ato.gov.au
The Australian Taxation Office (ATO) is Australia’s national tax authority. It provides digital services and APIs for software providers and businesses to interact with tax, superannuation, and related government systems.
ATO exposes multiple developer-facing HTTP APIs via its API Portal, including Health Check, SMSF Alias Lookup, OAuth Dynamic Client Registration, plus the catalog-confirmed Business Registries API; ATO portal APIs use a consumer API key together with OAuth/M2M authentication, while Business Registries documents API-key auth.
- Business Registries APIdiscovered
- Health Check APIdiscovered
- SMSF Alias Lookup APIdiscovered
- OAuth Dynamic Client Registration APIdiscovered
Create an API Portal account and team app in the ATO API Portal getting started guide. After creating a team app and subscribing it to APIs, open the team app to retrieve its consumer key (API key). Sandbox keys are available after team app creation; production keys are available after requesting and receiving production access as described in How to use our API portal services.
For production, first register a software instance with the OAuth Dynamic Client Registration API to obtain a unique client_id. Then use an ATO-recognized machine credential as described in Client Authentication: directly connected software uses the business client's machine credential, while online service providers use their own. The machine credential is created via the ATO/RAM guidance linked from that page; you then extract the certificate/private key, sign a private key JWT, and exchange it for OAuth access tokens from ATO SSO/IdP. Sandbox testing uses the test credentials documented on the client-authentication page.
conventions · 0/8 published
- integrations.json✗
/.well-known/integrations.json - llms.txt✗
/llms.txt - API catalog✗
/.well-known/api-catalog - OpenAPI document✗
/api/schema/, /openapi.json, /swagger.json, /api/openapi.json, or /v1/openapi.json - MCP server card✗
/.well-known/mcp/server-card.json - OAuth protected resource✗
/.well-known/oauth-protected-resource - Agent card✗
/.well-known/agent-card.json - Agent skills✗
/.well-known/agent-skills/index.json
Publish these signals → /publishing