Products and Leads — Requirements v2.12 min read
The User Journeys must be adhered to.
The tables below list the validation rules and operational requirements that apply to Products and Leads. The Validated by column indicates where each rule is enforced. All requests require an active Trust Framework application with the BDSP role, a valid transport certificate presented on every request via mTLS, and an active signing key for JWT signing.
Retrieve Product Data
/productsThe Products API does not require user consent. The TPP authenticates using a client credentials grant and calls each LFI individually. All LFI GET /products requests must be made in parallel unless the User has specifically filtered out (de-selected) individual LFIs.
Authorizationclient_credentials grant with products scope.x-fapi-customer-ip-addressGET /products request to prove that the User is present in the interaction. Must be a valid IPv4 or IPv6 address.x-fapi-interaction-id/products OpenAPI schema. No additional or undocumented parameters are permitted.ApplicationUri, ApplicationPhoneNumber, ApplicationEmail, ApplicationDescription)ApplicationUri is the preferred channel.Submit a Lead
/leadsThe Leads API allows a TPP to refer a User to a specific LFI when the User wishes further information about a specific product or wishes the LFI to contact them.
Authorizationclient_credentials grant with products scope.x-fapi-customer-ip-addressPOST /leads request. Must be a valid IPv4 or IPv6 address.x-fapi-interaction-id