Archived 2022.11.20. Content moved to error scenarios and responses.
Question
The CDR Rules section 4.7 (3) states:
The data holder must inform the accredited person of such a refusal in accordance with the data standards.
Are there standards that address this requirement? There may be requests which are not refused in full, so HTTP error codes may not fully address this requirement.
Answer
The standards use the error handling mechanisms in the APIs as the notification mechanism for these scenarios. The standards define specific HTTP error codes depending on the reason for refusal. For instance, a refusal based on NFR thresholds being exceeded returns HTTP error code 429, Too many requests. A refusal based on authentication returns HTTP error code 401, Unauthorized. Responses may contain an error payload with further information.
These are currently the only mechanisms the standards define.
See:
- CDR Rules Main section, Part 4, division 4.2, subdivision 4.2.3, section 4.7 Refusal to disclose required consumer data in response to consumer data request, (3)
- CDS HTTP Response Codes
- CDS Payload Conventions, Response Payload Structures, Error payload
Comments
0 comments
Please sign in to leave a comment.