Application Programming Interface (API) for Reportable Situations

This page provides documents and information for licensees and their agents on how to access the ASIC Reportable Situations API.

The API provides a machine-to-machine interface solution for high-volume organisations to submit reportable situation transactions. The API will assist licensees in lodging the ‘Submit or update reportable situation by licensee (includes updating a breach report)’ transaction and in particular, replicates the ‘notifying of a reportable situation’ pathway.

The API does not accept breach reports or updates to breach reports under the old breach reporting regime that was in place prior to October 2021 (the ‘providing an update about a breach report where the breach/likely breach occurred prior to October 2021’ pathway).

To find out more about reportable situations visit Reportable situations for AFS and credit licensees.

Technical Details

Development of this interface has been guided by the Design Standards for Whole of Australian Government (WoAG) Application Programming Interfaces (APIs). Refer to

This is a RESTful API service called over HTTPS and managed on API Gateway connecting to a collection of ASIC-Internal backend services that create the reportable situation.

There is a single endpoint URI for the client to call to create a reportable situation transaction. The single API endpoint request method is POST.

JSON is the standard used for transferring data to and from client and server sides (Header Content-Type = application/json). Payload requests sent by entities and server responses will be made using JSON.

The API conforms to REST architecture noting the following:

  1. Client-server separation: Clients and servers can evolve independently and are not in any way coupled together, given that the interface (Swagger Doc) is unchanged. If any changes arise, they are communicated as an updated version.
  2. Stateless requests: Server side does not store any context that links multiple consecutive API requests.
  3. Resource Identifiers: Use of nouns for endpoint paths. The endpoint path for this API will be /v1/createReportableSituation.

More details can be found in the ASIC Reportable Situation API Specification Version 1.4 (Word 1.2 MB).


Before requesting access to the API, interested parties should review the following documents:

Before applying for access to the API, users should have developed their API and be ready to test. Test access is for a limited time and those not ready may not be approved.

To apply for access to the API, interested parties will need to complete the following steps:


ASIC also offers a range of other APIs for Digital Service Providers (DSPs) to directly connect with the ASIC registers. For more information about those APIs, visit Application Programming Interfaces (APIs) for Digital Service Providers (DSPs).

What is an ASIC key?

Your ASIC key is a unique number used in ASIC Connect that helps us establish your identity and protects your business information by making sure only you and those you have authorised can access it.

Learn more about ASIC keys

What is a corporate key?

A corporate key is an 8-digit number uniquely associated with a company’s ACN. Your company needs only one corporate key.

Learn more about corporate keys

What is an invitation key?

An invitation key is a unique key to register for, or connect to an entity in, the ASIC Regulatory Portal.

Learn more about invitation keys 

What is an industry funding security key?

Your industry funding security key is a unique number used to launch an online transaction in the ASIC Regulatory Portal that will enable us to calculate your final industry funding invoice. You will be prompted to submit business activity metric information on the operation of your business in the previous financial year.

Learn more about industry funding security keys

Last updated: 04/05/2023 04:00