Open banking information for developers
Key information about ANZ’s open banking services, such as available API endpoints, service parameters and data requirements.
Building open banking in New Zealand
ANZ is a member of the Payments NZ API Centre. We are supporting the industry-led approach to build secure open banking services in New Zealand using API standards. The details on this page should be read in conjunction with the API Centre’s documentation.
ANZ’s open banking services
ANZ Payment Requests
The ANZ Payment Requests service has been built to the API Centre Payment Initiation API Standard v2.1.3 and enables customers to initiate and consent to one-off payments through an ANZ approved third party.
ANZ Data Sharing
The ANZ Data Sharing service has been built to the API Centre Account Information API Standard v2.1.3 and enables customers to initiate and consent to data sharing requests through an ANZ approved third party.
Available API endpoints
The following API endpoints are available through ANZ.
Authentication endpoints
ANZ supports a decoupled authentication flow and a redirect authentication (hybrid) flow into the ANZ goMoney mobile app.
Endpoint | |
|---|---|
Well known endpoints | GET /.well-known/openid-configuration |
Public JWK | GET /identity/oauth/keys |
Backchannel/CIBA authorize | POST /identity/oauth/bc-authorize |
Hybrid authorize | GET /consent/authorisation |
Introspect endpoint | POST /identity/oauth/introspect |
Revoke endpoint | POST /identity/oauth/revoke |
Token endpoint | POST /identity/oauth/token |
Payment initiation endpoints
ANZ supports domestic payment consents. We expect to support enduring payment consents by 30 May 2025.
Endpoint | |
|---|---|
Domestic payment consents | POST /domestic-payment-consents |
Domestic payment consents | GET /domestic-payment-consents/{ConsentId} |
Domestic payments | POST /domestic-payments |
Domestic payments | GET /domestic-payments/{DomesticPaymentId} |
Domestic payments | GET /domestic-payments/{DomesticPaymentId}/debtor-account |
Account information endpoints
Endpoint | |
|---|---|
Account access consents | POST /account-access-consents |
Account access consents | GET /account-access-consents/{ConsentId} |
Account access consents | DELETE /account-access-consents/{ConsentId} |
Accounts | GET /accounts |
Accounts | GET /accounts/{AccountId} |
Balances | GET /accounts/{AccountId}/balances |
Transactions | GET /accounts/{AccountId}/transactions |
Masked credit card number format: 1234-****-****-5678
Additional data requirements
ANZ has implemented the mandatory fields and requires use of the following optional fields:
Required field | |
|---|---|
Authorisation hint | Mobile number |
Request header | x-fapi-customer-ip-address |
Request header | x-fapi-user-agent |
Risk | MerchantCustomerIdentification |
Risk | MerchantCategoryCode |
Risk | MerchantName |
Risk | MerchantNZBN |
Tracking | x-fapi-interaction-id |
Restrictions
The ANZ Payment Requests and Data Sharing services are operated on the basis that a third party will undertake its activities within the following parameters:
For all services
ANZ implementation scope | |
|---|---|
Authentication | ANZ goMoney mobile app using the decoupled or redirect (hybrid) authentication flow. |
Authorisation hint | ANZ supports the use of a customer’s verified mobile number. |
Eligibility | Active ANZ customer and at least 18 years of age. |
For Payment Requests
ANZ implementation scope | |
|---|---|
Eligible debtor account | Everyday transaction account with payment authority and funds for the payment (includes business accounts). Accounts which require two or more signatories to authorise a payment are not eligible. |
To approve payments | Seven-minute expiry time for the customer to approve the payment after the consent creation. |
Payment types | One-off payments to businesses for payments of goods and services only. |
Domestic payment timeframe | Third party must execute payment within 10 seconds of customer approval, but no more than 30 seconds. |
Domestic payment | Payment status will be provided synchronously as part of payment execution. |
For Data Sharing
ANZ implementation scope | |
|---|---|
Eligible data sharing accounts | Everyday transaction account, savings account, credit card, loan or term deposit account. The customer authorising the data sharing consent must have account ownership authority or equivalent. |
To approve consents | 10-minute expiry time for the customer to approve the data sharing request after the consent creation. |
Data sharing use cases | Data can only be used for the specific purpose that the customer has given express and informed consent for. Any change in purpose would require the customer to provide a new express and informed consent. Individual consents must be created for each customer proposition and purpose. |
Fair use: ANZ has API rate limiting in place to protect API stability and performance for consumers.
Pricing for Payment Requests and Data Sharing
These fees are for approved third parties, based on a principle of recovering direct costs for open banking services.
ANZ customers are not charged by ANZ for any open banking services.
To support the development of open banking in New Zealand, ANZ currently waives all Data Sharing, onboarding, and minimum monthly fees for 12 months from the date that a third party’s service using Payment Requests or Data Sharing is first live and available to ANZ customers.
Payment Requests fees (no fee waiver)
Fee | |
|---|---|
One-off payment (v2.1 payments) | $0.05 per payment |
Enduring payments (v2.3 payments) | TBC |
Data Sharing fees (currently waived for 12 months)
Fee | |
|---|---|
Consent approval fee* | $1.00 |
Account access consents endpoint, per successful API request** | Free |
Accounts, Balances and Party endpoints, per successful API request** | 0.1c each |
Transactions and Statements endpoints, per successful API request** | 1c each |
*Consent approval fee is only charged the first time a customer approves a Consent to a Business; subsequent consents to the same Business are free.
**Successful API Request means the successful provision of Data to a Third Party by ANZ in response to Data Sharing Retrieval Request. When ANZ has paginated data, requests to retrieve additional pages are considered part of the initial Data Sharing Retrieval Request that created the paginated response.
Third party fees (currently waived for 12 months)
Fee | |
|---|---|
Onboarding fee* | $30,000 |
Minimum monthly fee** | $2,500 |
*Charged when a third party is onboarded by ANZ and enabled in a production environment, to recover costs related to contracting, due diligence, security assessment, and technical onboarding. Note: This fee isn’t currently charged due to ANZ’s 12-month fee waiver.
**Represents the minimum a third party will pay in any month. If total fees for Payment Requests and/or Data Sharing is higher, this fee will not apply.
If a future centralised accreditation model reduces costs on ANZ to establish and maintain third party relationships, we expect to reduce these fees in response.
Payment request and data sharing testing
The API Centre provides a testing sandbox for registered third party Standards Users or Community Contributors.
When a third party is approved by ANZ they will be provided with access to ANZ’s pre-production environment and production as part of testing readiness activities.
For more information
For more information, email us at open@anz.com.
To find out more about open banking API Standards contact the API Centre.