Skip to main content
All CollectionsIntegrations Organization integrations
Changes to custom API integrations (August 2022)
Changes to custom API integrations (August 2022)

Using your API keys for custom integrations

Dalibor Ivkovic avatar
Written by Dalibor Ivkovic
Updated over a week ago

Salestrekker has an extensive API functionality that makes possible to connect to other applications in several ways:

  1. Integrations managed by Salestrekker (those you can see in Salestrekker settings);

  2. Integrations managed by Zapier (Salestrekker manages interactions with Zapier);

  3. Custom integrations using organisation's API keys (integrations where you or your admin gave API keys to another technology provider).

We are making several changes which will affect the item #3 above - custom integrations (there will be no changes to items 1 & 2):

  • From 12th August 2022, Organisation's API keys will only be visible to Salestrekker team members

  • When signing to Salestrekker, you acknowledge that you accept our Terms of Use that now contain an API clause.

Impact to the existing custom API Integrations

  • All existing custom integrations will cease to operate on the 3rd September 2022 as the associated API keys will be reset

  • Ensure aggregator endorsements are obtained for the current custom API integrations that need to remain active after the 3rd September 2022

  • You will need to complete the New API Integration Request Form for any custom API integration (note: New API keys will not be released for un-approved custom API partner integrations)

The reasons for this change are as follows:

  • Having an open API means that we do not necessarily have a full visibility and understand the extent to which external parties are integrated with Salestrekker or to what purpose they use Salestrekker API for;

  • To ensure all API partner integrations are approved by your aggregators or by lenders;

  • To ensure all integrated partners have adequate data security and privacy controls in place;

  • Your Privacy Disclosure document might not adequately deal with these integrations;

  • We are becoming a Consumer Data Right participant, meaning we need to have a control over which details will be appropriate to be shared via external API;

  • Unrestricted/uncontrolled use of APIs can lead to system performance degradation;

  • We experienced increased maintenance requests and increased running costs due to inappropriate use of API keys.

What happens when you (a broker) want to integrate to another technology provider?

  • API partners will need to be approved for integration and sign an API agreement with Salestrekker;

  • API partner integrations will need to be approved in writing by your aggregator (unless you are using generic Salestrekker (app.salestrekker.com);

  • You will need to complete the New API Integration Request Form;

To approve API partners, we typically ask the following:

  • A proof of current ISO27001 or SOC2 Type 2 certification. Where organisation doesn't have ISO27001 or SOC2 Type 2 certification, they need to provide a current Data Security Policy and approximate date when will organisation be certified with ISO27001 or SOC2 Type 2.

  • An explanation of where data used by API partner is stored. When data ins't stored in Australia or New Zealand, we need to understand how are broker's customers notified of the cross-border data flows, as per the Australian Privacy Principles.

  • A document describing the nature of integration, details of which fields will be consumed through the integration and expected frequency of calls made to Salestrekker.

  • The best suited point of contact for all communications/escalations.

  • Signed API agreement with Salestrekker, that includes a maintenance fee (typically annual upfront payment or a hourly fee).

If you have any questions regarding above, please do not hesitate to contact us via help desk chat or email.

Did this answer your question?