Authentication and Authorisation

The USI Registry System uses a combination of an Organisation’s ABN and OrgCode for authentication and authorisation to establish web service connections.

Software Developer Kit (ADK)

Two developer kits are needed – an Authentication kit and a USI kit.

Authentication Kit

For all enquiries relating to the Authentication kit, please contact the Digital Partnership Office (DPO) at dpo@ato.gov.au.

USI Kit

Complete the USI Developer Kit application form and send it to IT@usi.gov.au.

You will then be issued the USI kit including:

  • USI Web Service Technical Services Contract
  • The current version of the Security Token Service – Service Definitions
  • The USI Algorithm
  • Connection Instructions
  • Machine-to-Machine (M2M) authentication and organisation codes for the test environment.

Connecting to the USI Registry System

When accessing the USI Registry System an organisation is authenticated. The Org code is submitted to the USI Registry System, and checked that it:

  • is registered in the USI Registry System
  • has an ABN that matches the certificate generated from authentication credentials
  • has been authorised to use the USI web services by the Student Identifiers Registrar
  • is of the correct organisation type (training organisation or other VET related body) to use the called functions.

If you need additional information you can email it@usi.gov.au

Obtaining Machine-to-Machine (MSM) authentication

For web services, Machine-to-Machine (M2M) authentication is used. To be issued with M2M, an organisation and its staff must first set up a myGovID and Relationship Authorisation Manager (RAM). 

Authentication options

Desktop software

Training organisations will download software to their own environment and use their M to secure their M2M credential secure their transactions to the USI Registry System.

Cloud software

The Cloud Software Authentication and Authorisation (CAA) solution allows software developers (SWDs) to design and implement a solution for clients using cloud enabled software to securely communicate information with the Office of the Student Identifiers Registrar.

An RTO using cloud-hosted services does not have to obtain their own M2M credential. The host service provider is required to use their M2M credential to authenticate a connection to the USI Registry.

After obtaining a digital identity and claiming their business in Relationship Authorisation Manager (RAM), the business associate of an RTO needs to access RAM and nominate the host service provider submitting transactions on their behalf.