The Response Headers section states that Content-Type is a mandatory header for all endpoints except for a couple of GETs. However, what happens when the endpoint is a DELETE, with no content returned apart from the HTTP 204 No Content?
Steps to reproduce
n/a
Impact
EITHER:
We have to respond with Content-Type: application/json (for which an empty string is not valid)
OR:
We have to drop the header which is against the mandatory specification.
Issue
Two people within our organisation have provided an independent interpretation of the following section of the specification:
https://openbanking.atlassian.net/wiki/spaces/DZ/pages/1000702294/Read+Write+Data+API+Specification+-+v3.1.1#Read/WriteDataAPISpecification-v3.1.1-ResponseHeaders
The Response Headers section states that Content-Type is a mandatory header for all endpoints except for a couple of GETs. However, what happens when the endpoint is a DELETE, with no content returned apart from the HTTP 204 No Content?
Steps to reproduce
n/a
Impact
EITHER: We have to respond with Content-Type: application/json (for which an empty string is not valid) OR: We have to drop the header which is against the mandatory specification.
Workaround
For now, we have had to go with this: https://openbanking.atlassian.net/wiki/spaces/DZ/pages/999819676/Account+Access+Consents+v3.1.1#AccountAccessConsentsv3.1.1-DeleteAccountAccessConsent
... which is a clear example of DELETE with no Content-Type in the response.
Submitted as OBSD-8245