NAV Navbar
CDR Data Standards

Get Software Statement Assertion (SSA) V3

This page documents the obsolete version 3 of the Get Software Statement Assertion (SSA) endpoint.

This version was deprecated in V1.35.0.

The authorisation scopes returned in v3 of the Get Software Statement Assertion (SSA) endpoint are explicitly defined as follows:

Version Categories returned Authorisation Scopes returned in SSA
v3 OIDC
Banking
Energy
Common
Registration
openid
profile

bank:accounts.basic:read
bank:accounts.detail:read
bank:transactions:read
bank:payees:read
bank:regular_payments:read

energy:electricity.servicepoints.basic:read
energy:electricity.servicepoints.detail:read
energy:electricity.usage:read
energy:electricity.der:read
energy:accounts.basic:read
energy:accounts.detail:read
energy:accounts.paymentschedule:read
energy:accounts.concessions:read
energy:billing:read

common:customer.basic:read
common:customer.detail:read

cdr:registration

Get Software Statement Assertion (SSA)

Code samples

GET https://secure.api.cdr.gov.au/cdr-register/v1/{industry}/data-recipients/brands/{dataRecipientBrandId}/software-products/{softwareProductId}/ssa HTTP/1.1
Host: secure.api.cdr.gov.au
Accept: application/json
x-v: string
x-min-v: string
Authorization: string
const fetch = require('node-fetch');
const headers = {
  'Accept':'application/json',
  'x-v':'string',
  'x-min-v':'string',
  'Authorization':'string'
};

fetch('https://secure.api.cdr.gov.au/cdr-register/v1/{industry}/data-recipients/brands/{dataRecipientBrandId}/software-products/{softwareProductId}/ssa', {
  method: 'GET',
  headers: headers
}).then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

GET /cdr-register/v1/{industry}/data-recipients/brands/{dataRecipientBrandId}/software-products/{softwareProductId}/ssa

Get a Software Statement Assertion (SSA) for a software product on the CDR Register to be used for Dynamic Client Registration with a Data Holder Brand.

Obsolete versions: v1, v2.

Endpoint Version

Version 3

Parameters

Name In Type Required Default Description
industry path IndustryEnum mandatory The industry the participant is retrieving data for (Banking, etc.)
x-v header string mandatory Version of the API endpoint requested by the client. Must be set to a positive integer. The endpoint should respond with the highest supported version between x-min-v and x-v. If the value of x-min-v is equal to or higher than the value of x-v then the x-min-v header should be treated as absent. If all versions requested are not supported then the endpoint MUST respond with a 406 Not Acceptable. See HTTP Headers.
x-min-v header string optional Minimum version of the API endpoint requested by the client. Must be set to a positive integer if provided. The endpoint should respond with the highest supported version between x-min-v and x-v. If all versions requested are not supported then the endpoint MUST respond with a 406 Not Acceptable.
dataRecipientBrandId path string mandatory Unique id for the Accredited Data Recipient Brand that the Software Product is associated with in the CDR Register.
softwareProductId path string mandatory Unique id for the Accredited Data Recipient Software Product in the CDR Register.
Authorization header ExternalRef mandatory An Authorisation Token as per [RFC6750].

Enumerated Values

Parameter Value
industry banking
industry energy
industry telco
industry all

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK Successful response string
400 Bad Request Missing Required Header / Invalid Version / Invalid Path Parameter ResponseErrorListV2
401 Unauthorized Invalid Bearer Token None
403 Forbidden Invalid BrandId ResponseErrorListV2
404 Not Found Invalid Software Product ResponseErrorListV2
406 Not Acceptable Unsupported Version ResponseErrorListV2
422 Unprocessable Entity SSA validation failed ResponseErrorListV2

Response Headers

Status Header Type Required Description
200 x-v string optional The payload version that the endpoint has responded with.
401 WWW-Authenticate ExternalRef optional The Response Header Field as per [RFC6750].

Schemas

ResponseOpenIDProviderConfigMetadata

{
  "issuer": "string",
  "jwks_uri": "string",
  "token_endpoint": "string",
  "claims_supported": [
    "string"
  ],
  "id_token_signing_alg_values_supported": [
    "string"
  ],
  "subject_types_supported": [
    "string"
  ],
  "code_challenge_methods_supported": [
    "string"
  ],
  "scopes_supported": [
    "string"
  ],
  "response_types_supported": [
    "string"
  ],
  "grant_types_supported": [
    "string"
  ],
  "token_endpoint_auth_methods_supported": [
    "string"
  ],
  "tls_client_certificate_bound_access_tokens": true,
  "token_endpoint_auth_signing_alg_values_supported": [
    "string"
  ]
}

Response containing the Open ID Provider Configuration Metadata.

Properties

Name Type Required Default Description
issuer URIString mandatory URL using the https scheme with no query or fragment component that the CDR Register asserts as its Issuer Identifier.
jwks_uri URIString mandatory URL of the CDR Register's JSON Web Key Set [JWK] document. This contains the signing key(s) used to validate access tokens issued from the CDR Register. Note that this differs from the JWKS endpoint used to validate SSAs and CDR Register client authentication.
token_endpoint URIString mandatory URL of the CDR Register's OAuth 2.0 Token Endpoint.
claims_supported [string] mandatory JSON array containing a list of the Claim Names of the Claims that the CDR Register supplies values for.
id_token_signing_alg_values_supported [string] mandatory JSON array containing a list of the JWS signing algorithms (alg values) supported by the CDR Register for the ID Token to encode the Claims in a JWT. Given the CDR Register does not issue ID tokens, this field can be safely ignored.
subject_types_supported [string] mandatory JSON array containing a list of the Subject Identifier types that the CDR Register supports. Given the CDR Register does not issue ID tokens, this field can be safely ignored.
code_challenge_methods_supported [string] mandatory JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported by this authorization server. Given the CDR Register does not support PKCE, this field can be safely ignored.
scopes_supported [string] mandatory JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that the CDR Register supports.
response_types_supported [string] mandatory JSON array containing a list of the OAuth 2.0 response_type values that the CDR Register supports.
grant_types_supported [string] mandatory JSON array containing a list of the OAuth 2.0 Grant Type values that the CDR Register supports.
token_endpoint_auth_methods_supported [string] mandatory JSON array containing a list of Client Authentication methods supported by this Token Endpoint.
tls_client_certificate_bound_access_tokens Boolean mandatory Boolean value indicating server support for mutual TLS client certificate bound access tokens.
token_endpoint_auth_signing_alg_values_supported [string] mandatory JSON array containing a list of the JWS signing algorithms (alg values) supported by the token endpoint for the signature on the JWT [JWT] used to authenticate the client at the token endpoint for the private_key_jwt authentication method.

ResponseJWKS

{
  "keys": [
    {
      "alg": "string",
      "e": "string",
      "key_ops": [
        "string"
      ],
      "kid": "string",
      "kty": "string",
      "n": "string"
    }
  ]
}

Response containing the JSON Web Key Set.

Properties

Name Type Required Default Description
keys [JWK] mandatory The value of the keys parameter is an array of JWK values.

JWK

{
  "alg": "string",
  "e": "string",
  "key_ops": [
    "string"
  ],
  "kid": "string",
  "kty": "string",
  "n": "string"
}

Object representing a JSON Web Key.

Properties

Name Type Required Default Description
alg ExternalRef mandatory The alg (algorithm) parameter identifies the algorithm intended for use with the key.
e ExternalRef mandatory The e RSA public exponent parameter.
key_ops [ExternalRef] mandatory The key_ops (key operations) parameter identifies the operation(s) for which the key is intended to be used.
kid ExternalRef mandatory The kid (key ID) parameter is partially used to match a specific key. Note the kid parameter is not guaranteed to be unique and additional parameters should be used to progressively identify a key within a set.
kty ExternalRef mandatory The kty (key type) parameter identifies the cryptographic algorithm family used with the key.
n ExternalRef mandatory The n RSA public modulus parameter.

ResponseRegisterDataHolderBrandList

{
  "data": [
    {
      "dataHolderBrandId": "string",
      "brandName": "string",
      "industries": [
        "banking"
      ],
      "logoUri": "string",
      "legalEntity": {
        "legalEntityId": "string",
        "legalEntityName": "string",
        "logoUri": "string",
        "registrationNumber": "string",
        "registrationDate": "string",
        "registeredCountry": "string",
        "abn": "string",
        "acn": "string",
        "arbn": "string",
        "anzsicDivision": "string",
        "organisationType": "SOLE_TRADER",
        "status": "ACTIVE"
      },
      "status": "ACTIVE",
      "endpointDetail": {
        "version": "string",
        "publicBaseUri": "string",
        "resourceBaseUri": "string",
        "infosecBaseUri": "string",
        "extensionBaseUri": "string",
        "websiteUri": "string"
      },
      "authDetails": [
        {
          "registerUType": "SIGNED-JWT",
          "jwksEndpoint": "string"
        }
      ],
      "lastUpdated": "string"
    }
  ],
  "links": {
    "first": "string",
    "last": "string",
    "next": "string",
    "prev": "string",
    "self": "string"
  },
  "meta": {
    "totalPages": 0,
    "totalRecords": 0
  }
}

Response containing a list of CDR Register Data Holder Brand objects.

Properties

Name Type Required Default Description
data [RegisterDataHolderBrand] mandatory Response data for the query.
links LinksPaginated mandatory none
meta MetaPaginated mandatory none

RegisterDataHolderBrand

{
  "dataHolderBrandId": "string",
  "brandName": "string",
  "industries": [
    "banking"
  ],
  "logoUri": "string",
  "legalEntity": {
    "legalEntityId": "string",
    "legalEntityName": "string",
    "logoUri": "string",
    "registrationNumber": "string",
    "registrationDate": "string",
    "registeredCountry": "string",
    "abn": "string",
    "acn": "string",
    "arbn": "string",
    "anzsicDivision": "string",
    "organisationType": "SOLE_TRADER",
    "status": "ACTIVE"
  },
  "status": "ACTIVE",
  "endpointDetail": {
    "version": "string",
    "publicBaseUri": "string",
    "resourceBaseUri": "string",
    "infosecBaseUri": "string",
    "extensionBaseUri": "string",
    "websiteUri": "string"
  },
  "authDetails": [
    {
      "registerUType": "SIGNED-JWT",
      "jwksEndpoint": "string"
    }
  ],
  "lastUpdated": "string"
}

Properties

Name Type Required Default Description
dataHolderBrandId string mandatory Unique id of the Data Holder Brand issued by the CDR Register.
brandName string mandatory The name of Data Holder Brand.
industries [IndustriesEnum] mandatory The industries the Data Holder Brand belongs to.
logoUri URIString mandatory Brand logo URI.
legalEntity LegalEntityDetail mandatory The data that is common to all organisations, regardless of the type (e.g., company, trust, partnership, government).
status Enum mandatory none
endpointDetail RegisterDataHolderBrandServiceEndpoint mandatory Endpoints related to Data Holder Brand services.
authDetails [RegisterDataHolderAuth] mandatory [Defines the mechanism used and associated endpoints for Data Holder to Data Recipient authentication.]
lastUpdated DateTimeString mandatory The date/time that the Data Holder Brand data was last updated in the Register.

Enumerated Values

Property Value
status ACTIVE
status INACTIVE
status REMOVED

ResponseDataHoldersBrandSummaryList

{
  "data": [
    {
      "dataHolderBrandId": "string",
      "interimId": "string",
      "brandName": "string",
      "publicBaseUri": "string",
      "logoUri": "string",
      "industries": [
        "banking"
      ],
      "lastUpdated": "string",
      "abn": "string",
      "acn": "string",
      "arbn": "string"
    }
  ],
  "links": {
    "self": "string"
  },
  "meta": {}
}

Properties

Name Type Required Default Description
data [DataHolderBrandSummary] mandatory Response data for the query.
links Links mandatory none
meta Meta mandatory none

DataHolderBrandSummary

{
  "dataHolderBrandId": "string",
  "interimId": "string",
  "brandName": "string",
  "publicBaseUri": "string",
  "logoUri": "string",
  "industries": [
    "banking"
  ],
  "lastUpdated": "string",
  "abn": "string",
  "acn": "string",
  "arbn": "string"
}

Properties

Name Type Required Default Description
dataHolderBrandId string optional Unique id of the Data Holder Brand issued by the CDR Register.
interimId string optional Interim id of the Data Holder Brand issued by the CDR Register. This is to be used to uniquely identify the record when dataHolderBrandId is not populated and is not to be reused.
brandName string mandatory The name of Data Holder Brand.
publicBaseUri URIString mandatory Base URI for the Data Holder's Consumer Data Standard public endpoints.
logoUri URIString mandatory Brand logo URI.
industries [IndustriesEnum] mandatory The industries the Data Holder Brand belongs to.
lastUpdated DateTimeString mandatory The date/time that the Data Holder Brand data was last updated in the Register.
abn string optional Australian Business Number for the organisation.
acn string optional Australian Company Number for the organisation.
arbn string optional Australian Registered Body Number. ARBNs are issued to registrable Australian bodies and foreign companies.

IndustryEnum

"banking"

Properties

Name Type Required Default Description
anonymous Enum mandatory none

Enumerated Values

Property Value
anonymous banking
anonymous energy
anonymous telco
anonymous all

IndustriesEnum

"banking"

Properties

Name Type Required Default Description
anonymous Enum mandatory none

Enumerated Values

Property Value
anonymous banking
anonymous energy
anonymous telco

DataHoldersStatusList

{
  "data": [
    {
      "legalEntityId": "string",
      "status": "ACTIVE"
    }
  ],
  "links": {
    "self": "string"
  },
  "meta": {}
}

Properties

Name Type Required Default Description
data [DataHolderStatus] mandatory Response data for the query.
links Links mandatory none
meta Meta mandatory none

DataHolderStatus

{
  "legalEntityId": "string",
  "status": "ACTIVE"
}

Properties

Name Type Required Default Description
legalEntityId string mandatory Unique id of the Data Holder Legal Entity issued by the CDR Register.
status Enum mandatory Data Holder status in the CDR Register.

Enumerated Values

Property Value
status ACTIVE
status REMOVED

SoftwareProductsStatusList

{
  "data": [
    {
      "softwareProductId": "string",
      "status": "ACTIVE"
    }
  ],
  "links": {
    "self": "string"
  },
  "meta": {}
}

Properties

Name Type Required Default Description
data [SoftwareProductStatus] mandatory Response data for the query.
links Links mandatory none
meta Meta mandatory none

SoftwareProductStatus

{
  "softwareProductId": "string",
  "status": "ACTIVE"
}

Properties

Name Type Required Default Description
softwareProductId string mandatory Unique id of the software product issued by the CDR Register.
status Enum mandatory Software product status in the CDR Register.

Enumerated Values

Property Value
status ACTIVE
status INACTIVE
status REMOVED

DataRecipientsStatusList

{
  "data": [
    {
      "legalEntityId": "string",
      "status": "ACTIVE"
    }
  ],
  "links": {
    "self": "string"
  },
  "meta": {}
}

Properties

Name Type Required Default Description
data [DataRecipientStatus] mandatory Response data for the query.
links Links mandatory none
meta Meta mandatory none

DataRecipientStatus

{
  "legalEntityId": "string",
  "status": "ACTIVE"
}

Properties

Name Type Required Default Description
legalEntityId string mandatory Unique id of the Data Recipient Legal Entity issued by the CDR Register.
status Enum mandatory Data Recipient status in the CDR Register.

Enumerated Values

Property Value
status ACTIVE
status SUSPENDED
status REVOKED
status SURRENDERED

ResponseRegisterDataRecipientList

{
  "data": [
    {
      "legalEntityId": "string",
      "legalEntityName": "string",
      "accreditationNumber": "string",
      "accreditationLevel": "UNRESTRICTED",
      "logoUri": "string",
      "dataRecipientBrands": [
        {
          "dataRecipientBrandId": "string",
          "brandName": "string",
          "logoUri": "string",
          "softwareProducts": [
            {
              "softwareProductId": "string",
              "softwareProductName": "string",
              "softwareProductDescription": "string",
              "logoUri": "string",
              "status": "ACTIVE"
            }
          ],
          "status": "ACTIVE"
        }
      ],
      "status": "ACTIVE",
      "lastUpdated": "string"
    }
  ],
  "links": {
    "self": "string"
  },
  "meta": {}
}

Response containing a list of Data Recipients in the CDR Register.

Properties

Name Type Required Default Description
data [RegisterDataRecipient] mandatory Response data for the query.
links Links mandatory none
meta Meta mandatory none

RegisterDataRecipient

{
  "legalEntityId": "string",
  "legalEntityName": "string",
  "accreditationNumber": "string",
  "accreditationLevel": "UNRESTRICTED",
  "logoUri": "string",
  "dataRecipientBrands": [
    {
      "dataRecipientBrandId": "string",
      "brandName": "string",
      "logoUri": "string",
      "softwareProducts": [
        {
          "softwareProductId": "string",
          "softwareProductName": "string",
          "softwareProductDescription": "string",
          "logoUri": "string",
          "status": "ACTIVE"
        }
      ],
      "status": "ACTIVE"
    }
  ],
  "status": "ACTIVE",
  "lastUpdated": "string"
}

Properties

Name Type Required Default Description
legalEntityId string mandatory Unique id of the Data Recipient Legal Entity issued by the CDR Register.
legalEntityName string mandatory Legal name of the Data Recipient.
accreditationNumber string mandatory CDR Register issued human readable unique number given to Data Recipients upon accreditation.
accreditationLevel Enum mandatory Accreditation level of the Data Recipient in the CDR Register.
logoUri URIString mandatory Legal Entity logo URI.
dataRecipientBrands [DataRecipientBrandMetaData] optional [Metadata related to Data Recipient Brand.]
status Enum mandatory Data Recipient status in the CDR Register.
lastUpdated DateTimeString mandatory The date/time that the Legal Entity was last updated in the CDR Register.

Enumerated Values

Property Value
accreditationLevel UNRESTRICTED
accreditationLevel SPONSORED
status ACTIVE
status SUSPENDED
status REVOKED
status SURRENDERED

DataRecipientBrandMetaData

{
  "dataRecipientBrandId": "string",
  "brandName": "string",
  "logoUri": "string",
  "softwareProducts": [
    {
      "softwareProductId": "string",
      "softwareProductName": "string",
      "softwareProductDescription": "string",
      "logoUri": "string",
      "status": "ACTIVE"
    }
  ],
  "status": "ACTIVE"
}

Metadata related to Data Recipient Brand.

Properties

Name Type Required Default Description
dataRecipientBrandId string mandatory Unique id of the Data Recipient brand issued by the CDR Register.
brandName string mandatory Data Recipient Brand name.
logoUri URIString mandatory Data Recipient Brand logo URI.
softwareProducts [SoftwareProductMetaData] optional [Data Recipient Brand Software Products.]
status Enum mandatory Data Recipient Brand status in the CDR Register.

Enumerated Values

Property Value
status ACTIVE
status INACTIVE
status REMOVED

SoftwareProductMetaData

{
  "softwareProductId": "string",
  "softwareProductName": "string",
  "softwareProductDescription": "string",
  "logoUri": "string",
  "status": "ACTIVE"
}

Data Recipient Brand Software Products.

Properties

Name Type Required Default Description
softwareProductId string mandatory Unique id of the Data Recipient software product issued by the CDR Register.
softwareProductName string mandatory Name of the software product.
softwareProductDescription string mandatory Description of the software product.
logoUri URIString mandatory Software product logo URI.
status Enum mandatory Software Product status in the CDR Register.

Enumerated Values

Property Value
status ACTIVE
status INACTIVE
status REMOVED

LegalEntityDetail

{
  "legalEntityId": "string",
  "legalEntityName": "string",
  "logoUri": "string",
  "registrationNumber": "string",
  "registrationDate": "string",
  "registeredCountry": "string",
  "abn": "string",
  "acn": "string",
  "arbn": "string",
  "anzsicDivision": "string",
  "organisationType": "SOLE_TRADER",
  "status": "ACTIVE"
}

The data that is common to all organisations, regardless of the type (e.g., company, trust, partnership, government).

Properties

Name Type Required Default Description
legalEntityId string mandatory Unique id of the organisation issued by the CDR Register.
legalEntityName string mandatory Unique legal name of the organisation.
logoUri URIString mandatory Legal Entity logo URI.
registrationNumber string optional Unique registration number (if the company is registered outside Australia).
registrationDate DateString optional Date of registration (if the company is registered outside Australia).
registeredCountry string optional Country of registration (if the company is registered outside Australia).
abn string optional Australian Business Number for the organisation.
acn string optional Australian Company Number for the organisation.
arbn string optional Australian Registered Body Number. ARBNs are issued to registrable Australian bodies and foreign companies.
anzsicDivision ExternalRef optional ANZSIC division of the organisation. [ANZSIC-2006].
organisationType Enum optional Legal organisation type.
status Enum mandatory none

Enumerated Values

Property Value
organisationType SOLE_TRADER
organisationType COMPANY
organisationType PARTNERSHIP
organisationType TRUST
organisationType GOVERNMENT_ENTITY
organisationType OTHER
status ACTIVE
status REMOVED

RegisterDataHolderBrandServiceEndpoint

{
  "version": "string",
  "publicBaseUri": "string",
  "resourceBaseUri": "string",
  "infosecBaseUri": "string",
  "extensionBaseUri": "string",
  "websiteUri": "string"
}

Endpoints related to Data Holder Brand services.

Properties

Name Type Required Default Description
version string mandatory The major version of the high level standards. This is not the version of the endpoint or the payload being requested but the version of the overall standards being applied. This version number will be "v" followed by the major version of the standards as a positive integer (e.g., v1, v12 or v76).
publicBaseUri URIString mandatory Base URI for the Data Holder's Consumer Data Standard public endpoints.
resourceBaseUri URIString mandatory Base URI for the Data Holder's Consumer Data Standard resource endpoints.
infosecBaseUri URIString mandatory Base URI for the Data Holder's Consumer Data Standard information security endpoints.
extensionBaseUri URIString optional Base URI for the Data Holder extension endpoints to the Consumer Data Standard (optional).
websiteUri URIString mandatory Publicly available website or web resource URI.

RegisterDataHolderAuth

{
  "registerUType": "SIGNED-JWT",
  "jwksEndpoint": "string"
}

Defines the mechanism used and associated endpoints for Data Holder to Data Recipient authentication.

Properties

Name Type Required Default Description
registerUType Enum mandatory The type of authentication and authorisation mechanism in use.
jwksEndpoint URIString mandatory JWKS endpoint used for authentication by the Data Holder with the Data Recipient.

Enumerated Values

Property Value
registerUType SIGNED-JWT

LinksPaginated

{
  "first": "string",
  "last": "string",
  "next": "string",
  "prev": "string",
  "self": "string"
}

Properties

Name Type Required Default Description
first URIString optional URI to the first page of this set. Mandatory if this response is not the first page.
last URIString optional URI to the last page of this set. Mandatory if this response is not the last page.
next URIString optional URI to the next page of this set. Mandatory if this response is not the last page.
prev URIString optional URI to the previous page of this set. Mandatory if this response is not the first page.
self URIString mandatory Fully qualified link to this API call.

MetaPaginated

{
  "totalPages": 0,
  "totalRecords": 0
}

Properties

Name Type Required Default Description
totalPages NaturalNumber mandatory The total number of pages in the full set.
totalRecords NaturalNumber mandatory The total number of records in the full set.

{
  "self": "string"
}
Name Type Required Default Description
self URIString mandatory Fully qualified link to this API call.

Meta

{}

Properties

None

ResponseErrorListV2

{
  "errors": [
    {
      "code": "string",
      "title": "string",
      "detail": "string",
      "meta": {
        "urn": "string"
      }
    }
  ]
}

Properties

Name Type Required Default Description
errors [ErrorV2] mandatory List of errors.

ErrorV2

{
  "code": "string",
  "title": "string",
  "detail": "string",
  "meta": {
    "urn": "string"
  }
}

Properties

Name Type Required Default Description
code string mandatory The code of the error encountered. Where the error is specific to the respondent, an application-specific error code, expressed as a string value. If the error is application-specific, the URN code that the specific error extends must be provided in the meta object. Otherwise, the value is the error code URN.
title string mandatory A short, human-readable summary of the problem that MUST NOT change from occurrence to occurrence of the problem represented by the error code.
detail string mandatory A human-readable explanation specific to this occurrence of the problem.
meta object conditional Additional data for customised error codes.
» urn string conditional The CDR error code URN which the application-specific error code extends. Mandatory if the error code is an application-specific error rather than a standardised error code.