Getting started

 The API attempts to be RESTful

The Third Party Platform API attempts to conform to the design principles of Representational State Transfer (REST).

 The API is accessed over HTTP (SSL)

Data can be retrieved, created, manipulated and deleted using standard HTTP methods. The endpoint documentation page will detail the expected method to use. Any non SSL requests will be rejected. Success and errors will be communicated back via standard HTTP status codes and descriptions in the body of the response.

MethodDescription
GET Use this method for retrieving data.
POST Use this method for creating or modifying data.
DELETE Use this method for deleting data.

 Request & response formats

The default data objects returned by the API is rendered in JavaScript Object Notation (JSON).

Applications can also use the API using XML data objects for requests and responses. Set the request HTTP Content-Type & Accept header to "application/xml" to use XML objects.

For endpoints that accept a enumerated type in the URI, you can provide these values as integers or the string values.

 Authentication

The API enforces one of 3 types of authentication. The right scheme for your organisation will be provisioned during the onboarding process.

Basic access authentication

Use the standard Authorization HTTP header to encode the username and password. See the IETF specifications for more details.

Client certificate authentication

Attach the provisioned client certificate on each request.

Bearer token authentication

For client applications that use OAuth 2.0 authentication. See the IETF specifications for more details.

 Rate limits

Access to the API is rate limited. There are lower limits in place during peak market hours. This will usually be in place during market open and close times but it can also be applied at other times as required.

 StandardLow
Requests per second 5 3
Requests per minute 300 150
Requests per hour 18000 9000
Requests per day 100000 -
Lower limit times (AEST)
09:30 AM - 10:30 AM
03:30 PM - 04:30 PM

The API will return a HTTP 429 (Too many requests) error to any application that exceeds these rates. Applications will need to cease API requests until the count is reset for that time period.

 Date ranges

Some endpoints apply date range limits to queries. Details of the limits are available at applicable endpoint documentation pages.

 Support

For technical support with the API, please contact us. 

To help us provide quicker responses to your queries, please include as much of the following details as possible:

  • Authentication details (username is sufficient for Basic auth)
  • Date & time of API call
  • Payload (if applicable)
  • HTTP response code & error messages received