Getting started

Before commencing development, we recommend that you:

• Review the ATO services that you'll use in your software.
• Consider how the ATO service will be used within your software and who the end user will be.
• Review the software development steps required to deliver an SBR-enabled product.

Find information about using our digital services including:

• How to start using our services
• The next step: review our digital services
• Contact us

How to start using our services

To use our digital services, you will need to undertake a number of steps before you’re whitelisted to use ATO production services.

1. Register as a digital service provider (DSP) through SBR and Online services for DSPs.
2. Develop your software product based on ATO specifications, and test in the ATO test environment.
3. Complete the Operational Security Framework questionnaire and provide evidence that your solution complies with requirements.
4. Complete testing in our test environment (Production Verification and, in some cases, Extended Conformance Testing).
5. Successfully apply for whitelisting and release your solution into production.

Note: The below description is a high-level summary.

1. Register with Online Services for Digital Service Providers

Complete the ‘Register for Online Services for DSPs’ form on Online services for DSPs to obtain access to the non-live test environment and specifications. After registering you can access support from the Digital Partnership Office to help guide you through the build process.

2. Build against non-live test environment - External Vendor Testing Environment (EVTE)

The ATO External Vendor Testing Environment (EVTE) has been designed to ensure that defined SBR technical standards are met.

EVTE is a testing platform that allows digital service providers, both commercial and inhouse, to demonstrate their capability in meeting a defined set of test scenarios with well-formed requests/messages.

You can utilise test scenarios to demonstrate your product/service operates as expected. Using EVTE is a key part of our software registration process.

3. Complete the security questionnaire

Complete the Digital Service Provider Operational Security Framework Questionnaire (DOCX, 768KB) and provide relevant evidence to demonstrate compliance with the Requirements for DSPs.

4. Production verification testing (PVT)

Valid transactions are closely monitored in a live environment to demonstrate your product/service operates as expected in a live environment.

5. Whitelist for production services

Once approved for whitelisting, your product/service can be used to transact with production ATO digital services.

The next step: review our digital services

Review the ATO services you will use in your software by looking at the Overview of our services.

Contact us

For further information and to provide feedback, contact the DPO via Online services for DSPs or by emailing DPO@ato.gov.au.