Connecting to our application programming interfaces
Registered providers, plan managers and software developers (aggregators) can access our systems through our application programming interfaces (APIs).
Our APIs allow controlled and secure access to specific NDIA data for approved applicants to support the delivery of services to NDIS participants.
It is everyone’s responsibility to protect the confidentiality, integrity and availability of NDIA data when they gain access to the APIs.
There are 2 options to connect to our APIs:
- direct integration
- indirect integration.
Option 1: Direct integration
Direct integration is the process where registered providers, plan managers and aggregators connect directly with our APIs.
Step 1: Download and fill out the digital providers questionnaire
The digital providers questionnaire is a form registered providers, plan managers and aggregators fill out to become a digital partner.
- Download the NDIA digital providers questionnaire pdf file - PDF 222.25 KB
- Download the NDIA digital providers questionnaire docx file - DOCX 109.56 KB
Tip: Aggregators need to partner with a registered provider.
Aggregators need to partner with a registered provider if they want to access our APIs. They will also need to complete additional cyber security activities.
Step 2: Complete an ASIC company extract
Complete a current Australian Securities and Investments Commission (ASIC) company extract. You can buy this on the ASIC website .
The date on the current company extract should be within 4 weeks of the date you provide these documents to us.
Step 3: Sign the terms and conditions
Read and understand the terms and conditions. You will need to fill out and sign page 6 for us to assess your application.
- Download the NDIA API Terms and Conditions docx file - DOCX 42.69 KB
If an authorised representative, such as a power of attorney, signs the terms and conditions, you need to include a copy of supporting evidence.
We use the company extract to confirm the signing authorities (registered secretary/director) on the terms and conditions.
Step 4: Provide evidence
Provide evidence to support your application. You can use the Cyber Clearance Requirements document to find out what evidence we need.
- Download the Cyber clearance requirements pdf file - PDF 195.69 KB
- Download the Cyber clearance requirements docx file - DOCX 63.59 KB
You will need to provide a copy of your planned architecture to connect to our APIs.
Standards you need to meet to connect to the NDIA’s systems
Applicants need to meet the following standards to connect to our APIs:
- You must agree to the standards detailed in api.gov.au.
- You must have a suitable ICT certification and Auditor Report for your ICT Systems as specified in the cyber clearance framework e.g. ISO 27001:2022.
- You must have an appropriate level of cyber security maturity.
- You must display secure coding practices, where appropriate.
- We may require penetration testing, where appropriate.
Step 5: Send us your completed documents
Once you have all your documents ready, you can:
- email them to us at [email protected]
- mail them to us at:
Attention: Digital Partnership Office
National Disability Insurance Agency
GPO Box 700
Canberra ACT 2601.
Step 6: We will assess your application
We will start assessing your application when we receive all the required documents. We may ask you for further information to support your application, if needed.
We will work with you to finalise the architectural review and cyber clearance process.
Step 7: We will send you a technical pack
If your application is approved, we will send you a technical pack, which includes information for:
- onboarding
- development
- NDIA testing standards.
Option 2: Indirect integration
Indirect integration is the process where registered providers connect with our APIs through an aggregator.
Step 1: A registered provider or plan manager connects with an aggregator
Registered providers and plan managers can access our APIs by connecting via an aggregator who is an existing NDIA digital partner.
Step 2: The aggregator submits an application to the NDIA Digital Partnership Office
The aggregator will submit an application to the Digital Partnership Office (DPO) on behalf of a registered provider or plan manager.
Step 3: We will assess the application
We will complete a technical review of the application. We will then let the aggregator know the outcome of the application.