Akahu’s purpose is to give consumers control of their data. We want to work with reputable third party developers who deliver on that purpose through their products.
Akahu Policies set our expectations of minimum standards for developers that use our services. Accredited developers must:
Note: We update our policies from time to time. If we update or create a new a policy, we will notify accredited developers by email. If you are required to comply with Akahu Policies (as an accredited developer or as a provider of a service that integrates with an accredited developer and interfaces with consumers) you can object to the change by notifying us in writing at email@example.com within 14 days of the date that we notify accredited developers of the change. If you object to a change, we will discuss your concerns with you and use reasonable endeavours to resolve the issue. However, this does not relieve you from any contractual obligations to comply with the updated Akahu Policies.
We want to ensure that consumers are well informed when making decisions about how to connect and derive value from their data.
To become an accredited developer, we require a dedicated page on your website to explain the relationship between your product and Akahu, and provide enough detail for consumers to choose whether they see value in connecting their data to your product via Akahu. This guide outlines the requirements for the page, which must be discoverable from the navigation on your site.
Describe your product
Describe your value proposition. Clearly explain the problem your product solves and/or the specific benefits it delivers.
Describe the way your product uses Akahu
Describe the benefits your customers will get from connecting their accounts to your product through Akahu.
Describe whether the connection is one-off or ongoing.
Describe any data that you collect, and how you use it.
Include this description of Akahu, along with a clear Akahu logo:
Akahu is an open finance platform, focussed on New Zealand.
Akahu makes it simple to connect your accounts to trusted products. If you choose to connect accounts via Akahu, you can manage those connections at my.akahu.nz.
Find out more about Akahu here. [include a link to akahu.nz]
You must ensure that any data exchanged via Akahu or held in your systems are processed and stored securely. Below are the minimum standards that we expect.
All relevant risks identified in the OWASP Top 10 list are appropriately addressed.
All relevant controls identified in the CIS Controls list are appropriately addressed.
Server-validated multi-factor authentication for user device registration (or user login for web apps).
Provide evidence to Akahu of a relevant and competent penetration test.
We strongly recommend that you undertake an external penetration test at least every 12 months during your accreditation.
Akahu will review your Privacy Notice to check that the intended use of Akahu is described.