Skip to main content

Budget 2024: The Government has announced FamilyBoost, a proposed new childcare payment to help eligible families with the rising costs of Early Childhood Education (ECE). Find out more:

Identity and access service

You'll need to be able to:

  • get and set up a TLS (SSL) connection client side X509 certificate for web service client connections in test and production (primarily for Cloud originating connections)
  • complete OAuth2 integration
  • identify internet-facing IP addresses that SOAP requests will come from
  • apply X509 client certificates for client side of TLS mutual authentication for all connection requests
  • do a local network trace to see exactly what has been sent and received, including HTTP headers and ideally a TLS handshake.

For services relating to SFTP related set up, you may need to:

  • exchange SSH keys
  • exchange PGP keys for file signing and encryption
  • make firewall changes to open incoming ports
  • apply PGP decryption, validation, encryption and signing depending on specific integration.

Identity and access roles

Party Requirement Description
Provide public certificate for mutual TLS Inland Revenue's public X.5.9 certificate to support TLS is provided as part of connectivity testing.
Get a X.509 certificate from a certificate authority for the test and production environments. Required when using mutual TLS with cloud-based software providers.

Identity and access

SOAP API architecture

Our gateway services use the SOAP API architecture.

You'll need to undertake SOAP web service development and testing using:

  • request and response operations
  • XSD schemas and WSDL.

Operations and message structure

Last updated: 28 Apr 2021
Jump back to the top of the page