V1.1.0 Release Notes
Release notes for version 1.1.0 of the CDR Standards.
Errata for v1.1.0
Since v1.1.0 was published the following errors have been identified and will be corrected in the next version:
- The
x-cds-subjectheader was intended to be removed but was accidentally left in the standards documentation. The statements requiringx-cds-subjectshould be ignored. - The statements regarding the use of TLS in the Information Security profile imply that the
authorizeend point should be protected with TLS using a certificate provided by the CDR CA. As theauthorizeend point must be accessed by a public client this end point must use TLS but the data holder is free to use any certificate authority.
High Level Standards
| Change | Description | Link |
|---|---|---|
Content-Type header optionality |
Clarified that the Content-Type header is only mandatory for PUT and POST calls | HTTP Headers Section |
x-fapi-interaction-id description clarification |
A clarification of the description recommended by the CDR Engineering team | HTTP Headers Section |
x-cds-subject header removed |
This header has been removed from the standards based on community consultation | HTTP Headers Section |
Modification of x-cds-User-Agent header |
The x-cds-User-Agent header has been renamed to x-cds-client-headers and clarified to exclude specific types of headers |
HTTP Headers Section |
| Bug fix for rate type | In a previous decision the limitation of the rate type to plus or minus 100% was agreed to be removed. This has not been fixed | Common Field Types Section |
API End Points
| Change | Description | Link |
|---|---|---|
Clarified description of productName |
Clarified that the productName field in the account structure is set by the data holder not the account holder |
BankingAccount Section |
accountName optional for domestic payee |
For some Banks the account name field is not captured for domestic payees so this field has been made optional | BankingDomesticPayeeAccount Section |
| Aggregated transaction clarification | The handling of the sharing of data related to aggregated transactions has been added to the description of the transaction history end point | Get Transactions For Account Section |
| Term deposit maturity instructions as array | The termDeposit field in the account detail structure has been converted into an array | BankingAccountDetail Section |
| International payees with domestic accounts clarification | Description for how to represent international payees that are represented as a domestic account for payment purposes | Get Payee Detail Section |
Corrected description for amount field |
The amount field in scheduled payments had an incorrect description text which has been fixed |
BankingScheduledPaymentSet Section |
| Updates to scheduled payments | Series of amendments to the scheduled payments structure for lastWeekDay | LastWeekday Section |
| Clarification of ISO 8601 usage | Clarification that the recurrence syntax in ISO 8601 will not be used | Various |
| Card art in product end points | Version 2 of Get Products and Get Product Detail has been added to allow for the inclusion of card art fields | Banking APIs Section |
Information Security Profile
| Change | Description | Link |
|---|---|---|
| Normative reference versions | Added specific dates or versions to the normative reference table to avoid ambiguity | Normative References |
| Removed references to Vectors Of Trust | This change was recommended via the maintenance iteration to remove ambiguity from the standards | InfoSec End Points Section & Scopes and Claims Section |
| Clarified id_token non-normative sample | Non-normative id_token has been modified to include the refresh_token_expires_at and sharing_expires_at claims |
Scopes and Claims Section |
| Added CORS support for public end points | Added a CORS section allowing for CORS to be enabled for Get Status, Get Outages, Get Products and Get Product Detail end points | CORS Section |
| Removal of MTLS for specific end points | Removal of the MTLS requirements for
|
InfoSec End Points Section |
Consumer Experience
No Change