deprecated

Upcoming change to Akahu API response codes

Upcoming change impacting all Akahu enduring connectivity customers

Akahu is making a change to the status code returned from our enduring account connectivity API when an invalid or revoked access token is used. Currently, Akahu returns a 403 response code for requests that include an invalid or revoked access token. As of Monday September 2nd 2024 10:00am NZST our API will instead begin to return a 401 response code for these requests.

Handling this response code correctly ensures that your application is able to accurately reflect the state of your users' Akahu connections. Failure to do so may result in inconsistent application state and increase your customer support load.

Migration process

Your application most likely already includes a check for a 403 response status code:

if (response.status === 403) {
  // User has revoked Akahu access
}

Step 1: Proactively prepare your application for the upcoming change by checking for a 401 status code in addition to the current 403 check. You can do this any time before September 2nd:

// TODO: Remove the 403 check after September 2nd 2024
if (response.status === 403 || response.status === 401) {
  // User has revoked Akahu access
}

Step 2: After the September 2nd change has taken effect, remove the legacy 403 check:

if (response.status === 401) {
  // User has revoked Akahu access
}

⚠️ It is important to complete both steps of the migration: Akahu uses 403 response codes for a range of other authorisation related errors (which is the reason for making this change). Continuing to interpret 403 responses as a revoked access token beyond September 2nd may lead to your application disposing of valid Akahu access tokens. Customers on a per-user billing plan will continue to be billed for valid access tokens unless they have been explicitly revoked.

If you have any questions regarding this change, please contact [email protected] or your usual Akahu point of contact.

Thanks for your help in making this update seamless for your application and your users.