V1.3.1 Release Notes
Release notes for version 1.3.1 of the CDR Standards.
High Level Standards
| Change | Description | Link |
|---|---|---|
| Removal of aside comment | In the availability section there was a redundant comment indicating the notification method for outages is pending. This has been removed | Availability Requirements |
| Error response clarification | The requirement that a 406 response must be provided if x-v and x-min-v are not present was written before the must/should language was used with specific meaning. This is not clarified as a MUST (as was intended) rather than a SHOULD. This change has also been applied where the version headers are documented for end points. | HTTP Headers |
| Example correction | Corrected the non-normative example for the base URI to remove the resource component | Versioning |
API End Points
| Change | Description | Link |
|---|---|---|
| imageUri clarification | Add clarification to the imageUri field indicating that url-encoded data is valid for this field | BankingProductV3 Model |
| MIN_LIMIT, MAX_LIMIT descriptions | Align the language used to describe the MIN_LIMIT and MAX_LIMIT fields to remove inconsistency and ambiguity | Product & Account Components |
| Model versioning | Versioning of schema models to accommodate v3 of the PRD end points | Various |
| PRD v2 obsolescence date | Removed the obseloscence date for v2 PRD end points. These were included erroneously | Get Products v2, Get Product Detail v2 |
| Invalid account ID | Clarification that a 422 error in response to an invalid Account ID is required even if only one ID in a group is invalid | POST APIs that query specific accounts |
Information Security Profile
| Change | Description | Link |
|---|---|---|
| Markdown fix | Some of the markdown for the Arrangement end point was not formatted correctly. This has been fixed. | Security End Points |
| Revocation end point for ADRs | The documentation covering the need for ADR's to host a revocation end point until November 2020 was inadvertently removed. Revocation end point documentation has been modified to match the relevant decision proposals | Security End Points |
| Token example correction | Change the non-normative example in the Tokens section to correctly use numeric date values instead of strings | Token |
| Client auth for security end points | Clarify for the revocation and arrangement end points that client assertion is used to verify the identity of Data Recipients and bearer tokens are used to verify the identity of Data Holders | Security End Points |
| OIDC Discovery update | Corrected the non-normative example for ODIC Discovery end point to correctly specify the tls_client_certificate_bound_access_tokens field |
Security End Points |
Consumer Experience
No Change