This icon () tells you which link takes you to the new site.
Access to web services is over the internet. Security is applied in stages and layers to keep our systems and customer information safe.
The following security protocols apply when using our gateway services:
|Transport layer encryption||TLS||1.2|
|Digital certificates for mutual authentication||X.509||RFC 5280 profile|
At a network level access to our services is restricted to approved providers. This includes access to our test environments.
A TLS (SSL) mutual authentication using the TLS 1.2 specification is applied across all gateway services in PROD and QUAL environments.
In the mock services environment, TLS mutual authentication is not used but IP address white listing is applied.
Desktop providers must connect through one-way TLS. No client side X509 certificates required.
Most gateway service requests are access-controlled using an OAuth token. This token identifies who is making the request. You will need to authenticate using your myIR Secure Online Services logon details.
For web service requests an OAuth token is required in the HTTP header.
Authorisation to use gateway services is defined in the myIR permissions.
Note: if a user does not have permission to file a return online, they will not be able to file a return via gateway services. This applies to users who are granted access as staff inside an organisation or as staff in a tax agency.
Identity and access service