SuperAPI Fund Implementation Overview
This guide provides an overview of how the SuperAPI product integrates with a super fund. It is not intended to be a detailed implementation guide and therefore contains no specific technical details about how to integrate SuperAPI. However it does serve as an overview of the integration process so that the effort and time required to perform the implementation can be estimated easily and accurately.
This document can be read by anyone and contains no sensitive information. Those that will get the most out of this document are:
- Software engineers or managers of software engineers working at superfund's
- Anyone who requires an understanding of the scope of effort required to implement SuperAPI.
What is Super API?
SuperAPI is a platform that integrates super funds and HR software products together by providing a service which allows HR software products to easily onboard employees that need to make superannuation selections.
The SuperAPI platforms allows your fund to:
Display to the employee details about your fund if they are a member when they are starting a new role at a company.
Be shown to employees that are new to the market or those seeking a new fund.
Be shown as the default fund of an employer to users making a super selection choice.
Get leads from members that are interested in rolling over their funds.
Provide additional information about your fund to those that are reselecting or joining your fund.
Getting help
Stuck with something and need help? Please contact us at [email protected] or by phone at 0405 472 748 (Sam)
Document terminology
Throughout this document, we will use consistent terminology to represent the actors or actions involved in our software integration. The following table provides a quick reference to these terms:
| Term | Description |
|---|---|
| SuperAPI | The authors and maintainers of the SuperAPI Embed |
| SuperAPI Embed | Our embedded super selection tool |
| 3rd Party Software | The software product that hosts the SuperAPI Embed and shows it to Employees |
| Employee | The individual making a super selection via the SuperAPI Embed |
| Employer | The organisation that employs the employee |
| Onboarding Session | An instance of an Employee onboarding, usually to make a super selection |
| SuperAPI JavaScript Library | A JavaScript library enabling 3rd Party Software developers to easily integrate their product with our super selection tool. |
| 3rd Party Software API Key | A secure token provided during the setup of an integration with SuperAPI. All server to server requests to SuperAPI must include this API Key. |
| Super Fund Partner | A super fund that has partnered with SuperAPI to engage with Employee's when they make a Super Selection Session |
| Member | An Employee that belongs to a Super Fund |
An example super selection
The following diagram details how the SuperAPI bridges between Super Funds and Employers.
Here we can see the following steps:
- Our 3rd Party Software partner sent us an Employee who needed to select which super fund they belong to, we created them a Super Selection Session
- We check with the Super Fund Partner's linked to SuperAPI if they have an existing account for the Employee making a Super Selection Session
- They return to us if they have a Member that matches that user making their super selection.
- In the case that an Employee wants to join your fund, we send you details about them and you provision a new member account for them.
- We turn the final payload to the 3rd Party Software, they now have all the details required to ensure payroll can be paid by the Employer to the Employee.
How do we integrate funds?
Super funds are integrated into SuperAPI in two ways. You may provide one or both of these integrations. Implementing both will ensure that you get the full value out of the SuperAPI integration.
We have some flexibility in the way that these fund integrations are performed and can conform to an authentication / authorisation system that may already exist. All integrations require two high level touch points however, these are:
Member lookup (Retain)
The first integration is the ability for us to lookup and find if a member exists. When a 3rd Party Software requires a user to make a Super Selection Session they will send us a payload of details about the Employee. Before they send us these details, they have verified that the user owns the email address and phone number associated with that user. We then use these authenticated details to check with each of the funds that have a link with SuperAPI, if a Member with those details exists. If a member does exist, we show these details prominently to the user making it easy to reselect the fund.
Member creation (Grow)
The second integration is the ability for us to create a member within the fund. This is used when the user decides to join a new fund. They might be new to the workforce or looking for a change. In both cases, it is possible for the user to select a super fund and register as a new member. The purpose of the integration is to register the employee as a new member with the fund, and return the necessary details in order to populate the employer's payroll system with enough information to begin making employer contributions to the super fund.
Creative
When integrating into SuperAPI your funds creative will be used according to its brand guidelines. Please supply any creative, brand kits etc to us when the implementation process starts.
Implementation timeline
A typical implementation into SuperAPI can occur very quickly if APIs are already available for member lookup and creation, provided they follow standard best practices.
Security
As we are dealing with personally identifiable information, the security of the SuperAPI system is paramount. Therefore, we have adopted the following security posture:
Platform
Our platform implements security best practices where possible. While not currently ISO27001 certified, we are in the process of achieving this accreditation and expect to have it in place early next year. A security framework like ISO27001 is not enough by itself to guarantee a secure system and as such, we implement best practices from within the software engineering industry that may not be explicitly mentioned in the ISO27001 framework. A good example of this is code signing to ensure that all code integrated into the product originates from a developer that possesses a unique key which identifies them as the code author.
To gain an overview of our security implementation, please see our Security FAQ
Sensitive data handling and retention
A question we get asked frequently is around how we handle sensitive data in our system, sensitive data being both PII data (names, addresses etc) and government issued unique identifiers, i.e. TFNs. In short, we hold onto this data for the shortest amount of time possible (usually measured in minutes) that is required for us to perform our super selection process and satisfy our legal requirements around auditing. Where we manage data that can't be deleted, e.g. login attempts, we take great care to ensure that the data logged is stripped of identifiable information.
To explore this in greater detail, please see our Data Retention Policy
Support
If you need to contact us for support, questions or anything at all related to the integration of your fund into SuperAPI, please reach out to [email protected] or simply call us, 0405 472 748.