Overview
The Mock Data Holder (Java) is a reference implementation for a CDR Data Holder solution. It implements the Data Holder APIs described in the Consumer Data Standards (CDS). It is intended as a tool for CDR participants building a Data Holder server and client systems. It aims to assist CDR participants in developing their own Data Holder (DH) systems that comply with Consumer Data Standards. It can be used for checking that requests to CDS APIs are well formed, and that responses to those requests conform to expectations.
The Mock Data Holder is available in GitHub: https://github.com/ConsumerDataStandardsAustralia/mock-data-holder-java. You can create a local clone as with any Git repository.
The Mock Data Holder README.md file contains information and disclaimers related to the use of the Mock Data Holder.
The Data Standards Body provides a docker image in the DockerHub. You can run the image on your computer to get a running instance of the Mock Data Holder (Java).
You can also set up a local instance of this project for customised and extended use cases.
For more information, refer to the Mock Data Holder README.md.
These tools and the Mock Data Holder are platform agnostic, and can be installed on Windows, Macintosh and Linux systems.
Authentication and authorisation
A real-world implementation of the CDR requires systems other than those provided in this reference implementation.
CDR authorisation builds upon the foundations of the Financial-grade API Read Write Profile FAPI-RW and other standards relating to Open ID Connect 1.0 OIDC.
To provide a self-contained reference implementation, the Mock Data Holder provides an access token that acts as an authenticator.
Sample data
Sample data for the Data Holder server is in mock-data-holder-java/payloads/. For example, product data is in java-artefacts/data-holder/payloads/products. Account IDs are in mock-data-holder-java/payloads/accounts/, in the files account1.json, account2.json and so on. Account balances are in mock-data-holder-java/payloads/balances.
You can also pass a test data file to be loaded at start up. See the README.md.
Using the Data Holder server with cURL
Using the cURL command, you can make requests to the Data Holder server from the command line.
The request examples below use the -i
parameter to show the HTTP status response and other information.
The example requests below use the Windows command line continuation character, '^'. Replace '^' with '\' for Macintosh or Linux shells.
Responses have been reformatted for legibility. The curl commands provided are in accordance with the Consumer Data Standards (CDS). Read the CDS to understand the headers and requests in detail.
Requests without authorisation
Requests that do not require authorisation are straightforward. All CDS API requests require the x-v
and x-min-v
headers. An unauthorised request may also require the Content-Type:application/json
header.
Get Status
See CDS Get Status.
To call the discovery/status
end point, issue the following curl
command:
curl -i -H "x-min-v:2" -H "x-v:3"^
http://localhost:8383/cds-au/v1/discovery/status
Response:
HTTP/1.1 200
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
x-v: 3
x-fapi-interaction-id: b5a68bef-f62d-43d5-9a51-fae241da5dbd
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Sat, 07 Aug 2021 02:42:42 GMT
{
"links":{
"self":"http://localhost:8383/cds-au/v1/discovery/status"
},
"data":{
"status":"OK",
"updateTime":"2021-08-07T02:42:42.751Z"
}
}
Get Products
See CDS Get Products.
For the public list of products, with a call to the /banking/products
end point, issue the following curl
command:
curl -i -H "x-min-v:2" -H "x-v:3"^
http://localhost:8383/cds-au/v1/banking/products
Response:
HTTP/1.1 200
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
x-v: 3
x-fapi-interaction-id: d33965c4-4bfa-43e6-972a-742ef3b0321f
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 23 Jul 2021 10:40:25 GMT
{
"links":{
"first":"http://localhost:8383/cds-au/v1/banking/products?page=1&page-size=25",
"last":"http://localhost:8383/cds-au/v1/banking/products?page=1&page-size=25",
"self":"http://localhost:8383/cds-au/v1/banking/products"
},
"meta":{
"totalPages":1,
"totalRecords":3
},
"data":{
"products":[
{
"productId":"51645",
"effectiveFrom":"2018-01-13T02:43:00.121+11:00",
"effectiveTo":"2029-04-13T01:43:00.121+10:00",
"lastUpdated":"2019-05-28T09:53:07+10:00",
"productCategory":"TRANS_AND_SAVINGS_ACCOUNTS",
"name":"Every Day Account",
"description":"This account gives you the highest interest rates for an at-call savings account",
"brand":"Acme",
"brandName":"Acme Bank Australia",
"applicationUri":"https://acmebank.com/products/eda/apply",
"isTailored":false,
"additionalInformation":{
"overviewUri":"https://acmebank.com/products/eda/",
"termsUri":"https://acmebank.com/products/eda/#terms",
"eligibilityUri":"https://acmebank.com/products/eda/#eligibility",
"feesAndPricingUri":"https://acmebank.com/products/eda/#fees",
"bundleUri":"https://acmebank.com/products/"
},
"cardArt":[]
},
{
"productId":"51114",
"effectiveFrom":"2018-01-13T02:43:00.121+11:00",
"effectiveTo":"2029-04-13T01:43:00.121+10:00",
"lastUpdated":"2018-12-13T02:43:00.121+11:00",
"productCategory":"TRANS_AND_SAVINGS_ACCOUNTS",
"name":"Another Every Day Account",
"description":"This account gives you the highest interest rates for an at-call savings account",
"brand":"Acme",
"brandName":"Acme Bank Australia",
"applicationUri":"https://acmebank.com/products/eda/apply",
"isTailored":false,
"additionalInformation":{
"overviewUri":"https://acmebank.com/products/eda/",
"termsUri":"https://acmebank.com/products/eda/#terms",
"eligibilityUri":"https://acmebank.com/products/eda/#eligibility",
"feesAndPricingUri":"https://acmebank.com/products/eda/#fees",
"bundleUri":"https://acmebank.com/products/"
},
"cardArt":[]
},
{
"productId":"53645",
"effectiveFrom":"2018-01-13T02:43:00.121+11:00",
"effectiveTo":"2029-04-13T01:43:00.121+10:00",
"lastUpdated":"2018-12-13T02:43:00.121+11:00",
"productCategory":"CRED_AND_CHRG_CARDS",
"name":"Acme Platinum Card",
"description":"Acme Bank rewards card. Help to get to your rewards faster.",
"brand":"Acme",
"brandName":"Acme Bank Australia",
"isTailored":false,
"additionalInformation":
{
"overviewUri":"https://acmebank.com/products/credit-cards/reward/platinum-black/",
"termsUri":"https://acmebank.com/products/eda/#terms"
},
"cardArt":[]
}
]
}
}
Requests with authorisation
Requests that require authorisation are more complex.
The Data Holder implementation tests include a pre-built access token that can be used for authorisation. The access token is provided with the curl commands listed below, and can be cut and pasted with the rest of the command.
Make an http request, rather than an https request, to avoid the requirement for certificates. As well as the access token, authorised requests require the x-cds-client-headers
header. In this case the text "Consumer Data Right" can be used, which base-64 encoded is: Q29uc3VtZXIgRGF0YSBSaWdodA==
.
Account Balance
For example, to obtain a balance for a single account, using the GET Account Balance API: /banking/accounts/<accountId>/balance
, issue the following curl
command:
curl -i ^
-H "Accept: application/json"^
-H "Authorization: Bearer eyJraWQiOiJyc2ExIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhZG1pbiIsInJlZnJlc2hfdG9rZW5fZXhwaXJlc19hdCI6MTU3OTAxMDI4NywiYXpwIjoiY2xpZW50IiwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL2Nkcy1vcGVuaWQtY29ubmVjdC1zZXJ2ZXJcLyIsImV4cCI6MTU3ODAxMzg4NywiaWF0IjoxNTc4MDEwMjg3LCJqdGkiOiI3NjljMTMwMy0xM2IwLTRjYjAtYTNlNS1kYzI1ODJlMTNhMTgifQ.d22K-IWcrqlCbQY_YuGQwMoSXNvQwzQ15yMDaKk6xhlpyVKvO1vmiB35ZNq7K_Ox_8It4QiJ35v2Hwxe-xiOqbd1GXXbBGecHZ1G8wmSOK5UYEVACIUIo6pigIYS25F9JupM-v5Bv59P_vCDLqzgl79NyRQR5mhaXneCB1ST_0fw7H3NAQQ9MC_es0RjMlxurpU3sVKa5Xw_ZG9pLPlZE4q2NKg61WcOtVabfFLgjEHmw5UX4W2_WmGGmY4BWM_jBuCgZYWrdg3w07RVGUPV5gb6yTBxj8XEwQqIKEsrS9X3Jn0-mZ15QtP_SBP7q4TZIDwihfLrXJGjT3g4tuZCug" ^
-H "x-cds-client-headers:Q29uc3VtZXIgRGF0YSBSaWdodA=="^
-H "x-min-v:2"^
-H "x-v:1"^
-H "x-fapi-interaction-id:37e3194e-c1f3-4685-8b8d-6cea463f37f4"^
-H "x-fapi-auth-date:2021-08-06T06:58:06.458Z"^
-H "x-fapi-customer-ip-address: 127.0.0.1"^
http://localhost:8383/cds-au/v1/banking/accounts/2927D564-A5C1-4BD1-B6F9-30140CEB2563/balance
Response:
HTTP/1.1 200
x-v: 1
x-fapi-interaction-id: 37e3194e-c1f3-4685-8b8d-6cea463f37f4
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 06 Aug 2021 09:52:12 GMT
{
"links":{
"self":"http://localhost:8383/cds-au/v1/banking/accounts/2927D564-A5C1-4BD1-B6F9-30140CEB2563/balance"
},
"data":{
"accountId":"2927D564-A5C1-4BD1-B6F9-30140CEB2563",
"availableBalance":"1086.97",
"creditLimit":"0.00",
"currency":"AUD",
"currentBalance":"1086.97",
"purses":[]
}
}
Get balances for specific accounts
See CDS Get balances for specific accounts.
The Get balances for specific accounts call requires a POST request with authorisation.
To obtain balances for multiple accounts, using the POST balances API, with a call to the /banking/accounts/balances
end point, issue the following curl
command:
curl -i ^
-H "Accept: application/json"^
-H "Authorization: Bearer eyJraWQiOiJyc2ExIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhZG1pbiIsInJlZnJlc2hfdG9rZW5fZXhwaXJlc19hdCI6MTU3OTAxMDI4NywiYXpwIjoiY2xpZW50IiwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL2Nkcy1vcGVuaWQtY29ubmVjdC1zZXJ2ZXJcLyIsImV4cCI6MTU3ODAxMzg4NywiaWF0IjoxNTc4MDEwMjg3LCJqdGkiOiI3NjljMTMwMy0xM2IwLTRjYjAtYTNlNS1kYzI1ODJlMTNhMTgifQ.d22K-IWcrqlCbQY_YuGQwMoSXNvQwzQ15yMDaKk6xhlpyVKvO1vmiB35ZNq7K_Ox_8It4QiJ35v2Hwxe-xiOqbd1GXXbBGecHZ1G8wmSOK5UYEVACIUIo6pigIYS25F9JupM-v5Bv59P_vCDLqzgl79NyRQR5mhaXneCB1ST_0fw7H3NAQQ9MC_es0RjMlxurpU3sVKa5Xw_ZG9pLPlZE4q2NKg61WcOtVabfFLgjEHmw5UX4W2_WmGGmY4BWM_jBuCgZYWrdg3w07RVGUPV5gb6yTBxj8XEwQqIKEsrS9X3Jn0-mZ15QtP_SBP7q4TZIDwihfLrXJGjT3g4tuZCug" ^
-H "x-cds-client-headers:Q29uc3VtZXIgRGF0YSBSaWdodA=="^
-H "x-min-v:2"^
-H "x-v:1"^
-H "x-fapi-interaction-id:37e3194e-c1f3-4685-8b8d-6cea463f37f4"^
-H "x-fapi-auth-date:2021-08-06T06:58:06.458Z"^
-H "x-fapi-customer-ip-address: 127.0.0.1"^
-H "Content-Type:application/json"^
-d "{\"data\": {\"accountIds\": [\"3F7C0D90-05CE-4225-8211-3B4F16AEAEB9\",\"2927D564-A5C1-4BD1-B6F9-30140CEB2563\"]}}"^
-X POST http://localhost:8383/cds-au/v1/banking/accounts/balances
Response
HTTP/1.1 200
x-v: 1
x-fapi-interaction-id: 37e3194e-c1f3-4685-8b8d-6cea463f37f4
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 06 Aug 2021 10:09:00 GMT
{
"links":{
"first":"http://localhost:8383/cds-au/v1/banking/accounts/balances?page=1&page-size=25",
"last":"http://localhost:8383/cds-au/v1/banking/accounts/balances?page=1&page-size=25",
"self":"http://localhost:8383/cds-au/v1/banking/accounts/balances"
},
"meta":{"totalPages":1,"totalRecords":2},
"data":{
"balances":[
{"accountId":"2927D564-A5C1-4BD1-B6F9-30140CEB2563",
"availableBalance":"1086.97",
"creditLimit":"0.00",
"currency":"AUD",
"currentBalance":"1086.97",
"purses":[]
},
{"accountId":"3F7C0D90-05CE-4225-8211-3B4F16AEAEB9",
"availableBalance":"0.11",
"creditLimit":"0.00",
"currency":"AUD",
"currentBalance":"0.11",
"purses":[]
}
]
}
}
Response to get balances when account unavailable
How to deal with unavailable accounts is a question frequently asked by Data Holder developers. For example, see Accounts that cannot be shared. The following request demonstrates using the Data Holder reference implementation to answer that question. The call requests multiple accounts, one of which has an accountId that is not in the test data.
The response is HTTP status code 422
and an error structure showing the accountId for the unavailable account and associated details.
See CDS Errors, 422 (Unprocessable Entity) Errors.
The request below is the same as the above "Get balances for specific accounts" request, except that one of the accountIds has been modified so as not to match an available account.
Request with an unavailable account (accountId:3F7C0D90-05CE-4225-8211-3B4F16AEAEBF):
curl -i ^
-H "Accept: application/json"^
-H "Authorization: Bearer eyJraWQiOiJyc2ExIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhZG1pbiIsInJlZnJlc2hfdG9rZW5fZXhwaXJlc19hdCI6MTU3OTAxMDI4NywiYXpwIjoiY2xpZW50IiwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0OjgwODBcL2Nkcy1vcGVuaWQtY29ubmVjdC1zZXJ2ZXJcLyIsImV4cCI6MTU3ODAxMzg4NywiaWF0IjoxNTc4MDEwMjg3LCJqdGkiOiI3NjljMTMwMy0xM2IwLTRjYjAtYTNlNS1kYzI1ODJlMTNhMTgifQ.d22K-IWcrqlCbQY_YuGQwMoSXNvQwzQ15yMDaKk6xhlpyVKvO1vmiB35ZNq7K_Ox_8It4QiJ35v2Hwxe-xiOqbd1GXXbBGecHZ1G8wmSOK5UYEVACIUIo6pigIYS25F9JupM-v5Bv59P_vCDLqzgl79NyRQR5mhaXneCB1ST_0fw7H3NAQQ9MC_es0RjMlxurpU3sVKa5Xw_ZG9pLPlZE4q2NKg61WcOtVabfFLgjEHmw5UX4W2_WmGGmY4BWM_jBuCgZYWrdg3w07RVGUPV5gb6yTBxj8XEwQqIKEsrS9X3Jn0-mZ15QtP_SBP7q4TZIDwihfLrXJGjT3g4tuZCug" ^
-H "x-cds-client-headers:Q29uc3VtZXIgRGF0YSBSaWdodA=="^
-H "x-min-v:2"^ -H "x-v:1"^
-H "x-fapi-interaction-id:37e3194e-c1f3-4685-8b8d-6cea463f37f4"^
-H "x-fapi-auth-date:2021-08-06T06:58:06.458Z"^
-H "x-fapi-customer-ip-address: 127.0.0.1"^
-H "Content-Type:application/json"^
-d "{\"data\": {\"accountIds\": [\"3F7C0D90-05CE-4225-8211-3B4F16AEAEBF\",\"2927D564-A5C1-4BD1-B6F9-30140CEB2563\"]}}"^
-X POST http://localhost:8383/cds-au/v1/banking/accounts/balances
Response:
HTTP/1.1 422
x-fapi-interaction-id: 37e3194e-c1f3-4685-8b8d-6cea463f37f4
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Thu, 19 Aug 2021 06:51:11 GMT
{"errors":[{"code":"urn:au-cds:error:cds-banking:Authorisation/UnavailableBankingAccount","detail":"3F7C0D90-05CE-4225-8211-3B4F16AEAEBF","title":"Unavailable Banking Account"}]}
Postman unit tests
The Postman unit tests are available as a GitHub repository at https://github.com/ConsumerDataStandardsAustralia/dsb-schema-tools.
With modification for implementation context, these tests can be used with any implementation of the CDS. A special configuration is provided for use with the Mock Data Holder reference implementation.
First install postman: https://www.postman.com.
The Postman collection is contained in the subdirectory collection
. For information on purpose and usage, see the postman README.md file. The collection is in the file CDR Banking Sector Conformance Tests v1.11.0.postman
.
The files DSB.collection-run.postman.json
and DSB.postman_environment.json
are configured to work with the mock data holder (java) maintained by DSB and available in the mock-data-holder-java repository.
To import the collection:
- In the Postman workspaces tab, click the
Import
button at the top. - Browse and select
CDR Banking Sector Conformance Tests v1.11.0.postman
To choose the data environment:
- In the Postman Runner tab, click
New
for a new test run. - Click the
Data
button. - Browse and select
dsb-dhserver-postman-variables.json
.
Comments
0 comments
Please sign in to leave a comment.