Archived 22/02/2024. Please see the CDS Guide - Authorisation Scopes.
Question
As an Accredited Data Recipient if we get consent for data scope A & B, and then complete a data request for A & C, is it acceptable the is rejected in full as it is not a valid request? A valid request, in our view, is for scope with: A, B or A+B.
Answer
This seems to be a valid interpretation. It should be noted that in general all API end points and payloads are specific to a single scope. This has been a goal of the Data Standards Body to simplify issues of this nature.
Currently, with the exception of the inclusion of payeeId
in the scheduled payments end point response, there are no scenarios where a single payload requires multiple scopes.
Comments
0 comments
Please sign in to leave a comment.