Docs

Implementation overview

This document outlines how SuperAPI integrates with a super fund. It is aimed at software engineers, engineering managers, and stakeholders at super funds who need to scope the work involved before committing to an implementation. For implementation specifics, follow the links through to the dedicated guides.

What is SuperAPI?

SuperAPI connects super funds to HR and payroll software, letting employees make their superannuation choice during onboarding and helping employers set their default super fund. A single integration puts your fund in front of both employees and employers across every partner platform we work with.

How fund integration works

A SuperAPI integration is built around four capabilities. Each plugs into your existing authentication and authorisation framework, so no major changes are needed to your current systems. You can implement them individually or together; adopting all four unlocks the full value of the platform.

  • Retain confirms whether an arriving employee is already a member of your fund and surfaces their existing account so they can keep contributing to it. See the Retain guide.
  • Grow registers a new member in real time when an employee chooses to join your fund, delivering verified personal data at source. See the Grow guide.
  • Default Activate recognises employers that already use your fund as their default and confirms that relationship during employer onboarding. See the Default Activate guide.
  • Default Win helps your fund be selected when an employer is choosing a default super fund. See the Default Win guide.

Benefits to your fund

  • Member retention at job change. Members are most at risk of leaving a fund when they change employer. Retain catches them at exactly that moment and keeps them in your fund.
  • New member acquisition. A single integration places your fund in front of employees making a super choice across every HR and payroll platform we partner with.
  • Reduced account proliferation. SuperAPI matches employees back to their existing memberships before creating new ones, cutting down on duplicate accounts and lost super.
  • Verified data at source. Registrations arrive with identity, TFN, and contact details already validated, reducing manual cleanup, follow-up correspondence, and back-office cost.
  • Default fund relationships. Default Activate and Default Win do the same job at the employer level, helping you keep the employers that already use your fund as their default and win new ones when employers are choosing a default.

Branding

When your fund integrates with SuperAPI, its branding is presented exactly as specified in your brand guidelines. Please supply logos, colour palettes, typography, and any other creative material at the start of the project so our design team can prepare the interface.

Implementation timeline

Where APIs for member lookup and creation already exist, a SuperAPI integration can usually be completed in a few weeks. If new endpoints or changes to authentication are needed, additional time will be required. We will agree a detailed plan and timeline with your technical team during project initiation.

Security

Protecting personally identifiable information is central to the SuperAPI platform. We are ISO 27001:2022 certified and conduct annual penetration testing.

Security features

  • Encryption in transit and at rest across all services
  • Role-based access control with least-privilege defaults
  • Continuous vulnerability scanning and annual penetration tests
  • Segregated development, staging, and production environments
  • Regular backup and disaster-recovery testing

For an overview of our security controls, see our security FAQ.

Sensitive data handling

Sensitive data, including personally identifiable information and Tax File Numbers, is held in line with our statutory record-keeping obligations under the Superannuation Industry (Supervision) Act. This gives partners a secure repository they can consult when verifying historic events such as an employee's super choice.

All sensitive data is encrypted in transit and at rest. Access is strictly role-based, logged, and reviewed regularly. Operational logs capture only the information needed for security monitoring and auditing, limiting exposure of personal details.

Data is stored solely in Australian data centres certified to ISO 27001 or an equivalent standard. Backups are replicated to geographically separate locations, and the principle of least privilege is enforced across the infrastructure, supported by regular penetration testing.

Getting help

Stuck with something and need help? Please contact us at support@superapi.com.au or by phone on 0405 472 748 (Sam). Have you setup a shared Slack or Teams channel with us? If not, please reach out so we can provide realtime support.

The future of super is embedded

Copyright © 2025 SuperAPI Pty Ltd (ACN: 674 661 244)