Skip to main content
The Resource Server is your application’s data API — responsible for exposing customer data after a user has given consent. Fiskil handles authorization, token issuance, and consent orchestration. During the consent process and once a user has approved access, Fiskil calls your Resource Server with a JWT. Your job is to validate that token and return the right data.

How It Works

The diagram below illustrates the complete Resource Server integration flow:

Required Endpoints

Your Resource Server must expose the following endpoints to support the consent and authorization flow.

POST /auth/v1/customer/search

Used to identify the customer associated with the authenticated session. Purpose: Look up a user based on their email address provided during authentication. Example response: 
{
  "data": [
    {
      "id": "customerid",
      "name": "givenName familyName",
      "phoneNumber": "+6141234567890"
    }
  ]
}
Reference

GET /auth/v1/customer/{customerId}/accounts

Used to list the accounts available to the customer during the consent flow. Example response: 
{
  "accounts": [
    {
      "id": "acc_001",
      "name": "Jane's Savings",
      "type": "savings",
      "displayName": "Account A"
    },
    {
      "id": "acc_002",
      "name": "Joint Account",
      "type": "transaction",
      "displayName": "Account B"
    }
  ]
}
Reference

GET /auth/v1/customer/{customerId}

Used to get customer identity details for issuing OpenID Connect ID Tokens. Example response: 
{
  "id": "customerid",
  "email": "[email protected]",
  "emailVerified": true,
  "familyName": "Sherman",
  "givenName": "Peter",
  "name": "Peter Sherman",
  "phoneNumber": "+15551234567",
  "phoneNumberVerified": true,
  "updatedAt": "2025-07-01T00:00:00Z",
  "address": {
    "streetAddress": "42 Wallaby Way",
    "locality": "Sydney",
    "region": "NSW",
    "postalCode": "2000",
    "country": "AUS"
  }
}
Reference

Example Data Endpoint

At least one endpoint that exposes real data is required to test and go live. The API must start with /customer/{customerId} so we fetch data for the customer who has granted the consent.

GET /customer/{customerId}/accounts/{id}/balances

Returns the account balance. Example response: 
{
  "account_id": "acc_001",
  "available": 1200.50,
  "current": 1250.75,
  "currency": "AUD"
}
You can return mock data during the initial testing phase.

Next Steps