Operating Model:
Operating Model:

Getting started

As a client, you will need to exchange secrets with Upvest in order to access the API and upload documents. In addition, we will need your key contact information in order to interact with you. After the following step-by-step process you should be all set to continue with the authentication process guide.

NOTE

It is important to note that this process must be completed twice: for the sandbox environment and as well for the live environment. Secrets, signing keys, and document buckets should always be unique between the sandbox and live environment.

How to get started

1. Share key contact information

For technical communication and urgent notifications about the state of our API, we require a fall-back email address from you. Other key contacts can be set up later (e.g., a technical contact or a contact for accounting). Share the information together with other required data as part of Step 4.

2. Prepare API access

To securely exchange credentials, we ask you to provide us with a public GPG key, so that the Upvest onboarding support can encrypt and securely transfer the credentials to you.

Collecting components to securely access the Investment API

You will be calling the Investment API using a client_id and a client_secret, to enable us to identify who is calling it. The client_secret will only be used for generating an access token, which is used for further authentication.

Generate a key pair for signing HTTP calls

You can use ED25519 or ECDSA key pairs. We use HTTP signatures to ensure the call is actually coming from your client backend and has not been tampered with on the way. See key pair generation.

Collect the public key component of the key pair

After generating your key pair, collect the public key component. Together with other information you will need to share this with Upvest.

3. Set up a cloud storage bucket for document uploads

Document bucket setup

To securely exchange documents, e.g. for user onboarding, we directly download from a cloud bucket that is set up on your side. To facilitate this we need to exchange credentials to access the bucket.

Currently, we support the following cloud storage providers: Amazon AWS, Microsoft Azure, and Google Cloud

To securely exchange the bucket credentials we use public-private GPG keys as for all other Upvest secrets exchange processes. For encryption you can use Upvest’s public GPG key and send the encrypted credentials to security@upvest.co.

NOTE

If you use our default bucket in the sandbox environment, you can skip document bucket setup. We got you covered to start your journey with some mocked data and you can integrate your documents bucket later.

Default download bucket (only available in the Sandbox)

We got you covered to allow a quick start with some dummy data in a bucket managed on our side. The bucket is by default integrated with the Investment API and you are free to use the following files for the respective check calls:

To move on with your integration work, we highly recommend setting up a download bucket on your side early on.

Document bucket credentials

We currently work with Amazon AWS, Microsoft Azure and Google Cloud as cloud storage providers. To integrate your document bucket the following credentials are required:

Amazon AWS
{
  "bucket": "...",
  "region": "...",
  "access_key_id": "...",
  "secret_access_key": "...",
}
Microsoft Azure
{
  "query_sign": "..."
}
Google Cloud
{
  "bucket": "...",
  "json_key": "..."
}

4. Share key data with Upvest

Share the following data via email or Slack:

5. Receive API credentials encrypted with your public GPG key

The credentials will then be securely stored in Upvest’s secrets manager and you are all set to start uploading information securely via the Investment API.

Upvest public GPG key

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQSuBFyl15gRDAD5zIyo0oi/XIRg7db7uo1UI6tXA/cfcf7RLudLgyrbxgyYCAMA
ilWgykipnYEa6KuMDyHuDpcQT/YA+fZ35mIxLASFEhppMBdng9Hf6LKG1IU+FUiW
Dw35en5CHtKEA1MTuFO0g3X4ZVQUPm/tzqAStjU8oC3zzE1aShsKT64H9ILQMC5M
8tXcyP6qIaB4v0SkqzpLXtcqS8FG3rcR8nxvzNuz9zJ8YhiCdoRvB3K3nYVm+FRE
krWW9YyO0KS6SWTJagSqi/Ejz5mn3q6wjxu30gRDOiHPZbtdhntYVm7KDwWSYZJW
MqM6524qy4PrKHpW1IQfYZy+BDx7cg7Tu4O6UaKmWlaI2/UVofU65pPwb6R/EQ1u
SlCZzfgRoC4MhWffJBzav0w40kVearMouauWgV6Wnq7HUig/OHHrxUW6xGzNH8o/
hiT4q6+jsgPEJChJUTBM6qEgoX0wrnxYRO5+cfPQEuxa37lOeMEgAM98qe07Ts4i
5HGrcsF+GakmwLcBAJR5C6GWudwcKE/mQ0m4tZM4muJt0LNmkj1q0h2Gc7VVC/4h
/S4wcKw/H81rMgBpYxq3du5FBV99iMR8CCBRpBPQ21EBs9k46Z3U579e45HdGDkE
kOGA7A7WMZWtRD2lI+C2o8WQns3braOSo1tmmWP4MIxnmlgPCSPIH1ry92vCl+fD
l72J9XIobpO4VWnYpXgegRor2pxHWD+DKDL8QpFmisXEFuiK9QFrVVki74fHZ3Ps
H+zcChg71ailveWlCaBES7o2HwqUeBJ+aiMvhUl0QTpL5ZQEQg3Zx5XbFthRaUvn
dC4f4PB5dO55kk/NGhyNHuI0K5t6bJZzdogpaFJL6z5ALmXxN/hDm+FmMhek3+aL
kcZh/6kf1aeIPD6pIW7v+XPkhctQYd757KY9Mv/5VwJXtFOFxRzpocnAdU2ZDgZR
qOtYcW6lXf8Zgx9mxTeoO5khrUfv4/f0LdQsc7gqtzjuxLlD6cCmiZKnrbN2bpl5
3xlYX+amz0kA2az8l/BLZTywIlS1voUVYxftsNvsRjvNh0gBeKRzW/KwZTbZTyAM
AICHY/a1UWOQCrt3+x9Egr1zMOJFVrGKZNFOx4KOZaks18W1ieNe7oOq3qnbAQ15
wm4L1Ui/infb5ABvljrfcfHxBjyanqCwjrZsEt/pJmkyDyu8JTskYED1XT+N9h7r
+Dsp1tQrF0rOrpvDnXt/dJojlxNf4w6F7dRt1HaYBtwVDVKqaj19Eu28HJmS/osr
uKO2/sLwbNJdcTonSsMbDC2eZRelb/rILtv9vamvdmoVdqQBHdWIsnzV+/e6g3Sc
hgXl3LUmbS06SuNyWNE/f3k8kZoRBjdu/Q5uuEMTZoOGrcfM2C16X1Q1JhIgv/5J
Y+y8YrHfNcuWiDCLS5Mcwi1jCNpSiygoVfOwcGPEgbREP3FtGMkLaQumHyLBcFC4
2dereFmK2bx+wFm0xN7WUkiYAnEBs0gtL9cgx5r+zsiDVGsgkQxmoHU5qs0FFyL0
KSvMQ82IBrA5btDRheGZE0HYOsVQpNgnl3qgaTJf65OlprClBMcmWSemSPoFc2sf
f7QkVXB2ZXN0IFNlY3VyaXR5IDxzZWN1cml0eUB1cHZlc3QuY28+iJYEExEIAD4W
IQRwPyzA5LepSx0JlLtJEnjYxA88bQUCXKXXmAIbAwUJB4YfgAULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgAAKCRBJEnjYxA88bTYIAP9prNSqhcV4hQQhe4ZYwnKwkYYt
dFVmrDOlUhbBTMhBdQD/VQiADhz/yNONWdmYNT7bwaEIyQcqbT9wOOXYEhtttrmJ
AjMEEAEIAB0WIQT5dQ/tbAYlQMALYNCX9QUTx4gQpwUCXNwj8wAKCRCX9QUTx4gQ
p/pKD/0RdX3BQbuhvg7RFIkQRwIxBBNCoDH7Um4ZBtcNWWJWhA2GQo755AiHdIdH
IRmb6xxqQMStp4s83FY9kVu4+qMs/W/h2N6GL/vxl3kMZKPf4Th2u5KOZmsWk99c
9M5LyePxj/Yg9kxF7d2v5dCm1a6NRIDc6/WeSXTo9RV9niiGlu01PsLimv7Hp2Jy
kFkV3iAXWn20JkebpUjSKzTxwzmxM7p4r1/eLYUiA/RfyUzRDWYZ87rCAkZZhK0u
O3MyeqKgtqK8dLkWvtTnDcIaevPwNKSt0Kfn73508uKwu1tblb4LJzYuTIckF6+k
o7Wqud7WoTCyebrBTANVkqXrMfKSpPqC2NS6IBTFUSV6aS0OXNbwor/taER6Ae3a
uemHW3tOOYhwxF3KqTlmLbZ+CEMrOREreyGtZGe0LWy74FVzqdZBfd5hThctYKZU
s2VcD5azdqod6r3/9dQY9V6OU9qQY/LVO6U7bH8UdesxfxrWKgfTQe9eUPO/T1Zf
W5PQywf9YevOVI93GiniqZikF7D0aE2Yf88A87BsrDB25xuQ28Vkkwc2z3tA5L4D
RBR1gYNo4N0tJkTs7kcJOIoJ0PzzBarCoL7AhWSsXvUUORtneHrTIHjGiZWgdruN
Ez9SPbDqtv6deTR/zwHuenGhnFqHv2DVOxydVDzQLNwn0ZfXQLkDDQRcpdeYEAwA
lBiQ/Eyp2HSNS3Nr1OUgHFVRznRN3nsJ8sZIZKOl0kk50we4/tsXqLiTEGcRP3p2
v0fcxhiJwmB+6QiaFoSfdW0ZoyFq/k+ZdWm71j2pqITyxM83GSI4MQoFNl9rCIrj
2uL/aE96BXnTrJvk+S/pgcdT4clTbZzpmoeVLs7Mn1wzntKvv7dal0RTWWZaCnIj
rYmTsSYsGyAtkJmcQbUHb0g7JeUXM/AmcvWD9SU3YKYcRAuxeYN4spAMW1Z2TO0H
KdQNv8uIu2hGq+Wec5uw8J83j1HHm2thNJxNaW1wm1+MUdaeFze3MosXWgQ9QQf+
HCxo3fhml9lucL8E4b69JbU0HM26C31lKoDxi6r51NvZPY+pr8JnqexIlPmNpUWJ
Upnne7GX2DviCrkpHKONXDanQfKGWaO24WLw/NO9FR3G5so52rFOskXgmYTT5rg8
t4pQHqDbL/Ey28JDooRVjd5bNNateTWFmMSc3q5WouYibwlkK8uXYpqSm20EthC7
AAMGC/sGrsW7HyMO2stWUEL36EbiYyICamH+n+BdyXv0qhRGk+NAWceB39vtchFY
OCOWwXegKYUtMVlzObc013OZ/li94H4F/RetQZjNF/sHisEMwngJC79NWiw+4Fud
SSNDUWK8/0Yc4rhT69wctWQLor85D9I4XgxajFm4nCy8acf4xTJkgwoP3VIP34Mu
YbdlnjcLzSAYg4BJQ+BEmE9q0O6oRxfACBC0ieUZ50+EyWDr35diJWQ+jHc9IFJb
VuBjU4eZpRTP/OGU5GdAdRuC0/bbdeqry1l37RY8WCEc0ICr0AJsNy0f3KCzBaDJ
aWLzygErq3cY/hVGOyYWN+meup8xw+75U34qweUDiiWjmviVooBLQcIhgaZn2xYh
zFOqlXALWouKfZnm5y96Y7+n8NUb3CmnxqJX7fA824OW8AGTl3x7EqwbJkXXC+uI
kO0w3Yw4IgyDEo4npTxZNYT/ZIrVwzE2vpg+0JH8LKyWbi1WtqzjBEB95Uz6JE/W
dSqB8wCIfgQYEQgAJhYhBHA/LMDkt6lLHQmUu0kSeNjEDzxtBQJcpdeYAhsMBQkH
hh+AAAoJEEkSeNjEDzxt0/8BAIEmstAgJM8YsBizRg7r5Z6xrq1CKfFmgCSiO2CW
KddxAP94zYPgH70mciAEIsc2HZbFu94Bw9P+LJYc9O30rAwfwA==
=gbhl
-----END PGP PUBLIC KEY BLOCK----- 
INFO

Optional step: Install and set up a local HTTP signing proxy to use tools like Postman while testing and integrating the Investment API.

Was this page helpful?