Authentication and Authorization
All API endpoints use BASIC AUTH over HTTPS for authentication. An API Key is supplied as the “user” while the “password” can either be an empty string or not set. API Keys are authorized to a specific scope which entitles them to be used to access specific API endpoints or features.
API Keys should be stored securely as they provide access to your customers financial data
Creating an API Key
An API key can be created via the administration portal or via API call. To create an API key in the administration portal navigate to
API Keys and then select the
Add API Key button
You’ll then be able to enter a memorable name for your API key to reference it later as well as set the scope of functionality the API key should grant access to. Finally you can set the key as active or inactive.
Create new business accounts
List existing business accounts
Update an existing business account, e.g. to deactivate
Ability to programatically disconnect an API connection that a business user has previously authorized.
Detailed information on the status of business account API connectivity
Ability to generate embed tokens
Full read access to the Data API
Full write access to the Data API
Upon selecting Save Changes the API key itself will be revealed but only shown once. You should copy this key and use it to make API calls.
The API key will only be shown once. Please copy this key to a secure location.
Revoking an API Key
When you need to stop using a specific API key you can update the key and mark it as inactive, this will immediately prevent use of the API key. To update the key navigate to
API Keys and then select the name of the key you wish to update, change the Active value to No and select the
Save Changes button.
I cannot copy my API key from the chart found under the API tab.
Your API key will only be shown once, which is when it is generated. Please reference step 3.
When I make a request to the admin API, I receive a 401 error:
"message": "Invalid username/account key"
Please ensure the API you copied is correct. Please see above steps for creating an API key.