IDX Protocol (Version 0.1.0-20250403)

Living Document,

This version:
https://sine-fdn.github.io/idx-protocol/
Issue Tracking:
GitHub
Inline In Spec
Editors:
Martin Pompéry
Raimundo Henriques

The exchange protocol is made available under the Creative Commons CC BY-SA license. This license enables reusers to distribute, remix, adapt, and build upon the material in any medium or format, so long as attribution is given to the creator. The license allows for commercial use. If you remix, adapt, or build upon the material, you must license the modified material under identical terms.

Abstract

This specification defines the IDX Protocol, a technical specification for reaching interoperability in the impact investments space.

1. Introduction

This document defines the IDX Protocol (§ 6 IDX Protocol) and a data model (§ 5 Data Model) to enable the seamless and interoperable exchange (§ 3 Business Case and Rational) of opportunity data (§ 5.1 Opportunity).

It shall demonstrate that interoperability of impact investment data leads to more investments into SDG-related solutions.

This technical specification is a living document and is work in progress.

1.1. Out of Scope

The following topics and concerns are not within the scope of this specification:

  1. KYC- or AML-related topics.

  2. Legal or other regulatory aspects of impact investments.

  3. The definition of the impact investment or the impact investments space.

  4. Data provenance and data security aspects.

2. Definitions

Host System

Software implementation conforming to this specifiction.

Data Owner

A party that exchanges data with another party utilizing the IDX Protocol.

Data Recipient

A party that receives or requests data from a data owner utilizing the IDX Protocol.

Party

A data owner or a data recipient.

Interoperable

The quality of being able to exchange data between host systems irrespective of the vendors of the host systems, without the need for translation or transformation of the data.

OpenId Provider Configuration Document

A OpenId Provider Configuration Document document provided in accordance with [OPENID-CONNECT] Section 4.

AuthEndpoint

The endpoint to request an access token after discovering the value through AuthEndpoint Discovery (§ 6.2.1 Authentication Endpoint Discovery).

3. Business Case and Rational

Note: Non-normative section

The IDX Protocol aims to serve impact investors and investees alike by increasing the efficiency of deal sourcing. The IDX Protocol achieves this by enabling the exchange of investment opportunity data (see § 4 Data Transactions).

The interoperability enabled by the IDX Protocol supports to

  1. reduce the friction and cost of impact investment decision making for both investors and investees,

  2. increase the number of investments in SDG-related solutions, and

  3. increase transparency and accountability of impact investments.

4. Data Transactions

Note: Non-normative section

A data transaction is an abstraction for the exchange of data (§ 5 Data Model) between two parties, serving one or more business cases (§ 3 Business Case and Rational).

Each transaction shall illustrate how the IDX Protocol can be utilized to address the described business cases.

4.1. Data Transaction 1: Opportunity Data Exchange

This data transaction enables an investee (such as a farmer or a cooperative) as the data owner to make Opportunity available to one or more investors or impact funds (the data recipient(s)).

This data transaction also enables an investor or impact fund (the data owner) to share an Opportunity with other investors or impact funds (the data recipient(s)).

For this,

  1. the data owner MUST gather the necessary data and input it into a host system that implements the IDX Protocol;

  2. the host system MUST

    1. encode this data as an Opportunity and

    2. make it available through an HTTP API, as specified in § 6 IDX Protocol;

    3. provide the data recipient(s) with the credentials necessary for authentication;

  3. the data recipient MUST

    1. authenticate with the host system, by following the Authentication Flow;

    2. call the Action OpportunityExchange to retrieve the Opportunity data;

    3. in case more than one Opportunity is returned, filter by, e.g., the name of the data owner.

5. Data Model

The IDX Data Model consists of the data type Opportunity at this point.

5.1. Opportunity

The Opportunity data type contains information relating to a single investment opportunity. This data type has OPTIONAL properties relating to impact investment opportunities.

Host systems make Opportunities available through the IDX Protocol (§ 6 IDX Protocol).

5.1.1. Data Attributes

The Opportunity data type has the following properties:

Property Type Req Specification
id String M The unique identifier of the opportunity.

It is RECOMMENDED to use UUID (version 4 or version 7 [rfc9562]) as the value of this property.

previousIds String[] O The set (i.e. no duplicates) of unique identifiers of opportunities that are superseeded by this opportunity, encoded as an array of string values.

See § 5.1.2 Opportunity Lifecycle for details.

specVersion String M The version of the IDX Protocol specification that the opportunity data conforms to.

The value of this property MUST be the version of the IDX Protocol specification that the opportunity data conforms to.

Example value for the version 0.0.1 of the IDX Protocol specification:

0.0.1
createdAt String M The timestamp of the creation of the opportunity.

The value MUST be date and time string conforming to ISO 8601 with timezone UTC.

Example value for Feb 12, 2025 at 12:00:00 UTC:

2025-02-12T12:00:00Z
status String M The status of the opportunity which must be one of the following values:
active

For an opportunity that is still open for investment(s).

closed

For an opportunity that is no longer active. For instance if it was updated with newer or different data, if the opportunity was fully funded, or if the opportunity was withdrawn, or other cases not yet disclosed here.

companyName String M Name of the entity related to the opportunity.
email String M Email address to contact the entity on matters relting to this opportunity.
city String M Name of the city of the entity.
zipCode String O The OPTIONAL ZIP code, postal code, or equivalent of the entity related to this opportunity.
country String M The ISO 3166-2 alpha-2 country code. Example value referring to France:
FR
websiteUrl String O The OPTIONAL URL of the company’s website.
https://www.my-sustainable-company.com
businessSummary String O The OPTIONAL free-form text describing the company.
fundingAsk : Number String M The positive amount of funding requested by the company, encoded as a String.

Example: investment ask of 1,230,000 USD is encoded as the following String value:

1230000
fundingCurrency String M The ISO 4217 currency code relating to the fundingAsk.

Example value for the currency Australian dollar:

AUD
fundingBeneficiaries String O The OPTIONAL free-form text describing the ultimate benificiaries of the funding, if different from the entity representing the Opportunity (identified in companyName).
sdgAlignments Number[] O The OPTIONAL non-empty set of SDG alignment numbers.

Each entry of the set MUST be a positive integer between 1 and 17.

Example: SDG alignment with goals 1, 5, and 13 is encoded as the following array:

[1, 5, 13]
previousInvestors : PreviousInvestor[] O The OPTIONAL non-empty set of unique (i.e. no duplicates) previous investors relating to this company or opportunity in principle.
incomes : Income[] O The OPTIONAL non-empty set of unique (i.e. no duplicates) incomes relating to this company or opportunity in principle.
costStructure : CostStructure O The OPTIONAL cost structure relating to the entities represented by the opportunity.
sustainableFarmingPractices : SustainableFarmingPractices O The OPTIONAL sustainable farming practices relating to the entities represented by the opportunity.
Opportunity data type properties

5.1.2. Opportunity Lifecycle

Host systems SHOULD provide a mechanism to handle the lifecycle of an Opportunity, the life cycle being:

  1. Creation: An Opportunity is created by a party and enters the host system subsequently.

  2. Update: An Opportunity can be updated by the party that created it later on. In this case, the host system SHOULD

    1. Mark the previous version of the Opportunity as closed and

    2. Create a new Opportunity with the updated data, linking the new Opportunity to the previous one through the previousIds property.

  3. Closing: An Opportunity can be closed by the party that created it. In this case, the host system SHOULD:

    1. Mark the Opportunity as closed and

    2. Update the Opportunity with the closing date.

    Note: Closing does not imply success in any way but rather that other parties should no longer consider the Opportunity (as identified by its id) for investment.

Upon each change to Opportunity data (creation, update, or closing), the host system SHOULD provide the new version of the Opportunity to the data recipient(s) through the IDX Protocol.

5.2. Additional Utility Data Types

5.2.1. Data Type PreviousInvestor

The PreviousInvestor data type contains information relating to a previous investor to a previous investment Opportunity.

The PreviousInvestor data type has the following properties:

Property Type Req Specification
name String M The name of the previous investor.
email String M The email address of the previous investor.
investmentAmount : Number String O The amount invested by the previous investor encoded as a String.

See fundingAsk for an example of how to encode a number as a String.

If this value is defined, investmentCurrency MUST be defined as well.

investmentCurrency String O The ISO 4217 currency code relating to the investmentAmount.
investmentDate String M The ISO 8601 date of the previous investment.

Each investmentDate MUST include year, OPTIONALLY followed by a dash and month and then OPTIONALLY followed by a dash and day.

For the investment date being January 28, 2025, the value is:

2025-01-28

For an investment date being January 2025, the value is:

2025-01
PreviousInvestor data type properties

5.2.2. Data Type Income

The Income data type contains information relating to the income of a party directly or indirectly represented by an Opportunity.

The Income data type has the following properties:

Property Type Req Specification
amount : Number String M The amount of income encoded as a String.

See fundingAsk for an example of how to encode a number as a String.

currency String M The ISO 4217 currency code relating to the amount.
kind String M The kind of this income.

Currently, kind MUST equal one of following values:

SustainableFarming

The income generated from sustainable farming practices.

CarbonCredits

The income generated from sustainable farming practices.

BiodiversityCredits

The income generated from biodiversity credits

Premiums

The income generated from premiums for sustainable farming practices.

This property is yet critically underdefined for all of above items of the enumeration.

date String M The ISO 8601 date of the income.

Each date MUST include year, OPTIONALLY followed by a dash and month and then OPTIONALLY followed by a dash and day.

Yearly resolution is RECOMMENDED.

See investmentDate for encoding examples.

Income data type properties

5.2.3. Data Type Cost Structure

The CostStructure data type contains information relating to the cost structure of the party directly or the parties indirectly represented by an Opportunity.

The CostStructure data type has the following properties:

Property Type Req Specification
currency String M The ISO 4217 currency code relating to the costs disclosed in the CostStructure.
totalCosts : Number String O The total costs incurred by the party or parties encoded as a String.

If defined, the the total costs CAN be bigger than the sum of the other cost fields.

productionCosts : Number String O The total production costs encoded as a String.
laborCosts : Number String O The total labor and labor sourcing costs encoded as a String.
inputCosts : Number String O The total input costs encoded as a String. Example categories of input costs include seeds, fertilizers, chemicals, etc.
operatingCosts : Number String O The total operating costs encoded as a String. Example categories of operatings costs include cost of water, land, equipment running costs, etc.
CostStructure data type properties

5.2.4. Data Type SustainableFarmingPractices

The SustainableFarmingPractices data type contains information relating to the sustainable farming practices of the party directly or the parties indirectly represented by an Opportunity.

The SustainableFarmingPractices data type has the following properties:

Property Type Req Specification
soilManagement String[] O The OPTIONAL non-empty set of soil management practices relating to the Opportunity.

Each entry of the set MUST be one of the following values:

CoverCrops

Practices related to cover crops, green manure integration, living mulch systems, etc.

WeedManagement

Practices related to integrated weed biocontrol, mechanical weed suppression, ecological weed management systems, etc.

SoilFertility

Practices related to soil fertility, building fertility in depth

HumusOptimization

Practices related to carbon sequestration, optimizing the humus content in the soil, biomess incorporation systems, etc.

above list is incomplete and is subject to change and additions in subsequent versions.

Note: This category is not mutuallly exclusive with other properies of SustainableFarmingPractices such as biodiversityPractices.

biodiversityPractices String[] O The OPTIONAL non-empty set of biodiversity practices relating to the Opportunity.

Each entry of the set MUST be one of the following values:

EfficientAgrochemicalsUse

The practice of using agrochemicals efficiently and in a targeted manner.

PreservationAreas

The practice of creating and maintaining connected wildlife passages and buffer zones between agricultural areas.

Polyculture

The practice of intercropping, succession planting, forest gardening systems, etc.

above list is incomplete and is subject to change and additions in subsequent versions.

waterManagement String[] O The OPTIONAL non-empty set of water management practices relating to the Opportunity.

Each entry of the set MUST be one of the following values:

SoilWaterConservation

The practice of maximize water retention in the soil and reducing evaporation. This practice also includes the use of mulching, terracing, cover cropping (see soilManagement), etc.

RainwaterHarvesting

The practice of collecting and storing rainwater for irrigation and other uses.

PrecisionIrrigation

The practice of efficient irrigation technologies and scheduling based on actual crop water needs. This includes drip irrigation among other techniques.

WaterReuse

The practice of reusing water for irrigation and other uses.

WaterQualityManagement

Practices to prevent water contamination and to maintain water quality, such as buffer strips along waterways, proper nutrient management, integrated pest management, etc.

above list is incomplete and is subject to change and additions in subsequent versions.

SustainableFarmingPractices data type properties

6. IDX Protocol

This section defines an HTTP-based API for the interoperable exchange of Opportunity data between host systems.

Note: The scope of the HTTP API is minimal by design. Additional features will be added in future versions of this specification.

Interoperable data exchange between a data owner and a data recipient can be achieved by

  1. the data owner offering Opportunity data through a host system that implements the IDX Protocol, and

  2. the data recipient making authenticated calls to retrieve Opportunity data, i.e., by calling the Action OpportunityExchange.

6.1. Host system Minimum Requirements

A host system MUST offer a OpenId Provider Configuration Document as further specified in § 6.2.1 Authentication Endpoint Discovery.

A host system MUST implement the Authentication Flow and Action OpportunityExchange.

A host system MUST offer its actions under https method only.

A host system MUST offer all actions under the same Hostname and Subpath except for the AuthEndpoint returned in the token_endpoint of the OpenId Provider Configuration Document (see Authentication Flow).

6.2. Authentication Flow

A host system MUST require a data recipient to first authenticate before calling other endpoints such as Action OpportunityExchange.

The authentication flow consists of two steps:

  1. Discovery of the host system’s authentication endpoint (see § 6.2.1 Authentication Endpoint Discovery.

  2. Acquiring a bearer token through Action Authenticate (see § 6.2.2 Action Authenticate).

6.2.1. Authentication Endpoint Discovery

A party discovers the value of the AuthEndpoint by

  1. performing a GET request to a host system’s OpenId Provider Configuration Document, using [Hostname]/.well-known/openid-configuration.

    1. the returned document MUST define the token_endpoint property accordingly.

  2. using the value of token_endpoint as the AuthEndpoint

6.2.2. Action Authenticate

The Action Authenticate is an HTTP endpoint. It MUST return bearer tokens using client credentials in conformance with [rfc6749] Section 4.4 (OAuth2 Client Credentials).

Host systems MAY offer this action under potentially any path and hostname, provided that this is discoverable as specified in § 6.2.1 Authentication Endpoint Discovery.

See § 6.4.1 Example Action Authenticate request and response for an example request and response.

6.2.2.1. Request Syntax
POST AuthEndpoint HTTP/1.1
accept: application/json
content-type: application/x-www-form-urlencoded
authorization: Basic BasicAuth
content-length: ContentLength
AuthBody

With Request parameters:

BasicAuth

See [rfc6749] Section 4.4.2

AuthBody

See [rfc6749] Section 4.4

ContentLength

The length of the Body. See [rfc9112].

6.2.2.2. Response Syntax
HTTP/1.1 AuthStatusCode OK
content-type: application/json
content-length: ContentLength

AuthResponseBody

With action-specific response parameters

AuthStatusCode

A HTTP response code conforming to [rfc6749] Section 4.4 and Section 5.

AuthResponseBody

A JSON Object conforming to either [rfc6749] Section 4.4 in case of successful authentication (containing an access token), or [rfc6749] Section 5.2 otherwise.

6.3. Action OpportunityExchange

Lists the data owner’s Opportunity data incrementally (see § 6.3.1 Pagination).

A Host system SHOULD implement an access management system to return only the Opportunity data intended for the requesting data recipient.

6.3.1. Pagination

Host systems MUST implement pagination server-side such that

  1. The host system MAY return less Opportunities than requested through the Limit request parameter

  2. The host system MUST return a Link header if there are additional Opportunities ready to be retrieved, such that

  3. The Link header conforms to [rfc8288]

  4. The value of the rel parameter is equal to next

  5. the target IRI (RFC8288, Section 3.1) of the Link header is absolute

  6. The value of host of the target IRI is equal to the value of the host request header from the original OpportunityExchange HTTP request

The target IRI from a pagination link header is called a pagination link.

Upon a host system returning a pagination link

  1. a data recipient CAN call the pagination link more than once

  2. upon each call, the host system

    1. MUST return the same set of Opportunities upon successful authentication (i.e. BearerToken authentication)

    2. MUST NOT return more Opportunities than requested in case Limit was defined by a data recipient

    3. MUST return a Link header conforming with the previous description in case additional Opportunities are available

  3. If a response contains a second pagination link, upon calling the second pagination link, the previous pagination link MAY no longer work

    • i.e. data recipients MUST NOT assume that previous pagination links continue to return results after advancing in the pagination process

  4. a pagination link MUST be valid for at least 180 seconds after creation

  5. a data recipient SHOULD retry calling the pagination link after the server returned an error

  6. and SHOULD use a randomized exponential back-off strategy when retrying

6.3.2. Request Syntax

GET Subpath/1/opportunities?Limit HTTP/1.1
host: Hostname
authorization: Bearer BearerToken
Subpath

If a host system uses a relative subpath, then the requesting data recipient MUST prepend this subpath.

Hostname

The requesting data recipient MUST use the domain name of the host system.

BearerToken

Bearer token (see [rfc6750]).

Limit

Limit is an OPTIONAL request parameter. If defined,

  1. the name of the HTTP request parameter MUST be limit

  2. and the value MUST be a positive integer.

6.3.3. Response Syntax

Response without a link header:

HTTP/1.1 StatusCode StatusText
content-type: application/json
content-length: ContentLength

ResponseBody

Paginated response with a link header:

HTTP/1.1 StatusCode StatusText
content-type: application/json
content-length: ContentLength
link: PaginationLink; rel="next"

ResponseBody

With response parameters

StatusCode

If the host system returns opportunity data, the HttpStatusCode MUST be 200.

Otherwise, the host system MUST return the appropriate HTTP error code.

StatusText

The HTTP Status text conforming to the HTTP status code StatusCode.

ResponseBody

If the host system accepts the BearerToken, the body MUST be a JSON object with property data with value a JSON array of Opportunities.

Otherwise, the host system MUST return an error response JSON object with the following properties:

  • code: the error response code (corresponding to the StatusCode) encoded as a String;

  • message: a human-readable error description encoded as a String.

PaginationLink

See pagination link and § 6.3.1 Pagination.

6.4. Examples

6.4.1. Example Action Authenticate request and response

Example Request

POST /auth HTTP/1.1
accept: application/json
content-type: application/x-www-form-urlencoded
authorization: Basic [base64(client_id:client_secret)]
grant-type: client_credentials

Example Successful Response

{
  "access_token": "...",
  "token_type": "bearer"
}

Example Error Response (Invalid Client)

HTTP/1.1 400 Bad Request
date: Wed, 29 Jan 2025 19:33:16 GMT
content-type: application/json

{
  "error": "invalid_client",
  "error_description": "Authentication failed"
}

6.4.2. Example Action OpportunityExchange request and response

Example Request

GET /1/opportunities?limit=1 HTTP/1.1
host: example.com
authorization: Bearer [access_token]

Example Successful Response

Example header: 
HTTP/1.1 200 OK
content-type: application/json
content-length: 661
server: example-server
link: <https://api.example./1/opportunities?limit=1&offset=1>; rel="next"

Example body:

{
  "data": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174002",
      "specVersion": "0.0.1",
      "createdAt": "2025-01-28T12:00:00Z",
      "status": "active",
      "previousIds": [ "123e4567-e89b-12d3-a456-426614174000", "123e4567-e89b-12d3-a456-426614174001" ],
      "companyName": "Example Company",
      "email": "example@company.com",
      "city": "Berlin",
      "country": "DE",
      "websiteUrl": "https://example.com",
      "businessSummary": "Example business summary",
      "fundingAsk": "1230000",
      "fundingCurrency": "EUR",
      "previousInvestors": [
        {
          "name": "Example Investor",
          "email": "example@investor.com",
          "investmentDate": "2025-01-28"
        }
      ],
      "incomes": [
        {
          "amount": "1230000",
          "currency": "EUR",
          "kind": "SustainableFarming",
          "date": "2025-01-28"
        }
      ],
      "costStructure": {
        "currency": "EUR",
        "totalCosts": "1230000",
      },
      "sustainableFarmingPractices": {
        "soilManagement": ["CoverCrops"],
        "biodiversityPractices": ["EfficientAgrochemicalsUse"],
        "waterManagement": ["SoilWaterConservation"]
      }
    }
  ]
}

Example Error Response (Invalid Token)

HTTP/1.1 401 Unauthorized
content-type: application/json
content-length: 29

{
  "code": "Unauthorized",
  "message": "Invalid token"
}

Appendix A: Changelog

Version 0.1.0-20250403 (2025-04-03)

Summary:

Version 0.0.1-20250219 (2025-02-19)

Summary:

Version 0.0.1-20250128 (2025-01-28)

Summary: Initial release of the specification.

Appendix B: Conformance Testing

This appendix is a work in progress. All feedback is welcome.

Conformance Testing is an interoperabilty testing process, performed by executing and passing test cases (Test Matrix).

The goal of this process is to assess the interoperability between host systems, and to which extend an individual host system implements this specification.

The process is structured by a set of test cases (Test Cases), with categories Mandatory Tests and Recommended Tests (also see Test Matrix).

Within the process, host systems have different roles:

  1. the host system executing tests, which in this role is called the tester host system,

  2. the host system under test, which in this role is called the target host system.

A target host system has successfully passed the Conformance Testing if it passed all Mandatory Tests.

Note: It is recommended to perform the Conformance Testing process as a bilateral testing process, wherein two parties mutually test each other’s host systems as a target host system and a tester host system:

Note: It is RECOMMENDED for the parties to also test and document the results from running Recommended Tests.

Test Matrix

Categorization Tests
Mandatory Tests Test Case 001: AuthEndpoint Discovery
Test Case 002: Successful Authentication
Test Case 005: Action OpportunityExchange without Limit
Recommended Tests Test Case 003: Authentication with Invalid Credentials
Test Case 004: Malformed Authentication Request
Test Case 006: Action OpportunityExchange Pagination
Test Case 007: Action OpportunityExchange with Malformed Limit
Test Case 008: Action OpportunityExchange with Invalid Token
Test Case 009: Action OpportunityExchange with Expired Token
Test Case 010: Malformed OpportunityExchange Request
Pilot Testing Test Matrix

Test Cases

Although both host systems are tested in bilateral testing, only one of them is the target of the tests at each time.

Bilateral testing MUST include the following tests (and MAY include additional tests):

Test Case 001: AuthEndpoint Discovery

Tests the target host system’s ability to have a discoverable AuthEndpoint.

Request

A GET request must be sent to the target host system’s [Hostname]/.well-known/openid-configuration endpoint.

Expected Response

A valid OpenId Provider Configuration Document (conforming to [OPENID-CONNECT] Section 4) MUST be returned. The value of the token_endpoint property MUST be a valid URL, offering Action Authenticate.

Test Case 002: Successful Authentication

Tests the target host system’s ability to authenticate a data recipient.

Request

A POST request must be sent to the target host system’s AuthEndpoint with valid credentials as per the syntax specified in § 6.2.2.1 Request Syntax.

Expected Response

The target host system MUST respond with StatusCode 200 OK and a JSON body containing the access token, as specified in § 6.2.2.2 Response Syntax.

Test Case 003: Authentication with Invalid Credentials

Tests the target host system’s ability to handle invalid credentials during authentication.

Request

A POST request must be sent to the target host system’s AuthEndpoint with invalid credentials as per the syntax specified in § 6.2.2.1 Request Syntax.

Expected Response

The target host system MUST respond with an error response, as specified in § 6.2.2.2 Response Syntax.

The StatusCode SHOULD be 401 Unauthorized and the code property SHOULD be Unauthorized. The message property CAN be any human-readable error message (e.g., "Invalid credentials").

Test Case 004: Malformed Authentication Request

Tests the target host system’s ability to handle malformed authentication requests.

Request

A POST request must be sent to the target host system’s AuthEndpoint with a malformed request (e.g., missing grant-type).

Expected Response

The target host system MUST respond with an error response, as specified in § 6.2.2.2 Response Syntax.

The StatusCode SHOULD be 400 BadRequest and the code property SHOULD be BadRequest. The message property CAN be any human-readable error message (e.g., "Malformed request").

Test Case 005: Action OpportunityExchange without Limit

Tests the target host system’s ability to return Opportunity data without a Limit.

Request

A GET request must be sent to the target host system’s [Subpath]/1/opportunities endpoint without a limit parameter.

Expected Response

The target host system MUST respond with StatusCode 200 OK and a valid JSON body containing the Opportunity data, as specified in § 6.3.3 Response Syntax. The Link header MAY be present.

Test Case 006: Action OpportunityExchange Pagination

Tests the target host system’s ability to paginate Opportunity data.

Request

A GET request must be sent to the target host system’s [Subpath]/1/opportunities endpoint with a limit parameter, requesting less Opportunity data than available.

Expected Response

The target host system MUST respond with StatusCode 200 OK and a valid JSON body containing a subset of the Opportunity data available, as specified in § 6.3.3 Response Syntax. The Link header MUST be present and conform to the pagination rules specified in § 6.3.1 Pagination.

Upon calling the pagination link, the target host system MUST return the next subset of the Opportunity data available. Upon calling the same link again, the target host system MUST return the same subset of Opportunity data.

Test Case 007: Action OpportunityExchange with Malformed Limit

Tests the target host system’s ability to handle a malformed limit parameter.

Request

A GET request must be sent to the target host system’s [Subpath]/1/opportunities endpoint with a malformed limit parameter (e.g., the value is not a positive integer or limit is misspelled).

Expected Response

The target host system MUST respond with an error response, as specified in § 6.3.3 Response Syntax. The StatusCode SHOULD be 400 BadRequest and the code property SHOULD be BadRequest. The message property CAN be any human-readable error message (e.g., "Malformed limit parameter").

Test Case 008: Action OpportunityExchange with Invalid Token

Tests the target host system’s ability to handle an invalid access token.

Request

A GET request must be sent to the target host system’s [Subpath]/1/opportunities endpoint with an invalid access token.

Expected Response

The target host system MUST respond with an error response, as specified in § 6.3.3 Response Syntax. The StatusCode SHOULD be 401 Unauthorized and the code property SHOULD be Unauthorized. The message property CAN be any human-readable error message (e.g., "Invalid token").

Test Case 009: Action OpportunityExchange with Expired Token

Tests the target host system’s ability to handle an expired access token.

Request

A GET request must be sent to the target host system’s [Subpath]/1/opportunities endpoint with an expired access token.

Expected Response

The target host system MUST respond with an error response, as specified in § 6.3.3 Response Syntax. The StatusCode SHOULD be 401 Unauthorized and the code property SHOULD be Unauthorized. The message property CAN be any human-readable error message (e.g., "Expired token").

Test Case 010: Malformed OpportunityExchange Request

Tests the target host system’s ability to handle malformed requests to the [Subpath]/1/opportunities.

Request

A GET request must be sent to the target host system’s [Subpath]/1/opportunities endpoint with a malformed request (e.g., missing authorization header).

Expected Response

The target host system MUST respond with an error response, as specified in § 6.3.3 Response Syntax. The StatusCode SHOULD be 400 BadRequest and the code property SHOULD be BadRequest. The message property CAN be any human-readable error message (e.g., "Malformed request").

Test Result Communications

It is recommended to send the conformance testing results to idx-interop-testing@sine.dev.

Index

Terms defined by this specification

References

Normative References

[OPENID-CONNECT]
OpenID Connect Discovery 1.0 incorporating errata set 1. URL: https://openid.net/specs/openid-connect-discovery-1_0.html
[RFC6749]
D. Hardt, Ed.. The OAuth 2.0 Authorization Framework. October 2012. Proposed Standard. URL: https://www.rfc-editor.org/rfc/rfc6749
[RFC6750]
M. Jones; D. Hardt. The OAuth 2.0 Authorization Framework: Bearer Token Usage. October 2012. Proposed Standard. URL: https://www.rfc-editor.org/rfc/rfc6750
[RFC8288]
M. Nottingham. Web Linking. October 2017. Proposed Standard. URL: https://httpwg.org/specs/rfc8288.html
[RFC9112]
R. Fielding, Ed.; M. Nottingham, Ed.; J. Reschke, Ed.. HTTP/1.1. June 2022. Internet Standard. URL: https://httpwg.org/specs/rfc9112.html
[RFC9562]
Davis, K.; Peabody, B.; Leach, P.. Universally Unique IDentifiers (UUIDs). URL: https://www.rfc-editor.org/rfc/rfc9562.html

Issues Index

This property is yet critically underdefined for all of above items of the enumeration.