Skip to main content

Scope and responsibilities

Your Resource Server must expose the CDR Banking APIs and enforce scopes based on consented permissions. Fiskil issues and validates tokens and orchestrates user consent; your server returns customer and product data according to the CDR schema and version you target.

Required endpoints

  • Accounts: list, detail
  • Balances
  • Transactions: list, detail
Compliance: Confirm required fields and versions with your regulator and the latest CDR standards. Align your x-v headers and error shapes to the market profile.

Common response fields

  • id (stable, opaque)
  • accountNumber (masked)
  • productCategory
  • balances.available, balances.current
  • transactions.amount, description, postingDateTime

Error model

Use typed errors with machine‑parseable codes and human‑readable messages. Include correlation IDs for traceability. 
{
  "errors": [
    {
      "code": "invalid_scope",
      "title": "Insufficient permissions",
      "detail": "The token is missing the required scope for balances.read",
      "meta": { "correlationId": "3c5e4a9b" }
    }
  ]
}

Example (OpenAPI excerpt)

paths:
  /v1/accounts/{accountId}/balances:
    get:
      security:
        - bearerAuth: []
      parameters:
        - in: header
          name: x-v
          required: true
          schema:
            type: string
          description: API version requested
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Balances'
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorList'