Skip to content
API Reference/
/
Get signing keys

Upvest Investment API (1.77.0)

Upvest Investment API.

Download OpenAPI description
api.json
api.yaml
Overview
URL
https://docs.upvest.co
Upvest API Support
api@upvest.co
License
Apache 2.0
Languages
Servers
Sandbox environment
https://sandbox.upvest.co/
Live environment
https://api.upvest.co/

Access Tokens

All authentication related paths.

Operations

Users

All user related paths.

OperationsWebhooks

User Identifiers

All user identifiers related paths.

Operations

User Checks

All user checks related paths.

OperationsWebhooks

Accounts

All accounts related paths

OperationsWebhooks

Account Groups

All account groups related paths

OperationsWebhooks

Tax Residencies

All tax residencies related paths.

Operations

Corporate Actions

All Corporate Action related paths.

Webhooks

Tax Wrappers

All tax wrappers related paths

OperationsWebhooks

Tax Exemptions

All tax exemptions related paths

OperationsWebhooks

Tax Collections

All tax collections related paths

Webhooks

Instruments

All instrument related paths.

OperationsWebhooks

Price Data

All price data related paths.

Operations

Orders

All order related paths.

OperationsWebhooks

Portfolios

All portfolios related paths.

Operations

Portfolios Rebalancing

All portfolios rebalancing related paths.

OperationsWebhooks

Savings Plans

All savings plans related paths.

OperationsWebhooks

Liquidations

All accounts liquidations related paths.

OperationsWebhooks

Direct Debits

All direct debits related paths

OperationsWebhooks

Top-ups

All top-ups related paths

OperationsWebhooks

Withdrawals

All withdrawals related paths

OperationsWebhooks

Reference Accounts

All reference account related paths

Operations

Mandates

All direct debit mandates related paths

Operations

Virtual Bank Accounts

All virtual bank accounts related paths

OperationsWebhooks

Credit Fundings

All credit fundings related paths

OperationsWebhooks

Cash Balances

All cash balance related paths

OperationsWebhooks

Positions

All positions related paths.

OperationsWebhooks

Valuations

All valuations related paths.

OperationsWebhooks

Returns

All accounts returns related paths.

OperationsWebhooks

Virtual Cash Balances

All virtual cash balances related paths

OperationsWebhooks

Fees

All fees related paths.

OperationsWebhooks

Fees Configurations

All fees configurations related paths.

Operations

Reports

All reports related paths.

OperationsWebhooks

Treasury Reports

All treasury reports related paths.

Webhooks

Transactions

All transactions related paths.

OperationsWebhooks

Files

All files API related paths.

Operations

Webhook Subscriptions

All webhook subscriptions related paths.

Operations

Get signing keys

Request

Returns a list of signing keys used to verify webhooks.

Security
oauth-client-credentials
Headers
upvest-client-idstring(uuid)required

Tenant Client ID

Example: ebabcf4d-61c3-4942-875c-e265a7c2d062
authorizationstring^Bearer [a-zA-Z0-9\-\._~+/]*=*required

Bearer (access) token from the OAuth flow with correct scopes. https://datatracker.ietf.org/doc/html/rfc6750

Example: Bearer c2VjcmV0Cg==
signaturestringrequired

https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-01.html#name-the-signature-http-header

signature-inputstringrequired

https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-01.html#name-the-signature-input-http-he

upvest-api-versionstring

Upvest API version (Note: Do not include quotation marks)

Default 1
Value"1"
Example: 1
curl -i -X GET \
  https://sandbox.upvest.co/auth/verify_keys \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'authorization: Bearer c2VjcmV0Cg==' \
  -H 'signature: string' \
  -H 'signature-input: string' \
  -H 'upvest-api-version: 1' \
  -H 'upvest-client-id: ebabcf4d-61c3-4942-875c-e265a7c2d062'

Responses

JWKS signing public keys

Headers
upvest-request-idstring(uuid)required
Example: "169ae4c7-ebd7-4041-94da-25369653eba7"
Bodyapplication/json
keysArray of objectsrequired

List of verification keys

kidstring(uuid)

Key ID

ktystring

Cryptographic algorithm family used with the key.

  • EC -
Default "EC"
Value"EC"
crvstring

Elliptic curve family.

  • P-521 -
Default "P-521"
Value"P-521"
xstring

Curve parameter

ystring

Curve parameter

Response
application/json
{
  "keys": [
    { … }
  ]
}

List all webhook subscriptions

Request

Returns a list of all webhook subscriptions.

Security
oauth-client-credentials
Query
sortstring

Sort the result by created_at, updated_at, title, url, or enabled.

Default "created_at"
Enum"created_at""updated_at""title""url""enabled"
orderstring

Sort order of the result list if the sort parameter is specified. Use ASC for ascending or DESC for descending sort order.

Default "ASC"
Enum"ASC""DESC"
offsetinteger(int32)>= 0

Use the offset argument to specify where in the list of results to start when returning items for a particular query.

limitinteger(int32)[ 0 .. 1000 ]

Use the limit argument to specify the maximum number of items returned.

Default 100
Headers
upvest-client-idstring(uuid)required

Tenant Client ID

Example: ebabcf4d-61c3-4942-875c-e265a7c2d062
authorizationstring^Bearer [a-zA-Z0-9\-\._~+/]*=*required

Bearer (access) token from the OAuth flow with correct scopes. https://datatracker.ietf.org/doc/html/rfc6750

Example: Bearer c2VjcmV0Cg==
signaturestringrequired

https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-01.html#name-the-signature-http-header

signature-inputstringrequired

https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-01.html#name-the-signature-input-http-he

upvest-api-versionstring

Upvest API version (Note: Do not include quotation marks)

Default 1
Value"1"
Example: 1
curl -i -X GET \
  'https://sandbox.upvest.co/webhooks?sort=created_at&order=ASC&offset=0&limit=100' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'authorization: Bearer c2VjcmV0Cg==' \
  -H 'signature: string' \
  -H 'signature-input: string' \
  -H 'upvest-api-version: 1' \
  -H 'upvest-client-id: ebabcf4d-61c3-4942-875c-e265a7c2d062'

Responses

An object with a data property that contains an array of webhook subscription objects.

Headers
upvest-request-idstring(uuid)required
Example: "169ae4c7-ebd7-4041-94da-25369653eba7"
Bodyapplication/json
metaobjectrequired
offsetintegerrequired

Amount of resource to offset in the response.

limitintegerrequired

Total limit of the response.

countintegerrequired

Count of the resources returned in the response.

total_countintegerrequired

Total count of all the resources.

sortstring

The field that the list is sorted by.

orderstring

The ordering of the response.

  • ASC - Ascending order
  • DESC - Descending order
Enum"ASC""DESC"
dataArray of objectsrequired
idstring(uuid)required

Webhook unique identifier.

created_atstring(date-time)required

Date and time when the resource was created. RFC 3339-5, ISO8601 UTC

updated_atstring(date-time)required

Date and time when the resource was last updated. RFC 3339-5, ISO8601 UTC

titlestring^[a-zA-Z0-9 ()\[\]{}.-]{1,32}$required

Title of the webhook for use on tenant side.

urlstring(url)<= 1000 charactersrequired

The callback URL to be called by the webhook.

enabledbooleanrequired

Enable/disable webhook.

typeArray of stringsrequired

What kind of events to be sent by the webhook.

Default ["ALL"]
Items Enum"ALL""USER""USER_CHECK""ORDER""ORDER_CANCELLATION""EXECUTION""POSITION""CASH_BALANCE""ACCOUNT""ACCOUNT_GROUP"
configobjectrequired

Configuration of webhook packages collection.

delaystring^([1-9]|[12][0-9]|30)s$

Maximum time of package collection (1s-30s).

max_package_sizeinteger[ 100 .. 1048576 ]

Maximum package size (bytes)

Response
application/json
{
  "meta": {
    "offset": 0,
    "limit": 100,
    "count": 1,
    "total_count": 1,
    "sort": "id",
    "order": "ASC"
  },
  "data": [
    { … }
  ]
}

Create a webhook subscription

Request

Creates a webhook subscription.

Security
oauth-client-credentials
Headers
upvest-client-idstring(uuid)required

Tenant Client ID

Example: ebabcf4d-61c3-4942-875c-e265a7c2d062
authorizationstring^Bearer [a-zA-Z0-9\-\._~+/]*=*required

Bearer (access) token from the OAuth flow with correct scopes. https://datatracker.ietf.org/doc/html/rfc6750

Example: Bearer c2VjcmV0Cg==
signaturestringrequired

https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-01.html#name-the-signature-http-header

signature-inputstringrequired

https://tools.ietf.org/id/draft-ietf-httpbis-message-signatures-01.html#name-the-signature-input-http-he

upvest-api-versionstring

Upvest API version (Note: Do not include quotation marks)

Default 1
Value"1"
Example: 1
Bodyapplication/json
titlestring^[a-zA-Z0-9 ()\[\]{}.-]{1,32}$required

Title of the webhook for use on tenant side.

urlstring(url)<= 1000 charactersrequired

The callback URL to be called by the webhook.

typeArray of strings

What kind of events to be sent by the webhook.

Default ["ALL"]
Items Enum"ALL""USER""USER_CHECK""ORDER""ORDER_CANCELLATION""EXECUTION""POSITION""CASH_BALANCE""ACCOUNT""ACCOUNT_GROUP"
configobject

Configuration of webhook packages collection.

curl -i -X POST \
  https://sandbox.upvest.co/webhooks \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -H 'authorization: Bearer c2VjcmV0Cg==' \
  -H 'signature: string' \
  -H 'signature-input: string' \
  -H 'upvest-api-version: 1' \
  -H 'upvest-client-id: ebabcf4d-61c3-4942-875c-e265a7c2d062' \
  -d '{
    "title": "User webhook",
    "url": "https://tenant.tld/webhooks/users",
    "type": [
      "USER"
    ],
    "config": {
      "delay": "1s",
      "max_package_size": 51200
    }
  }'

Responses

Returns a webhook subscription object if a valid webhook subscription object ID was provided.

Headers
upvest-request-idstring(uuid)required
Example: "169ae4c7-ebd7-4041-94da-25369653eba7"
Bodyapplication/json
idstring(uuid)required

Webhook unique identifier.

created_atstring(date-time)required

Date and time when the resource was created. RFC 3339-5, ISO8601 UTC

updated_atstring(date-time)required

Date and time when the resource was last updated. RFC 3339-5, ISO8601 UTC

titlestring^[a-zA-Z0-9 ()\[\]{}.-]{1,32}$required

Title of the webhook for use on tenant side.

urlstring(url)<= 1000 charactersrequired

The callback URL to be called by the webhook.

enabledbooleanrequired

Enable/disable webhook.

typeArray of stringsrequired

What kind of events to be sent by the webhook.

Default ["ALL"]
Items Enum"ALL""USER""USER_CHECK""ORDER""ORDER_CANCELLATION""EXECUTION""POSITION""CASH_BALANCE""ACCOUNT""ACCOUNT_GROUP"
configobjectrequired

Configuration of webhook packages collection.

delaystring^([1-9]|[12][0-9]|30)s$

Maximum time of package collection (1s-30s).

max_package_sizeinteger[ 100 .. 1048576 ]

Maximum package size (bytes)

Response
application/json
{
  "id": "a8eb3540-5a84-40f9-b2bb-7f99f282fc5a",
  "created_at": "2021-07-21T14:10:00.00Z",
  "updated_at": "2021-07-21T14:10:00.00Z",
  "title": "User webhook",
  "url": "https://tenant.tld/webhooks/users",
  "type": [
    "USER"
  ],
  "enabled": false,
  "config": {
    "delay": "5s",
    "max_package_size": 10240
  }
}

Tests

All test related paths.

Operations