Archived 2022.11.20. Content moved to error scenarios and responses.
Question
There is a list of CDS error codes for all Banking APIs that shows x-fapi-interaction-id
must be included in the response header. However, it covers only HTTP status codes 400, 406 and 422 but not 403, 404 and 405.
Should we include x-fapi-interaction-id
in the Response Header for 403, 404 and 405 HTTP Error codes?
Answer
The list shows mandatory errors. The explicit list is not exhaustive. Data Holders (DHs) may respond with other 4xx's based on their implementation logic and guidance from recommended SHOULDs and MAYs for error code responses. The x-fapi-interation-id must be returned for any error to a requested protected resource as per the FAPI specifications.
Where the request's resource is not a voluntary protected resource or mandated protected resource, then returning x-fapi-interaction-id
is at the discretion of the DH's implementation. However, for compatibility the DSB recommends a response including the x-fapi-interaction-id
where the client has provided an access token and is using Mutually Authenticated Transport Layer Security (MTLS).
See:
Comments
0 comments
Please sign in to leave a comment.