialized JWT, but provides a Schema Object that correctly defines the supported RARs. The following Consent Combinations are supported, and indicated by the `consent_combination` property. * `SingleBankDataSharingConsent`: A Single Bank Data Sharing Consent * `SingleBankServiceInitiationConsent`: A Single Bank Service Initiation Consent. * `SingleInsuranceDataSharingConsent`: A Single Insurance Data Sharing Consent * `CombinedBankDataSharingConsent`: Exactly two Bank Data Sharing Consents, supported under Combined Consent rules. * `CombinedBankServiceInitiationConsent`: Exactly two Bank Service Initiation Consents, supported under Combined Consent rules. * `CombinedBankConsent`: Bank Data Sharing and Bank Service Initiation Consents, with exactly two RAR objects supported that must be mutually exclusive. * `CombinedPaymentConsent`: Combination of a Single Instant Payment with a multi-payment, with exactly two RAR objects supported, to support the existing Combined Payment profile. additionalProperties: false AEPushedAuthorizationRequests.AEPushedAuthorizationResponseBody: type: object required: - request_uri - expires_in properties: request_uri: type: string description: The request URI corresponding to the authorization request posted expires_in: type: integer description: >- A JSON number that represents the lifetime of the request URI in seconds as a positive integer additionalProperties: false OAuthBadRequestErrorResponse: type: object allOf: - $ref: '#/components/schemas/OAuthErrorResponse' description: Bad Request additionalProperties: false AEPushedAuthorizationRequests.AEPushedAuthorizationRequestConsentScenarios: oneOf: - description: Single Bank Data Sharing Consent allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.SingleBankDataSharingConsentProperties - description: Single Bank Service Initiation Consent allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.SingleBankServiceInitiationConsentProperties - description: Single Insurance Data Sharing Consent allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.SingleInsuranceDataSharingConsentProperties - description: Combined Bank Data Sharing Consent allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.CombinedBankDataSharingConsentProperties - description: Combined Bank Service Initiation Consent allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.CombinedBankServiceInitiationConsentProperties - description: Combined Bank Consent allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.CombinedBankConsentProperties - description: Combined Payment Consent allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.CombinedPaymentConsentProperties description: Consent Combinations supported by the Open Finance Framework. discriminator: propertyName: consent_combination mapping: SingleBankDataSharingConsent: >- #/components/schemas/AEPushedAuthorizationRequests.SingleBankDataSharingConsentProperties SingleBankServiceInitiationConsent: >- #/components/schemas/AEPushedAuthorizationRequests.SingleBankServiceInitiationConsentProperties SingleInsuranceDataSharingConsent: >- #/components/schemas/AEPushedAuthorizationRequests.SingleInsuranceDataSharingConsentProperties CombinedBankDataSharingConsent: >- #/components/schemas/AEPushedAuthorizationRequests.CombinedBankDataSharingConsentProperties CombinedBankServiceInitiationConsent: >- #/components/schemas/AEPushedAuthorizationRequests.CombinedBankServiceInitiationConsentProperties CombinedBankConsent: >- #/components/schemas/AEPushedAuthorizationRequests.CombinedBankConsentProperties CombinedPaymentConsent: >- #/components/schemas/AEPushedAuthorizationRequests.CombinedPaymentConsentProperties OAuthErrorResponse: type: object required: - error properties: error: $ref: '#/components/schemas/OAuthErrorCodes' error_description: type: string description: Description of the error providing additional information error_uri: type: string description: >- A URI identifying a human-readable web page with information about the error description: Error returned from endpoints compliant with security profile additionalProperties: false AEPushedAuthorizationRequests.SingleBankDataSharingConsentProperties: type: object required: - consent_combination - authorization_details - iss - exp - nbf - client_id - response_type - redirect_uri - scope - code_challenge - code_challenge_method properties: consent_combination: type: string enum: - SingleBankDataSharingConsent description: The Consent Combination supported in this Authorization Request. authorization_details: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankDataSharingAuthorizationDetailsProperties minItems: 1 maxItems: 1 description: >- A Single Bank Data Sharing Consent, supporting exactly one Consent agreed between the User and TPP. iss: type: string description: >- The Issuer claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.1) aud: type: string description: >- The Audience claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.3) This value is constrained to a single `string` value, as prescribed by [FAPI 2.0 Security Profile](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.2.1-2.5.1). exp: type: number description: >- The Expiration Time claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.4) nbf: type: number description: >- The Not Before claim for the JWT, as described in [RFC 7519](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5) and expanded in the FAPI 2.0 Security Profile. client_id: type: string description: >- The OAuth 2.0 Client ID of the Client, as set in the Open Finance Trust Framework (OFTF). response_type: type: string enum: - code description: >- The OAuth 2.0 response type requested by the Client. This defaults to 'code', as per the FAPI 2.0 Security Profile, as only Authorization Code Flow is supported. redirect_uri: type: string format: uri description: >- The OAuth 2.0 redirect URI of the Client, as set in the Open Finance Trust Framework. This **MUST** match a redirect URI value registered at the OFTF. scope: type: string description: >- The OAuth 2.0 scope requested by the Client. This **MUST** match one-or-more scope values provided in the API descriptions for the Open Finance Standards. state: type: string description: >- The OAuth 2.0 state value requested by the Client, as described in [RFC 6749](https://tools.ietf.org/html/rfc6749#section-4.1.1). nonce: type: string description: >- Nonce value as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html) and expanded in the FAPI 2.0 Security Profile. max_age: type: integer description: >- Maximum Authentication Age as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html). login_hint: oneOf: - type: string - $ref: '#/components/schemas/AESecurityProfile.AELoginHintJwePayload' description: >- Optional parameter that can be used to send the User's Emirates ID or Trade License Number as an encrypted JSON Web Token (JWE). This mechanism is provided to allow LFIs to correlate the User identity, and therefore the features of their account, prior to the User being redirected to the LFI's authentication page. The value **MUST** be a JWE, encrypted with the target LFI's public key with the User identifier set as the JWE. The payload MUST be a JSON object created based on the Schema Object `AELoginHintJwePayload`. This JSON object will form the basis of the data contained in the JWE, and should be signed with the TPP signing key to create a JSON Web Signature. Please note that, as per OpenID Connect Core, `login_hint` is used for discovery and is supported to provide hints to the LFI on the User identity and therefore the data or services supported at the LFI. `login_hint` **MUST NOT** be used to bypass authentication of the User, nor should a request be rejected if `login_hint` is not provided. The `type` value of the `login_hint` property is shown as a `string` due to the limitations of the OpenAPI specification in cross-referencing a Schema Object that is also a JSON Web Token, as there is no deterministic mechanism to display the underlying structure of the JWE payload. This property is therefore represented in both encoded and decoded form in the API description using a `oneOf`, to help implementers readily understand both the structure and serialized form of the property. **Please ensure your implementation reflects the AELoginHintJwePayload Schema** **Object structure and any notes provided on implementing a JWS and JWE** code_challenge: type: string description: >- Code challenge as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile. code_challenge_method: type: string enum: - S256 description: >- Code challenge method as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile, which prescribes the use of the `S256` method. additionalProperties: false AEPushedAuthorizationRequests.SingleBankServiceInitiationConsentProperties: type: object required: - consent_combination - authorization_details - iss - exp - nbf - client_id - response_type - redirect_uri - scope - code_challenge - code_challenge_method properties: consent_combination: type: string enum: - SingleBankServiceInitiationConsent description: The Consent Combination supported in this Authorization Request. authorization_details: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentAuthorizationDetailsProperties minItems: 1 maxItems: 1 description: >- A Single Bank Service Initiation Consent, supporting exactly one Consent agreed between the User and TPP. iss: type: string description: >- The Issuer claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.1) aud: type: string description: >- The Audience claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.3) This value is constrained to a single `string` value, as prescribed by [FAPI 2.0 Security Profile](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.2.1-2.5.1). exp: type: number description: >- The Expiration Time claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.4) nbf: type: number description: >- The Not Before claim for the JWT, as described in [RFC 7519](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5) and expanded in the FAPI 2.0 Security Profile. client_id: type: string description: >- The OAuth 2.0 Client ID of the Client, as set in the Open Finance Trust Framework (OFTF). response_type: type: string enum: - code description: >- The OAuth 2.0 response type requested by the Client. This defaults to 'code', as per the FAPI 2.0 Security Profile, as only Authorization Code Flow is supported. redirect_uri: type: string format: uri description: >- The OAuth 2.0 redirect URI of the Client, as set in the Open Finance Trust Framework. This **MUST** match a redirect URI value registered at the OFTF. scope: type: string description: >- The OAuth 2.0 scope requested by the Client. This **MUST** match one-or-more scope values provided in the API descriptions for the Open Finance Standards. state: type: string description: >- The OAuth 2.0 state value requested by the Client, as described in [RFC 6749](https://tools.ietf.org/html/rfc6749#section-4.1.1). nonce: type: string description: >- Nonce value as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html) and expanded in the FAPI 2.0 Security Profile. max_age: type: integer description: >- Maximum Authentication Age as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html). login_hint: oneOf: - type: string - $ref: '#/components/schemas/AESecurityProfile.AELoginHintJwePayload' description: >- Optional parameter that can be used to send the User's Emirates ID or Trade License Number as an encrypted JSON Web Token (JWE). This mechanism is provided to allow LFIs to correlate the User identity, and therefore the features of their account, prior to the User being redirected to the LFI's authentication page. The value **MUST** be a JWE, encrypted with the target LFI's public key with the User identifier set as the JWE. The payload MUST be a JSON object created based on the Schema Object `AELoginHintJwePayload`. This JSON object will form the basis of the data contained in the JWE, and should be signed with the TPP signing key to create a JSON Web Signature. Please note that, as per OpenID Connect Core, `login_hint` is used for discovery and is supported to provide hints to the LFI on the User identity and therefore the data or services supported at the LFI. `login_hint` **MUST NOT** be used to bypass authentication of the User, nor should a request be rejected if `login_hint` is not provided. The `type` value of the `login_hint` property is shown as a `string` due to the limitations of the OpenAPI specification in cross-referencing a Schema Object that is also a JSON Web Token, as there is no deterministic mechanism to display the underlying structure of the JWE payload. This property is therefore represented in both encoded and decoded form in the API description using a `oneOf`, to help implementers readily understand both the structure and serialized form of the property. **Please ensure your implementation reflects the AELoginHintJwePayload Schema** **Object structure and any notes provided on implementing a JWS and JWE** code_challenge: type: string description: >- Code challenge as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile. code_challenge_method: type: string enum: - S256 description: >- Code challenge method as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile, which prescribes the use of the `S256` method. additionalProperties: false AEPushedAuthorizationRequests.SingleInsuranceDataSharingConsentProperties: type: object required: - consent_combination - authorization_details - iss - exp - nbf - client_id - response_type - redirect_uri - scope - code_challenge - code_challenge_method properties: consent_combination: type: string enum: - SingleInsuranceDataSharingConsent description: The Consent Combination supported in this Authorization Request. authorization_details: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEInsuranceDataSharingAuthorizationDetailsProperties minItems: 1 maxItems: 1 description: >- A Single Insurance Data Sharing Consent, supporting exactly one Consent agreed between the User and TPP. iss: type: string description: >- The Issuer claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.1) aud: type: string description: >- The Audience claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.3) This value is constrained to a single `string` value, as prescribed by [FAPI 2.0 Security Profile](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.2.1-2.5.1). exp: type: number description: >- The Expiration Time claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.4) nbf: type: number description: >- The Not Before claim for the JWT, as described in [RFC 7519](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5) and expanded in the FAPI 2.0 Security Profile. client_id: type: string description: >- The OAuth 2.0 Client ID of the Client, as set in the Open Finance Trust Framework (OFTF). response_type: type: string enum: - code description: >- The OAuth 2.0 response type requested by the Client. This defaults to 'code', as per the FAPI 2.0 Security Profile, as only Authorization Code Flow is supported. redirect_uri: type: string format: uri description: >- The OAuth 2.0 redirect URI of the Client, as set in the Open Finance Trust Framework. This **MUST** match a redirect URI value registered at the OFTF. scope: type: string description: >- The OAuth 2.0 scope requested by the Client. This **MUST** match one-or-more scope values provided in the API descriptions for the Open Finance Standards. state: type: string description: >- The OAuth 2.0 state value requested by the Client, as described in [RFC 6749](https://tools.ietf.org/html/rfc6749#section-4.1.1). nonce: type: string description: >- Nonce value as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html) and expanded in the FAPI 2.0 Security Profile. max_age: type: integer description: >- Maximum Authentication Age as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html). login_hint: oneOf: - type: string - $ref: '#/components/schemas/AESecurityProfile.AELoginHintJwePayload' description: >- Optional parameter that can be used to send the User's Emirates ID or Trade License Number as an encrypted JSON Web Token (JWE). This mechanism is provided to allow LFIs to correlate the User identity, and therefore the features of their account, prior to the User being redirected to the LFI's authentication page. The value **MUST** be a JWE, encrypted with the target LFI's public key with the User identifier set as the JWE. The payload MUST be a JSON object created based on the Schema Object `AELoginHintJwePayload`. This JSON object will form the basis of the data contained in the JWE, and should be signed with the TPP signing key to create a JSON Web Signature. Please note that, as per OpenID Connect Core, `login_hint` is used for discovery and is supported to provide hints to the LFI on the User identity and therefore the data or services supported at the LFI. `login_hint` **MUST NOT** be used to bypass authentication of the User, nor should a request be rejected if `login_hint` is not provided. The `type` value of the `login_hint` property is shown as a `string` due to the limitations of the OpenAPI specification in cross-referencing a Schema Object that is also a JSON Web Token, as there is no deterministic mechanism to display the underlying structure of the JWE payload. This property is therefore represented in both encoded and decoded form in the API description using a `oneOf`, to help implementers readily understand both the structure and serialized form of the property. **Please ensure your implementation reflects the AELoginHintJwePayload Schema** **Object structure and any notes provided on implementing a JWS and JWE** code_challenge: type: string description: >- Code challenge as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile. code_challenge_method: type: string enum: - S256 description: >- Code challenge method as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile, which prescribes the use of the `S256` method. additionalProperties: false AEPushedAuthorizationRequests.CombinedBankDataSharingConsentProperties: type: object required: - consent_combination - combined_consent_group_id - authorization_details - iss - exp - nbf - client_id - response_type - redirect_uri - scope - code_challenge - code_challenge_method properties: consent_combination: type: string enum: - CombinedBankDataSharingConsent description: The Consent Combination supported in this Authorization Request. combined_consent_group_id: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AECombinedConsentGroupId authorization_details: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankDataSharingAuthorizationDetailsProperties minItems: 2 maxItems: 2 description: >- A Combined Bank Data Sharing Consent, supporting exactly two Consents agreed between the User and TPP. iss: type: string description: >- The Issuer claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.1) aud: type: string description: >- The Audience claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.3) This value is constrained to a single `string` value, as prescribed by [FAPI 2.0 Security Profile](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.2.1-2.5.1). exp: type: number description: >- The Expiration Time claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.4) nbf: type: number description: >- The Not Before claim for the JWT, as described in [RFC 7519](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5) and expanded in the FAPI 2.0 Security Profile. client_id: type: string description: >- The OAuth 2.0 Client ID of the Client, as set in the Open Finance Trust Framework (OFTF). response_type: type: string enum: - code description: >- The OAuth 2.0 response type requested by the Client. This defaults to 'code', as per the FAPI 2.0 Security Profile, as only Authorization Code Flow is supported. redirect_uri: type: string format: uri description: >- The OAuth 2.0 redirect URI of the Client, as set in the Open Finance Trust Framework. This **MUST** match a redirect URI value registered at the OFTF. scope: type: string description: >- The OAuth 2.0 scope requested by the Client. This **MUST** match one-or-more scope values provided in the API descriptions for the Open Finance Standards. state: type: string description: >- The OAuth 2.0 state value requested by the Client, as described in [RFC 6749](https://tools.ietf.org/html/rfc6749#section-4.1.1). nonce: type: string description: >- Nonce value as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html) and expanded in the FAPI 2.0 Security Profile. max_age: type: integer description: >- Maximum Authentication Age as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html). login_hint: oneOf: - type: string - $ref: '#/components/schemas/AESecurityProfile.AELoginHintJwePayload' description: >- Optional parameter that can be used to send the User's Emirates ID or Trade License Number as an encrypted JSON Web Token (JWE). This mechanism is provided to allow LFIs to correlate the User identity, and therefore the features of their account, prior to the User being redirected to the LFI's authentication page. The value **MUST** be a JWE, encrypted with the target LFI's public key with the User identifier set as the JWE. The payload MUST be a JSON object created based on the Schema Object `AELoginHintJwePayload`. This JSON object will form the basis of the data contained in the JWE, and should be signed with the TPP signing key to create a JSON Web Signature. Please note that, as per OpenID Connect Core, `login_hint` is used for discovery and is supported to provide hints to the LFI on the User identity and therefore the data or services supported at the LFI. `login_hint` **MUST NOT** be used to bypass authentication of the User, nor should a request be rejected if `login_hint` is not provided. The `type` value of the `login_hint` property is shown as a `string` due to the limitations of the OpenAPI specification in cross-referencing a Schema Object that is also a JSON Web Token, as there is no deterministic mechanism to display the underlying structure of the JWE payload. This property is therefore represented in both encoded and decoded form in the API description using a `oneOf`, to help implementers readily understand both the structure and serialized form of the property. **Please ensure your implementation reflects the AELoginHintJwePayload Schema** **Object structure and any notes provided on implementing a JWS and JWE** code_challenge: type: string description: >- Code challenge as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile. code_challenge_method: type: string enum: - S256 description: >- Code challenge method as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile, which prescribes the use of the `S256` method. additionalProperties: false AEPushedAuthorizationRequests.CombinedBankServiceInitiationConsentProperties: type: object required: - consent_combination - combined_consent_group_id - authorization_details - iss - exp - nbf - client_id - response_type - redirect_uri - scope - code_challenge - code_challenge_method properties: consent_combination: type: string enum: - CombinedBankServiceInitiationConsent description: The Consent Combination supported in this Authorization Request. combined_consent_group_id: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AECombinedConsentGroupId authorization_details: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationCombinedConsentAuthorizationDetailsProperties minItems: 2 maxItems: 2 description: >- A Combined Bank Service Initiation Consent, supporting exactly two Consents agreed between the User and TPP. iss: type: string description: >- The Issuer claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.1) aud: type: string description: >- The Audience claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.3) This value is constrained to a single `string` value, as prescribed by [FAPI 2.0 Security Profile](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.2.1-2.5.1). exp: type: number description: >- The Expiration Time claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.4) nbf: type: number description: >- The Not Before claim for the JWT, as described in [RFC 7519](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5) and expanded in the FAPI 2.0 Security Profile. client_id: type: string description: >- The OAuth 2.0 Client ID of the Client, as set in the Open Finance Trust Framework (OFTF). response_type: type: string enum: - code description: >- The OAuth 2.0 response type requested by the Client. This defaults to 'code', as per the FAPI 2.0 Security Profile, as only Authorization Code Flow is supported. redirect_uri: type: string format: uri description: >- The OAuth 2.0 redirect URI of the Client, as set in the Open Finance Trust Framework. This **MUST** match a redirect URI value registered at the OFTF. scope: type: string description: >- The OAuth 2.0 scope requested by the Client. This **MUST** match one-or-more scope values provided in the API descriptions for the Open Finance Standards. state: type: string description: >- The OAuth 2.0 state value requested by the Client, as described in [RFC 6749](https://tools.ietf.org/html/rfc6749#section-4.1.1). nonce: type: string description: >- Nonce value as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html) and expanded in the FAPI 2.0 Security Profile. max_age: type: integer description: >- Maximum Authentication Age as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html). login_hint: oneOf: - type: string - $ref: '#/components/schemas/AESecurityProfile.AELoginHintJwePayload' description: >- Optional parameter that can be used to send the User's Emirates ID or Trade License Number as an encrypted JSON Web Token (JWE). This mechanism is provided to allow LFIs to correlate the User identity, and therefore the features of their account, prior to the User being redirected to the LFI's authentication page. The value **MUST** be a JWE, encrypted with the target LFI's public key with the User identifier set as the JWE. The payload MUST be a JSON object created based on the Schema Object `AELoginHintJwePayload`. This JSON object will form the basis of the data contained in the JWE, and should be signed with the TPP signing key to create a JSON Web Signature. Please note that, as per OpenID Connect Core, `login_hint` is used for discovery and is supported to provide hints to the LFI on the User identity and therefore the data or services supported at the LFI. `login_hint` **MUST NOT** be used to bypass authentication of the User, nor should a request be rejected if `login_hint` is not provided. The `type` value of the `login_hint` property is shown as a `string` due to the limitations of the OpenAPI specification in cross-referencing a Schema Object that is also a JSON Web Token, as there is no deterministic mechanism to display the underlying structure of the JWE payload. This property is therefore represented in both encoded and decoded form in the API description using a `oneOf`, to help implementers readily understand both the structure and serialized form of the property. **Please ensure your implementation reflects the AELoginHintJwePayload Schema** **Object structure and any notes provided on implementing a JWS and JWE** code_challenge: type: string description: >- Code challenge as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile. code_challenge_method: type: string enum: - S256 description: >- Code challenge method as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile, which prescribes the use of the `S256` method. additionalProperties: false AEPushedAuthorizationRequests.CombinedBankConsentProperties: type: object required: - consent_combination - combined_consent_group_id - authorization_details - iss - exp - nbf - client_id - response_type - redirect_uri - scope - code_challenge - code_challenge_method properties: consent_combination: type: string enum: - CombinedBankConsent description: The Consent Combination supported in this Authorization Request. combined_consent_group_id: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AECombinedConsentGroupId authorization_details: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankCombinedConsentTypes minItems: 2 maxItems: 2 description: >- A Combined Bank Data Sharing and Bank Service Initiation Consent, supporting exactly two Consents agreed between the User and TPP. The RAR objects included in this property **MUST** be mutually exclusive, with exactly one Bank Data Sharing Consent and exactly one Bank Service Initiation Combined Consent. iss: type: string description: >- The Issuer claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.1) aud: type: string description: >- The Audience claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.3) This value is constrained to a single `string` value, as prescribed by [FAPI 2.0 Security Profile](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.2.1-2.5.1). exp: type: number description: >- The Expiration Time claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.4) nbf: type: number description: >- The Not Before claim for the JWT, as described in [RFC 7519](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5) and expanded in the FAPI 2.0 Security Profile. client_id: type: string description: >- The OAuth 2.0 Client ID of the Client, as set in the Open Finance Trust Framework (OFTF). response_type: type: string enum: - code description: >- The OAuth 2.0 response type requested by the Client. This defaults to 'code', as per the FAPI 2.0 Security Profile, as only Authorization Code Flow is supported. redirect_uri: type: string format: uri description: >- The OAuth 2.0 redirect URI of the Client, as set in the Open Finance Trust Framework. This **MUST** match a redirect URI value registered at the OFTF. scope: type: string description: >- The OAuth 2.0 scope requested by the Client. This **MUST** match one-or-more scope values provided in the API descriptions for the Open Finance Standards. state: type: string description: >- The OAuth 2.0 state value requested by the Client, as described in [RFC 6749](https://tools.ietf.org/html/rfc6749#section-4.1.1). nonce: type: string description: >- Nonce value as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html) and expanded in the FAPI 2.0 Security Profile. max_age: type: integer description: >- Maximum Authentication Age as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html). login_hint: oneOf: - type: string - $ref: '#/components/schemas/AESecurityProfile.AELoginHintJwePayload' description: >- Optional parameter that can be used to send the User's Emirates ID or Trade License Number as an encrypted JSON Web Token (JWE). This mechanism is provided to allow LFIs to correlate the User identity, and therefore the features of their account, prior to the User being redirected to the LFI's authentication page. The value **MUST** be a JWE, encrypted with the target LFI's public key with the User identifier set as the JWE. The payload MUST be a JSON object created based on the Schema Object `AELoginHintJwePayload`. This JSON object will form the basis of the data contained in the JWE, and should be signed with the TPP signing key to create a JSON Web Signature. Please note that, as per OpenID Connect Core, `login_hint` is used for discovery and is supported to provide hints to the LFI on the User identity and therefore the data or services supported at the LFI. `login_hint` **MUST NOT** be used to bypass authentication of the User, nor should a request be rejected if `login_hint` is not provided. The `type` value of the `login_hint` property is shown as a `string` due to the limitations of the OpenAPI specification in cross-referencing a Schema Object that is also a JSON Web Token, as there is no deterministic mechanism to display the underlying structure of the JWE payload. This property is therefore represented in both encoded and decoded form in the API description using a `oneOf`, to help implementers readily understand both the structure and serialized form of the property. **Please ensure your implementation reflects the AELoginHintJwePayload Schema** **Object structure and any notes provided on implementing a JWS and JWE** code_challenge: type: string description: >- Code challenge as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile. code_challenge_method: type: string enum: - S256 description: >- Code challenge method as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile, which prescribes the use of the `S256` method. additionalProperties: false AEPushedAuthorizationRequests.CombinedPaymentConsentProperties: type: object required: - consent_combination - combined_consent_group_id - authorization_details - iss - exp - nbf - client_id - response_type - redirect_uri - scope - code_challenge - code_challenge_method properties: consent_combination: type: string enum: - CombinedPaymentConsent description: The Consent Combination supported in this Authorization Request. combined_consent_group_id: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AECombinedConsentGroupId authorization_details: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationCombinedPaymentAuthorizationDetailsProperties minItems: 2 maxItems: 2 description: >- A Combined Payment consent, supporting exactly two Consents agreed between the User and TPP. The RAR objects included in **MUST** be mutually exclusive, with exactly one with `SingleInstantPayment` control parameters and exactly one with Multi-payment control parameters. Please note that `DelegatedSCA` control parameters **are not supported** for Combined Payments. iss: type: string description: >- The Issuer claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.1) aud: type: string description: >- The Audience claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.3) This value is constrained to a single `string` value, as prescribed by [FAPI 2.0 Security Profile](https://openid.net/specs/fapi-2_0-security-profile-ID2.html#section-5.3.2.1-2.5.1). exp: type: number description: >- The Expiration Time claim for the JWT, as described in [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4.1.4) nbf: type: number description: >- The Not Before claim for the JWT, as described in [RFC 7519](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5) and expanded in the FAPI 2.0 Security Profile. client_id: type: string description: >- The OAuth 2.0 Client ID of the Client, as set in the Open Finance Trust Framework (OFTF). response_type: type: string enum: - code description: >- The OAuth 2.0 response type requested by the Client. This defaults to 'code', as per the FAPI 2.0 Security Profile, as only Authorization Code Flow is supported. redirect_uri: type: string format: uri description: >- The OAuth 2.0 redirect URI of the Client, as set in the Open Finance Trust Framework. This **MUST** match a redirect URI value registered at the OFTF. scope: type: string description: >- The OAuth 2.0 scope requested by the Client. This **MUST** match one-or-more scope values provided in the API descriptions for the Open Finance Standards. state: type: string description: >- The OAuth 2.0 state value requested by the Client, as described in [RFC 6749](https://tools.ietf.org/html/rfc6749#section-4.1.1). nonce: type: string description: >- Nonce value as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html) and expanded in the FAPI 2.0 Security Profile. max_age: type: integer description: >- Maximum Authentication Age as described in [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html). login_hint: oneOf: - type: string - $ref: '#/components/schemas/AESecurityProfile.AELoginHintJwePayload' description: >- Optional parameter that can be used to send the User's Emirates ID or Trade License Number as an encrypted JSON Web Token (JWE). This mechanism is provided to allow LFIs to correlate the User identity, and therefore the features of their account, prior to the User being redirected to the LFI's authentication page. The value **MUST** be a JWE, encrypted with the target LFI's public key with the User identifier set as the JWE. The payload MUST be a JSON object created based on the Schema Object `AELoginHintJwePayload`. This JSON object will form the basis of the data contained in the JWE, and should be signed with the TPP signing key to create a JSON Web Signature. Please note that, as per OpenID Connect Core, `login_hint` is used for discovery and is supported to provide hints to the LFI on the User identity and therefore the data or services supported at the LFI. `login_hint` **MUST NOT** be used to bypass authentication of the User, nor should a request be rejected if `login_hint` is not provided. The `type` value of the `login_hint` property is shown as a `string` due to the limitations of the OpenAPI specification in cross-referencing a Schema Object that is also a JSON Web Token, as there is no deterministic mechanism to display the underlying structure of the JWE payload. This property is therefore represented in both encoded and decoded form in the API description using a `oneOf`, to help implementers readily understand both the structure and serialized form of the property. **Please ensure your implementation reflects the AELoginHintJwePayload Schema** **Object structure and any notes provided on implementing a JWS and JWE** code_challenge: type: string description: >- Code challenge as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile. code_challenge_method: type: string enum: - S256 description: >- Code challenge method as described in [RFC 7636](https://www.rfc-editor.org/rfc/rfc7636.html#section-4.3), which implements the Proof Key for Code Exchange (PKCE) extension to OAuth 2.0. PKCE is mandated by the FAPI 2.0 Security Profile, which prescribes the use of the `S256` method. additionalProperties: false OAuthErrorCodes: type: string enum: - invalid_request - invalid_client - invalid_grant - unauthorized_client - unsupported_grant_type - invalid_scope description: >- Status code corresponding to error condition to be returned to the client AEPushedAuthorizationRequests.AEBankDataSharingAuthorizationDetailsProperties: type: object required: - type - consent properties: type: type: string enum: - urn:openfinanceuae:account-access-consent:v2.1 description: >- The Rich Authorization Request type, as defined by [RFC 9396](https://datatracker.ietf.org/doc/html/rfc9396#section-2-2.2). consent: type: object properties: ConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEConsentId' BaseConsentId: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBaseConsentId Permissions: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankDataSharingConsentPermissions minItems: 1 ExpirationDateTime: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEConsentExpirationDateTime TransactionFromDateTime: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankDataSharingTransactionFromDateTime TransactionToDateTime: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankDataSharingTransactionToDateTime AccountType: type: array items: $ref: >- #/components/schemas/AEBankDataSharing.AEExternalAccountTypeCode AccountSubType: type: array items: $ref: >- #/components/schemas/AEBankDataSharing.AEExternalAccountSubTypeCode description: >- Account Sub Types permitted under the consent. **This property has been deprecated at v2.1 and has been replaced by the Mandated Accounts and Account** **Sub Type feature.** deprecated: true OnBehalfOf: $ref: '#/components/schemas/AEPushedAuthorizationRequests.OnBehalfOf' OpenFinanceBilling: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankDataSharingOpenFinanceBilling required: - ConsentId - Permissions - ExpirationDateTime - OpenFinanceBilling description: Properties of the consent agreed by the User with the TPP. additionalProperties: false subscription: type: object properties: Webhook: type: object properties: Url: type: string description: The TPP Callback URL being registered with the LFI IsActive: type: boolean description: >- The TPP specifying whether the LFI should send (IsActive true) or not send (IsActive false) Webhook Notifications to the TPP's Webhook URL required: - Url - IsActive description: Properties of the TPP Webhook and the state of the subscription. additionalProperties: false required: - Webhook description: >- Optional subscription to Event Notifications, to be sent to the TPP Webhook registered at the API Hub. additionalProperties: false description: >- Properties for creating a consent object for the first time a User consents to TPP access to account information data additionalProperties: false AESecurityProfile.AELoginHintJwePayload: type: object required: - Type - Identification properties: Type: type: string enum: - EmiratesID - TradeLicenseNumber description: >- The identification type, which can either be `EmiratesID` or `TradeLicenseNumber` Identification: type: string description: The identification number value description: >- Provides the structure of the payload for the JWE used in the `login_hint` parameter additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentAuthorizationDetailsProperties: type: object required: - type - consent properties: type: type: string enum: - urn:openfinanceuae:service-initiation-consent:v2.1 description: >- The Rich Authorization Request type, as defined by [RFC 9396](https://datatracker.ietf.org/doc/html/rfc9396#section-2-2.2). consent: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentTypes subscription: type: object properties: Webhook: type: object properties: Url: type: string description: The TPP Callback URL being registered with the LFI IsActive: type: boolean description: >- The TPP specifying whether the LFI should send (IsActive true) or not send (IsActive false) Webhook Notifications to the TPP's Webhook URL required: - Url - IsActive description: Properties of the TPP Webhook and the state of the subscription. additionalProperties: false required: - Webhook description: >- Optional subscription to Event Notifications, to be sent to the TPP Webhook registered at the API Hub. additionalProperties: false description: >- A Rich Authorization Request object for Single Consent Bank Service Initiation use cases. additionalProperties: false AEPushedAuthorizationRequests.AEInsuranceDataSharingAuthorizationDetailsProperties: type: object required: - type - consent properties: type: type: string enum: - urn:openfinanceuae:insurance-consent:v2.1 description: >- The Rich Authorization Request type, as defined by [RFC 9396](https://datatracker.ietf.org/doc/html/rfc9396#section-2-2.2). consent: type: object properties: ConsentId: $ref: '#/components/schemas/uuid' BaseConsentId: $ref: '#/components/schemas/uuid' Permissions: type: array items: $ref: '#/components/schemas/AEInsurance.AEConsentPermissions' minItems: 1 description: >- The permissions codes available to TPPs. Codes are qualified by insurance type which allows multiple sets of permissions to be selected in each consent. OpenFinanceBilling: allOf: - $ref: >- #/components/schemas/AEInsurance.AEInsuranceOpenFinanceBillingPurposeProperties description: Billing parameters specified by the TPP. ExpirationDateTime: type: string format: date-time description: >- Specified date and time the permissions will expire. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00 OnBehalfOf: $ref: '#/components/schemas/AEOnBehalfOf' required: - ConsentId - Permissions - OpenFinanceBilling - ExpirationDateTime description: Properties of the consent agreed by the User with the TPP. additionalProperties: false subscription: type: object properties: Webhook: type: object properties: Url: type: string description: The TPP Callback URL being registered with the LFI IsActive: type: boolean description: >- The TPP specifying whether the LFI should send (IsActive true) or not send (IsActive false) Webhook Notifications to the TPP's Webhook URL required: - Url - IsActive description: Properties of the TPP Webhook and the state of the subscription. additionalProperties: false required: - Webhook description: >- Optional subscription to Event Notifications, to be sent to the TPP Webhook registered at the API Hub. additionalProperties: false description: >- Properties for creating a consent object for the first time a User consents to TPP access to insurance data or services additionalProperties: false AEPushedAuthorizationRequests.AECombinedConsentGroupId: type: string minLength: 1 maxLength: 128 format: uuid description: >- Combined Consent Group ID, which provides a unique identifier for two-or-more consents submitted as RARs in a PAR. AEPushedAuthorizationRequests.AEBankServiceInitiationCombinedConsentAuthorizationDetailsProperties: type: object required: - type - consent properties: type: type: string enum: - urn:openfinanceuae:service-initiation-consent:v2.1 description: >- The Rich Authorization Request type, as defined by [RFC 9396](https://datatracker.ietf.org/doc/html/rfc9396#section-2-2.2). consent: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationCombinedConsentTypes subscription: type: object properties: Webhook: type: object properties: Url: type: string description: The TPP Callback URL being registered with the LFI IsActive: type: boolean description: >- The TPP specifying whether the LFI should send (IsActive true) or not send (IsActive false) Webhook Notifications to the TPP's Webhook URL required: - Url - IsActive description: Properties of the TPP Webhook and the state of the subscription. additionalProperties: false required: - Webhook description: >- Optional subscription to Event Notifications, to be sent to the TPP Webhook registered at the API Hub. additionalProperties: false description: >- A Rich Authorization Request object for Combined Consent Bank Service Initiation use cases. additionalProperties: false AEPushedAuthorizationRequests.AEBankCombinedConsentTypes: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankDataSharingAuthorizationDetailsProperties - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationCombinedConsentAuthorizationDetailsProperties discriminator: propertyName: type mapping: urn:openfinanceuae:account-access-consent:v2.1: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankDataSharingAuthorizationDetailsProperties urn:openfinanceuae:service-initiation-consent:v2.1: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationCombinedConsentAuthorizationDetailsProperties AEPushedAuthorizationRequests.AEBankServiceInitiationCombinedPaymentAuthorizationDetailsProperties: type: object required: - type - consent properties: type: type: string enum: - urn:openfinanceuae:service-initiation-consent:v2.1 description: >- The Rich Authorization Request type, as defined by [RFC 9396](https://datatracker.ietf.org/doc/html/rfc9396#section-2-2.2). consent: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentCombinedPaymentProperties subscription: type: object properties: Webhook: type: object properties: Url: type: string description: The TPP Callback URL being registered with the LFI IsActive: type: boolean description: >- The TPP specifying whether the LFI should send (IsActive true) or not send (IsActive false) Webhook Notifications to the TPP's Webhook URL required: - Url - IsActive description: Properties of the TPP Webhook and the state of the subscription. additionalProperties: false required: - Webhook description: >- Optional subscription to Event Notifications, to be sent to the TPP Webhook registered at the API Hub. additionalProperties: false description: A Rich Authorization Request object for Combined Payment. additionalProperties: false AEPushedAuthorizationRequests.AEConsentId: type: string minLength: 1 maxLength: 128 description: Unique identification assigned by the TPP to identify the Consent. AEPushedAuthorizationRequests.AEBaseConsentId: type: string minLength: 1 maxLength: 128 description: >- The original ConsentId assigned by the TPP. It is used by the TPP for updating/renewing parameters associated with long-lived consents. It must be provided when long-lived consent parameters are updated/renewed for a current consent that has not yet finished. AEPushedAuthorizationRequests.AEBankDataSharingConsentPermissions: oneOf: - $ref: '#/components/schemas/AEBankDataSharingConsentPermissionCodesItem' - type: array items: type: object properties: AccountSubTypes: type: array items: $ref: >- #/components/schemas/AEBankDataSharing.AEExternalAccountSubTypeCode minItems: 1 Permissions: $ref: >- #/components/schemas/AEBankDataSharingConsentPermissionCodesItem Mandated: type: string enum: - All - MinimumOne description: >- Accounts that a User is mandated to shared under a given Consent, and that will be pre-selected at the LFI during Authorization. Permissible values: * `All`: If multiple accounts are present all must be chosen. * `MinimumOne`: If the user has one or multiple matching accounts, one must be selected. required: - AccountSubTypes - Permissions additionalProperties: false AEPushedAuthorizationRequests.AEConsentExpirationDateTime: type: string format: date-time description: >- Specified date and time the consent will expire. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone, for example: 2023-04-05T10:43:07+00:00 AEPushedAuthorizationRequests.AEBankDataSharingTransactionFromDateTime: type: string format: date-time description: > Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields must include the timezone, for example: 2017-04-05T10:43:07+00:00 AEPushedAuthorizationRequests.AEBankDataSharingTransactionToDateTime: type: string format: date-time description: >- Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields must include the timezone, for example: 2017-04-05T10:43:07+00:00 AEBankDataSharing.AEExternalAccountTypeCode: type: string enum: - Retail - SME - Corporate description: Specifies the type of account (Retail, SME or Corporate). AEBankDataSharing.AEExternalAccountSubTypeCode: type: string enum: - CurrentAccount - Savings - CreditCard - Mortgage - Finance description: >- Specifies the sub type of account (product family group). Supported values: * CurrentAccount * Savings * CreditCard * Mortgage * Finance AEPushedAuthorizationRequests.OnBehalfOf: type: object properties: TradingName: type: string description: Trading Name LegalName: type: string description: Legal Name IdentifierType: type: string enum: - Other description: Identifier Type Identifier: type: string description: Identifier description: On Behalf Of additionalProperties: false AEPushedAuthorizationRequests.AEBankDataSharingOpenFinanceBilling: type: object required: - UserType - Purpose properties: UserType: type: string enum: - Retail - SME - Corporate description: Type of User. Purpose: type: string enum: - AccountAggregation - RiskAssessment - TaxFiling - Onboarding - Verification - QuoteComparison - BudgetingAnalysis - FinancialAdvice - AuditReconciliation description: Purpose of data sharing request. description: Billing parameters specified by the TPP. additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentTypes: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationBulkBatchConsentProperties - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentSingleCreditorConsentProperties - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentMultiCreditorConsentProperties - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentOpenCreditorConsentProperties description: >- Properties of the consent agreed by the User with the TPP for Single Consent use cases. discriminator: propertyName: BeneficiaryType mapping: BulkBatch: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationBulkBatchConsentProperties SingleCreditor: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentSingleCreditorConsentProperties MultiCreditor: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentMultiCreditorConsentProperties OpenCreditor: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentOpenCreditorConsentProperties uuid: type: string minLength: 1 maxLength: 128 format: uuid description: >- A unique identifier, which may be a UUID. `format: uuid` is provided as a hint to OpenAPI parsers, but LFIs can implement a unique identification mechanism of their choosing. AEInsurance.AEConsentPermissions: type: object required: - InsuranceType - Permissions properties: InsuranceType: type: string enum: - Employment - Health - Home - Life - Motor - Renters - Travel description: The insurance sector to which the permissions relate. Permissions: type: array items: $ref: '#/components/schemas/AEInsurance.AEConsentPermissionCodes' minItems: 1 description: The data clusters requested by the TPP. additionalProperties: false AEInsurance.AEInsuranceOpenFinanceBillingPurposeProperties: type: object required: - Purpose properties: Purpose: type: string enum: - AccountAggregation - RiskAssessment - PremiumHistory - ClaimHistory - Onboarding - Verification - QuoteComparison - FinancialAdvice - Other description: Purpose of data sharing request. additionalProperties: false AEOnBehalfOf: type: object properties: TradingName: type: string description: Trading Name LegalName: type: string description: Legal Name IdentifierType: allOf: - $ref: '#/components/schemas/AEOnBehalfOfIdentifierType' description: Identifier Type Identifier: type: string description: Identifier additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationCombinedConsentTypes: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentSingleCreditorProperties - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentMultiCreditorProperties - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentOpenCreditorProperties description: >- Properties of the consent agreed by the User with the TPP for Combined Consent use cases. discriminator: propertyName: BeneficiaryType mapping: SingleCreditor: >- #/components/schemas/AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentSingleCreditorProperties MultiCreditor: >- #/components/schemas/AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentMultiCreditorProperties OpenCreditor: >- #/components/schemas/AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentOpenCreditorProperties AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentCombinedPaymentProperties: type: object required: - BeneficiaryType - PersonalIdentifiableInformation - ControlParameters - ConsentId - ExpirationDateTime - PaymentPurposeCode properties: BeneficiaryType: type: string enum: - SingleCreditor description: >- Indicates a Payment Consent for Payments to a Single Creditor **for a Combined Payment**.: * Only a single Creditor is supported in the `Creditor` array in PII. * Only the `SingleInstantPayment` or multi pauyment control parameters are supported. * `DelegatedSCA` control parameters **are not supported**. * `ControlParameters` can only implement `SingleInstantPayment` **once**. The API Hub will reject requests that provide multi Single Instant Payment consents. PersonalIdentifiableInformation: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AESingleCreditorPaymentPII - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEJWEPaymentPII description: >- Personal Identifiable Information, represented in both encoded and decoded form using a `oneOf`. Implementers **MUST** adhere to the Schema Object provided in `AESingleCreditorPaymentPII` when creating the object to be signed and encrypted through a JWS and JWE. The encrypted form of the object is provided by the `AEJWEPaymentPII` Schema Object, which **MUST** be used when invoking the PAR operation. ControlParameters: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.BankServiceInitiationCombinedPaymentControlParameterTypes ConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEConsentId' BaseConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEBaseConsentId' IsSingleAuthorization: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.IsSingleAuthorization AuthorizationExpirationDateTime: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AuthorizationExpirationDateTime ExpirationDateTime: type: string format: date-time description: >- Specified date and time the consent will expire. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00 Permissions: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationConsentPermissionCodes description: >- Specifies the permitted Bank Data Sharing permissions, which is the data clusters being consented by the User, and requested for authorization with the LFI. Allows TPPs to check the User balance at the payment account. CurrencyRequest: allOf: - $ref: '#/components/schemas/AEBankServiceInitiation.AECurrencyRequest' description: 'Currency request ' DebtorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AEDebtorReference' CreditorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AECreditorReference' PaymentPurposeCode: $ref: '#/components/schemas/AEBankServiceInitiation.AEPaymentPurposeCode' SponsoredTPPInformation: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSponsoredTPPInformation additionalProperties: false AEBankDataSharingConsentPermissionCodesItem: type: array items: type: string enum: - ReadAccountsBasic - ReadAccountsDetail - ReadBalances - ReadBeneficiariesBasic - ReadBeneficiariesDetail - ReadFXTransactionsBasic - ReadFXTransactionsDetail - ReadFXRemittanceCharges - ReadTransactionsBasic - ReadTransactionsDetail - ReadProduct - ReadScheduledPaymentsBasic - ReadScheduledPaymentsDetail - ReadDirectDebits - ReadStandingOrdersBasic - ReadStandingOrdersDetail - ReadStatements - ReadPartyUser - ReadPartyUserIdentity - ReadParty - ReadProductFinanceRates description: >- The permission codes available to the TPP for Bank Data Sharing and agreed with the User. AEPushedAuthorizationRequests.AEBankServiceInitiationBulkBatchConsentProperties: type: object required: - BeneficiaryType - PersonalIdentifiableInformation - ControlParameters - ConsentId - ExpirationDateTime - PaymentPurposeCode properties: BeneficiaryType: type: string enum: - BulkBatch description: >- Indicates a Bulk/Batch Payment Consent: * Neither the `DebtorAccount` nor `Creditor` is permitted, meaning the `Initiation` property is omitted from PII. * Only `FilePayment` control parameters are permitted. PersonalIdentifiableInformation: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBulkBatchPaymentPII - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEJWEPaymentPII description: >- Personal Identifiable Information, represented in both encoded and decoded form using a `oneOf`. Implementers **MUST** adhere to the Schema Object provided in `AEBulkBatchPaymentPII` when creating the object to be signed and encrypted through a JWS and JWE. The encrypted form of the object is provided by the `AEJWEPaymentPII` Schema Object, which **MUST** be used when invoking the PAR operation. ControlParameters: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFilePaymentConsent ConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEConsentId' BaseConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEBaseConsentId' IsSingleAuthorization: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.IsSingleAuthorization AuthorizationExpirationDateTime: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AuthorizationExpirationDateTime ExpirationDateTime: type: string format: date-time description: >- Specified date and time the consent will expire. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00 Permissions: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationConsentPermissionCodes description: >- Specifies the permitted Bank Data Sharing permissions, which is the data clusters being consented by the User, and requested for authorization with the LFI. Allows TPPs to check the User balance at the payment account. CurrencyRequest: allOf: - $ref: '#/components/schemas/AEBankServiceInitiation.AECurrencyRequest' description: 'Currency request ' DebtorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AEDebtorReference' CreditorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AECreditorReference' PaymentPurposeCode: $ref: '#/components/schemas/AEBankServiceInitiation.AEPaymentPurposeCode' SponsoredTPPInformation: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSponsoredTPPInformation additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentSingleCreditorConsentProperties: type: object required: - BeneficiaryType - PersonalIdentifiableInformation - ControlParameters - ConsentId - ExpirationDateTime - PaymentPurposeCode properties: BeneficiaryType: type: string enum: - SingleCreditor description: >- Indicates a Single Payment Consent for one-or-more payments to a Single Creditor: * Only a single Creditor is supported in the `Creditor` array in PII. * Only Control Parameters that support a single Creditor are supported. PersonalIdentifiableInformation: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AESingleCreditorPaymentPII - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEJWEPaymentPII description: >- Personal Identifiable Information, represented in both encoded and decoded form using a `oneOf`. Implementers **MUST** adhere to the Schema Object provided in `AESingleCreditorPaymentPII` when creating the object to be signed and encrypted through a JWS and JWE. The encrypted form of the object is provided by the `AEJWEPaymentPII` Schema Object, which **MUST** be used when invoking the PAR operation. ControlParameters: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentSingleCreditorControlParameterTypes ConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEConsentId' BaseConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEBaseConsentId' IsSingleAuthorization: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.IsSingleAuthorization AuthorizationExpirationDateTime: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AuthorizationExpirationDateTime ExpirationDateTime: type: string format: date-time description: >- Specified date and time the consent will expire. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00 Permissions: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationConsentPermissionCodes description: >- Specifies the permitted Bank Data Sharing permissions, which is the data clusters being consented by the User, and requested for authorization with the LFI. Allows TPPs to check the User balance at the payment account. CurrencyRequest: allOf: - $ref: '#/components/schemas/AEBankServiceInitiation.AECurrencyRequest' description: 'Currency request ' DebtorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AEDebtorReference' CreditorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AECreditorReference' PaymentPurposeCode: $ref: '#/components/schemas/AEBankServiceInitiation.AEPaymentPurposeCode' SponsoredTPPInformation: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSponsoredTPPInformation additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentMultiCreditorConsentProperties: type: object required: - BeneficiaryType - PersonalIdentifiableInformation - ControlParameters - ConsentId - ExpirationDateTime - PaymentPurposeCode properties: BeneficiaryType: type: string enum: - MultiCreditor description: |- Indicates a Payment Consent for Payments to a Multiple Creditors: * Between two and ten Creditors are supported in the `Creditor` array in PII. * Only Control Parameters that support a multiple Creditors are supported. PersonalIdentifiableInformation: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEMultiCreditorPaymentPII - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEJWEPaymentPII description: >- Personal Identifiable Information, represented in both encoded and decoded form using a `oneOf`. Implementers **MUST** adhere to the Schema Object provided in `AEMultiCreditorPaymentPII` when creating the object to be signed and encrypted through a JWS and JWE. The encrypted form of the object is provided by the `AEJWEPaymentPII` Schema Object, which **MUST** be used when invoking the PAR operation. ControlParameters: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentMultiCreditorControlParameterTypes ConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEConsentId' BaseConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEBaseConsentId' IsSingleAuthorization: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.IsSingleAuthorization AuthorizationExpirationDateTime: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AuthorizationExpirationDateTime ExpirationDateTime: type: string format: date-time description: >- Specified date and time the consent will expire. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00 Permissions: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationConsentPermissionCodes description: >- Specifies the permitted Bank Data Sharing permissions, which is the data clusters being consented by the User, and requested for authorization with the LFI. Allows TPPs to check the User balance at the payment account. CurrencyRequest: allOf: - $ref: '#/components/schemas/AEBankServiceInitiation.AECurrencyRequest' description: 'Currency request ' DebtorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AEDebtorReference' CreditorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AECreditorReference' PaymentPurposeCode: $ref: '#/components/schemas/AEBankServiceInitiation.AEPaymentPurposeCode' SponsoredTPPInformation: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSponsoredTPPInformation additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentOpenCreditorConsentProperties: type: object required: - BeneficiaryType - PersonalIdentifiableInformation - ControlParameters - ConsentId - ExpirationDateTime - PaymentPurposeCode properties: BeneficiaryType: type: string enum: - OpenCreditor description: |- Indicates a Payment Consent for Payments to any Creditor: * `Creditors` are excluded from PII. * Only Control Parameters that support a multiple Creditors are supported. PersonalIdentifiableInformation: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEOpenCreditorPaymentPII - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEJWEPaymentPII description: >- Personal Identifiable Information, represented in both encoded and decoded form using a `oneOf`. Implementers **MUST** adhere to the Schema Object provided in `AEOpenCreditorPaymentPII` when creating the object to be signed and encrypted through a JWS and JWE. The encrypted form of the object is provided by the `AEJWEPaymentPII` Schema Object, which **MUST** be used when invoking the PAR operation. ControlParameters: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentOpenCreditorControlParameterTypes ConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEConsentId' BaseConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEBaseConsentId' IsSingleAuthorization: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.IsSingleAuthorization AuthorizationExpirationDateTime: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AuthorizationExpirationDateTime ExpirationDateTime: type: string format: date-time description: >- Specified date and time the consent will expire. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00 Permissions: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationConsentPermissionCodes description: >- Specifies the permitted Bank Data Sharing permissions, which is the data clusters being consented by the User, and requested for authorization with the LFI. Allows TPPs to check the User balance at the payment account. CurrencyRequest: allOf: - $ref: '#/components/schemas/AEBankServiceInitiation.AECurrencyRequest' description: 'Currency request ' DebtorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AEDebtorReference' CreditorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AECreditorReference' PaymentPurposeCode: $ref: '#/components/schemas/AEBankServiceInitiation.AEPaymentPurposeCode' SponsoredTPPInformation: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSponsoredTPPInformation additionalProperties: false AEInsurance.AEConsentPermissionCodes: type: string enum: - ReadInsurancePolicies - ReadCustomerBasic - ReadCustomerDetail - ReadCustomerPaymentDetails - ReadInsuranceProduct - ReadCustomerClaims - ReadInsurancePremium AEOnBehalfOfIdentifierType: type: string enum: - Other AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentSingleCreditorProperties: type: object required: - BeneficiaryType - PersonalIdentifiableInformation - ControlParameters - ConsentId - ExpirationDateTime - PaymentPurposeCode properties: BeneficiaryType: type: string enum: - SingleCreditor description: >- Indicates a Payment Consent for Payments to a Single Creditor **for Combined Consents**.: * Only a single Creditor is supported in the `Creditor` array in PII. * Only Control Parameters that support a single Creditor are supported. PersonalIdentifiableInformation: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AESingleCreditorPaymentPII - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEJWEPaymentPII description: >- Personal Identifiable Information, represented in both encoded and decoded form using a `oneOf`. Implementers **MUST** adhere to the Schema Object provided in `AESingleCreditorPaymentPII` when creating the object to be signed and encrypted through a JWS and JWE. The encrypted form of the object is provided by the `AEJWEPaymentPII` Schema Object, which **MUST** be used when invoking the PAR operation. ControlParameters: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentSingleCreditorControlParameterTypes ConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEConsentId' BaseConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEBaseConsentId' IsSingleAuthorization: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.IsSingleAuthorization AuthorizationExpirationDateTime: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AuthorizationExpirationDateTime ExpirationDateTime: type: string format: date-time description: >- Specified date and time the consent will expire. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00 Permissions: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationConsentPermissionCodes description: >- Specifies the permitted Bank Data Sharing permissions, which is the data clusters being consented by the User, and requested for authorization with the LFI. Allows TPPs to check the User balance at the payment account. CurrencyRequest: allOf: - $ref: '#/components/schemas/AEBankServiceInitiation.AECurrencyRequest' description: 'Currency request ' DebtorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AEDebtorReference' CreditorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AECreditorReference' PaymentPurposeCode: $ref: '#/components/schemas/AEBankServiceInitiation.AEPaymentPurposeCode' SponsoredTPPInformation: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSponsoredTPPInformation additionalProperties: false AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentMultiCreditorProperties: type: object required: - BeneficiaryType - PersonalIdentifiableInformation - ControlParameters - ConsentId - ExpirationDateTime - PaymentPurposeCode properties: BeneficiaryType: type: string enum: - MultiCreditor description: >- Indicates a Payment Consent for Payments to a Multiple Creditors **for Combined Consents**.: * Between two and ten Creditors are supported in the `Creditor` array in PII. * Only Control Parameters that support a Multiple Creditors **for Combined Consents** are supported. PersonalIdentifiableInformation: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEMultiCreditorPaymentPII - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEJWEPaymentPII description: >- Personal Identifiable Information, represented in both encoded and decoded form using a `oneOf`. Implementers **MUST** adhere to the Schema Object provided in `AEMultiCreditorPaymentPII` when creating the object to be signed and encrypted through a JWS and JWE. The encrypted form of the object is provided by the `AEJWEPaymentPII` Schema Object, which **MUST** be used when invoking the PAR operation. ControlParameters: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentMultiCreditorControlParameterTypes ConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEConsentId' BaseConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEBaseConsentId' IsSingleAuthorization: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.IsSingleAuthorization AuthorizationExpirationDateTime: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AuthorizationExpirationDateTime ExpirationDateTime: type: string format: date-time description: >- Specified date and time the consent will expire. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00 Permissions: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationConsentPermissionCodes description: >- Specifies the permitted Bank Data Sharing permissions, which is the data clusters being consented by the User, and requested for authorization with the LFI. Allows TPPs to check the User balance at the payment account. CurrencyRequest: allOf: - $ref: '#/components/schemas/AEBankServiceInitiation.AECurrencyRequest' description: 'Currency request ' DebtorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AEDebtorReference' CreditorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AECreditorReference' PaymentPurposeCode: $ref: '#/components/schemas/AEBankServiceInitiation.AEPaymentPurposeCode' SponsoredTPPInformation: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSponsoredTPPInformation additionalProperties: false AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentOpenCreditorProperties: type: object required: - BeneficiaryType - PersonalIdentifiableInformation - ControlParameters - ConsentId - ExpirationDateTime - PaymentPurposeCode properties: BeneficiaryType: type: string enum: - OpenCreditor description: >- Indicates a Payment Consent for Payments to any Creditor **for Combined Consents**.: * `Creditors` are excluded from PII. * Only Control Parameters that support a open Creditors for a Combined Consent are supported. PersonalIdentifiableInformation: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEOpenCreditorPaymentPII - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEJWEPaymentPII description: >- Personal Identifiable Information, represented in both encoded and decoded form using a `oneOf`. Implementers **MUST** adhere to the Schema Object provided in `AEOpenCreditorPaymentPII` when creating the object to be signed and encrypted through a JWS and JWE. The encrypted form of the object is provided by the `AEJWEPaymentPII` Schema Object, which **MUST** be used when invoking the PAR operation. ControlParameters: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentOpenCreditorControlParameterTypes ConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEConsentId' BaseConsentId: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEBaseConsentId' IsSingleAuthorization: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.IsSingleAuthorization AuthorizationExpirationDateTime: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AuthorizationExpirationDateTime ExpirationDateTime: type: string format: date-time description: >- Specified date and time the consent will expire. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is :2023-04-05T10:43:07+00:00 Permissions: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationConsentPermissionCodes description: >- Specifies the permitted Bank Data Sharing permissions, which is the data clusters being consented by the User, and requested for authorization with the LFI. Allows TPPs to check the User balance at the payment account. CurrencyRequest: allOf: - $ref: '#/components/schemas/AEBankServiceInitiation.AECurrencyRequest' description: 'Currency request ' DebtorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AEDebtorReference' CreditorReference: $ref: '#/components/schemas/AEBankServiceInitiation.AECreditorReference' PaymentPurposeCode: $ref: '#/components/schemas/AEBankServiceInitiation.AEPaymentPurposeCode' SponsoredTPPInformation: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSponsoredTPPInformation additionalProperties: false AEPushedAuthorizationRequests.AESingleCreditorPaymentPII: type: object required: - Initiation properties: Initiation: type: object properties: DebtorAccount: type: object properties: SchemeName: type: string enum: - IBAN description: >- Scheme name for the Debtor Account. The Debtor Account must be an IBAN. Identification: type: string minLength: 1 description: The Identification of the Debtor Account. Name: type: object properties: en: type: string maxLength: 70 ar: type: string maxLength: 70 minProperties: 1 description: >- The Debtor Account, which can be provided in both English and Arabic. Omitted if not held by the TPP. additionalProperties: false required: - SchemeName - Identification description: >- Details of the Debtor Account when provided at the TPP. Omitted not available at the TPP or the User chooses to select the Debtor Account at the LFI. additionalProperties: false Creditor: type: array items: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AECreditor' minItems: 1 maxItems: 1 required: - Creditor additionalProperties: false Risk: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AERisk' description: >- Personal Identifiable Information (PII) provides Debtor, Creditor, and Risk information for the execution of given payment instructions. For a single beneficiary payment consent such as a Single Instant Payment the `Creditor` array is constrained to a single Creditor. The `DebtorAccount` can optionally be set at the TPP. additionalProperties: false AEPushedAuthorizationRequests.AEJWEPaymentPII: type: string description: >- A JSON Web Encryption (JWE) object, which encapsulates a JWS. The value is a compact serialization of a JWE, which is a string consisting of five base64url-encoded parts joined by dots. It encapsulates encrypted content using JSON data structures. The decrypted JWS content has the structure of the AEPaymentPII schema. AEPushedAuthorizationRequests.BankServiceInitiationCombinedPaymentControlParameterTypes: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleInstantPayment - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedDefinedSchedule - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableDefinedSchedule - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedPeriodicSchedule - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariablePeriodicSchedule - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedOnDemand - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand description: >- Control Parameters supported for Combined Consents for multiple Creditors. discriminator: propertyName: Type mapping: SingleInstantPayment: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleInstantPayment FixedDefinedSchedule: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedDefinedSchedule FixedOnDemand: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedOnDemand FixedPeriodicSchedule: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedPeriodicSchedule VariableDefinedSchedule: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableDefinedSchedule VariableOnDemand: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand VariablePeriodicSchedule: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariablePeriodicSchedule AEPushedAuthorizationRequests.IsSingleAuthorization: type: boolean description: >- Specifies to the LFI that the consent authorization must be completed by a single authorizer at the LFI. AEPushedAuthorizationRequests.AuthorizationExpirationDateTime: type: string format: date-time description: >- The date and time by which a Consent (in AwaitingAuthorization status) must be Authorized by the User. AEPushedAuthorizationRequests.AEBankServiceInitiationConsentPermissionCodes: type: string enum: - ReadAccountsBasic - ReadAccountsDetail - ReadBalances - ReadRefundAccount AEBankServiceInitiation.AECurrencyRequest: type: object required: - ExtendedPurpose - CurrencyOfTransfer properties: InstructionPriority: allOf: - $ref: >- #/components/schemas/AEBankServiceInitiation.AEInstructionPriority description: >- Indicator of the urgency or order of importance that the instructing party would like the instructed party to apply to the processing of the instruction. ExtendedPurpose: type: string minLength: 1 maxLength: 140 description: Specifies the purpose of an international payment. ChargeBearer: $ref: '#/components/schemas/AEBankServiceInitiation.AEChargeBearerType1Code' CurrencyOfTransfer: type: string pattern: ^[A-Z]{3,3}$ description: >- Specifies the currency of the to be transferred amount, which is different from the currency of the debtor's account. DestinationCountryCode: type: string pattern: '[A-Z]{2,2}' description: >- Country in which Credit Account is domiciled. Code to identify a country, a dependency, or another area of particular geopolitical interest, on the basis of country names obtained from the United Nations (ISO 3166, Alpha-2 code). ExchangeRateInformation: $ref: >- #/components/schemas/AEBankServiceInitiation.AEExchangeRateInformation FxQuoteId: type: string minLength: 1 maxLength: 128 description: >- Required where the consent or payment initiation request relates to a previously quoted FX trade. The TPP must provide the `QuoteId` value where the payment type is a single instant payment, or omit and provide in the payment initiation request where a long-lived consent exists. description: >- The details of the non-local currency or FX request that has been agreed between the User and the TPP. The requested ChargeBearer and ExchangeRateInformation included in this object may be superseded by updated information supplied by the LFI. additionalProperties: false AEBankServiceInitiation.AEDebtorReference: type: string minLength: 1 maxLength: 35 description: >- A Debtor Reference is a note is for the reference of a given User that may be available as additional information in relation to a given payment instruction. AEBankServiceInitiation.AECreditorReference: type: string minLength: 1 maxLength: 35 description: >- A Creditor Reference is a note for a given Creditor or Creditor LFI that supports reconciliation of a given payment instruction. AEBankServiceInitiation.AEPaymentPurposeCode: type: string minLength: 1 maxLength: 3 pattern: ^[A-Z]{3}$ description: >- A category code that relates to the type of services or goods that corresponds to the underlying purpose of the payment. The code must conform to the published AANI payment purpose code list. AEPushedAuthorizationRequests.AEBankServiceInitiationSponsoredTPPInformation: type: object required: - Name - Identification properties: Name: type: string minLength: 1 maxLength: 50 description: The Sponsored TPP Name Identification: type: string minLength: 1 maxLength: 50 description: The Sponsored TPP Identification description: >- The Sponsored TPP is: * A TPP that itself has no direct Open Banking API integrations. * A TPP that is using the integration of another TPP that does have direct Open Banking API integrations. additionalProperties: false AEPushedAuthorizationRequests.AEBulkBatchPaymentPII: type: object properties: Risk: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AERisk' description: >- Personal Identifiable Information (PII) provides Debtor, Creditor, and Risk information for the execution of given payment instructions. For Bulk and Batch both the Debtor and Creditor Account are included in the payment instructions, and therefore cannot be included in the `Initiation` property. The `Initiation` property is therefore omitted, and Risk information provided according to the required Risk indicators for Bulk and Batch Payments. additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationFilePaymentConsent: type: object required: - FileType - FileHash - NumberOfTransactions - ControlSum properties: FileType: type: string minLength: 1 maxLength: 40 description: Specifies the payment file type FileHash: type: string minLength: 1 maxLength: 44 description: A base64 encoding of a SHA256 hash of the file to be uploaded. FileReference: $ref: '#/components/schemas/AEBankServiceInitiation.AEReference' NumberOfTransactions: type: integer description: >- Number of individual transactions contained in the payment information group. ControlSum: type: string pattern: ^\d{1,16}\.\d{2}$ description: >- Total of all individual amounts included in the group, irrespective of currencies. RequestedExecutionDate: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AERequestedExecutionDate description: Bulk/Batch Control Parameters. additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentSingleCreditorControlParameterTypes: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleInstantPayment - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedDefinedSchedule - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableDefinedSchedule - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedPeriodicSchedule - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariablePeriodicSchedule - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedOnDemand - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationDelegatedSca description: Control Parameters supported for Single Consents to a single Creditor. discriminator: propertyName: Type mapping: SingleInstantPayment: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationSingleInstantPayment FixedDefinedSchedule: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedDefinedSchedule VariableDefinedSchedule: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableDefinedSchedule FixedPeriodicSchedule: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedPeriodicSchedule VariablePeriodicSchedule: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariablePeriodicSchedule FixedOnDemand: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedOnDemand VariableOnDemand: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand DelegatedSCA: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationDelegatedSca AEPushedAuthorizationRequests.AEMultiCreditorPaymentPII: type: object required: - Initiation properties: Initiation: type: object properties: DebtorAccount: type: object properties: SchemeName: type: string enum: - IBAN description: >- Scheme name for the Debtor Account. The Debtor Account must be an IBAN. Identification: type: string minLength: 1 description: The Identification of the Debtor Account. Name: type: object properties: en: type: string maxLength: 70 ar: type: string maxLength: 70 minProperties: 1 description: >- The Debtor Account, which can be provided in both English and Arabic. Omitted if not held by the TPP. additionalProperties: false required: - SchemeName - Identification description: >- Details of the Debtor Account when provided at the TPP. Omitted not available at the TPP or the User chooses to select the Debtor Account at the LFI. additionalProperties: false Creditor: type: array items: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AECreditor' minItems: 2 maxItems: 10 required: - Creditor additionalProperties: false Risk: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AERisk' description: >- Personal Identifiable Information (PII) provides Debtor, Creditor, and Risk information for the execution of given payment instructions. For a multi beneficiary payment consent such as Variable On-Demand Consent the `Creditor` array is constrained to between two and ten Creditors. The `DebtorAccount` can optionally be set at the TPP. additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentMultiCreditorControlParameterTypes: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationDelegatedSca description: Control Parameters supported for Single Consents to multiple Creditors. discriminator: propertyName: Type mapping: VariableOnDemand: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand DelegatedSCA: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationDelegatedSca AEPushedAuthorizationRequests.AEOpenCreditorPaymentPII: type: object properties: Initiation: type: object properties: DebtorAccount: type: object properties: SchemeName: type: string enum: - IBAN description: >- Scheme name for the Debtor Account. The Debtor Account must be an IBAN. Identification: type: string minLength: 1 description: The Identification of the Debtor Account. Name: type: object properties: en: type: string maxLength: 70 ar: type: string maxLength: 70 minProperties: 1 description: >- The Debtor Account, which can be provided in both English and Arabic. Omitted if not held by the TPP. additionalProperties: false required: - SchemeName - Identification description: >- Details of the Debtor Account when provided at the TPP. Omitted not available at the TPP or the User chooses to select the Debtor Account at the LFI. additionalProperties: false additionalProperties: false Risk: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AERisk' description: >- Personal Identifiable Information (PII) provides Debtor, Creditor, and Risk information for the execution of given payment instructions. For a Open Creditor Consent the `Creditor` array is omitted as the Creditor is set for each Payment Initiation Request. The `DebtorAccount` can optionally be set at the TPP. additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationSingleConsentOpenCreditorControlParameterTypes: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationDelegatedSca description: Control Parameters supported for Single Consents to Open Creditors. discriminator: propertyName: Type mapping: VariableOnDemand: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand DelegatedSCA: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationDelegatedSca AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentSingleCreditorControlParameterTypes: type: object required: - Type - PeriodType - PeriodStartDate properties: Type: type: string enum: - VariableOnDemand PeriodType: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEPeriodType' PeriodStartDate: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEPeriodStartDate' Controls: type: object properties: MaximumIndividualAmount: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEMaximumIndividualAmount MaximumCumulativeValueOfPaymentsPerPeriod: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEPeriodTypeMaximumCumulativeValueOfPayments MaximumCumulativeNumberOfPaymentsPerPeriod: type: integer MaximumCumulativeValueOfPayments: allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEPeriodTypeMaximumCumulativeValueOfPayments description: >- The maximum cumulative value of all successful payment rails executions under the Consent. Each successful payment rails execution amount (related to the Consent) is added to the total cumulative value of the Consent which cannot exceed the maximum value agreed with the User at the point of consent. MaximumCumulativeNumberOfPayments: type: integer description: >- The maximum cumulative number of all successful payment rails executions under the Consent. Each successful payment rails execution (related to the Consent) is added to the total cumulative number of payments for the Consent which cannot exceed the maximum value agreed with the User at the point of consent. minProperties: 1 additionalProperties: false description: >- Control Parameters supported for Combined Consents for a single Creditor. additionalProperties: false AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentMultiCreditorControlParameterTypes: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationDelegatedSca description: >- Control Parameters supported for Combined Consents for multiple Creditors. discriminator: propertyName: Type mapping: VariableOnDemand: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand DelegatedSCA: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationDelegatedSca AEPushedAuthorizationRequests.BankServiceInitiationCombinedConsentOpenCreditorControlParameterTypes: oneOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationDelegatedSca description: Control Parameters supported for Combined Consents for open Creditors. discriminator: propertyName: Type mapping: VariableOnDemand: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand DelegatedSCA: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationDelegatedSca AEPushedAuthorizationRequests.AECreditor: type: object required: - CreditorAccount properties: CreditorAgent: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AECreditorAgentProperties Creditor: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AECreditorProperties CreditorAccount: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AECreditorAccountProperties ConfirmationOfPayeeResponse: type: string pattern: ^.+\..+\..+$ description: >- Response from Confirmation of Payee operation, when executed for the Creditor Account. This is JSON Web Signature returned by the Payee Confirmation operation at the Confirmation of Payee API. The value must be the full JWS string, including the header and signature, without decoding to an object. If Confirmation of Payee is not performed this property can be omitted description: Identification elements for a Creditor. additionalProperties: false AEPushedAuthorizationRequests.AERisk: type: object properties: DebtorIndicators: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEDebtorIndicators DestinationDeliveryAddress: type: object properties: RecipientType: type: string enum: - Individual - Corporate RecipientName: type: object properties: en: type: string ar: type: string additionalProperties: false NationalAddress: $ref: '#/components/schemas/AEAddress' description: Destination Delivery Address additionalProperties: false TransactionIndicators: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AETransactionIndicators CreditorIndicators: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AECreditorIndicators description: >- The Risk section is sent by the TPP to the LFI. It is used to specify additional details for risk/fraud scoring regarding Payments. additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationSingleInstantPayment: type: object required: - Type - Amount properties: Type: type: string enum: - SingleInstantPayment description: The Payment Type Amount: $ref: '#/components/schemas/AEStandardModels.AEAmountAndCurrency' description: >- A single immediate payment consent that MUST be used for a single payment which will be initiated immediately after User authorization at the LFI. additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationFixedDefinedSchedule: type: object required: - Type - Schedule properties: Type: type: string enum: - FixedDefinedSchedule description: The Periodic Schedule Type Schedule: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationFixedSchedule minItems: 1 maxItems: 53 description: >- Payment Schedule denoting a list of pre-defined future dated payments all with fixed amounts and dates. additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationVariableDefinedSchedule: type: object required: - Type - Schedule properties: Type: type: string enum: - VariableDefinedSchedule description: The Periodic Schedule Type Schedule: type: array items: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEBankServiceInitiationVariableSchedule minItems: 1 maxItems: 53 description: >- Payment Schedule denoting a list of pre-defined future dated payments all with variable amounts and dates. additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationFixedPeriodicSchedule: type: object required: - Type - PeriodType - PeriodStartDate - Amount properties: Type: type: string enum: - FixedPeriodicSchedule PeriodType: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEPeriodType' PeriodStartDate: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEPeriodStartDate' Amount: $ref: '#/components/schemas/AEStandardModels.AEAmountAndCurrency' Controls: type: object properties: MaximumCumulativeValueOfPayments: allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEPeriodTypeMaximumCumulativeValueOfPayments description: >- The maximum cumulative value of all successful payment rails executions under the Consent. Each successful payment rails execution amount (related to the Consent) is added to the total cumulative value of the Consent which cannot exceed the maximum value agreed with the User at the point of consent. MaximumCumulativeNumberOfPayments: type: integer description: >- The maximum cumulative number of all successful payment rails executions under the Consent. Each successful payment rails execution (related to the Consent) is added to the total cumulative number of payments for the Consent which cannot exceed the maximum value agreed with the User at the point of consent. MaximumCumulativeValueOfPaymentsPerPeriod: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEPeriodTypeMaximumCumulativeValueOfPayments MaximumCumulativeNumberOfPaymentsPerPeriod: type: integer minProperties: 1 additionalProperties: false description: >- Payment Controls that apply to all payment instructions in a given period under this payment consent. The payments for this consent must be executed only on the PeriodStartDate, and dates recurring based on the PeriodType. additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationVariablePeriodicSchedule: type: object required: - Type - PeriodType - PeriodStartDate - Controls properties: Type: type: string enum: - VariablePeriodicSchedule PeriodType: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEPeriodType' PeriodStartDate: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEPeriodStartDate' Controls: type: object properties: MaximumIndividualAmount: allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEMaximumIndividualAmount description: >- This is the Maximum amount a variable payment can take per period. MaximumCumulativeValueOfPaymentsPerPeriod: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEPeriodTypeMaximumCumulativeValueOfPayments MaximumCumulativeNumberOfPaymentsPerPeriod: type: integer MaximumCumulativeValueOfPayments: allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEPeriodTypeMaximumCumulativeValueOfPayments description: >- The maximum cumulative value of all successful payment rails executions under the Consent. Each successful payment rails execution amount (related to the Consent) is added to the total cumulative value of the Consent which cannot exceed the maximum value agreed with the User at the point of consent. MaximumCumulativeNumberOfPayments: type: integer description: >- The maximum cumulative number of all successful payment rails executions under the Consent. Each successful payment rails execution (related to the Consent) is added to the total cumulative number of payments for the Consent which cannot exceed the maximum value agreed with the User at the point of consent. required: - MaximumIndividualAmount additionalProperties: false description: >- Payment Controls that apply to all payment instructions in a given period under this payment consent. The payments for this consent must be executed only on the PeriodStartDate, and dates recurring based on the PeriodType. additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationFixedOnDemand: type: object required: - Type - PeriodType - PeriodStartDate - Amount - Controls properties: Type: type: string enum: - FixedOnDemand PeriodType: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEPeriodType' PeriodStartDate: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEPeriodStartDate' Amount: $ref: '#/components/schemas/AEStandardModels.AEAmountAndCurrency' Controls: type: object properties: MaximumCumulativeValueOfPayments: allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEPeriodTypeMaximumCumulativeValueOfPayments description: >- The maximum cumulative value of all successful payment rails executions under the Consent. Each successful payment rails execution amount (related to the Consent) is added to the total cumulative value of the Consent which cannot exceed the maximum value agreed with the User at the point of consent. MaximumCumulativeNumberOfPayments: type: integer description: >- The maximum cumulative number of all successful payment rails executions under the Consent. Each successful payment rails execution (related to the Consent) is added to the total cumulative number of payments for the Consent which cannot exceed the maximum value agreed with the User at the point of consent. MaximumCumulativeValueOfPaymentsPerPeriod: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEPeriodTypeMaximumCumulativeValueOfPayments MaximumCumulativeNumberOfPaymentsPerPeriod: type: integer additionalProperties: false description: >- Payment Controls that apply to all payment instructions in a given period under this payment consent. The payments for this consent may be executed on any date, as long as they are within the Controls for a PeriodType additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationVariableOnDemand: type: object required: - Type - PeriodType - PeriodStartDate properties: Type: type: string enum: - VariableOnDemand PeriodType: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEPeriodType' PeriodStartDate: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEPeriodStartDate' Controls: type: object properties: MaximumIndividualAmount: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEMaximumIndividualAmount MaximumCumulativeValueOfPaymentsPerPeriod: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEPeriodTypeMaximumCumulativeValueOfPayments MaximumCumulativeNumberOfPaymentsPerPeriod: type: integer MaximumCumulativeValueOfPayments: allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEPeriodTypeMaximumCumulativeValueOfPayments description: >- The maximum cumulative value of all successful payment rails executions under the Consent. Each successful payment rails execution amount (related to the Consent) is added to the total cumulative value of the Consent which cannot exceed the maximum value agreed with the User at the point of consent. MaximumCumulativeNumberOfPayments: type: integer description: >- The maximum cumulative number of all successful payment rails executions under the Consent. Each successful payment rails execution (related to the Consent) is added to the total cumulative number of payments for the Consent which cannot exceed the maximum value agreed with the User at the point of consent. minProperties: 1 additionalProperties: false description: >- Payment Controls that apply to all payment instructions in a given period under this payment consent. The payments for this consent may be executed on any date, as long as they are within the Controls for a PeriodType additionalProperties: false AEBankServiceInitiation.AEInstructionPriority: type: string enum: - Normal - Urgent description: >- Indicator of the urgency or order of importance that the instructing party would like the instructed party to apply to the processing of the instruction. AEBankServiceInitiation.AEChargeBearerType1Code: type: string enum: - BorneByCreditor - BorneByDebtor - Shared description: >- Specifies which party/parties will bear the charges associated with the processing of the payment transaction. AEBankServiceInitiation.AEExchangeRateInformation: type: object required: - UnitCurrency - RateType properties: UnitCurrency: type: string pattern: ^[A-Z]{3,3}$ description: >- Currency in which the rate of exchange is expressed in a currency exchange. In the example 1GBP = xxxCUR, the unit currency is GBP. ExchangeRate: type: number description: >- The factor used for conversion of an amount from one currency to another. This reflects the price at which one currency was bought with another currency. RateType: $ref: '#/components/schemas/AEBankServiceInitiation.AERateType' ContractIdentification: type: string minLength: 1 maxLength: 256 description: >- Unique and unambiguous reference to the foreign exchange contract agreed between the initiating party/creditor and the debtor agent. description: Provides details on the currency exchange rate and contract. additionalProperties: false AEBankServiceInitiation.AEReference: type: string minLength: 1 maxLength: 35 description: A reason or reference in relation to a payment. AEPushedAuthorizationRequests.AERequestedExecutionDate: type: string format: date description: >- The date when the TPP expects the LFI to execute the payment. The date must be in the future and cannot be on the same day or a day in the past. The maximum date in the future that can be specified is 1 year from the day of the consent of the User to the TPP. All dates in the JSON payloads are represented in ISO 8601 date format. AEPushedAuthorizationRequests.AEBankServiceInitiationDelegatedSca: type: object required: - Type properties: Type: type: string enum: - DelegatedSCA additionalProperties: false AEPushedAuthorizationRequests.AEPeriodType: type: string enum: - Day - Week - Month - Year description: >- |Period Type|Description| |-----------|-----------| |Day|A continuous period of time, consisting of 24 consecutive hours, starting from midnight (00:00:00) and finishing at 23:59:59 of the same day. | |Week|A continuous period of time, consisting of seven consecutive days, starting from midnight (00:00:00) and finishing at 23:59:59 of the 7th day. | |Month|A continuous period of time starting from midnight (00:00:00) of the first day of a month and finishing at 23:59:59 of the last day of that month.| |Year|A continuous period of time, consisting of 12 months.| AEPushedAuthorizationRequests.AEPeriodStartDate: type: string format: date description: Specifies the start date of when a payment schedule begins. AEPushedAuthorizationRequests.AEMaximumIndividualAmount: type: object required: - Amount - Currency properties: Amount: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEActiveOrHistoricAmount Currency: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEActiveOrHistoricCurrencyCode description: This is the Maximum amount a variable payment can take per period. additionalProperties: false AEPushedAuthorizationRequests.AEPeriodTypeMaximumCumulativeValueOfPayments: type: object required: - Amount - Currency properties: Amount: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEActiveOrHistoricAmount Currency: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEActiveOrHistoricCurrencyCode description: >- The maximum cumulative payment value of all payment initiations per Period Type. additionalProperties: false AEPushedAuthorizationRequests.AECreditorAgentProperties: type: object required: - SchemeName - Identification properties: SchemeName: type: string enum: - BICFI - Other Identification: type: string Name: type: string minLength: 1 maxLength: 140 PostalAddress: $ref: '#/components/schemas/AEAddress' description: >- Properties of the Creditor Agent, which provides information on the Financial Institution that holds the Creditor Account. additionalProperties: false AEPushedAuthorizationRequests.AECreditorProperties: type: object properties: Name: type: string minLength: 1 maxLength: 140 PostalAddress: $ref: '#/components/schemas/AEAddress' description: Party to which an amount of money is due. additionalProperties: false AEPushedAuthorizationRequests.AECreditorAccountProperties: type: object required: - SchemeName - Identification - Name - Type properties: SchemeName: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AECreditorExternalAccountIdentificationCode Identification: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEIdentification' Name: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEName' TradingName: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AETradingName' Type: type: string enum: - Individual - Merchant - Business - Charity - GovernmentBody - Other description: The Creditor (Payee) Type, based on an allowed list. description: >- Unambiguous identification of the account of the creditor to which a credit entry will be posted. additionalProperties: false AEPushedAuthorizationRequests.AEDebtorIndicators: type: object properties: Authentication: type: object properties: AuthenticationChannel: type: string enum: - App - Web PossessionFactor: type: object properties: IsUsed: type: boolean Type: type: string enum: - FIDO2SecurityKey - Passkey - OTPDevice - OTPApp - SMSOTP - EmailOTP - PushNotification - WebauthnToken - SecureEnclaveKey - HardwareOTPKey - TrustedDevice - Other additionalProperties: false KnowledgeFactor: type: object properties: IsUsed: type: boolean Type: type: string enum: - PIN - Password - SecurityQuestion - SMSOTP - EmailOTP - OTPPush - Other additionalProperties: false InherenceFactor: type: object properties: IsUsed: type: boolean Type: type: string enum: - Biometric - Fingerprint - FaceRecognition - IrisScan - VoiceRecognition - FIDOBiometric - DeviceBiometrics - Other additionalProperties: false ChallengeOutcome: type: string enum: - Pass - Fail - NotPerformed AuthenticationFlow: type: string enum: - MFA - Other AuthenticationValue: type: string ChallengeDateTime: type: string format: date-time description: >- The authentication method used by the User to access their account with the TPP additionalProperties: false UserName: type: object properties: en: type: string ar: type: string description: The Name of the User initiating the Payment additionalProperties: false GeoLocation: type: object properties: Latitude: type: string Longitude: type: string required: - Latitude - Longitude description: >- GPS to identify and track the whereabouts of the connected electronic device. additionalProperties: false DeviceInformation: type: object properties: DeviceId: type: string AlternativeDeviceId: type: string DeviceOperatingSystem: type: string DeviceOperatingSystemVersion: type: string DeviceBindingId: type: string LastBindingDateTime: type: string format: date-time BindingDuration: type: string format: duration BindingStatus: type: string enum: - Active - Expired - Revoked - Suspended DeviceType: type: string enum: - Mobile - Desktop - Tablet - Wearable - Other DeviceManufacturer: type: object properties: Model: type: string maxLength: 50 Manufacturer: type: string maxLength: 50 additionalProperties: false DeviceLanguage: type: string DeviceLocalDateTime: type: string ConnectionType: type: string enum: - WiFi - Cellular - Other ScreenInformation: type: object properties: PixelDensity: type: number Orientation: type: string enum: - Portrait - Landscape additionalProperties: false BatteryStatus: type: object properties: Level: type: number minimum: 0 maximum: 100 IsCharging: type: boolean additionalProperties: false TouchSupport: type: object properties: Supported: type: boolean MaxTouchPoints: type: integer minimum: 0 additionalProperties: false MotionSensors: type: object properties: Status: type: string enum: - InMotion - Stationary Accelerometer: type: boolean Gyroscope: type: boolean additionalProperties: false DeviceEnvironmentContext: type: array items: type: string enum: - VPNDetected - EmulatorDetected description: Detailed device information additionalProperties: false BiometricCapabilities: type: object properties: SupportsBiometric: type: boolean BiometricTypes: type: array items: type: string enum: - Fingerprint - FacialRecognition - Iris - VoicePrint - Other description: Device biometric capabilities additionalProperties: false AppInformation: type: object properties: AppVersion: type: string PackageName: type: string BuildNumber: type: string description: Mobile application specific information additionalProperties: false BrowserInformation: type: object properties: UserAgent: type: string IsCookiesEnabled: type: boolean AvailableFonts: type: array items: type: string Plugins: type: array items: type: string PixelRatio: type: number description: Browser-specific information additionalProperties: false UserBehavior: type: object properties: ScrollBehavior: type: object properties: Direction: type: string enum: - Up - Down - Both Speed: type: number Frequency: type: number additionalProperties: false description: User behavior indicators additionalProperties: false AccountRiskIndicators: type: object properties: UserOnboardingDateTime: type: string format: date-time LastAccountChangeDate: type: string format: date LastPasswordChangeDate: type: string format: date SuspiciousActivity: type: string enum: - NoSuspiciousActivity - SuspiciousActivityDetected TransactionHistory: type: object properties: LastDay: type: integer minimum: 0 LastYear: type: integer minimum: 0 additionalProperties: false description: Risk indicators related to the account additionalProperties: false SupplementaryData: type: object description: >- Additional information that cannot be captured in the structured fields and/or any other specific block This may include information that is not available in the structured fields, such as a user's behavioural data like their typing speed and typing patterns. additionalProperties: false description: Debtor (User) Indicators additionalProperties: false AEAddress: type: array items: type: object properties: AddressType: type: string enum: - Billing - Business - Correspondence - DeliveryTo - MailTo - POBox - Postal - Permanent - Residential - Statement - Other AddressLine: type: array items: type: string minItems: 1 maxItems: 7 BuildingNumber: type: string minLength: 1 maxLength: 16 BuildingName: type: string minLength: 1 maxLength: 140 Floor: type: string minLength: 1 maxLength: 70 StreetName: type: string minLength: 1 maxLength: 140 DistrictName: type: string minLength: 1 maxLength: 140 PostBox: type: string minLength: 1 maxLength: 16 TownName: type: string minLength: 1 maxLength: 140 CountrySubDivision: anyOf: - type: string enum: - AbuDhabi - Ajman - Dubai - Fujairah - RasAlKhaimah - Sharjah - UmmAlQuwain - type: string Country: type: string pattern: ^[A-Z]{2}$ required: - AddressType - AddressLine - Country additionalProperties: false minItems: 1 description: One-or-more addresses related to a given subject. AEPushedAuthorizationRequests.AETransactionIndicators: type: object properties: IsCustomerPresent: type: boolean description: >- This field differentiates between automatic and manual payment initiation. IsContractPresent: type: boolean description: >- Indicates if the Creditor has a contractual relationship with the TPP. Channel: type: string enum: - Web - Mobile description: Where the payment has been initiated from. ChannelType: type: string enum: - ECommerce - InStore - InApp - Telephone - Mail - RecurringPayment - Other description: The channel through which the transaction is being conducted SubChannelType: type: string enum: - WebBrowser - MobileApp - SmartTV - WearableDevice - POSTerminal - ATM - KioskTerminal - Other description: More specific classification of the transaction channel PaymentProcess: type: object properties: TotalDuration: type: integer minimum: 0 CurrentSessionAttempts: type: integer minimum: 1 CurrentSessionFailedAttempts: type: integer minimum: 0 Last24HourAttempts: type: integer minimum: 0 Last24HourFailedAttempts: type: integer minimum: 0 description: Metrics related to the payment process duration and attempts additionalProperties: false MerchantRisk: type: object properties: DeliveryTimeframe: type: string enum: - ElectronicDelivery - SameDayShipping - OvernightShipping - MoreThan1DayShipping ReorderItemsIndicator: type: string enum: - FirstTimeOrder - Reorder PreOrderPurchaseIndicator: type: string enum: - MerchandiseAvailable - FutureAvailability IsGiftCardPurchase: type: boolean IsDeliveryAddressMatchesBilling: type: boolean AddressMatchLevel: type: string enum: - FullMatch - PartialMatch - NoMatch - NotApplicable description: Risk indicator details provided by the merchant additionalProperties: false SupplementaryData: type: object description: >- Additional information that cannot be captured in the structured fields and/or any other specific block additionalProperties: false description: Transaction Indicators additionalProperties: false AEPushedAuthorizationRequests.AECreditorIndicators: type: object properties: AccountType: type: string enum: - CurrentAccount - Savings - CreditCard - Mortgage - Finance IsCreditorPrePopulated: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEIsCreditorPrePopulated TradingName: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AETradingName' IsVerifiedByTPP: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEIsVerifiedbyTPP' AdditionalAccountHolderIdentifiers: $ref: '#/components/schemas/AEAdditionalAccountHolderIdentifiers' MerchantDetails: type: object properties: MerchantId: type: string minLength: 8 maxLength: 20 MerchantName: type: string minLength: 1 maxLength: 350 MerchantSICCode: type: string minLength: 3 maxLength: 4 MerchantCategoryCode: type: string minLength: 3 maxLength: 4 description: >- Details of the Merchant involved in the transaction. Merchant Details are specified only for those merchant categories that are generally expected to originate retail financial transactions additionalProperties: false IsCreditorConfirmed: type: boolean description: >- Creditor account details have been confirmed successfully using Confirmation of Payee SupplementaryData: type: object description: >- Additional information that cannot be captured in the structured fields and/or any other specific block additionalProperties: false description: Creditor Indicators additionalProperties: false AEStandardModels.AEAmountAndCurrency: type: object required: - Currency - Amount properties: Currency: $ref: '#/components/schemas/AEStandardModels.AEActiveOrHistoricCurrencyCode' Amount: $ref: '#/components/schemas/AEStandardModels.AEActiveOrHistoricAmount' description: An Amount qualified by Currency additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationFixedSchedule: type: object required: - PaymentExecutionDate - Amount properties: PaymentExecutionDate: type: string format: date description: >- Used to specify the expected payment execution date/time. All dates in the JSON payloads are represented in ISO 8601 date format. An example is: 2023-04-05 Amount: $ref: '#/components/schemas/AEStandardModels.AEAmountAndCurrency' additionalProperties: false AEPushedAuthorizationRequests.AEBankServiceInitiationVariableSchedule: type: object required: - PaymentExecutionDate - MaximumIndividualAmount properties: PaymentExecutionDate: type: string format: date description: >- Used to specify the expected payment execution date/time. All dates in the JSON payloads are represented in ISO 8601 date format. An example is: 2023-04-05 MaximumIndividualAmount: allOf: - $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEMaximumIndividualAmount description: This is the Maximum amount a variable payment can take per period. additionalProperties: false AEBankServiceInitiation.AERateType: type: string enum: - Actual - Agreed - Indicative description: Specifies the type used to complete the currency exchange. AEPushedAuthorizationRequests.AEActiveOrHistoricAmount: type: string pattern: ^\d{1,16}\.\d{2}$ description: >- A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217. example: '100.00' AEPushedAuthorizationRequests.AEActiveOrHistoricCurrencyCode: type: string pattern: ^[A-Z]{3,3}$ description: >- A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'. AEPushedAuthorizationRequests.AECreditorExternalAccountIdentificationCode: type: string enum: - IBAN - AccountNumber description: >- Name of the identification scheme, in a coded form as published in an external list. AEPushedAuthorizationRequests.AEIdentification: type: string minLength: 1 description: >- Identification for the account assigned by the LFI based on the Account Scheme Name. This identification is known by the User account owner. AEPushedAuthorizationRequests.AEName: type: object properties: en: type: string maxLength: 70 description: English value of the string ar: type: string maxLength: 70 description: Arabic value of the string description: >- The Account Holder Name is the name or names of the Account owner(s) represented at the account level additionalProperties: false AEPushedAuthorizationRequests.AETradingName: type: object properties: en: type: string maxLength: 70 description: English value of the string ar: type: string maxLength: 70 description: Arabic value of the string description: |- The Trading Brand Name (if applicable) for the Creditor. Applicable to Payments. additionalProperties: false AEPushedAuthorizationRequests.AEIsCreditorPrePopulated: type: boolean description: Is Creditor populated AEPushedAuthorizationRequests.AEIsVerifiedbyTPP: type: boolean description: The TPP has onboarded the Creditor AEAdditionalAccountHolderIdentifiers: type: array items: type: object properties: SchemeName: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AERiskExternalAccountIdentificationCode Identification: $ref: >- #/components/schemas/AEPushedAuthorizationRequests.AEIdentification Name: $ref: '#/components/schemas/AEPushedAuthorizationRequests.AEName' required: - SchemeName - Identification additionalProperties: false AEStandardModels.AEActiveOrHistoricCurrencyCode: type: string pattern: ^[A-Z]{3,3}$ description: >- A 3 character alphabetic code allocated to a currency under an international currency identification scheme, as described in the latest edition of the international standard ISO 4217 'Codes for the representation of currencies and funds'. AEStandardModels.AEActiveOrHistoricAmount: type: string pattern: ^\d{1,16}\.\d{2}$ description: >- A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217. example: '100.00' AEPushedAuthorizationRequests.AERiskExternalAccountIdentificationCode: type: string enum: - EmiratesID - TradeLicenceNumber description: >- Name of the identification scheme, in a coded form as published in an external list. ````