Usage restrictions

Approved use of our digital services

Find information about the legislative and operational restrictions on using our digital services including:

Digital services

The ATO provides contemporary digital services to assist entities to meet their taxation, superannuation, payroll, and business registry obligations, by leveraging natural business systems and processes.

The ATO offers and supports application programming interfaces (APIs)  for Digital Service Providers via SBR (Standard Business Reporting), ATO API Portal, and Electronic Reporting Specifications – designed for business, tax agents, superannuation and payroll entities.

The ATO does not offer API services to DSPs for the purposes of providing software services directly to Individuals. ATO online systems, such as myTax, do not allow, and have not been designed for, external third-party software interactions.

Access to ATO APIs for DSPs are restricted to ensure:

  • compliance with legislation
  • minimisation of fraud and identity crime
  • operational efficiency and effectiveness.

ATO reserves the right of access to digital services

The ATO supports DSPs to develop innovative services that drive efficiency and increase compliance both within the taxation and superannuation systems and more broadly across the Australian digital economy.

Before providing access, the ATO must be satisfied the product will use these services correctly and for their intended purpose. The ATO has no obligation to provide access to our services.

Legal Disclosure of Information

Division 355 of the Taxation Administration Act 1953 and Part 1 of the Superannuation Industry (Supervision) Act 1993, prohibit the ATO from disclosing protected information about the tax or superannuation affairs of a particular entity except in certain specified circumstances. Entities are not able to give consent to protected information being shared with third parties unless they are a covered entity such as a tax agent and in the approved form.

The ATO only grants DSPs access to APIs where the DSP provides a service that supports entities to meet their reporting obligations. DSPs must therefore consider the intended business purpose of the proposed service, verifying that the intended client or user will be:

  • a business client - for the purpose of managing their taxation, payroll, superannuation, and/or registry affairs
  • an intermediary or tax professional (such as a tax agent, BAS agent or Payroll provider) - for the purpose of administering taxation affairs
  • a superannuation fund (trustee, or a representative) - for the purpose of administering superannuation obligations.

Fraud mitigation

Our digital services present a range of service opportunities but also pose some risks and security implications. It is crucial that we work in partnership with DSPs to protect the integrity of the taxation, superannuation and registry systems for the Australian community.

The ATO DSP Operational Security Framework and industry specific guidelines (such as Essential 8) support the protection of ATO systems and client data against cyber threats. DSPs must provide detail on how their product meets the requirements of the DSP Operational Security Framework.

DSPs who produce tax practitioner lodgment software must also consider customer verification guidelines as determined by the ATO and the Tax Practitioners Board.

Reasonable use of ATO digital wholesale services

By using our services, you need to be aware of, and ensure compliance, with the Reasonable use of ATO digital wholesale services policy (PDF, 244KB)

This policy aims to ensure ATO system availability and responsiveness for all users and defines the appropriate use of single versus batch requests, message stockpiling, automated tools, and error messaging. The policy is complemented by service specific usage guidelines, which are described in the relevant API Business Implementation Guide.

Continued non-conformance to the policy and usage guidelines may result in de‑whitelisting of access to ATO services.

De-whitelisting of DSP products

Once your solution has been built, tested and verified to conform to all requirements, the ATO will ‘whitelist’ your product for production use. De-whitelisting (PDF, 303KB) is the process of suspending or removing access to the ATO production or test environments.

De-whitelisting may occur where:

  • a DSP is not compliant with our requirements
  • the service generates a significant number of unexpected technical errors resulting in data issues, or
  • where a cyber incident presents a risk to our digital wholesale channel, ATO reputation or taxpayers.

The ATO endeavours to work through identified issues with DSPs where there is no immediate threat to client data or ATO systems.

The next step: register on the ATO support system

Review the information on Online services for DSPs to register for access to the non‑live test environment, obtain specifications, and access support from the DPO to help guide you through the build process.

Contact us

For further information and to provide feedback, contact the DPO via Online services for DSPs or by emailing DPO@ato.gov.au.

Last modified date