Make a payment
Software providers Kaiwhakarato Pūmanawa Rorohiko

What you need to know to integrate with us

To integrate with our gateway services you need to understand the following information.

SOAP API architecture

Our gateway services use the SOAP API architecture.

You will need to undertake SOAP web service development and testing using:

  • request and response operations
  • xsd schemas and wsdl.

Find out more about our operations and message structure

Identity and access service

You will need to be able to:

  • get and set up a TLS (SSL) connection client side X509 certificate for web service client connections in test and production (primarily for Cloud originating connections)
  • complete OAuth2 integration
  • identify internet-facing IP addresses that SOAP requests will come from
  • apply X509 client certificates for client side of TLS mutual authentication for all connection requests
  • do a local network trace to see exactly what has been sent and received, including HTTP headers and ideally a TLS handshake.

For services relating to SFTP related set up, you may need to:

  • exchange SSH keys
  • exchange PGP keys for file signing and encryption
  • make firewall changes to open incoming ports
  • apply PGP decryption, validation, encryption and signing depending on specific integration.

Identity and access roles

Party Requirement Description
Inland Revenue Provide public certificate for mutual TLS Inland Revenue's public X.5.9 certificate to support TLS is provided as part of connectivity testing.
Software provider Get a X.509 certificate from a certificate authority for the test and production environments. Required when using mutual TLS with cloud-based software providers.

Identity and access software development kit (SDK)