Support

For PRISMS information, see PRISMS Provider User Guide.

Onboarding

Contact the PRISMS API Support team via email at prismsapi@education.gov.au for any questions, for example, related to the PRISMS High Level Cyber Security Questionnaire [260 KB], User IDs, Client API Security Credentials, Subscription Key.

During assessment of your request, you may be asked additional questions for further clarification or information.

Staging Environment

The first level of support is provided through PRISMS APIM Portal in the Developer Guide, API page. See also Frequently Asked Questions (FAQs), below on this page.

Second level support is provided by the PRISMS API Support team via email at prismsapi@education.gov.au.

For API connection issues or errors in calling the PRISMS API the software vendor should fill out the Technical Queries Form [Word 30 KB] and email it to prismsapi@education.gov.au.

The PRISMS API Support team have access to the API Technical Team, if required.

Production Environment

The first level of support is for education providers is provided through your vendor, for example if the attended login fails or if you receive error messages out of the API calls.

Subsequent levels of support will be coordinated through your vendor to the PRISMS API Support team via email at prismsapi@education.gov.au

Vendor support will be provided as per the Staging Environment Support. Please refer to the APIM Portal Developer guide and APIs.

Service request response times

Service requests that can be answered by the PRISMS API Support Team will usually be responded to within approximately 1-2 working days.

Please note for the “Create and approve a Confirmation of Enrolment" documentation in the APIs tab, the statement “and sector is not School or VET” does not apply for the following:

initialPrePaidTuitionFromDate - description states

Initial Pre-Paid Tuition From Date

The date for which the tuition period for the initial prepaid fee begins.

Required when the provider is not public or is not listed as Table A in the Higher Education Support Act 2003 (HESA), unless 'initialPrepaidTuitionFee' is $0.

Must be within 'proposedCourseStartDate' and 'proposedCourseEndDate'.

initialPrePaidTuitionToDate – description states:

Initial Pre-Paid Tuition To Date

The date for which the tuition period for the initial prepaid fee ends.

Required when the provider is not public or is not listed as Table A in the Higher Education Support Act 2003 (HESA).

Must be within 'proposedCourseStartDate' and 'proposedCourseEndDate'."

Frequently Asked Questions

Q -What is a ClientID?

A: The Client ID is a unique text identifier assigned by the Department for authenticated access to the PRISMS APIs in the staging environment.

Software vendors, or providers with their own software, will receive two ClientID's, one for a mock Public Provider and the other for a mock Private Provider, to develop and test the PRISMS APIs in the staging environment. There are minor differences in API rules between Public and Private Providers.

Providers for production will receive the appropriate Client ID, either Public or Private, that will allow authorised access to the PRISMS APIs in the production environment. Do not share your ClientID (other than with your vendor if you use one) as it is considered sensitive information.

The Client ID's are provided to you in the Welcome Pack.

Q- What is the Australian Government Relationship Authorisation Manager?

A- Relationship Authorisation Manager (RAM) is an authorisation service that allows you to access government online services on behalf of a business. Additional information on how to set up RAM based on your role can be found at Relationship Authorisation Manager.

Q - How do I use the Relationship Authorisation Manager (RAM) and when should I use it?

A - Have a look at this document for clarification: RAM Certificate Operations

Q- Who can access the PRISMS API Staging Environment?

A- User accounts will only be issued to personnel of organisations that have been invited to participate in the Staging Environment by the Department on return and assessment of the High Level Cyber Security Questionnaire and Sign-up pack. User accounts take the form of a vendor developer account – these user accounts and ClientID must not be shared outside the organisation.

Q- How do I provide my feedback or report issues?

We would love to hear from you. To provide feedback, send us an email at prismsapi@education.gov.au. For technical issues and queries complete and attach the Technical Queries form [Word 30KB].

Q - Are there any rate limits on the APIs?

A - Yes. The rate limit is set to 11 requests per second per subscription. When the rate is exceeded, you will receive an error message "429 Too Many Requests response".

Q - Do you use REST or SOAP APIs?

A - We use REST APIs.

Q - What are attended or unattended flows?

PRISMS API uses standards based (OAuth) authentication using Azure B2C as the secure token service to gain access to PRISMS services.

PRISMS API supports two authentication flows:

  • Attended - This mimics the PRISMS UI operations requiring users to authorise and then capture the User ID against required transactions e.g. CoE create. This workflow verifies the credentials for a user to access PRISMS API by logging into PRISMS using their email address, password and MFA in a web page. See process flow PRISMS API Attended Flow [PDF 85KB].

  • Unattended - This workflow verifies the credentials for an organisation and/or CRICOS provider to access PRISMS API using an ATO/RAM signed X509 certificate without the human interaction. See process flow PRISMS API Unattended Flow [VSDX 152KB].

Q - What User ID do I use for attended flows?

  • In the Staging Environment you will receive 2 mock User IDs for COE-Create and COE-Admin for each of the mock Public and Private Provider, which will be used for your attended API flows.

  • In the Production environment the existing User IDs in the PRISMS UI Website for CoE-Create and CoE-Admin User IDs will be used for your attended API flows.

Q - What PRISMS APIs support attended or unattended flows?

Every PRISMS API endpoint supports the Attended authentication flow. API Requests where addresses contain "/v1/providers/" will request the Attended authentication flow.

PRISMS API has limited support for the Unattended authentication flow for an API endpoint.

All reference endpoints, where addresses begin with “/v1/reference/”, support the Unattended authentication flow in addition to the Attended authentication flow.

Q - How do I use attended or unattended flows?

You can obtain all the PRISMS API reference data using the Unattended authentication flow to build your application UI without needing to provide user credentials for PRISMS.

This will allow you to delay the interactive Attended authentication flow process until when it’s needed, at the point where the data needs to be submitted to PRISMS.

Q - Where do I obtain OpenAPI schemas?

A - Go to the APIs tab.

Select the appropriate API whether Prod or Staging

You will see a combo box like this at the top. Select it to identify the export options:

Q - What is a subscription key?

A - A subscription key enables access to an API. It is unique to an organisation and/or CRICOS education provider.

The subscription key is required to access the APIs.

Q - How Do I create a Subscription Key?

After logon, go to the Product page, select the appropriate Staging or Production product and create your Subscription Key. Click the checkbox to agree to the Terms of Use, and click the Subscribe button. Please name the subscription key using the following template "PRISMS _YOURORGNAME_CLIENT ID". Once created you will see you Subscription Key in the Profile page.

Q - Does a subscription key expire?

A - No. Subscription keys do not expire.

Q - How do I use a subscription key?

A - Subscription keys must be passed in the header of every request you make to an API.

Go to your profile page to see the value of the created Subscription key, for example:

Three export formats are supported:

• YAML - Yet another markup language

• JSON - JavaScript object notation

  • Two schemas are supported.

    • Open API 3

    • Open API 2

• WADL - Web application description language

Put the primary key value in the API header for the Ocp-Apim-Subscription-Key.

You should generate a unique subscription key for each Provider.

Q - What is a CoE ?

The Certificate of Enrolment (CoE) provides evidence of a student’s enrolment with a provider registered on CRICOS. This evidence is required before the Department of Home Affairs issues a student visa.

The PRISMS APIs currently support CoE Creation and CoE Confirmation.

There are a number of details requested in the API required to create the CoE including:

• Student Details e.g. name, address, date of birth, etc

• Student identification details e.g. passport number, passport country

• Any prior Visa details

• Course details e.g. CRICOS Course Code, location, proposed date start and date end

• Tuition fees e.g. total fee and any prepaid fee

• Provider Arranged Overseas Student Health Cover

• English Language Proficiency details

• Welfare Arrangements and Parent/Guardian Contact (for Under 18 students)

• Student contact details

• Agent details where applicable

Once a CoE is approved, the provider sends the CoE certificate to the student. The student provides the CoE certificate to the Department of Home Affairs with their student visa application.

At any time after the CoE is created the CoE Conformation API will return the CoE Status. Once a decision is made on the visa application, the decision is displayed in PRISMS.

For more details on the CoE Creation or any other functions of PRISMS see the PRISMS Provider User Guide.