Frequently Asked Questions


How do I get my own API key?

  1. Login or register
  2. Go to My Apps
  3. Select Add a new App
  4. Complete App Name field (mandatory)
  5. Select the product (API) you want to use
  6. Select Create App
  7. Your App to be automatically approved for compliance. You'll receive a notification via email that your App has been approved
  8. Select your App
  9. You'll see your API key under the consumer key field

Can I send a request without registering?

Yes you can. As all API requests need an API key, we've made available a "test" API key in certain APIs. It can be used without having to register an account or an application.

The 'test' API key for HCSS is 6HoTt9GsONTE6eli2LGZVa0vVYfJa1VN. You can also find it next to the API key field in Our APIs/specific API/endpoint description.

We'll issue your own compliance API key once you register an app for a one of our APIs.

You must apply for access to production with the ACC Digital Operations team. Use the Contact page to apply. Select "Request production access" in the 'What are you contacting us about'- field. The Digital Operations team will contact you to discuss the process of submitting data to production using your app.

The API you're using determines what this process will involve. We look at: 

  • do you need specific authorisation to an API in production?
  • do we need to talk to another team in ACC to streamline the onboarding process for your customers?
  • Has all the required testing been completed to an acceptable level?
  • How are you communicating the new app benefits to your customers?
  • When will the new app be available to your customers?

No, you can't upload attachments when transferring data.

The requesting Business Unit must identify the target destination of the data and provide the IDE product team with the location of the repository e.g. (I:) Drive

The PETA (PTA) is used at a high level to:

  1. Identify the potential effects that a project or proposal may have upon the privacy of personal information
  2. Identify the potential effects that a project or proposal might have upon the wellbeing of the people involved
  3. Examine how any ethical concerns or detrimental effects on privacy might be mitigated.

The Data Sharing Agreement is a formal agreement between the parties planning to exchange data. It covers what data is being exchanged, the format of the data, using the data exchange as a channel, the reason for exchanging data, the period of the agreement, etc. It provides evidence of consideration by the data sharing parties that they are permitted to share the data cited.

The SIA’s role is to support the social sector to improve decision making. SIA will therefore only get involved if a third party organisation is part of the social sector or is sharing data to improve the wellbeing of New Zealanders.

  1. Data Sharing Agreement:
    Data Sharing Agreement must be in place between the parties intending to share data.
  2. Privacy:
    A Privacy Threshold Analysis (PTA) must be undertaken. There are scenarios where one PTA document can cover a group of different scenarios.
  3. Security:
    An addendum to the Security Risk Assessment (SRA) must be approved. The addendum covers the same information as the PTA but it is required for security purposes.
  4. Service Provider:
    The 3rd party must create a connection (Agent) on their platform to transmit data to EightWire’s data exchange platform.

Each connection has to be configured and setup. This configuration is done by Datacom at a charge of approximately $1000.

Provided the information in the application form is complete, the process to on-board takes approximately seven working days.

The Social Investment Agency (SIA) has undertaken a privacy impact assessment of EightWire’s Data Exchange (DX) which underpins the IDE. The DX has been certified and accredited for the transfer of information classified under the New Zealand Government Security Classification System as SENSITIVE.

If the format of data changes regularly and there is no need for real-time transfers, then IDE would be the most suitable and cost-effective solution. For systems that need real-time, transactional type data transfers, where the format of the data never changes, using Application Programme Interfaces (API’s) instead of the IDE would be more beneficial. To ensure the correct transmission mechanism is selected as per your need, we suggest that you consult with a Solutions Architect..

IDE has been developed to receive data up to sensitive level from any 3rd party.

The Inbound documents API will currently accept one document per submission up to 20 MB in size.

This depends on the speed of your internet connection, however, please see below for the average submission times for different size documents.

  • 3MB ~3 seconds
  • 5MB ~5 seconds
  • 10MB ~8 seconds
  • 15MB ~12 seconds
  • 20MB ~15 seconds

The API will only accept one file per submission.

If you wish to submit multiple documents for the same client, these can be combined into one PDF file (no greater than 20MB) and submitted as a single submission.

As at the end of March 2023 you can submit the following sets of documents using this API:

Discharge and Operation reports


Extension of treatment requests – ACC32


Guided Injection requests


High Tech Imaging


Radiology reports


Specialist / GP / Other treatment provider notes


Surgery requests and documentation



Forms / documents available for submission from mid June 2023 are:

Whilst this appears to be a large number there are multiple forms that are used across multiple groups, and these will become available to all groups as they become developed.


Note:  Characters in brackets denote the first characters in the document naming conventions as shown in the Inbound Documents - File Naming Standards.

  • For MMEXDISOP files it must contain the document type (either ‘Notice of Discharge’ or ‘Operation Notes’).  
  • For MMEXESHTI and MMEXSPECR records it must be blank.

No, our preference is for this to be UPPERCASE.

Yes, you can submit the file for the client, however, you would need to enter '000000000' in the NHI field.

Yes - the API will accept PDFs with colour.

You would need to email Digital Operations and provide the file creation date and time as well as the runID.

If you are unable to submit a document after troubleshooting the error(s), please contact your PMS support team to discuss.

You need to have a valid Digital Certificate to access our digital services. To apply for a new digital certificate, please email

The API will provide an error message advising the document type is not supported.   


Only PDF formatted documents are supported at this time.


Any further issues contact for assistance.

Assessment type:

  • For MMEXDISOP and MMEXSPECR it must be blank.
  • For MMEXESHTI must contain the Assessment Type (e.g. "Radiology Xray"). 

Body site:

  • For MMEXDISOP and MMEXSPECR must be blank.
  • For MMEXESHTI must contain the body site that the assessment relates to (e.g. " MRI LUMBAR SPINE").