Skip to main content

CDR Non-Functional Requirements

The CDR APIs are required to follow a minimum standard of non-functional requirements. This section outlines those requirements and the respective responsibilities between Fiskil and the Customer (Data Holder).
These requirements are mandated by the Consumer Data Right standards and must be met for CDR compliance.

Responsibility Overview

Non-Functional RequirementSummaryProvided by
CDR Complaint Data SummaryCDR complaint data for a data holder includes:
• Total CDR consumer complaints received
• Categorisation of CDR complaints (per data holder’s systems)
• Total resolved CDR consumer complaints (either reported in the current or previous period)
• Average days for internal dispute resolution
• CDR complaints referred to external resolution
• CDR complaints resolved externally
• CDR product data complaints received, reported individually

For more information, see Section 10.1.2. of the Compliance guide for data holders.		Data Holder
Availability RequirementsService availability requirement for data holders and AEMO: 99.5% per monthFiskil/Data Holder
Traffic ThresholdsDefined thresholds for different types of traffic that can be throttled or rejectedFiskil
Data QualityEnsuring product data is accurate, up to date and completeData Holder
Performance RequirementsResponse time requirements for different endpoint categoriesFiskil/Data Holder

Availability Requirements

Service availability requirement for data holders and AEMO: 99.5% per month
The unavailability of AEMO will mean that some requests cannot be fulfilled by a data holder making a Shared Responsibility Data Request. This will not be taken to mean that the data holder is unavailable.

Traffic Thresholds

Calls in excess of the following traffic thresholds will be able to be freely throttled or rejected by a data holder without impact to their performance or availability requirements. Traffic thresholds will be set using the following metrics:
  • Number of sessions per day – the number of individual sessions initiated in a calendar day
  • Transactions Per Second (TPS) – the number of concurrent transactions each second
  • Number of calls – the number of end point calls initiated for a specified duration
For Customer Present and authorisation traffic the following traffic thresholds will apply:
  • Unlimited sessions per day
  • 10 TPS per customer
  • 50 TPS per Data Recipient Software Product

Secure Traffic Thresholds

For secure traffic (both Customer Present and Unattended) the following traffic thresholds will apply based on active authorisations:
Active AuthorisationsPeak TPS Total
0 to 10,000150 TPS
10,001 to 20,000200 TPS
20,001 to 30,000250 TPS
30,001 to 40,000300 TPS
40,001 to 50,000350 TPS
50,001 to 60,000400 TPS
More than 60,000450 TPS

Public Traffic Thresholds

For Public traffic (i.e. traffic to unauthenticated end points):
300 TPS total across all consumers (additive to secure traffic)
As traffic from Data Recipient Software Products to Data Holders will be shaped by the thresholds above, there are no specific thresholds applicable to secondary Data Holders.

Data Quality

If a Data Holder of CDR data is required or authorised under the Consumer Data Rules to disclose product data, the Data Holder must take reasonable steps to ensure that the product data is, having regard to the purpose for which it is held, accurate, up to date and complete.
Data Holders are required to be able to demonstrate that reasonable steps to maintain data quality of product data are being undertaken.
For the data quality requirements that apply to CDR data for which there are one or more CDR consumers, see Privacy Safeguard 11 (section 56EN of the Competition and Consumer Act 2010). There are requirements in Privacy Safeguard 11 for both Data Holders and Data Recipients. See Chapter 11 (Privacy Safeguard 11) of the OAIC’s CDR Privacy Safeguard Guidelines for further information.

Performance Requirements

The following response time requirements apply to different categories of endpoints:
Performance CategoryResponse TimeApplies To
Unauthenticated1500msAll Unauthenticated end points not otherwise specified in a separate threshold
High Priority1000msAll InfoSec end points including Dynamic Client Registration, CDR Arrangement Revocation, and specific high-priority endpoints
Low Priority1500msCustomer Present calls to standard data endpoints
Unattended4000msUnattended calls to data endpoints
Large Payload6000msBulk operations and large data transfers
AEMO Request1000ms (data holders)
1500ms (AEMO requests)		Customer Present energy service point calls
Large Secondary Request1500ms (data holders)
4500ms (AEMO requests)		Unattended energy service point calls and bulk operations

High Priority Endpoints (1000ms)

  • All InfoSec end points including Dynamic Client Registration
  • CDR Arrangement Revocation
  • Common: Get Status, Get Outages
Banking:
  • Get Accounts
Energy:
  • Get Energy Accounts
  • Get Energy Account Detail
  • Get Balance For Energy Account
  • Get Invoices For Account
Common:
  • Get Customer
  • Get Customer Detail

Low Priority Endpoints (1500ms)

Customer Present calls to:
  • Get Account Detail
  • Get Account Balance
  • Get Bulk Balances
  • Get Balances For Specific Accounts
  • Get Transactions For Account
  • Get Transaction Detail
  • Get Payees
  • Get Payee Detail
  • Get Direct Debits For Account
  • Get Scheduled Payments For Account
  • Get Scheduled Payments Bulk
  • Get Scheduled Payments For Specific Accounts
Customer Present calls to:
  • Get Agreed Payment Schedule
  • Get Concessions
  • Get Bulk Balances for Energy
  • Get Balances For Specific Energy Accounts
  • Get Bulk Invoices
  • Get Invoices For Specific Accounts
  • Get Billing For Account

Large Payload Endpoints (6000ms)

  • Get Bulk Direct Debits
  • Get Direct Debits For Specific Accounts
  • Get Bulk Billing
  • Get Billing For Specific Account
Customer Present calls to the following energy endpoints:
  • Get Service Points
  • Get Service Point Detail
  • Get DER For Service Point
Unattended calls to:
  • Get Service Points
  • Get Service Point Detail
  • Get DER For Service Point
All calls to:
  • Get Bulk Usage
  • Get Usage For Service Point
  • Get Usage For Specific Service Points
  • Get Bulk DER
  • Get DER For Specific Service Points
These performance requirements are measured at the 95th percentile and are critical for maintaining CDR compliance. Monitor your API performance closely to ensure these thresholds are consistently met.