Teams

Invite team members to your account with controlled access to the dashboard, test API keys, and sandbox environments.

Getting Started
API Documentation
Company Registration ABN Registration Company Deregistration Business Name Registrations Business Name Renewals Registered Agent Cessation Registered Agent Appointment ASIC Account Transactions Business Accounts PPSR Searches
References

Team Accounts

Business API supports a team model where one account owner manages billing, subscriptions, onboarding, and live API keys, while team members get restricted access for development and testing purposes.

Team management is available from the My Team section on your profile page.

How It Works

1. Invite — The account owner sends an email invitation from the My Team section on their profile page.

2. Accept — The invitee clicks the link in the email. If they don't have an account, they register first. They review the terms and accept the invitation.

3. Access — The team member can now log in and access the dashboard, create test API keys, and submit sandbox requests.

Team Member Capabilities

Can Do

  • View all API requests on the dashboard (live and test)
  • Create test API keys (V2 format only)
  • Submit sandbox requests via the test V2 API
  • View and download invoices
  • Edit their own profile (name, email, password)
  • Leave the team at any time

Cannot Do

  • Create or view live API keys
  • Submit live API requests
  • Access billing or subscription management
  • Manage onboarding or service approvals
  • Invite or remove other team members
  • Use V1 API authentication (standard tokens, OAuth)

API Access for Team Members

Team members can only use V2 API keys in the test environment. All requests are routed through the sandbox and billed to the account owner.

API Path Team Member Access
/api/test/v2/* Allowed with bapi_sk_test_* key
/api/v2/* Blocked team members cannot create live keys
/api/v1/* Blocked V1 not available to team members
/api/standard/v1/* Blocked V1 not available to team members

Sandbox requests are validated but not submitted to government agencies. They appear on the dashboard with a "Sandbox" badge.

Request Attribution

All API requests made by team members are attributed to the account owner for billing purposes. Requests appear on the owner's dashboard alongside their own, and the system tracks which team member submitted each request internally.

Invitations

  • Invitations are sent by email and expire after 7 days
  • The owner can resend or cancel pending invitations at any time
  • A user can only be a member of one team at a time
  • If an invitee already has an active account with a subscription or live API keys, they will be warned that accepting will cancel their subscription and decommission their live keys

Two-Factor Authentication

Account owners can require two-factor authentication for all team members via the My Team settings toggle. When enabled, team members must set up 2FA before they can access the dashboard. The owner can turn this on or off at any time.

Removing Members & Leaving

  • Owner removes a member: The member becomes a standalone account. All their test API keys are decommissioned.
  • Member leaves voluntarily: Same result — they become a standalone account with test keys decommissioned.
  • Owner deletes their account: All team members are locked and their API keys are decommissioned. An admin can unlock them if needed.

Current Limitations

  • One team per member — A user cannot be a member of multiple teams simultaneously. They must leave their current team before joining another.
  • No team member roles — All team members have the same level of access. There are no admin/editor/viewer distinctions within a team.
  • Sandbox only — Team members cannot submit live API requests or create live API keys under any circumstances.
  • V2 API only — Team members must use V2 API keys (bapi_sk_test_*). Legacy V1 authentication (standard tokens, OAuth, publishable tokens) is not available to team members.
  • No billing access — Team members cannot view or manage the account's subscription, payment method, or billing history. Invoices are accessible as Xero links on individual dashboard requests.
  • Conversion is one-way — When an existing account owner joins a team, their subscription is cancelled and live keys are decommissioned. To regain full access, they must leave the team and re-subscribe.