Skip to main content
Skip table of contents

Authentication and Authorization

All API endpoints use BASIC AUTH over HTTPS for authentication. An API Key is supplied as the “user” while the “password” can either be an empty string or not set. API Keys are authorized to a specific scope which entitles them to be used to access specific API endpoints or features.

API Keys should be stored securely as they provide access to your customers financial data

Creating an API Key

Step 1:

An API key can be created via the administration portal or via API call. To create an API key in the administration portal navigate to Developers >> API Keys and then select the Add API Key button

API Keys in the administration portal

Step 2:

You’ll then be able to enter a memorable name for your API key to reference it later as well as set the scope of functionality the API key should grant access to. Finally you can set the key as active or inactive.

Adding a new key

scope key



Create new business accounts


List existing business accounts


Update an existing business account, e.g. to deactivate


Ability to programatically disconnect an API connection that a business user has previously authorized.

Detailed information on the status of business account API connectivity


Ability to generate embed tokens

Full read access to the Data API


Full write access to the Data API

Scopes starting with admin are only used within the Administration API

Step 3:

Upon selecting Save Changes the API key itself will be revealed but only shown once. You should copy this key and use it to make API calls.

The API key will only be shown once. Please copy this key to a secure location.

The secret key is shown once

Revoking an API Key

When you need to stop using a specific API key you can update the key and mark it as inactive, this will immediately prevent use of the API key. To update the key navigate to Developers >> API Keys and then select the name of the key you wish to update, change the Active value to No and select the Save Changes button.


I cannot copy my API key from the chart found under the API tab.

Your API key will only be shown once, which is when it is generated. Please reference step 3.

When I make a request to the admin API, I receive a 401 error: "message": "Invalid username/account key"

Please ensure the API you copied is correct. Please see above steps for creating an API key.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.