Question
In the CDS HTTP headers section, x-fapi-auth-date
and x-cds-client-headers
are classified as conditional
for Accredited Data Recipients (ADRs).
However, within the Banking APIs, under Get Accounts, x-fapi-auth-date
and x-cds-client-headers
are classified as optional
for Data Holders (DHs).
What is the DH's role in validating these FAPI headers, and what are the obligations of a DH participating in open banking, as far as the FAPI headers are concerned?
Answer
Use of the client x-fapi
headers
is at the discretion of the DH.
The only exception is the x-fapi-interaction-id
. DHs must respond with an x-fapi-interaction-id
value, either with the value provided by the client, or, if the value has not been provided then with a specifically generated value.
Additionally, DHs must validate that the mandatory headers are provided or return an error code.
Some x-fapi headers
are conditionally
required. Please refer to the FAPI specifications Part 1 and Part 2 for guidelines on DH obligations for FAPI headers.
Comments
0 comments
Please sign in to leave a comment.