Open banking information for developers

Key information about ANZ’s open banking services, such as available API endpoints, service parameters and data requirements.

Building open banking in New Zealand

ANZ is a member of the Payments NZ API Centre. We are supporting the industry-led approach to build secure open banking services in New Zealand using API standards. The details on this page should be read in conjunction with the API Centre’s documentation.

ANZ’s open banking services

ANZ Payment Requests

The ANZ Payment Requests service has been built to the API Centre Payment Initiation API Standard v2.1.3 and enables customers to initiate and consent to one-off payments through an ANZ approved third party.


ANZ Data Sharing

The ANZ Data Sharing service has been built to the API Centre Account Information API Standard v2.1.3 and enables customers to initiate and consent to data sharing requests through an ANZ approved third party.

Available API endpoints

The following API endpoints are available through ANZ.


Authentication endpoints

ANZ supports a decoupled authentication flow and a redirect authentication (hybrid) flow into the ANZ goMoney mobile app.

Endpoint

Well known endpoints

GET /.well-known/openid-configuration

Public JWK

GET /identity/oauth/keys

Backchannel/CIBA authorize

POST /identity/oauth/bc-authorize

Hybrid authorize

GET/consent/authorisation

Introspect endpoint

POST /identity/oauth/introspect

Revoke endpoint

POST /identity/oauth/revoke

Token endpoint

POST /identity/oauth/token



Payment initiation endpoints

ANZ only supports domestic payment consents and does not support enduring payment consents.

Endpoint

Domestic payment consents

POST /domestic-payment-consents

Domestic payment consents

GET /domestic-payment-consents/{ConsentId}

Domestic payments

POST /domestic-payments

Domestic payments

GET /domestic-payments/{DomesticPaymentId}

Domestic payments

GET /domestic-payments/{DomesticPaymentId}/debtor-account



Account information endpoints

Endpoint

Account access consents

POST/account-access-consents

Account access consents

GET/account-access-consents/{ConsentId}

Account access consents

DELETE/account-access-consents/{ConsentId}

Accounts

GET/accounts

Accounts

GET/accounts/{AccountId}

Balances

GET/accounts/{AccountId}/balances

Transactions

GET/accounts/{AccountId}/transactions

Masked credit card number format: 1234-****-****-5678

Additional data requirements

ANZ has implemented the mandatory fields and requires use of the following optional fields:

Required field

Authorisation hint

Mobile number

Request header

Customer IP address

Request header

Customer agent

Risk

Merchant customer identification

Risk

Merchant category code

Risk

Merchant name

Risk

Merchant NZBN

Tracking

x-fapi-interaction-id

Restrictions

The ANZ Payment Requests and Data Sharing services are operated on the basis that a third party will undertake its activities within the following parameters:


For all services

ANZ implementation scope

Authentication

ANZ goMoney mobile app using the decoupled or redirect (hybrid) authentication flow.

Authorisation hint

ANZ supports the use of a customer’s verified mobile number.

Eligibility

Active ANZ customer and at least 18 years of age.



For Payment Requests

ANZ implementation scope

Eligible debtor account

Everyday transaction account with payment authority and funds for the payment (includes business accounts).

Accounts which require two or more signatories to authorise a payment are not eligible.

To approve payments

Seven-minute expiry time for the customer to approve the payment after the consent creation.

Payment types

One-off payments to businesses for payments of goods and services only.

Domestic payment timeframe

Third party must execute payment within 10 seconds of customer approval, but no more than 30 seconds.

Domestic payment

Payment status will be provided synchronously as part of payment execution.



For Data Sharing

ANZ implementation scope

Eligible data sharing accounts

Everyday transaction account, savings account, credit card, loan or term deposit account.

The customer authorising the data sharing consent must have account ownership authority or equivalent.

To approve consents

10 minute expiry time for the customer to approve the data sharing request after the consent creation.

Data sharing use cases

Data can only be used for the specific purpose that the customer has given express and informed consent for. 

Any change in purpose would require the customer to provide a new express and informed consent.

Individual consents must be created for each customer proposition and purpose.

Fair usage: ANZ has API rate limiting in place to protect API stability and performance for consumers.

Payment request and data sharing testing

The API Centre provides a testing sandbox for registered third party Standards Users or Community Contributors

When a third party is approved by ANZ they will be provided with access to ANZ’s pre-production environment and production as part of testing readiness activities.

For more information

For more information, email us at open@anz.com.

To find out more about open banking API Standards contact the API Centre