Application Programming Interface (API) for Reportable Situations
This page provides documents and information for licensees and their agents on how to access the ASIC Reportable Situations API.
The API provides a machine-to-machine interface solution for high-volume organisations to submit reportable situation transactions. The API will assist licensees in lodging the ‘Submit or update reportable situation by licensee (includes updating a breach report)’ transaction and in particular, replicates the ‘notifying of a reportable situation’ pathway.
The API does not accept breach reports or updates to breach reports under the old breach reporting regime that was in place prior to October 2021 (the ‘providing an update about a breach report where the breach/likely breach occurred prior to October 2021’ pathway).
To find out more about reportable situations visit Reportable situations for AFS and credit licensees.
Technical Details
Development of this interface has been guided by the Design Standards for Whole of Australian Government (WoAG) Application Programming Interfaces (APIs). Refer to https://www.api.gov.au.
This is a RESTful API service called over HTTPS and managed on API Gateway connecting to a collection of ASIC-Internal backend services that create the reportable situation.
There is a single endpoint URI for the client to call to create a reportable situation transaction. The single API endpoint request method is POST.
JSON is the standard used for transferring data to and from client and server sides (Header Content-Type = application/json). Payload requests sent by entities and server responses will be made using JSON.
The API conforms to REST architecture noting the following:
- Client-server separation: Clients and servers can evolve independently and are not in any way coupled together, given that the interface (Swagger Doc) is unchanged. If any changes arise, they are communicated as an updated version.
- Stateless requests: Server side does not store any context that links multiple consecutive API requests.
- Resource Identifiers: Use of nouns for endpoint paths. The endpoint path for this API will be /v1/createReportableSituation.
More details can be found in the ASIC Reportable Situation API Specification Version 1.8 (Word 1.3 MB).
Access
Before requesting access to the API, interested parties should review the following documents:
- ASIC Reportable Situations API Specifications Version 1.8 (Word 1.3 MB)
- ASIC Reportable Situations API User Agreement (294 KB)
Before applying for access to the API, users should have developed their API and be ready to test. Test access is for a limited time and those not ready may not be approved.
To apply for access to the API, interested parties will need to complete the following steps:
- Developed the API in accordance with ASIC Reportable Situations API Specifications Version 1.8 (Word 1.3 MB).
- Complete an ASIC Reportable Situations API - Application Form (673 KB) and submit the form to ASIC for review at api.breach@asic.gov.au.
- Successful applicants will be provided with user credentials to the test environment and test scenarios
- The applicant will be required to conduct tests on the provided test scenarios. Once the applicant is satisfied with the test results, the test results are emailed to ASIC for review at api.breach@asic.gov.au.
- ASIC will provide successful applicants with the user credentials to the production environment of the API.
Other ASIC APIs
ASIC also offers a range of other APIs for Digital Service Providers (DSPs) to directly connect with the ASIC registers. For more information about those APIs, visit Application Programming Interfaces (APIs) for Digital Service Providers (DSPs).