These guidelines provide examples for where the consumer authenticates using the data holder’s app.
Overview
Redirect to App provides a faster, safer and more convenient way for consumers to authenticate with a data holder before sharing their CDR data. When a consumer has their data holder’s app installed on their device, this flow streamlines authentication and improves security while also reducing friction.
To support this, data holders must use a separate issuer identifier for each app they provide — as set out in the Authentication Flows section of the Security Profile Standards and the Decision 369 Explanatory Document. In some cases, this may mean using different identifiers for different customer groups, e.g. retail vs. business customers. Where data holders offer multiple apps across lines of business, each brand must be represented independently in the CDR Register so ADRs can direct consumers to the correct app during consent.
Data holders should align these choices with how consumers already interact with their services and brands across existing digital channels.
All data holders and data recipients must implement the relevant redirect to app and authentication standards by 10 May 2027. If implemented prior to this date, CDR participants will also need to meet other relevant standards, including Fallback Authentication Flows, unless otherwise stated.
Wireframes and guidelines
Note: The wireframes shown are examples of how to implement key rules, standards, and guidelines. Use the on-screen functions to adjust zoom level or expand the wireframes to be viewed at full screen.
The following wireframes show a basic example of Redirect to App.
Download open source asset
Open sources design assets are created in Figma for the purposes of assisting implementation. This Figma file contains annotated wireframes and working prototypes for Redirect to App.
Item | File | Date released | Version introduced |
|---|---|---|---|
Mar 18, 2026 | 1.36.0 |
For past versions, refer to Change log.
About this page
References
The artefacts on this page were informed by the following sources.
Title | Author | Date published | URL | Type |
|---|---|---|---|---|
Australian Competition and Consumer Commission (ACCC) | Mar 10, 2026 | Guidance | ||
Data Standards Body (DSB) | Dec 11, 2025 | Consultations | ||
Data Standards Body (DSB) | Nov 28, 2025 | Consultations | ||
Data Standards Body (DSB) | Jun 5, 2025 | Consultations | ||
Data Standards Body (DSB) | Apr 4, 2025 | Consultations | ||
Data Standards Body (DSB) | Aug 29, 2023 | Consultations | ||
Data Standards Body (DSB) | Aug 29, 2023 | Consultations | ||
Data Standards Body (DSB) | Jun 21, 2023 | Research | ||
Data Standards Body (DSB) | Mar 17, 2023 | Consultations | ||
Data Standards Body (DSB) | Dec 15, 2022 | Research | ||
Data Standards Body (DSB) | Dec 7, 2022 | Consultations |
Last updated
This page was updated @Sep 22, 2025
Have your say
Community consultations and maintenance are part of our ongoing process. Here’s how you can get involved:
- Request new Guidelines or changes to existing Guidelines through the CX Guidelines Consultation process
- Request new Standards or changes to existing Standards through the Standards Maintenance process
- Log a ticket for any questions about the rules, standards, or guidelines through the CDR Support Portal
- Email your feedback to cx@dsb.gov.au
Quick links to CX Guidelines: