Third Party Frequently Asked Questions

Submit an online application. You will receive an email when your application has been received, if additional information is required and when you have been successfully onboarded. Before you submit the application, please make sure you understand the technical, functional, and legal aspects of Enbridge Gas Green Button^® registration and have the necessary infrastructure in place. Our implementation follows Energy Services Provider Interface (ESPI) version 3.3 of the official specification published by NAESB (North America Energy Standards Board). You can purchase the standard from the NAESB website.

Our implementation follows the ESPI version 3.3 standard. It is your responsibility to ensure compatibility with the ESPI version 3.3 standard. Enbridge Gas does not provide support with implementation of the standard. If your system is not compatible with the standard, you won't be able to receive Enbridge Gas customer data. If you do not fully understand the requirements of the ESPI version 3.3 standard, you may need to purchase a copy, which can be found here.

Enbridge Gas uses this information to uniquely identify you and verify the legitimacy of your application.

The scope of use is presented to the customer on the authorization form to inform them of the third party’s intent for accessing their data.

Enbridge Gas uses OAuth 2.0 for authorization as per the Green Button implementation standard which requires use of Notify and Redirect URI. Notify URI will be used to notify you when the files are ready for bulk requests so that you can download the data from the Secure File Transfer Protocol (SFTP) server. Redirect URI will be used to redirect the customer once authorization has been granted.

You must maintain an unexpired, unrevoked Rivest Shamir Adleman (RSA) certificate with a public key length of at least 2048 bits. We use Transport Layer Security (TLS) 1.3 for information exchange and you’ll have to maintain the same as well.

Technical onboarding will start after your application has been reviewed and approved. Once your application details have been confirmed, a member of the Enbridge Gas Green Button team will contact you at the email you provided to start your onboarding and connection testing. The email sent will share additional technical details including client id, client secret and instructions for technical onboarding.

As part of the onboarding process, a member of the Enbridge Gas Green Button team will send an email to the address provided with instructions and the details required to test connectivity.

Once your Application Programming Interface (API) “currentStatus” is “1” you will be able to successfully connect to our data sharing platform.

Visit this link to review the Terms of Use.

We will process your application as soon as we can. Once onboarding is approved, our Green Button team will reach out with more information to complete the onboarding tasks. You will test your API connection using the instructions provided. Once your API has successfully connected, your status will automatically change to Active, and you will now be fully onboarded.

You will be able to start the customer authorization process as soon as you successfully complete API connectivity testing. Recruiting prospective customers to share their data is up to the third party.

API connectivity testing is the last step in the onboarding process. Successful completion of API testing will automatically update your status to ‘active’ in our data sharing platform. If you don’t complete API testing within 90 days of receiving the email from Enbridge Gas, then your application will expire and you’ll have to restart the process by submitting a new application.

Please follow this link and use the “Contact us” option to submit a request to update your information.

Enbridge Gas uses industry standard and Green Button Alliance^™ approved OAUth 2.0 for customer authorization/consent. The customer authorization process starts with the customer contacting the third party. The third party will provide a unique URL to the customer to access the customer authorization form. This will direct the customer to an authentication screen where they are required to confirm their identity using either:

• My Account login credentials, or
• If they do not have a My Account profile, they provide:
  • Account #
  • Postal code
  • Email address

Once confirmed, customer will be presented with the authorization form where they will select:

• Time period of the data - up to prior 24 months.
• Duration of the authorization period – select a specific date, or leave open indefinitely, with the ability to modify/terminate the consent at a later time.
• Data categories - Account, billing and usage details. Select one or combination of the data categories.
• Account(s) – Select one or multiple accounts. Please note, customers who do not have a My Account profile can only authorize one account at a time.

Customers approve the authorization request and get directed back to the Redirect URI where they are presented with the authorization code. Customer will need to provide this authorization code to the third party. The third party exchanges the authorization code for an access token and refresh token. The authorization code is valid for six (6) minutes. The access token is valid for 15 minutes and the refresh token is valid for one year. The refresh token rotates after every use; make sure to save the new refresh token after every new token generation.

The authorization is valid until the expiry date selected by the customer. Customers can set any specific date in the future or choose to share indefinitely. Customers can modify the duration, add an account, or terminate their third party authorizations by logging into My Account and accessing the ‘Share my Data’ tab. Once the authorization expires with the third party, customer would need to submit a new authorization form to begin sharing with them again.

It is recommended to use My Account to create, modify or terminate authorizations with third parties. Customers without a My Account profile can provide authorization using their account #, postal code and email address to confirm their identity.

Customers with My Account may provide authorization for multiple accounts using one authorization form through the link provided, as long as all the accounts are associated with the My Account profile used to sign in. Enbridge Gas does not have a manual process (such as a paper form) to accept bulk authorization.

Where a customer has provided offline authorization, Functional Block 40 (FB_40), Enbridge Gas will send a notification to the third party’s notify URI. Third parties can access the authorization resource endpoint with the client_access_token to retrieve details about scope, validity, etc. Since offline authorization (FB_40) does not use the OAuth 2.0 flow, Enbridge Gas can only provide data for such customers via the bulk API endpoints. Batch or resource endpoints don’t contain any data for offline authorization (FB_40).

A list of APIs provided by Enbridge Gas can be found here.

Our APIs follow Green Button standards. We provide APIs for Application Information, Authorization, Service Status, Resource, Batch and Bulk. We have provided details about tokens to be used for each API and whether we will provide synchronous or asynchronous response. The API description should provide you details about the expected payload.

We support REST for bulk data requests. When you access our bulk API, you’ll receive a 202 response immediately if the request was sent with the correct token. We’ll process your request in a batch mode and send you the Batchlist via the Notify URI. You’ll have to use the URIs from the Batchlist to get the data, and use Client_Access_Token when you access the URIs. Please note that our backend system allows bulk data sharing between 7 a.m. – 4 p.m. ET only. If you request the Batchlist URIs outside of this window, your request will be refused.

A list of the functional blocks supported by Enbridge Gas can be found here. This listing includes the Functional Block #, name and the respective Data Category each is mapped to.