Preparation and Start-Up

This tutorial will guide you through the steps that must be completed in order to securely receive API credentials and proceed to the point where you can make authenticated requests against the Investment API.

Upvest holds itself to extremely high security standards, and the steps here are designed to ensure that all connectivity between Upvest and your organisation is secure, from this initial process and throughout your use of the Investment API.


Please make sure you meet the following conditions before attempting this tutorial.

 ✓   A relationship with Upvest

If you are not already in discussions with Upvest about using our API, please click the "Get API Keys" button at the top of this page, or go directly to our Contact Page.

We are sorry, but we cannot issue credentials for the Investment API without this.

 ✓   Understand which operating model you are using

Make sure you know which of the operating models offered by the Upvest Investment API you are planning to use. Please select the correct operating model from the drop-down menu, at the top of this page, as the steps in the tutorial below differ slightly based on this choice.

You're viewing: Take Our License

 ✓   Know who to talk to in your own organisation

This tutorial will require you to setup cloud storage and generate keys used to encrypt messages sent between your software and the Investment API. Most companies have defined policies for how such keys should be stored and managed.

Please make sure you have identified the responsible team or person in your organisation and have their support during this tutorial.

Let's get started!

If you have completed the prerequisites of this tutorial, you should have been sent a link to an online form entitled "Investment API credentials request".

We will lead you through the tasks required to gather the information you must provide in that form and some essential first steps when you have received your credentials.

   Technical Setup

Before you can fill out the "Investment API Credentials Request", you'll need to setup some of the required technical resources in order that you can give us details about them.

1.1   Preparing your cryptographic keys

Create cryptographic keys you can use to share information securely with Upvest.

1.2   Setup of cloud storage bucket

We'll need shared access to a secure cloud storage bucket in order to share documents securely within the API.

You should now have the technical details you need to move onto submitting your request for credentials.

   Submit credentials request

Now you should be ready to fill in the "Investment API credentials request" that was sent to you by Upvest at the beginning of this process. If you don't have access to this form, please read the [prerequisites](#prerequisites) above.

   Submit your Investment API credentials request

Fill out the provided form with the details we describe in this sub-tutorial.

Your request is now with our support team. Please wait for a response before continuing with the next step.

   Checking access to the Default bucket

If you opted to use Upvest's "Default Bucket" in the Sandbox environment, you should now have received credentials to do so. If you provided your own bucket you can skip to the next step.

   Test the default bucket

Fill out the provided form with the details you've gathered.

   HTTP Message Signing

To communicate with the Upvest Investment API, you'll need a cryptographic signature in the header of every HTTP Message.

   Setting up the HTTP message signing proxy

Setup the convenient HTTP message signing proxy, and plan for messaging signing in your application.

   Setup complete

Congratulations! Now you are ready to access the Investment API and discover all the features.

Each environment has a unique URL on which you can access it. The base URLs are:

EnvironmentBase URL

To access the Investment API you will need the credentials we have provided to you. Specifically, you should now have:

  • a client_id
  • a client_secret

Providing this information in authentication requests allows Upvest to recognise who is making calls to the Investment API.

The client_secret is only used to create an access token which is used for further authentication.


Please note that even this initial request for a token must be made using the HTTP Message signatures detailed in the previous step.

Tokens have an expiry time. It is your responsibility to request a new authentication token before the existing one expires. If you do not do so, you will receive error responses when the token expires.

Next steps

We suggest that you now proceed by:

We wish you joy in your work with the Upvest Investment API!