Overview
This page provides mocked test scenarios to help you test different authorisation models in the sandbox environment.
Test scenario 1 - AUTH.10001 - No External Client Access to Selected Intermediary is unauthorised
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220115957/heartbeat?context="TAN=56629015"
TFN: 220115957
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10001
Message:
{ "errors": [ { "code": "AUTH.10001", "detail": "The agent number used with your ABN or credential is not related.", } ] }
Test scenario 2 - AUTH.10002 - No identity relaxed restricted access to selected client is unauthorised
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220115965/heartbeat?context="TAN=56629015"
TFN: 220115965
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10002
Message:
{ "errors": [ { "code": "AUTH.10002", "detail": "You are not authorised to lodge on behalf of this client.", } ] }
Test scenario 3 - AUTH.10003 - No identity access to selected intermediary is unauthorised
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220115973/heartbeat?context="TAN=56629015"
TFN: 220115973
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10003
Message:
{ "errors": [ { "code": "AUTH.10003", "detail": "Your credential is not linked to this registered agent number in Access Manager.", } ] }
Test scenario 4 - AUTH.10004 - No selected subscriber client has no access to selected intermediary is unauthorised
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220115981/heartbeat?context="TAN=56629015"
TFN: 220115981
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10004
Message:
{ "errors": [ { "code": "AUTH.10004", "detail": "You do not have the correct permission for this action.", } ] }
Test scenario 5 - AUTH.10004 - Request denied
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116004/heartbeat?context="TAN=56629015"
TFN: 220116004
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10004
Message:
{ "errors": [ { "code": "AUTH.10004", "detail": "You do not have the correct permission for this action.", } ] }
Test scenario 6 - AUTH.10005 - No external client access to selected client is unauthorised
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116012/heartbeat?context="TAN=56629015"
TFN: 220116012
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10005
Message:
{ "errors": [ { "code": "AUTH.10005", "detail": "You are not authorised to lodge on behalf of this client.", } ] }
Test scenario 7 - AUTH.10006 - No selected intermediary access to selected client is unauthorised
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116020/heartbeat?context="TAN=56629015"
TFN: 220116020
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10006
Message:
{ "errors": [ { "code": "AUTH.10006", "detail": "The client you transmitted is not associated with the agent number you supplied and cannot be authorised.", } ] }
Test scenario 8 - AUTH.10007 - No identity access to external client is unauthorised
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116039/heartbeat?context="TAN=56629015"
TFN: 220116039
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10007
Message:
{ "errors": [ { "code": "AUTH.10007", "detail": "An unexpected error has occurred. Please contact the Tax Office", } ] }
Test scenario 9 - AUTH.10007 - If an exception or an exit trigger which does not have DSG error code mapping is returned from AM then map to exception error code
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116047/heartbeat?context="TAN=56629015"
TFN: 220116047
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10007
Message:
{ "errors": [ { "code": "AUTH.10007", "detail": "An unexpected error has occurred. Please contact the Tax Office", } ] }
Test scenario 10 - AUTH.10008 - Disabled identity is unauthorised
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116063/heartbeat?context="TAN=56629015"
TFN: 220116063
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10008
Message:
{ "errors": [ { "code": "AUTH.10008", "detail": "You are not authorised to submit this request. Review permissions in Access Manager and try again.", } ] }
Test scenario 11 - AUTH.10008 - Identity not found is unauthorised
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116071/heartbeat?context="TAN=56629015"
TFN: 220116071
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10008
Message:
{ "errors": [ { "code": "AUTH.10008", "detail": "You are not authorised to submit this request. Review permissions in Access Manager and try again.", } ] }
Test scenario 12 - AUTH.10008 - Blocked identity is unauthorised
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116098/heartbeat?context="TAN=56629015"
TFN: 220116098
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10008
Message:
{ "errors": [ { "code": "AUTH.10008", "detail": "You are not authorised to submit this request. Review permissions in Access Manager and try again.", } ] }
Test scenario 13a - AUTH.10009 - Any technical exception occurred in AM
Request information
Request:
- GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116118/heartbeat?context="TAN=56629015"
TFN:
-
220116118
Response information
Error/message type: Authorisation error
HTTP status code: 500
Response code: AUTH.10009
Message:
{ "errors": [ { "code": "AUTH.10009", "detail": "An unexpected error has occurred. Please try again. If the problem persists, please contact the Tax Office", } ] }
Test scenario 13b - AUTH.10009 - Any technical exception occurred in AM
Request:
- GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116055/heartbeat?context="TAN=56629015"
TFN:
-
220116055
Response information
Error/message type: Authorisation error
HTTP status code: 500
Response code: AUTH.10009
Message:
{ "errors": [ { "code": "AUTH.10009", "detail": "An unexpected error has occurred. Please try again. If the problem persists, please contact the Tax Office", } ] }
Test scenario 14 - AUTH.10010 - No identity access to selected client employee is unauthorised
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116126/heartbeat?context="TAN=56629015"
TFN: 220116126
Response information
Error/message type: Authorisation error
HTTP status code: 403
Response code: AUTH.10010
Message:
{ "errors": [ { "code": "AUTH.10010", "detail": "Unauthorised to view the client record.", } ] }
Test scenario 15 - Successful permit scenario
Request information
Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/{TFN_individual}/heartbeat?context="TAN=56629015"
TFN: Any TFN not listed in the other authorisation test scenarios
Response information
Error/message type: Information message
HTTP status code: 200
Response code: N/A
Message:
Successful heartbeat response - for example:
{
"data": {
"systemTimeUTC": "2022-06-22T06:00:40Z"
}
}