Overview
In this article, we describes the API integration between audit partners and Class.
The one-click audit allows Class administrators to submit an audit request to an integrated audit partner. The request submits the fund to the auditor’s system ready for an audit, and the auditor is then able to provide status updates via Class up until the audit is complete. Upon completion of the audit, the auditor can upload the audit report to Class and mark audit status as completed.
Setting Up Your System
To ensure you are set up correctly, follow these steps:
- Register with Class: Register your system with Class to appear in the External Auditor list.
-
Provide Information: Submit staging and production information for the following:
- The name you would like your system to be listed as.
- The HTTPS endpoint on your system for the initial call.
- An email address to be used for provider login (see "Authenticating to Class" below).
- Your preferred request format (XML or JSON).
- Additional security information if required (see the "Security Considerations" section for details).
- Contact Us: Please contact us to arrange registration.
- Receive Credentials: Class will provide you with your OAuth client ID and secret for each environment. You will also receive your AuditorCode, which is required when calling back to Class.
Using the Class Application
The Class app allows users to
- Select and configure an external auditor for a fund.
- Request / cancel an audit for a fund for a particular financial year
- Monitor the status of an audit on the period update screen (including a link to relevant one-click audit system)
- Download audit documents if the audit provider provided them
- Engagement letter
- Audit report
All audit requests are for one financial year for a specific fund. Bulk audit request functionality is not available.
General call Architecture
A Class administrator will request the one-click audit inbound and outbound flow between the Class application and external systems when an API is called.
"Inbound" refers to API requests from the audit provider to Class, while "outbound" refers to requests sent from Class to the audit provider.
Provide this to your developer on how Class connects via OAuth, please refer to Authentication-and-Authorization using Resource Owner Password Flow.
Actions by the Class Application
When a Class user has completed tax finalisation for an entity, they can then send the entity to a registered one-click auditor. The user can select the relevant one-click auditor and Class will make an outbound call to the selected auditor's registered application. An API POST request is initiated.
The status within the Class UI will change from "Request Audit" to "Pending," indicating that the Class user is waiting for the auditor to accept or reject the request.
Outbound POST Request
Example: https://{api.auditor-application}.com.au/fund/createAuditThe request can use either JSON or XML format
Note: The RequestId below is unique ID that's generated by Class when a One-click Audit is initiated. This should be persisted for interactions with Class. The request links to the specific fund and financial year when the auditor application calls back to Class with updates.
Example JSON Body Request
{
{
"Platform": {
"Id": "Class Super",
"Version": "1.0"
"RequestId": "a9e9cfce-e3b5-4077-b824-77d23a109ae3",
"ReturnUrl": "/api/1.0/f/{businessCode}/{fundCode}/external-providers/{providerCode}/AuditService/submit/a9e9cfce-e3b5-4077-b824-77d23a109ae3"
},
"RequestData": {
"FundCode": "demo-fund",
"BusinessCode": "demo-business",
"UserName": "testuser@testco.com.au",
"ExternalAuditRequestId": "59a0b452-8c67-4696-af9a-c081557c3c09",
"FyCode": "FY2024",
"RequestAction": "Create"
}
}
}
Example XML Body Request
<xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<Platform>
<RequestId>a9e9cfce-e3b5-4077-b824-77d23a109ae3</RequestId>
<ReturnUrl>/api/1.0/f/{BusinessCode}/{FundCode}/external-providers/{ProviderCode}/AuditService/submit/a9e9cfce-e3b5-4077-b824-77d23a109ae3</ReturnUrl>
</Platform>
<RequestData>
<FundCode>demo-fund</FundCode>
<BusinessCode>demo-business</BusinessCode>
<UserName>testuser@testco.com.au</UserName>
<ExternalAuditRequestId>59a0b452-8c67-4696-af9a-c081557c3c09</ExternalAuditRequestId>
<FyCode>FY2024</FyCode>
<RequestAction>Create</RequestAction>
</RequestData>
</ExternalAuditRequestInfo>
Once the request has been initiated the response will be generated back to Class Application with the following:
Example JSON Body Response
{
"Platform": {
"Message": [
"Message1", "Message2"
],
"Warning": [
"Warning1", "Warning2"
],
"Error": [
"Error1", "Error2"
]
},
"ResponseData": {
"ExternalAuditRequestId": "59a0b452-8c67-4696-af9a-c081557c3c09",
"ProviderRequestUrl": "https://{api.auditor-application}.com.au/request?id=12345"
}
}
Example XML Body Response
<ExternalAuditResponseInfo xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ResponseStatus>
<Message>Message1</Message>
<Message>Message2</Message>
<Warning>Warning1</Warning>
<Warning>Warning2</Warning>
<Error>Error1</Error>
<Error>Error2</Error>
</ResponseStatus>
<ResponseData>
<ExternalAuditRequestId>59a0b452-8c67-4696-af9a-c081557c3c09</ExternalAuditRequestId>
<ProviderRequestUrl>https://provider.com.au/request?id=12345</ProviderRequestUrl>
</ResponseData>
</ExternalAuditResponseInfo>
From the Audit Provider's application, there should now exist a ExternalRequestID that is unique and stored within their application. This is used to verify within the Class application's to verify which Audit provider does this Audit request belong to.
The endpoint for External Provider to Call back into Class
Path Variables
| Name | Example Value | Description |
|---|---|---|
| businessCode | demo-business | Class business code |
| fundCode | demo-fund | Class entity code |
| providerCode | ASF | External Auditor Provider Code |
If you're unsure about your provider code please reach out to partners@class.com.au
| Category | Details |
|---|---|
| Environment | Production |
| Request Details | https://api.class.com.au/api/1.0/f/{businessCode}/{fundCode}/external-providers/{providerCode}/AuditService/submit/a9e9cfce-e3b5-4077-b824-77d23a109ae3 |
Example JSON Body Request
{
"BusinessCode" : "{BusinessCode}",
"FundCode" : "{FundCode}",
"ExternalAuditRequestId" : "{ExternalRequestId}",
"ExternalProviderCode" : "{AuditorCode}",
"RequestStatus" : "{RequestStatus}",
"MessageData" : {
"Message" : "A message about the progress of the audit"
},
"FileData" : {
"FileBase64" : "PDF file encoded as base64 string",
"FileType" : "{FileType}",
"FileContentType" : "pdf"
},
"CompletionData" : {
"CompletedDateTime" : "2024-06-30T14:19:38.8584341+10:00"
},
"ErrorData" : {
"ErrorMessage" : "There is an error"
}
}Example XML Body Request
<ExternalAuditProviderRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<!--Mandatory-->
<BusinessCode>{BusinessCode}</BusinessCode>
<FundCode>{FundCode}</FundCode>
<ExternalAuditRequestId>{ExternalRequestId}</ExternalAuditRequestId>
<RequestStatus>{RequestStatus}</RequestStatus>
<ExternalProviderCode>{AuditorCode}</ExternalProviderCode>
<!--Mandatory-->
<!--Optional, some become required depending on RequestStatus-->
<MessageData>
<Message>A message about the progress of the audit</Message>
</MessageData>
<FileData>
<FileBase64>PDF file encoded as base64 string</FileBase64>
<FileType>{FileType}</FileType>
<FileContentType>pdf</FileContentType>
</FileData>
<CompletionData>
<CompletedDateTime>2024-06-30T14:19:38.8584341+10:00
</CompletedDateTime>
</CompletionData>
<ErrorData>
<ErrorMessage>There is an error</ErrorMessage>
</ErrorData>
<!--Optional-->
</ExternalAuditProviderRequest>