What You Can Test
- Authorization flows — confirm that users can successfully grant and revoke consent.
- Token validation — check that your Resource Server enforces JWT signatures.
- API responses — validate your endpoints return the correct data, error formats, and pagination.
- Performance — measure latency and throughput to confirm baseline SLAs.
- Compliance (optional) — run against formal test suites if building under CDR, FDX, or similar frameworks.
Core Tools
Postman Collection
Run an end-to-end flow using Fiskil’s official Postman collection:- Create consents
- Retrieve tokens
- Call your Resource Server endpoints
- Inspect responses
Mock Data Recipient
Fiskil maintains a CDR Mock Data Recipient you can use to simulate CDR Consent flows:- Create consents
- Browse consumer data
- Revoke consents
Request Logs
Every API call is recorded in Request Logs.- Validate payloads, scopes, and status codes.
- Debug errors by tracing failed requests.
- Confirm traffic flows only within the granted consent.
Metrics
Each instance tracks performance and availability metrics.- Verify throughput and latency under load.
- Check baseline error rates before go-live.
Compliance Tools
If your instance uses a compliance profile (e.g., CDR, FDX), Fiskil provides access to compliance validation tools.- Run automated checks against required endpoints and scopes.
- Generate reports for regulators or internal audit.
For regulated environments, additional testing tools may be required.
Please contact the Fiskil team to enable compliance testing support for your instance.
Environments
Always test thoroughly in staging before promoting to production:- Staging allows mock recipients and relaxed change controls.
- Production must remain stable and audit-ready.