All API endpoints use BASIC AUTH over HTTPS for authentication. An API Key is supplied as the “user” while the “password” can either be an empty string or not set. API Keys are authorized to a specific scope which entitles them to be used to access specific API endpoints or features.

Creating an API Key

An API key can be created via the administration portal or via API call. To create an API key in the administration portal navigate to Developers >> API Keys and then select the Add API Key button

API Keys in the administration portal

You’ll then be able to enter a memorable name for your API key to reference it later as well as set the scope of functionality the API key should grant access to. Finally you can set the key as active or inactive.

Adding a new key

scope key

description

admin.account.create

Create new business accounts

admin.account.list

List existing business accounts

admin.account.update

Update an existing business account, e.g. to deactivate

admin.connection.disconnect

Ability to programatically disconnect an API connection that a business user has previously authorized.

admin.connection.health

Detailed information on the status of business account API connectivity

admin.embed.token

Ability to generate embed tokens

api.read

Full read access to the Data API

api.write

Full write access to the Data API

Scopes starting with admin are only used within the Administration API

Upon selecting Save Changes the API key itself will be revealed but only shown once. You should copy this key and use it to make API calls.

The secret key is shown once

API Keys should be stored securely as they provide access to your customers financial data

Revoking an API Key

When you need to stop using a specific API key you can update the key and mark it as inactive, this will immediately prevent use of the API key. To update the key navigate to Developers >> API Keys and then select the name of the key you wish to update, change the Active value to No and select the Save Changes button