Upgrading to v3.0

What's new

Unbundling of services

A number of new services will be introduced to allow flexibility for partners. In order to do this the following attributes are no longer returned from their original endpoints - so stay tuned for exciting new uses for this data.

  • Connection: connection.profile
  • Accounts: account.class.meta
  • Transactions: transaction.subClass ....for payment transactions, affecting only non-Enrich partners

Consent and CDR

There have been some fundamental changes to how the Basiq platform manages consent and data governance for our partners. This have largely been due to the rules defined in the CDR Open Banking Australian Government legislation. Although the CDR requirements and architecture are complex, Basiq has been able to abstract that complexity away, leaving just a few key areas for partners to consider. Major changes can be seen in the following areas:

  • Consent definition - Partners need to define their Consent Policy which will determine the consent agreement with their Consumers.

  • Institutions: There are now two methods of connecting financial institutions: Digital Data Capture and Open Banking. For each institution partners will now need to configure which data connection method to use via the dashboard.

  • Consent UI: CDR has mandated a very detailed and granular consent model. The Basiq platform simplifies the consent process by providing a Consent UI for our partners to use in their applications. Basiq also provides a consumer consent management solution.

  • Data Governance: CDR has strict rules around how the granular consent is applied to data persisted both in the Basiq and in our Partner platforms. Basiq provides a fully managed data governance solution.

  • Open Banking data: In order to access Open Banking data our partners need to work with Basiq to enable one of the access models available under CDR. Only once this is done can our Partners fully unlock the potential of the Basiq API 3.0 and Open Banking. More information to come around the different access models...

📘

Upgrading to v3.0 does not automatically enable you for Open Banking data access

Partners are able to upgrade to access v3.0 of the API without being enabled for Open Banking. If you would like to be enabled for Open Banking please reach out to [email protected] where the team can assist in registering your application.

Migrating to 3.0

In order to help existing partners easily migrate to v3.0, and to minimise the technical maintenance across two systems, Basiq will upgrade all partners data to ensure that it is inline with the new data model requirements. This includes the creation of application policies and user consents.

All existing partners will have their data structures updated to be compatible with API 3.0

Basiq will ensure that the existing implied user consents will be used to generate the following:

  • Creation of a consent policy per application: Creating a consent Policy object for each application fitting the new consent schema

  • Creation of a consent record per user: Creating a user consent object for each user fitting the new consent schema

  • Update application records to incorporate new attributes e.g. A displayName for each Application generated from the existing Partner Name.

UI updates

For v3.0 of the API, partners are required to redirect their users to the Basiq Consent UI for them to provide consent and create new connections instead - they will not be able to do this using the API. See our User Consent UI for more information.

Data governance

Notification services are critical to ensuring that all the parties (Basiq and Partners) adhere to and respect the user consent. To assist parties in adhering to the granted consent - Basiq provides a series of notification services that will inform partners when there is a change of state with the consent object. Partners are required to provide Basiq with an event web-hook to receive these event notifications and provide it in their application configuration.

Step by step guide

Dashboard

1. Head to the Basiq dashboard and navigate to the edit tab for the application you are upgrading. Here you will see a toggle to "Enable Basiq 3.0". Switch this toggle on.

 
2. Once you've enabled 3.0, there will be new fields and tabs available for you to complete. These all relate to the new Consent UI, and will determine what is rendered to your end users, so it's important to carefully consider what you enter.

 

New fields

Brand name

The product or brand name your users are familiar with

Redirection URL

The URL you would like your users to be redirected to on completing their bank connections

Notification URL

The callback url for your application to receive notifications about any data governance events. Read more about our approach to Data Governance here

Header Image

Your products brand image that will be presented to the end user when they view the Consent UI

3. Navigate to the Consent Policy tab. Here you will see a pre-filled, generic consent policy which your user will be presented with when they connect their accounts. Consider what you update here carefully as any changes will not apply to existing customers until they re-consent.

 
4. Navigate to the Institutions tab. This is where you are able to decide which institutions you will offer to your end user, and by which method (Open Banking or Web Connectors) once you are enabled for access to Open Banking data. By default you will have all Institutions selected.

 
5. Once you have configured everything via the dashboard you can click save and you are ready to implement application changes.

Code changes

6. Update all of your /token requests to include the new version in the header.

POST /token HTTP/1.1
Host: au-api.basiq.io
Authorization: Basic YOUR_API_KEY
Content-Type: application/x-www-form-urlencoded
basiq-version: 3.0
Content-Length: 19

scope={SCOPE}

7. Update your applications UI to accomodate the new Consent UI. If you are using the previous Simple UI (our npm package) you will just need to trigger a window redirect instead of rendering the old component. You will need to include the client token (which should now also be bound to the userId - see previous step), and the userId is an optional parameter.

// Redirect to the external Basiq Consent UI to connect
  async function goToConsent(action = null) {
    let userId = sessionStorage.getItem("userId")
    const token = await getClientToken(userId);
    window.location = (`https://consent.basiq.io/home?userId=${userId}&token=${token}&action=${action}`);
  }

<Button onClick={goToConsent}>Connect your accounts</Button>

When your user has finished with connecting their institutions, they will be redirected back to the URL defined in your dashboard back in step 2, and from there you will be able to access their financial data as normal.


Did this page help you?