Getting started
Upvest complies with the highest security standards both in communication with our customers and in the handling of any data. For this reason, we set the bar high when it comes to the technical structures for working with the Investments API.
In this tutorial, we will walk you through the necessary steps you need to take to set up access to the Investment API. After receiving the credentials from Upvest, you are all set to continue with the authentication process guide.
This guide is valid for both the Sandbox and Live environments. If there are deviations in the implementation for Sandbox, we will explicitly point them out.
Step 1: Sign up for the Investment API
Start your Upvest journey by contacting us.
Next, our team of experts will reach out to you to check all technical and legal aspects. After completion, we will progress with granting you access to the Investment API.
Step 2: Share your data
To make sure you have the right access to the Investment API, we need to collect some basic information from you, such as for which environment (Sandbox or Live) and which operating model (TOL Single Accounts, BYOL Single Accounts or BYOL Omnibus), etc. suits your needs.
For technical communication and urgent notifications about the state of our API, we require a fall-back email address from you. Other key contacts can be set up later (e.g., a technical contact or a contact for accounting).
We need the following information from you:
The necessary information differs depending on the operating model and environment.
- Operating model (TOL Single Accounts, BYOL Single Accounts or BYOL Omnibus)
- Fall-back email address in case of failed webhook delivery
- Public key component of your PGP key
- Public key component of signing key pair
- Cloud storage bucket credentials PGP encrypted using Upvest’s public PGP key and a dummy test file in this bucket to test the connectivity. Setting up a document sharing bucket is optional in the Sandbox environment.
Step 3: Prepare a secure API access
As a client, you need to exchange secrets with Upvest in order to access the Investment API and upload documents.
1. Share your public PGP key
In order to exchange the credentials securely, we ask you to provide us with a public PGP key so that Upvest's onboarding support team can encrypt the credentials and transfer them to you securely.
You will access the Investment API with credentials, consisting of client_id and a client_secret; this allows Upvest to recognise who is calling it. The client_secret is only used to create an access token which is used for further authentication.
2. Generate a key pair for signing HTTP calls
You can use ED25519 or ECDSA key pairs. We use HTTP signatures to ensure the call is actually coming from your client backend and has not been tampered with on the way. See key pair generation.
3. Collect the public key component of the key pair
After generating your key pair, collect the public key component. Together with other information you will need to share this with Upvest.
Please note that you have to complete this process twice: for the Sandbox environment and as well for the Live environment. Secrets, signing keys, and document buckets should always be unique between the Sandbox and Live environment.
Step 4: Set up a cloud storage bucket
1. Set up a cloud storage bucket
To share documents securely, for example for user onboarding, we download them directly from a cloud bucket set up on your site. We currently support the following cloud storage providers:
- Amazon AWS
- Microsoft Azure
- Google Cloud
To get progress with your integration work, we strongly recommend that you set up a download bucket on your side at an early stage. We ask you to upload a dummy file to your own bucket and to share the link with us, so that we can test the connectivity before your first calls.
We offer you the possibility to use the default download bucket in the Sandbox environment. If you use our default bucket, you can skip document bucket setup. We got you covered to start your journey with some mocked data and you can integrate your documents bucket later.
2. Share your bucket credentials
For the secure exchange of bucket credentials and the connectivity test dummy file link, we use public-private PGP keys as for all other Upvest secret exchanges. For encryption, you can use Upvest's public PGP key and send the encrypted credentials to security@upvest.co.
To integrate your document bucket the following credentials are required:
Amazon AWS
Microsoft Azure
Google Cloud
The credentials will then be securely stored in Upvest’s secrets manager, we test the bucket connnectivity using the dummy file you provided and you are all set to start uploading information securely via the Investment API.
3. Optional: Using the default download bucket
The default download bucket is for the Sandbox environment only.
To access the Sandbox environment, we provide a quick start with some mocked data in a bucket managed on our side. The bucket is integrated into the Investment API by default and you are free to use the following files for the corresponding check calls:
The links listed here are only to be used for API calls in the Sandbox environment.
Upvest public PGP key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: 703F 2CC0 E4B7 A94B 1D09 94BB 4912 78D8 C40F 3C6D
Comment: Upvest Security <security@upvest.co>
xsPuBFyl15gRDAD5zIyo0oi/XIRg7db7uo1UI6tXA/cfcf7RLudLgyrbxgyYCAMA
ilWgykipnYEa6KuMDyHuDpcQT/YA+fZ35mIxLASFEhppMBdng9Hf6LKG1IU+FUiW
Dw35en5CHtKEA1MTuFO0g3X4ZVQUPm/tzqAStjU8oC3zzE1aShsKT64H9ILQMC5M
8tXcyP6qIaB4v0SkqzpLXtcqS8FG3rcR8nxvzNuz9zJ8YhiCdoRvB3K3nYVm+FRE
krWW9YyO0KS6SWTJagSqi/Ejz5mn3q6wjxu30gRDOiHPZbtdhntYVm7KDwWSYZJW
MqM6524qy4PrKHpW1IQfYZy+BDx7cg7Tu4O6UaKmWlaI2/UVofU65pPwb6R/EQ1u
SlCZzfgRoC4MhWffJBzav0w40kVearMouauWgV6Wnq7HUig/OHHrxUW6xGzNH8o/
hiT4q6+jsgPEJChJUTBM6qEgoX0wrnxYRO5+cfPQEuxa37lOeMEgAM98qe07Ts4i
5HGrcsF+GakmwLcBAJR5C6GWudwcKE/mQ0m4tZM4muJt0LNmkj1q0h2Gc7VVC/4h
/S4wcKw/H81rMgBpYxq3du5FBV99iMR8CCBRpBPQ21EBs9k46Z3U579e45HdGDkE
kOGA7A7WMZWtRD2lI+C2o8WQns3braOSo1tmmWP4MIxnmlgPCSPIH1ry92vCl+fD
l72J9XIobpO4VWnYpXgegRor2pxHWD+DKDL8QpFmisXEFuiK9QFrVVki74fHZ3Ps
H+zcChg71ailveWlCaBES7o2HwqUeBJ+aiMvhUl0QTpL5ZQEQg3Zx5XbFthRaUvn
dC4f4PB5dO55kk/NGhyNHuI0K5t6bJZzdogpaFJL6z5ALmXxN/hDm+FmMhek3+aL
kcZh/6kf1aeIPD6pIW7v+XPkhctQYd757KY9Mv/5VwJXtFOFxRzpocnAdU2ZDgZR
qOtYcW6lXf8Zgx9mxTeoO5khrUfv4/f0LdQsc7gqtzjuxLlD6cCmiZKnrbN2bpl5
3xlYX+amz0kA2az8l/BLZTywIlS1voUVYxftsNvsRjvNh0gBeKRzW/KwZTbZTyAM
AICHY/a1UWOQCrt3+x9Egr1zMOJFVrGKZNFOx4KOZaks18W1ieNe7oOq3qnbAQ15
wm4L1Ui/infb5ABvljrfcfHxBjyanqCwjrZsEt/pJmkyDyu8JTskYED1XT+N9h7r
+Dsp1tQrF0rOrpvDnXt/dJojlxNf4w6F7dRt1HaYBtwVDVKqaj19Eu28HJmS/osr
uKO2/sLwbNJdcTonSsMbDC2eZRelb/rILtv9vamvdmoVdqQBHdWIsnzV+/e6g3Sc
hgXl3LUmbS06SuNyWNE/f3k8kZoRBjdu/Q5uuEMTZoOGrcfM2C16X1Q1JhIgv/5J
Y+y8YrHfNcuWiDCLS5Mcwi1jCNpSiygoVfOwcGPEgbREP3FtGMkLaQumHyLBcFC4
2dereFmK2bx+wFm0xN7WUkiYAnEBs0gtL9cgx5r+zsiDVGsgkQxmoHU5qs0FFyL0
KSvMQ82IBrA5btDRheGZE0HYOsVQpNgnl3qgaTJf65OlprClBMcmWSemSPoFc2sf
f80kVXB2ZXN0IFNlY3VyaXR5IDxzZWN1cml0eUB1cHZlc3QuY28+wpYEExEIAD4C
GwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRwPyzA5LepSx0JlLtJEnjYxA88
bQUCZILp7AUJDYCs1AAKCRBJEnjYxA88bRWjAP9RxlvyHAppNwvOjMpGILMI1g3b
pwzlZaKg8v2Mj49tZgD/Y6R0vn+prLk3pg5RMM2U+IVefRhvURvf+2wk11GLAWHC
lgQTEQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBHA/LMDkt6lLHQmU
u0kSeNjEDzxtBQJkDtvuBQkLK2tWAAoJEEkSeNjEDzxtmZIA/j4pQndKVZhJBTq2
BupXlk1x3D1Kibqh7uvhsNCI92hvAP0XcIG0SYTlPaW9rNPs86RoY+aI2GqDJW6s
jXYpHBsiiMKWBBMRCAA+FiEEcD8swOS3qUsdCZS7SRJ42MQPPG0FAlyl15gCGwMF
CQeGH4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQSRJ42MQPPG02CAD/aazU
qoXFeIUEIXuGWMJysJGGLXRVZqwzpVIWwUzIQXUA/1UIgA4c/8jTjVnZmDU+28Gh
CMkHKm0/cDjl2BIbbba5zsJNBFyl15gQDACUGJD8TKnYdI1Lc2vU5SAcVVHOdE3e
ewnyxkhko6XSSTnTB7j+2xeouJMQZxE/ena/R9zGGInCYH7pCJoWhJ91bRmjIWr+
T5l1abvWPamohPLEzzcZIjgxCgU2X2sIiuPa4v9oT3oFedOsm+T5L+mBx1PhyVNt
nOmah5UuzsyfXDOe0q+/t1qXRFNZZloKciOtiZOxJiwbIC2QmZxBtQdvSDsl5Rcz
8CZy9YP1JTdgphxEC7F5g3iykAxbVnZM7Qcp1A2/y4i7aEar5Z5zm7DwnzePUceb
a2E0nE1pbXCbX4xR1p4XN7cyixdaBD1BB/4cLGjd+GaX2W5wvwThvr0ltTQczboL
fWUqgPGLqvnU29k9j6mvwmep7EiU+Y2lRYlSmed7sZfYO+IKuSkco41cNqdB8oZZ
o7bhYvD8070VHcbmyjnasU6yReCZhNPmuDy3ilAeoNsv8TLbwkOihFWN3ls01q15
NYWYxJzerlai5iJvCWQry5dimpKbbQS2ELsAAwYL+wauxbsfIw7ay1ZQQvfoRuJj
IgJqYf6f4F3Je/SqFEaT40BZx4Hf2+1yEVg4I5bBd6AphS0xWXM5tzTXc5n+WL3g
fgX9F61BmM0X+weKwQzCeAkLv01aLD7gW51JI0NRYrz/RhziuFPr3By1ZAuivzkP
0jheDFqMWbicLLxpx/jFMmSDCg/dUg/fgy5ht2WeNwvNIBiDgElD4ESYT2rQ7qhH
F8AIELSJ5RnnT4TJYOvfl2IlZD6Mdz0gUltW4GNTh5mlFM/84ZTkZ0B1G4LT9tt1
6qvLWXftFjxYIRzQgKvQAmw3LR/coLMFoMlpYvPKASurdxj+FUY7JhY36Z66nzHD
7vlTfirB5QOKJaOa+JWigEtBwiGBpmfbFiHMU6qVcAtai4p9mebnL3pjv6fw1Rvc
KafGolft8Dzbg5bwAZOXfHsSrBsmRdcL64iQ7TDdjDgiDIMSjielPFk1hP9kitXD
MTa+mD7QkfwsrJZuLVa2rOMEQH3lTPokT9Z1KoHzAMJ+BBgRCAAmAhsMFiEEcD8s
wOS3qUsdCZS7SRJ42MQPPG0FAmSC6XAFCQ2ArFgACgkQSRJ42MQPPG3D2QEAiaax
/0GfH7aUHSl5Y/uiS386jqxzW3sExbXNqC4BfyABAIBpY5DuP5W5NsouLnlrGbMx
H/vLWHE/+fjwbMI0M83mwn4EGBEIACYCGwwWIQRwPyzA5LepSx0JlLtJEnjYxA88
bQUCZA7cDQUJCytrdQAKCRBJEnjYxA88bf6DAP4hnypwxuAGRvNFFJZTyWSNa5sa
YR2MrRBKzQpf1q/bzwD/cg3vwHdl96IdKPy+ixAjuFlLjSUFR+nPKuIbovIAcH3C
fgQYEQgAJhYhBHA/LMDkt6lLHQmUu0kSeNjEDzxtBQJcpdeYAhsMBQkHhh+AAAoJ
EEkSeNjEDzxt0/8BAIEmstAgJM8YsBizRg7r5Z6xrq1CKfFmgCSiO2CWKddxAP94
zYPgH70mciAEIsc2HZbFu94Bw9P+LJYc9O30rAwfwA==
=WMqK
-----END PGP PUBLIC KEY BLOCK-----
Step 5 Optional: Install and set up a local HTTP signing proxy
Optionally, you can install and set up a local HTTP signing proxy to use tools such as Postman while testing and integrating the Investment API.
Installing the local HTTP signing proxy enables you to call the Investment API endpoints without having to implement signatures on your side. However, we recommend this only for testing in the Sandbox, not the Live environment.
Step 6: Accessing the Investment API
Congratulations! Now you are ready to access the Investment API and discover all the features.
Base URLs
Here you go, below you find the base URL of our servers:
| Environment | Base URL |
|---|---|
| Sandbox | https://sandbox.upvest.co |
| Live | https://api.upvest.co |
Go to the API references to find out more.
Was this page helpful?