1
Consent
2
Authorize
3
Complete
Insurance · Data Sharing · UX
Insurance Data Sharing — User Experience 2 min read
Before a customer is redirected to Open Finance to consent to Insurance Data Sharing, you must present a Consent Page that clearly explains what the customer is consenting to and collects their explicit, informed consent. The page must accurately reflect each insurance type requested and the permissions selected within it. The interactive wireframe below defines the expected structure, content, and behaviour of the Consent Page and must be followed.
While you may adapt visual elements such as colour palette, fonts, and styling, you must not alter the meaning, clarity, or completeness of the consent content, and the representation of AlTareq (including logos, naming, and action buttons) must be preserved. Your Consent Page must be submitted as part of CX certification prior to production, and any material changes to a production Consent Page must be re-submitted for review and approval.
01 Interactive Demo
Edit the consent and watch the preview respond
TPPConsent page
LFIAuthorisation page
LFI
Consent
Authorize
Complete
Something went wrong
We couldn’t find any policies that match the insurance type(s) requested, so unfortunately we’re unable to share any information with [TPP Trading Name].
Customise the authorization_details object below and watch the wireframes above update live. Each entry in consent.Permissions is an InsuranceType paired with the permissions requested for it — add, remove, or change types to see how the pages respond.
authorization_detailsPAR request body field
AEInsuranceDataSharingRichAuthorizationRequestsV21.AEInsuranceDataSharingAuthorizationDetailsPropertiesView PAR endpoint ↗
Configure the mock insurance policies the authenticated user holds at their LFI. Flipping a policy's Status moves it between the Active and Inactive groups on the wireframe.
02 Field-Driven UI
How API request fields change what the user sees
Permissions and Data Access
For Insurance Data Sharing, the Permissions field is an array of { InsuranceType, Permissions[] } objects — permissions are scoped to a specific insurance type, so a TPP can request different data clusters per type in a single consent.
| Permission code | What the user sees on both the Consent and Authorisation pages |
|---|---|
ReadInsurancePolicies | Policy details — Your policy number, type, status, start and end dates, sums insured, and coverage. |
ReadCustomerBasic | Basic customer details — Your name, contact details, and the people named on the policy. |
ReadCustomerDetail | Detailed customer details — Your name, date of birth, Emirates ID, nationality, address, contact details, and people named on the policy. |
ReadInsuranceProduct | Product information — The insurance product underwriting your policy — cover type, features, add-ons, terms, and exclusions. |
ReadInsurancePremium | Premium details — Provides the details of the premium paid or being paid, along with confirmation of future renewal premiums when applicable. In some cases, your insurer may protect this information by sending it in a locked format and issue you a code (via SMS or email). You'll need to enter this code within our service so that we can show you premium details. |
ReadCustomerPaymentDetails | Payment details — The bank account or card used to pay your premium, plus payment frequency. |
ReadCustomerClaims | Claim details — Claims raised on your policy — status, dates, amounts, and the events that triggered them. |
Insurance Type Filtering
Each entry in Permissions nominates an InsuranceType. The LFI Authorisation Page only shows policies whose type appears in the consent — this acts as the equivalent of Banking’s AccountSubType filter.
Permissions[].InsuranceType | LFI Authorisation Page Behaviour |
|---|---|
| One or more types | Only policies whose InsuranceType matches one of the requested values are shown for selection. If the user holds no policies of any requested type, the LFI returns the no-matching-policies error and the authorisation flow cannot proceed. |
| None / empty | Invalid — Permissions must contain at least one entry and each entry must declare an InsuranceType. The consent is rejected before authorisation begins. |
Tip
Only request the insurance types your service genuinely needs. Listing extra types forces the user to scan irrelevant policies and is flagged during CX certification.
Policy Status Grouping
Policies are grouped on the Authorisation Page by their Status field (AEInsurancePolicyStatusCodes). Currently active statuses are presented first and selectable by default; end-state statuses are bucketed into a collapsible Inactive Policies group so the user can see what is in scope but cannot select policies whose data can’t be shared.
| Status group | Statuses included | Behaviour |
|---|---|---|
| Active | New, Renewed, InForce, PaidUp | Shown first, with a green tick header. Selectable by default. |
| Inactive | Expired, Lapsed, Cancelled, Surrendered, Converted, DeathClaim, RiderClaim | Collapsed by default behind an amber clock header. The policy’s end-state status is shown below the insurance type so the user understands why the policy is not selectable. |
On Behalf Of
When a TPP acts on behalf of another entity (e.g. an aggregator operating under a different trading name), OnBehalfOf.TradingName identifies the entity to the user on both the Consent and Authorisation pages.
OnBehalfOf.TradingName | Consent / Authorisation Page Behaviour |
|---|---|
| Provided | The trading name is displayed in the page copy so the user clearly understands which entity they are sharing data with. |
| Not provided | The TPP’s registered name is displayed in place of the trading name. |
Tip
Always populate OnBehalfOf.TradingName so users see a recognisable name rather than a blank or placeholder.