For all connection methods, you need to submit the name of the product as marketed to users. If your application is built for internal use or you’re using a white-labelled product, you need to submit your company name.
Gov-Client-Local-IPs-Timestamp
For all connection methods, you need to submit a timestamp that shows when Gov-Client-Local-IP is collected.
Gov-Client-Public-IP-Timestamp
If your application connects to HMRC via a server, you need to submit a timestamp that shows when Gov-Client-Public-IP is collected.
More information about the data format and examples will be provided in the updated specification.
You need to update the format of 2 headers
These are existing headers applicable to some connection methods:
Gov-Client-Device-ID
This must be submitted as a universally unique identifier (UUID). This helps to check IDs are unique and track them across multiple requests.
Gov-Client-User-Agent
This must be submitted as a key-value structure.
More information about the data format and examples will be provided in the updated specification.
We have improved some descriptions
We have clarified some details in these existing headers:
Gov-Client-Local-IPs
To help with the new Gov-Client-Local-IPs-Timestamp header, we’ve added an explanation of when to collect the value.
Gov-Client-Multi-Factor
If your application uses multi-factor authentication (MFA), there is a minimum format for the timestamp but we will also accept seconds and milliseconds.
Changes required by 30th June 2021