Authorisation test scenarios

Last modified
On this page

Overview

This page provides mocked test scenarios to help you test different authorisation models in the sandbox environment.

Test scenario 1 - AUTH.10001 - No External Client Access to Selected Intermediary is unauthorised 

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220115957/heartbeat?context="TAN=56629015"

TFN: 220115957

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10001

Message

{
  "errors": [
    {
      "code": "AUTH.10001",
      "detail": "The agent number used with your ABN or credential is not related.",
   }
  ]
}

Test scenario 2 - AUTH.10002 - No identity relaxed restricted access to selected client is unauthorised

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220115965/heartbeat?context="TAN=56629015"

TFN: 220115965

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10002

Message:

{
  "errors": [
    {
      "code": "AUTH.10002",
      "detail": "You are not authorised to lodge on behalf of this client.",
   }
  ]
}

Test scenario 3 - AUTH.10003 - No identity access to selected intermediary is unauthorised

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220115973/heartbeat?context="TAN=56629015"

TFN: 220115973

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10003

Message:

{
  "errors": [
    {
      "code": "AUTH.10003",
      "detail": "Your credential is not linked to this registered agent number in Access Manager.",
   }
  ]
}

Test scenario 4 - AUTH.10004 - No selected subscriber client has no access to selected intermediary is unauthorised

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220115981/heartbeat?context="TAN=56629015"

TFN: 220115981

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10004

Message:

{
  "errors": [
    {
      "code": "AUTH.10004",
      "detail": "You do not have the correct permission for this action.",
   }
  ]
}

Test scenario 5 - AUTH.10004 - Request denied

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116004/heartbeat?context="TAN=56629015"

TFN: 220116004

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10004

Message

{
  "errors": [
    {
      "code": "AUTH.10004",
      "detail": "You do not have the correct permission for this action.",
   }
  ]
}

Test scenario 6 - AUTH.10005 - No external client access to selected client is unauthorised

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116012/heartbeat?context="TAN=56629015"

TFN: 220116012

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10005

Message:

{
  "errors": [
    {
      "code": "AUTH.10005",
      "detail": "You are not authorised to lodge on behalf of this client.",
   }
  ]
}

Test scenario 7 - AUTH.10006 - No selected intermediary access to selected client is unauthorised

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116020/heartbeat?context="TAN=56629015"

TFN: 220116020

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10006

Message:

{
  "errors": [
    {
      "code": "AUTH.10006",
      "detail": "The client you transmitted is not associated with the agent number you supplied and cannot be authorised.",
   }
  ]
}

Test scenario 8 - AUTH.10007 - No identity access to external client is unauthorised

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116039/heartbeat?context="TAN=56629015"

TFN: 220116039

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10007

Message:

{
  "errors": [
    {
      "code": "AUTH.10007",
      "detail": "An unexpected error has occurred. Please contact the Tax Office",
   }
  ]
}

Test scenario 9 - AUTH.10007 - If an exception or an exit trigger which does not have DSG error code mapping is returned from AM then map to exception error code

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116047/heartbeat?context="TAN=56629015"

TFN: 220116047

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10007

Message:

{
  "errors": [
    {
      "code": "AUTH.10007",
      "detail": "An unexpected error has occurred. Please contact the Tax Office",
   }
  ]
}

Test scenario 10 - AUTH.10008 - Disabled identity is unauthorised

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116063/heartbeat?context="TAN=56629015"

TFN: 220116063

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10008

Message:

{
  "errors": [
    {
      "code": "AUTH.10008",
      "detail": "You are not authorised to submit this request. Review permissions in Access Manager and try again.",
   }
  ]
}

Test scenario 11 - AUTH.10008 - Identity not found is unauthorised

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116071/heartbeat?context="TAN=56629015"

TFN: 220116071

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10008

Message:

{
  "errors": [
    {
      "code": "AUTH.10008",
      "detail": "You are not authorised to submit this request. Review permissions in Access Manager and try again.",
   }
  ]
}

Test scenario 12 - AUTH.10008 - Blocked identity is unauthorised

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116098/heartbeat?context="TAN=56629015"

TFN: 220116098

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10008

Message:

{
  "errors": [
    {
      "code": "AUTH.10008",
      "detail": "You are not authorised to submit this request. Review permissions in Access Manager and try again.",
   }
  ]
}

Test scenario 13a - AUTH.10009 - Any technical exception occurred in AM

Request information

Request

  • GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116118/heartbeat?context="TAN=56629015"

TFN

  • 220116118

Response information

Error/message type: Authorisation error

HTTP status code: 500

Response code: AUTH.10009

Message:

{
  "errors": [
    {
      "code": "AUTH.10009",
      "detail": "An unexpected error has occurred. Please try again.  If the problem persists, please contact the Tax Office",
   }
  ]
}

Test scenario 13b - AUTH.10009 - Any technical exception occurred in AM

Request

  • GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116055/heartbeat?context="TAN=56629015"

TFN

  • 220116055

Response information

Error/message type: Authorisation error

HTTP status code: 500

Response code: AUTH.10009

Message:

{
  "errors": [
    {
      "code": "AUTH.10009",
      "detail": "An unexpected error has occurred. Please try again.  If the problem persists, please contact the Tax Office",
   }
  ]
}

 

Test scenario 14 - AUTH.10010 - No identity access to selected client employee is unauthorised

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/220116126/heartbeat?context="TAN=56629015"

TFN: 220116126

Response information

Error/message type: Authorisation error

HTTP status code: 403

Response code: AUTH.10010

Message:

{
  "errors": [
    {
      "code": "AUTH.10010",
      "detail": "Unauthorised to view the client record.",
   }
  ]
}

Test scenario 15 - Successful permit scenario

Request information

Request: GET https://sandbox.api.ato.gov.au/healthcheck/v1/clients/ABN/50764337844/individuals/TFN/{TFN_individual}/heartbeat?context="TAN=56629015"

TFN: Any TFN not listed in the other authorisation test scenarios

Response information

Error/message type: Information message

HTTP status code: 200

Response code: N/A

Message:

Successful heartbeat response - for example:

{
  "data": {
    "systemTimeUTC": "2022-06-22T06:00:40Z"
  }
}