Question 

In accordance with the CDR standards in the Banking and Common API specifications, within the resource endpoint required column, the x-fapi-auth-date header is marked as optional.

However, its description states: "Required for all resource calls (customer present and unattended). Not to be included for unauthenticated calls." 

Considering this description, is the x-fapi-auth-date header mandatory or optional? 

Answer

This is a documentation error.  The x-fapi-auth-date header is mandatory for all authenticated resource endpoints, but not for unauthenticated endpoints as described in the HTTP Headers section.

In the resource endpoint descriptions, we have the header marked as optional in the required column. This is a documentation error and it should read mandatory instead.

This issue will be addressed in the next version of the CDR standards.