Archived 2022.11.20. Content moved to error scenarios and responses.
Question
Are UserInfo endpoint responses considered to be CDR Data?
If an Accredited Data Recipient (ADR) is inactive and makes a request to the UserInfo endpoint, should the ADR receive a 401 response?
Answer
The Personally Identifiable Information (PII) data shared via the UserInfo endpoint is CDR Data. This includes the individual name or business consumer's agent name details, as well as any other claims the DH might support via the UserInfo endpoint.
The ADR should not be allowed to collect data whilst they are inactive
, suspended
or revoked
. A call from an invalid
ADR to the UserInfo endpoint should fail, and receive a 401 response.
Comments
0 comments
Please sign in to leave a comment.