Payments NZ

API Centre

New Zealand

Banking

Open Banking

• Account information
• Payment initiation

The standard’s flow begins with the customer requesting that a Third Party access their account, which is held by an API provider, often the customer’s bank. The API provider then enables the Third Party to establish a connection with the customer’s account.

The Third Party redirects the customer to their bank to securely authorize access to specific account information. Version 2.0 and above of the standards introduce two authentication flows, redirect and decoupled, offering an additional option for obtaining customer consent.

These authentication flows establish a safe and secure process for the API provider to verify, in real time, that the customer has authorized the Third Party’s consent request. The functionality of these flows applies to both Payment Initiation and Account Information APIs.

Current Accounts | Credit Cards | Lending | Investments | Wallets or Prepaid | Savings

ISO 20022 | RESTful | JSON

Market Driven

The published version of the standards can be accessed by anyone here: Payments NZ API standards – Confluence (atlassian.net).

Eligible API providers must meet the following criteria:

• Be a New Zealand-registered bank, a New Zealand non-bank deposit taker, or an entity prudentially regulated by the Reserve Bank of New Zealand or the Financial Markets Authority (FMA).
• Issue and provide bank accounts to customers using the Payments NZ standard for bank account formats.
• Have a genuine business interest in utilizing APIs developed according to the API standards.

To qualify for Standards User registration as a Third Party, you must have:

• A New Zealand bank account.
• A New Zealand GST number.
• A genuine business interest in using APIs developed under the API standards.

Additionally, you are required to:

• Sign an agreement with the API Centre agreeing to the Standards User terms and conditions.
• Pay the annual registration fee.

Premium

The API Centre is member-driven and open to market participation.

The Account Information API Standard enables consent-based access to specific customer information held by an API provider. The API Centre also defines a standard for payment initiation, allowing customers to set up and execute electronic payments through a registered Third Party to a registered API provider.

The standard includes resources that provide information such as account balances, transaction lists within a specified date range, saved recipients, direct debits, standing orders, customer personal details, scheduled payments, and account statements for a given period.

The standard establishes a clear process flow. The API provider provides real-time confirmation to the TPP that the customer has authorized access to an account or a payment, delivering the consented information or using the redirect or decoupled authentication flows, as appropriate.

Information accessible through the standard includes the full list of accounts held by a customer, balances, transactions, trusted beneficiaries, direct debits, standing orders, account offers, scheduled payments, statements, and details of the account holder.

Certificates

FAPI1 | CIBA | OIDC | OAuth

OAuth 2.0 framework

OpenID Connect Request (OIDC)

Financial API (FAPI) security regime

Browser Redirect | Decoupled | App to APP Redirect

Coupled and decoupled authentication flows are provided as additional options to obtain customer consent. The latest version, v2.1.0, of the Payment Initiation API supports long-lived consents. This feature allows a Third Party to execute multiple payments from a customer’s account to a designated beneficiary with the customer’s consent.

This capability significantly streamlines the authentication process throughout the consent period and eliminates the need for the customer to reauthorize consent with their bank for each payment.

Future Dated Payments | Bulk Payments | Variable Recurring Payments | Single Domestic Payments

Variable Recurring Payments are referred to here as Enduring Payment Consents.

Operational Guidelines | Customer Experience Guidelines

Accounts | Beneficiaries | Balances | Direct Debits | Parties or Contacts | Other | Statements | Transactions | Standing Orders

The API Centre offers a sandbox environment that enables developers to experiment with the standards.

Functioning as a model bank, the sandbox includes endpoints for all API standards, features up-to-date patches, and delivers real-world format responses using dummy bank data.

Payment-related APIs have been in use in New Zealand for some time, but there was no industry-wide standardization.

In 2017, industry discussions in New Zealand prompted the development of API standards for an industry pilot, involving participants such as BNZ, ASB, and technology companies TradeMe, Datacom, and Paymark. In 2019, the API Centre, part of Payments NZ, was established to support the development of API standards aimed at delivering Open Banking to New Zealanders.

Standards Users agree to terms and conditions to utilize the API standards, which include compliance obligations. They are required to perform an annual self-attestation of compliance.

The API Centre is governed by an API Council, which consists of six API Provider (e.g., bank) representatives, six TPP representatives, and three independent members.

The API Council is supported by three working groups composed of Standards User representatives, the Business Group, Technical Group, and Partnering Group, along with ad hoc project groups, all of which operate under the direction of the API Council.

In July 2021, the New Zealand Government announced plans to establish a new legislative framework for the consumer data right.

In early 2022, the Government will make further decisions regarding the implementation of the consumer data right, including which institutions will be involved in developing rules and standards, as well as measures for enforcement. The Government will also determine which sectors should be prioritized for the potential application of the consumer data right.

A Bill to implement the consumer data right is expected to be introduced to Parliament in 2022.