The CDR Support Portal article Identifying the customer in Get Customer and Get Customer Detail calls outlines the ADR should pass the access token as a Bearer token in the Authorization header of the request to the Get Customer and Get Customer Detail endpoints.
Question
The current banking API docs (https://consumerdatastandardsaustralia.github.io/standards/#consumer-data-standards-banking-apis) make no mention of passing the access token nor in the sample requests provided.
Answer
The Authorization header is dealt with within the Information Security profile and upstream standards. Notably RFC 6749 provides context.
The ADR needs to obtain an access token (representing the consumer's consent) from the data holder and supply this as a bearer token for all authenticated endpoints.
Question
Is it correct to assume the use of the Bearer token is applicable for all Banking and Common API endpoints (not just the Get Customer ones)?
Answer
No. The other two common APIs (Get Status and Get Outages) are public endpoints and don't require any authentication. They are similar to the Get Products and Get Product Detail end points.
Question
And in relation to the first question above - is there any possibility we can get a sample request format for the above which contains the Authorization header Bearer token?
Answer
RFC 6749 provides examples which hopefully cover the format of the request.
Comments
0 comments
Please sign in to leave a comment.