.png)
Introduction
The service type in the developer portal is Accounts, and the service subType is db-apx-accounts-services. The service uses a v2 authentication token and requires the token to be generated with scopes as accounts:read in the body.
An account represents a contract between an individual or business and a financial institution. When an individual or business opens an account with a bank or credit union (such asa checking, savings, loan or line of credit account), they enter into a contractual relationship. The Accounts API enables the retrieval and management of information related to any account held by an account holder at a specific financial institution.
What is Supported?
The technical documentation in the API specs describes all endpoints (ways to call the API with different parameters to execute different actions).
The following is a simplified list of what the API can be used to do:
Get accounts: Returns data from all accounts held by the account holder.
- Returns cross accounts as well, by default.
- Can be filtered to return only accounts of a selected category (e.g., deposit, loan, etc.).
- Can request accounts belonging to recipients of intra-financial institution transfers set up by the primary account holder.
- Can request accounts belonging to a particular business banking entity (known as a location).
- Business banking accounts can be grouped together, retrieved per group and have certain specified groups returned.
Get account: Returns data from a single requested account.
Enables account holders to:
- Check account status and balance.
- Ensure sufficent funds for purchases
- Review posted transactions, such as checks and deposits.
Enables developers to:
- Provide the account holder with a quick review of account status.
- Send alerts based on balance limits.
- Identify opportunities for upselling
- Ensure validity of transfers
Getting Started
Candescent’s APIs support financial institutions worldwide. They can empower financial institutions and their partners to build valuable digital banking experiences.
It’s important to work with your Candescent representative to get officially onboarded to DevX for access to these APIs. Once onboarded, you’ll be able to implement your application, access shared and secret keys and begin testing the APIs.
After all the legal and compliance partnership agreements are in place, we'll set you up with your Authentication API client account. This will grant you access to a unique secret key that will be your ticket to the authentication API and staging and production environments.
The service available through the Candescent Digital Banking Developer Portal provides a token for the grant type:
Client Credentials
- Used for trusted server-side applications
- Sending a request passes a key-and-secret pair assigned to your application
- Since the token is issued in the context of a Financial Institution (FI) rather than a user, no end-user login is required
- Response provides the Bearer Token to be used to call other DevEx APIs
Steps to getting started:
- Sign up and/or Login in for authentication
To make your first API request, you'll need toself-register by clicking the Sign Up button. Then, click the link in your welcomeemail to verify your emailaddress. - Review API documentation and request postman collections
Your Candescent representative will be able to email you the Postman collection for an API you are interested in. You may reach out directly or add the specific API to your favorites to alert your representative.
- Test APIs in Postman
In addition to the sample apps, a test drive environment is available to help you visualize the APIs. Using the JSONcollection and Postman, you’ll be able to see API requests working in action and view the information required to make them.
This will also allow you to experience actual API behavior prior to beginning your integration. For a deeper dive into Postman, view additional reference material here.
Authentication
Authentication proves that you are who you say you are. Authentication tokens identify a user (the person using the app or site).
You‘ll need the following items to set up basic authentication:
- Developer Experience account
- Sandbox environment with an organization
- Shared Key
- Secret Key
Generating your Secret Key
You’ll need a bearer token or an API security key to authenticate API calls. A secret key serves as a secure token to authenticate and authorize requests. Unauthorized use of a secret key could potentially cause a security breach. Thes ecret key holds the error token used to access real data through the API.
Visit our guide on authentication to learn more.
Before you begin, you‘ll require a unique client_id and client_secret for your app. Notify your implementation manager or PossibleNOW Support atsupport@possiblenow.com to request an OAuth client_id and client_secret. Include your My Preferences Client ID and the environment (staging (sandbox) or production) for which you want to generate the credentials in your request.
These credentials must be treated securely.
Use Cases & Examples
The end user wants to get the list of accounts from the bill pay system, or the user wants to get a specific account from the bill pay system.The user in this case is the customer of financial institution (FI).
Gets the accounts for the given institution customer
- Get list of accounts GET /db-accounts/v1/accounts
- Request -> Query Parameters:
hostUserId: The specific identifier for that customer - Headers:
Authorization: The bearer access token from the Authentication API
TransactionId: A UUID string used as unique identifier for this token request
Get the specified account for the given user
- Get the accounts GET /db-accounts/v1/accounts/{accountId}
- Request:
Headers:
Authorization: The access token from the Authentication APITransactionId: A UUID string used as unique identifier for this token request
