Start Building
Fiskil is certified for SOC 2 Type 2 and ASAE 3150 Type 2. We offer integrated DDoS protection, secure audit trails, and industry-aligned safeguards. Learn more in our product overview.
What is User-Permissioned Data Sharing?
User-Permissioned Data Sharing is a model where your customers are in control. They explicitly grant consent for trusted third parties (Data Recipients) to access specific datasets, for a defined purpose and duration. Unlike traditional data sharing models — bulk exports, file transfers, or backchannel APIs — user-permissioned data sharing is:- Consent-driven — Users approve access via hosted consent flows
- Scoped — Access tokens carry only the permissions granted by the user
- Time-bound — Consents expire automatically or can be revoked at any time
- Auditable — All activity is logged and linked to a consent record
What is the Fiskil Data Provider?
The Fiskil Data Provider is the platform that turns your organization into a trusted source of user-permissioned data. You are the Data Provider: you own the customer and product data. Fiskil gives you everything you need to expose that data securely, with built-in consent, authorization, and compliance.Your Core Responsibilities
As a Data Provider, you:- Implement the Resource Server — APIs that return customer and product data
- Define the datasets and scopes that can be shared
What Fiskil Provides
Fiskil handles the infrastructure:- Hosts the consent flows and dashboards on your branded domain
- Issues and validates tokens aligned to the granted scopes
- Provides the management console, request logs, and metrics for your team
- Handles the heavy lifting of compliance (authorization standards, audit trails, regulatory reporting)
Why Choose Fiskil?
- Accelerated time to market — Ship data sharing in weeks, not years
- Security built-in — Tokens, JWKS validation, audit logs, DDoS protection
- User experience managed for you — Hosted consent screens and optional consumer dashboard
- Global standards ready — Designed for frameworks like CDR, FDX, and open banking
Architecture Overview
The Fiskil Data Provider works alongside your Resource Server to deliver secure, user-permissioned data sharing. Here’s how the components connect and who is responsible for each:Core Components
- Your Resource Server
- Fiskil Data Provider
- Data Recipients
- Your API that implements the data-sharing endpoints (e.g., accounts, balances, transactions)
- Authenticates the Fiskil Data provider to secure your connection
- Returns customer and product data in the expected format
Data Flow Architecture
The diagram below shows how data flows between your customers, the Fiskil platform, and third-party applications:How It Works
1
Consent Initiation
A Data Recipient initiates a consent flow with your customer.
2
User Authentication & Consent
Fiskil’s Data Provider authorization server authenticates the user, presents branded consent screens, and captures approved scopes.
3
Token Issuance
Fiskil issues an access token with the specific scopes granted by the user.
4
Data Access
The Data Recipient calls Fiskil data sharing endpoints with the token to access consented data.
5
Authorization & Response
Fiskil validates the token and checks that the request is authorised before fetching the customer data from your Resource Server.
6
Monitoring & Compliance
All activity is logged in Request Logs and surfaced in Metrics for monitoring and audit purposes.
Division of Responsibilities
You (Data Provider)
Build and maintain your Resource Server.
Fiskil
Provide the Data Provider infrastructure: consent flows, tokens, AuthN/AuthZ, observability, and compliance-ready tooling.
Data Recipients
Build integrations with your data under user consent.
How Fiskil Fits Into Your Architecture
- Your team builds and manages a
Resource Server, which implements the APIs to expose your data - Fiskil provides:
- A FAPI 2.0-compliant authorization & resource server
- Fully managed consent flows
- Staging and production environments
- A management console for observability, configuration, and tooling
- Third parties access data through direct onboarding or via registered data recipient frameworks (e.g., CDR, FDX)
Environments
Each integration runs in isolated instances:- Staging: for development, integration, and testing with mock recipients
- Production: for live, regulated traffic
- Additional instances can be created for multi-brand or multi-region deployments
Key Capabilities
Financial-grade Authorization
Financial-grade Authorization
Consent Management
Consent Management
A complete system to create, view, and revoke user consents via API or prebuilt UI components.
Observability and Auditability
Observability and Auditability
Real-time traffic logs, availability metrics, and audit trails for complete visibility into data sharing activities.
Third-party Onboarding
Third-party Onboarding
Onboard external recipients directly or integrate with regulatory data sharing registers.
Complex Account Support
Complex Account Support
Support for organisational, joint, and multi-party accounts with flexible permission management.
Global Data Sharing Standards
Global Data Sharing Standards
Support for frameworks such as Consumer Data Right (CDR) and Financial Data Exchange (FDX).
Product and Metadata Sharing
Product and Metadata Sharing
Expose product schemas and metadata alongside customer-specific data.
Regulatory Reporting
Regulatory Reporting
Workflows aligned with compliance and reporting obligations for your jurisdiction.
Get Started
Choose how you’d like to begin your integration:Deploy Your First Tenant
Set up staging and production environments for your data sharing integration.
Build Your Resource Server
Implement the APIs that will expose your customer and product data.
Follow a Regulatory Framework
Integrate with established frameworks like CDR, FDX, or open banking standards.