Skip to main content
Ship your first Data Provider integration — from resource server to end-to-end validation — in under an hour. Estimated time: 30–60 minutes

Before You Begin

To follow this guide, you’ll need:
  • Access to the Fiskil Console with org admin permissions
  • A domain you control (for DNS/branding setup)
  • An engineer to implement or mock your Resource Server

Step 1 — Provision your environments

Once you’ve been approved for the Fiskil Data Provider platform, we will provision separate Staging and Production instances for you. Each instance is isolated and includes:
  • Environment-specific keys
  • Separate logs and metrics
  • Testing and sandbox tools
Use Staging for all initial development and integration.

Step 2 — Implement a Minimal Resource Server

Your Resource Server is your API — Fiskil will call it after a user gives consent. For your first integration, you’ll need to implement these three endpoints:

Required Endpoints

EndpointPurposeReference
GET /auth/v1/customer/searchIdentify the customer during the consent flowLink
GET /auth/v1/customer/{customerId}/accountsList accounts available for sharingLink
GET /auth/v1/customer/{customerId}Get customer identity informationLink
GET /v1/customer/{customerId}/accounts/{accountId}/balancesExample data endpoint to expose customer data
These endpoints must:
  • Be accessible by the Fiskil Data Provider over HTTPS
  • Accept Bearer tokens and validate them using Fiskil’s JWKS
Note: For initial testing, these endpoints can return static or mock data.

Example: Balances Endpoint

curl -H "Authorization: Bearer <ACCESS_TOKEN>" \
  https://<your-resource-server>/v1/customer/{customerId}/accounts/{account_id}/balances
Example response 
{
  "account_id": "acc_001",
  "available": 1200.50,
  "current": 1250.75,
  "currency": "AUD"
}
In the Console:
  • Set the base URL for your Resource Server in the staging instance
  • (Optional) Configure an allowlist to restrict inbound traffic to Fiskil IPs
  • Confirm your API is reachable and healthy

Step 4 — Configure Branding & DNS (Optional)

Customize your user-facing consent flow with:
  • Your logo and display name
  • A custom domain, like consent.yourcompany.com
To configure this, see: Custom Domain Setup

Step 5 — Run an End-to-End Test

Use Fiskil’s Testing tools to validate the full consent flow. As part of your onboarding we will invite you to our testing tools. The testing tools depend on the kind of integration you’re building, whether it operates within a regulatory standard or you’re a voluntary data provider.

Step 6 — Go Further

Once you’ve validated your integration:
  • Add full support for additional endpoints and scopes
  • Apply a compliance profile (e.g., CDR, FDX)
  • Enable logs and metrics. See Logs and Metrics

Step 7 — Go Live

To launch in production:
  • Complete any required regulator certification or validation (if applicable)
  • Register and onboard trusted third-party clients (e.g., Plaid, energy apps)
  • Point production integrations to your live instance

Core Concepts Recap

Instance An isolated environment with its own domain, keys, logs, and configuration. Resource Server Your API — it exposes customer data and responds to Fiskil using standard contracts. Scopes & Consent Your customers must consent to sharing data. The scope of that consent defines what data can be shared. Fiskil manages Scopes and Consents. Compliance Profile A preset behavior template (headers, scopes, APIs) based on standards like CDR or FDX.