Open banking information for developers
Key information about ANZ’s open banking services, such as available API endpoints, service parameters and data requirements.
Building open banking in New Zealand
ANZ is a member of the Payments NZ API Centre. We are supporting the industry-led approach to build secure open banking services in New Zealand using API standards. The details on this page should be read in conjunction with the API Centre’s documentation.
ANZ’s open banking services
ANZ Payment Requests
The ANZ Payment Requests service has been built to the API Centre Payment Initiation API Standard v2.1.2 and enables customers to initiate and consent to one-off payments through an ANZ approved third party.
Available API endpoints
The following API endpoints are available through ANZ.
Authentication endpoints
ANZ supports a decoupled authentication flow and a redirect authentication (hybrid) flow into the ANZ goMoney mobile app.
Endpoint | |
|---|---|
Well known endpoints | GET /.well-known/openid-configuration |
Public JWK | GET /identity/oauth/keys |
Backchannel/CIBA authorize | POST /oauth/v2.0/bc-authorize |
Hybrid authorize | GET/consent/authorisation |
Introspect endpoint | POST /identity/oauth/introspect |
Revoke endpoint | POST /identity/oauth/revoke |
Token endpoint | POST /identity/oauth/token |
Payment initiation endpoints
ANZ only supports domestic payment consents and does not support enduring payment consents.
Endpoint | |
|---|---|
Domestic payment consents | POST /domestic-payment-consents |
Domestic payment consents | GET /domestic-payment-consents/{ConsentId} |
Domestic payments | POST /domestic-payments |
Domestic payments | GET /domestic-payments/{DomesticPaymentId} |
Domestic payments | GET /domestic-payments/{DomesticPaymentId}/debtor-account |
Additional payment initiation data requirements
ANZ has implemented the mandatory fields and requires use of the following optional fields:
Required field | |
|---|---|
Authorisation hint | Mobile number |
Request header | Customer IP address |
Request header | Customer agent |
Risk | Merchant customer identification |
Risk | Merchant category code |
Risk | Merchant name |
Risk | Merchant NZBN |
Tracking | x-fapi-interaction-id |
Restrictions
The ANZ Payment Request service is operated on the basis that a third party will undertake its activities within the following parameters:
ANZ implementation scope | |
|---|---|
Authentication | ANZ goMoney mobile app using the decoupled or redirect (hybrid) authentication flow. |
Authorisation hint | ANZ supports the use of a customer’s verified mobile number. |
Eligibility | Active ANZ customer and at least 18 years of age. |
Eligible debtor account | Everyday transaction account with payment authority and funds for the payment (includes business accounts). |
To approve payments | Seven-minute expiry time for the customer to approve the payment after the consent creation. |
Payment types | One-off payments to businesses for payments of goods and services only. |
Domestic payment timeframe | Third party must execute payment within 10 seconds of customer approval, but no more than 30 seconds. |
Domestic payment | Payment status will be provided synchronously as part of payment execution. |
Fair usage: ANZ has API rate limiting in place to protect API stability and performance for consumers.
Payment request testing
The API Centre provides a testing sandbox for registered third party Standards Users or Community Contributors.
When a third party is approved by ANZ they will be provided with access to ANZ’s pre-production environment and production as part of testing readiness activities.
For more information
For more information, email us at open@anz.com.
To find out more about open banking API Standards contact the API Centre.