Migration checklist

Quick Guide to Upgrading to Basiq API 3.0

Key Updates

Consent & CDR Integration

With the release of Basiq API 3.0, we've aligned our platform with the CDR Open Banking regulations. While the CDR rules may seem complex, we've simplified the process to ensure a smooth transition for partners. Below are the main changes you need to be aware of:

  • Consent Policy: Partners must define their Consent Policy to establish a consent agreement with consumers.

  • Institutions: Two connection methods are now available for financial institutions: Digital Data Capture and Open Banking. You must configure which method to use for each institution via the dashboard.

  • Consent UI: The CDR requires a granular consent model. Basiq simplifies this with a Consent UI that partners can integrate into their applications, ensuring a smooth consent process for users.

  • Data Governance: The platform now supports CDR’s strict rules on consent for data storage and governance. We offer a managed solution for this.

  • Open Banking Data Access: To access Open Banking data, partners need to work with Basiq to enable the appropriate access model under CDR. Contact [email protected] for more information.


📘

Upgrading to v3.0 does not automatically enable you for Open Banking data access

Partners are able to upgrade to access v3.0 of the API without being enabled for Open Banking. If you would like to be enabled for Open Banking please reach out to [email protected] where the team can assist in registering your application.

Migrating to API 3.0

We’ve streamlined the upgrade process to minimise technical overhead for partners. Your data will be upgraded to meet the new 3.0 requirements. This includes:

  • Consent Policies: A consent policy will be created for each of your applications.
  • User Consents: A consent record will be created for each user to fit the new schema.
  • Application Updates: Attributes such as displayName will be added to your applications.

Required UI Changes

To comply with API 3.0, you must redirect users to the Basiq Consent UI to manage consent and establish connections. Connection creation using API-only methods are no longer supported. Visit our User Consent UI documentation for more details.

Notifications & Data Governance

Basiq provides event notifications to keep you updated on changes to user consents. You will need to set up an event web-hook and configure it in your application settings.

Step-by-Step Guide to Upgrading

1. Configure Consent UI

Head to the Basiq dashboard and customize the Consent UI. Add your brand’s header image and configure the redirection URL.

  • Brand Name: Adding Brand name is mandatory.
  • Header Image: This will be shown to users on the Consent UI.
  • Redirection URL: Define where users will be redirected after connecting their accounts.

2. Set Up Institutions

Choose which institutions to offer to users and configure the connection method (Open Banking or Web Connectors) from the Institutions tab.

3. Save Changes

After configuring everything in the dashboard, click "Save" to apply the changes.

Once you have configured everything via the dashboard you can click save and you are ready to implement application changes.

4. Update API Requests

For all /token requests, include the new version header:

POST /token HTTP/1.1
Host: au-api.basiq.io
Authorization: Basic YOUR_API_KEY
Content-Type: application/x-www-form-urlencoded
basiq-version: 3.0
Content-Length: 19

scope={SCOPE}

5. Update Your UI

If you used the previous Simple UI, replace it with a redirect to the new Consent UI. Here’s an example of how to trigger the redirect:

// Redirect to the external Basiq Consent UI to connect
  async function goToConsent(action = null) {
    let userId = sessionStorage.getItem("userId");
    const token = await getClientToken(userId);
    window.location = (`https://consent.basiq.io/home?&token=${token}&action=${action}`);
  }

<Button onClick={goToConsent}>Connect your accounts</Button>

Once users connect their institutions, they will be redirected to the URL defined in your dashboard, and their financial data will be accessible as usual.