Seth Traverse avatar image
Seth Traverse asked

500 error with Sample SPI. Is project README out of date?

Either the README in ffdc-sample-spi GitHub project or the supplied postman collection is outdated. I do not see the "APIM fetch token" call. My options are: "Call sample-spi with valid date" and "Call sample-spi with invalid date".

Undeterred, I tried using Postman's built in Authentication - OAuth2 Client credentials and the "Token URL" listed in the API explorer

I can successfully get a token, which gets stored in the Authorization header as a Bearer token:

1653429122022.pngWith my variables filled out as written in the README:


At this point I get an error 500 when making the calls included in the collection:

    "statusCode": 500,
    "message": "Internal server error",
    "activityId": "fcc82f1d-c971-4050-a779-a67a9f948bbf"

My sample-spi-url is accessible on the internet behind an nginx proxy with a valid SSL certificate. It is the same URL I have configured in my App settings through the dashboard. I can navigate in my browser to the SPI server successfully. However, when running the call through postman, no connection to the SPI server is ever attempted before or after I get the 500 response. The web server logs verify this.

I know there was a question about this asked last year Sample SPI Developer Portal dev testing - error 500 but I think my post / question has a bit more detail than I could fit into a comment there.

I suppose this is multiple questions in one post. Really they are:

1. Are either the postman collection or project README outdated?

2. Is my understanding / approach correct? That is, the fusion fabric cloud should make a secondary call to my public web server when I call the APIMUrl through postman?

3. What is causing this 500 error?

1653429122022.png (85.1 KiB)
1653429266253.png (62.3 KiB)
1 comment
10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Ben C. avatar image Ben C. ♦♦ commented ·

Hi Seth,

Thank you for reaching out to FFDC Community Support, and the detailed post. We are investigating this issue you raised and will follow up with you here as soon as we have more information.

Regards, Ben

0 Likes 0 ·

1 Answer

Ben C. avatar image
Ben C. answered

Hi Seth,

We wanted to follow up with you on this issue, and make sure you had what you needed here. I know while we were investigating this in FFDC Platform Support, there was also an email chain discussing this issue with the Finastra Partnership Enablement team.

I am posting the answer that was given to you in the email in case anyone else has the same issue, or you wanted to follow up here with anything further:

Here are some points for your reference to consider while you implement/test the SPIs:

  1. While testing the SPI implementation hosted at your end, replace { {APIM}} with the base URL mentioned in the application. For example: https://{base-url}/payment/fraud/v1/fraud-risk-analysis Please make sure to follow the request/response payload structure as given in any SPI specification documentations

  2. When there will be a contract with FI, we will do the needful to set up tenant, backend instance, and consent.

  3. FI’s application will complete the authorization process to retrieve the token and send a request as “”

  4. server will check the fintech application for which consent has been granted for the request-making bank’s tenant and redirect the request to the base URL as registered in the fintech application.

  5. To validate the received request, fintech application needs to check certain fields from the token such as “tenant”, “audience” and “issuer”. For details regarding validation required for the access token claims, please check the documentation below:

  6. Post validating the request, the application will process the request and provide a response. It is expected that fintech shall send back the response in structure as given in any SPI specification documentations.



10 |600

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.