The Consumer Data Right (CDR) is Australian legislation that lets you authorise accredited third parties to receive your banking data directly from your bank, without handing over your password.
How it differs from screen-scraping
Before CDR, many apps relied on screen-scraping: you'd give them your bank login, and they'd log in pretending to be you. That model had three problems — apps held your password, they broke whenever the bank's website changed, and the data flow wasn't covered by a formal regulatory regime.
Under CDR:
- You authenticate directly with your bank.
- You choose which accounts to share.
- Consent is time-limited (typically 12 months) and revocable at any time, from either the recipient app or your bank.
Where Auravest stands
The Up Bank integration uses Up's own API rather than the CDR pipeline directly, but the security model is the same: read-only access via a token you control and can revoke.
Broader CDR coverage across the Big Four and other banks is on the product roadmap. When it ships, it will appear as a new option under Data Sources.
Revoking access
For Up Bank: open the Up app, go to Settings → API → Personal Access Tokens, and revoke the token labelled for Auravest.
Removing the data already imported into Auravest is a separate step — see Exporting your data & deleting your account.