About this list

This page provides brief explanations of commonly used terms in the Consumer Data Right. Many of the terms used on the performance dashboard are also explained on this page.

Term Explanation

Accredited Data Recipient (ADR)

A legal entity that can receive a consumer’s data under the Consumer Data Right and use that data to provide the consumer with goods and services with the consumer’s consent.

ADRs must meet strict criteria to be accredited by the ACCC.

Application Programming Interface (API)

A common interface or intermediary that enables two or more software applications to communicate with each other and exchange data. APIs are a structured way to represent data stored in a database.

The Data Standards specify the APIs through which data holders offer consumer data to ADRs.

API endpoint

A virtual gateway, URL or web address that allows different software applications to communicate and exchange data with each other.

Data holders implement API end points to allow ADRs to access consumer data.

API Invocation

A request or ‘call’ by one software application for specific information from another application using an API.

ADRs use API invocations to request consumer data from data holders.

The ‘API Invocation’ metric measures the total number of API calls made by ADRs to data holders in each performance tier over time.

Availability rate

A metric that measures how frequently a data holder’s API end points are available to service consumer data requests from ADRs and deliver consistent and reliable access to consumer data in response.

Average Response [Time]

A metric that measures how long it takes for a data holder’s API end point to respond to an API invocation from an ADR. Factors such as data latency and timeouts can impact the accuracy of this metric.

This time is measured in seconds, at millisecond resolution, at each performance tier.


CDR brand refers to the brand name of a data holder registered in the CDR Register. Brands help to identify the different products offered by data holders within the same sector (e.g. business banking products and retail banking products) and across different sectors (e.g. banking products and energy products).

Term Explanation

Consumer Data Right (CDR)

The Consumer Data Right is an opt-in service giving consumers the choice about whether to share their data with full visibility of who it's being shared with and the purpose for sharing it.

Consumer Data Right Rules

Competition and Consumer (Consumer Data Right) Rules 2020 (Cth)

Consumer Consents

A consent is a  permission given by a consumer to an ADR to collect, use and disclose their data.

The ‘Consumer Consents’ metric records the total number of active consumer consents that are present with a data holder.

Data Holder (DH)

A legal entity that holds a consumer’s data – for example, a financial institution, such as a bank, that holds a consumer’s account information, or a utility company that holds a consumer's energy usage data.

Data holders are subject to data sharing obligations under the CDR Rules.

Data Standards

The Consumer Data Standards are standards that data holders and ADRs must follow. They are available at consumerdatastandardsaustralia.github.io/standards


An error is an error response that an ADR may encounter when calling an API offered by a data holder. Errors include client-side problems, server-side problems and authentication issues.

Errors typically arise where an ADR uses incorrect syntax to request customer information.

An error response can include an HTTP status code, such as “500 Internal Server Error”, which indicates that the relevant server was unable to process the request due to an internal server error.

The ‘Error’ metric details the total number of API end point calls that resulted in error due to server execution over time.

Term Explanation

High Priority API

The high priority APIs defined in the Data Standards include:

In the banking sector:

  • Get Accounts

In the energy sector:

  • Get Accounts
  • Get Account Detail
  • Get Balance For Account
  • Get Invoices For Account

Across both the banking and energy sectors:

  • Get Customer
  • Get Customer Detail

Invalid data

A value that records where performance or availability information provided by a data holder does not meet the validation criteria.

Large Payload API

An API call which is capable of returning a large data response that would reasonably impose higher data retrieval times on the resource server. Typically, API calls that are made to bulk request API end points.

The large payload APIs defined in the Data Standards include any unattended calls to the following end points:

In the banking sector:

  • Get Bulk Direct Debits
  • Get Direct Debits For Specific Accounts

In the energy sector:

  • Get Bulk Billing
  • Get Billing For Specific Accounts

Legal Entity

A legal person (an individual, company, other incorporated body or government entity).

Low Priority API

The low priority APIs defined in the Data Standards include:

In the banking sector:

  • Get Account Detail
  • Get Account Balance
  • Get Bulk Balances
  • Get Balances For Specific Accounts
  • Get Transactions For Account
  • Get Transaction Detail
  • Get Payees
  • Get Payee Detail
  • Get Direct Debits For Account
  • Get Scheduled Payments For Account
  • Get Scheduled Payments Bulk
  • Get Scheduled Payments For Specific Accounts

In the energy sector:

  • Get Agreed Payment Schedule
  • Get Concessions
  • Get Bulk Balances
  • Get Balances For Specific Accounts
  • Get Bulk Invoices
  • Get Invoices For Specific Accounts
  • Get Billing For Account
Term Explanation

No Data Provided

A value in the Performance Dashboard that records where a data holder has not provided any data or valid data on performance or availability.

Peak Transactions per Second

A performance metric for the maximum number of data transfers processed by a data holder in a single second over a given period, typically a day. It is used to evaluate the processing power and scalability of a data holder’s systems.

Recipient Count

The number of ADRs with active consumer consents at the time of an API call.

Session Count

A session is defined as the life span of a unique Access Token. Multiple API requests made with a single, valid, Access Token during its life span are considered part of a single session.

The ‘Session Count’ metric records the number of sessions over time.

To Validate

A value indicating that performance or availability data was received from a data holder outside of the expected range.

Transactions per second (TPS)

A performance metric that measures how many data requests an API offered by a data holder can handle and process within one second averaged over a given period, typically a day.

Unattended API

An API request made by an ADR ‘offline’ – i.e. a request that is not in direct response to interactions by the end customer. Unattended API requests are often made to support batch or pre-processing – for example, an accounting package may request data about previous day transactions overnight to allow for automatic posting.

Unauthenticated API

An API request made by an ADR to an API end point that the Data Standards deem to be publicly available (i.e. that is accessible without performing any authentication or authorisation actions).