Getting started
Upvest complies with the highest security standards both in communication with our customers and in the handling of any data. For this reason, we set the bar high when it comes to the technical structures for working with the Investments API.
In this tutorial, we will walk you through the necessary steps you need to take to set up access to the Investment API. After receiving the credentials from Upvest, you are all set to continue with the authentication process guide.
This guide is valid for both the Sandbox and Live environments. If there are deviations in the implementation for Sandbox, we will explicitly point them out.
Step 1: Sign up for the Investment API
Start your Upvest journey by contacting us.
Next, our team of experts will reach out to you to check all technical and legal aspects. After completion, we will progress with granting you access to the Investment API.
Step 2: Share your data
To make sure you have the right access to the Investment API, we need to collect some basic information from you, such as for which environment (Sandbox or Live) or with which operating model (TOL or BYOL), etc. suits your needs.
For technical communication and urgent notifications about the state of our API, we require a fall-back email address from you. Other key contacts can be set up later (e.g., a technical contact or a contact for accounting).
We need the following information from you:
The necessary information differs depending on the operating model and environment.
- Operating model (TOL or BYOL)
- Fall-back email address in case of failed webhook delivery
- Public key component of your GPG key
- Public key component of signing key pair
- Cloud storage bucket credentials GPG encrypted using Upvest’s public GPG key. This is optional in the Sandbox environment.
Step 3: Prepare a secure API access
As a client, you need to exchange secrets with Upvest in order to access the Investment API and upload documents.
1. Share your public GPG key
In order to exchange the credentials securely, we ask you to provide us with a public GPG key so that Upvest's onboarding support team can encrypt the credentials and transfer them to you securely.
You will access the Investment API with credentials, consisting of client_id
and a client_secret
; this allows Upvest to recognise who is calling it. The client_secret
is only used to create an access token which is used for further authentication.
2. Generate a key pair for signing HTTP calls
You can use ED25519 or ECDSA key pairs. We use HTTP signatures to ensure the call is actually coming from your client backend and has not been tampered with on the way. See key pair generation.
3. Collect the public key component of the key pair
After generating your key pair, collect the public key component. Together with other information you will need to share this with Upvest.
Please note that you have to complete this process twice: for the Sandbox environment and as well for the Live environment. Secrets, signing keys, and document buckets should always be unique between the Sandbox and Live environment.
Step 4: Set up a cloud storage bucket
1. Set up a cloud storage bucket
To share documents securely, for example for user onboarding, we download them directly from a cloud bucket set up on your site. We currently support the following cloud storage providers:
- Amazon AWS
- Microsoft Azure
- Google Cloud
To get progress with your integration work, we strongly recommend that you set up a download bucket on your site at an early stage.
We offer you the possibility to use the default download bucket in the Sandbox environment. If you use our default bucket, you can skip document bucket setup. We got you covered to start your journey with some mocked data and you can integrate your documents bucket later.
2. Share your bucket credentials
For the secure exchange of bucket credentials, we use public-private GPG keys as for all other Upvest secret exchanges. For encryption, you can use Upvest's public GPG key and send the encrypted credentials to security@upvest.co.
To integrate your document bucket the following credentials are required:
Amazon AWS
{
"bucket": "...",
"region": "...",
"access_key_id": "...",
"secret_access_key": "...",
}
Microsoft Azure
{
"query_sign": "..."
}
Google Cloud
{
"bucket": "...",
"json_key": "..."
}
The credentials will then be securely stored in Upvest’s secrets manager and you are all set to start uploading information securely via the Investment API.
3. Optional: Using the default download bucket
The default download bucket is for the Sandbox environment only.
To access the Sandbox environment, we provide a quick start with some mocked data in a bucket managed on our side. The bucket is integrated into the Investment API by default and you are free to use the following files for the corresponding check calls:
The links listed here are only to be used for API calls in the Sandbox environment.
Upvest public GPG key
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQSuBFyl15gRDAD5zIyo0oi/XIRg7db7uo1UI6tXA/cfcf7RLudLgyrbxgyYCAMA
ilWgykipnYEa6KuMDyHuDpcQT/YA+fZ35mIxLASFEhppMBdng9Hf6LKG1IU+FUiW
Dw35en5CHtKEA1MTuFO0g3X4ZVQUPm/tzqAStjU8oC3zzE1aShsKT64H9ILQMC5M
8tXcyP6qIaB4v0SkqzpLXtcqS8FG3rcR8nxvzNuz9zJ8YhiCdoRvB3K3nYVm+FRE
krWW9YyO0KS6SWTJagSqi/Ejz5mn3q6wjxu30gRDOiHPZbtdhntYVm7KDwWSYZJW
MqM6524qy4PrKHpW1IQfYZy+BDx7cg7Tu4O6UaKmWlaI2/UVofU65pPwb6R/EQ1u
SlCZzfgRoC4MhWffJBzav0w40kVearMouauWgV6Wnq7HUig/OHHrxUW6xGzNH8o/
hiT4q6+jsgPEJChJUTBM6qEgoX0wrnxYRO5+cfPQEuxa37lOeMEgAM98qe07Ts4i
5HGrcsF+GakmwLcBAJR5C6GWudwcKE/mQ0m4tZM4muJt0LNmkj1q0h2Gc7VVC/4h
/S4wcKw/H81rMgBpYxq3du5FBV99iMR8CCBRpBPQ21EBs9k46Z3U579e45HdGDkE
kOGA7A7WMZWtRD2lI+C2o8WQns3braOSo1tmmWP4MIxnmlgPCSPIH1ry92vCl+fD
l72J9XIobpO4VWnYpXgegRor2pxHWD+DKDL8QpFmisXEFuiK9QFrVVki74fHZ3Ps
H+zcChg71ailveWlCaBES7o2HwqUeBJ+aiMvhUl0QTpL5ZQEQg3Zx5XbFthRaUvn
dC4f4PB5dO55kk/NGhyNHuI0K5t6bJZzdogpaFJL6z5ALmXxN/hDm+FmMhek3+aL
kcZh/6kf1aeIPD6pIW7v+XPkhctQYd757KY9Mv/5VwJXtFOFxRzpocnAdU2ZDgZR
qOtYcW6lXf8Zgx9mxTeoO5khrUfv4/f0LdQsc7gqtzjuxLlD6cCmiZKnrbN2bpl5
3xlYX+amz0kA2az8l/BLZTywIlS1voUVYxftsNvsRjvNh0gBeKRzW/KwZTbZTyAM
AICHY/a1UWOQCrt3+x9Egr1zMOJFVrGKZNFOx4KOZaks18W1ieNe7oOq3qnbAQ15
wm4L1Ui/infb5ABvljrfcfHxBjyanqCwjrZsEt/pJmkyDyu8JTskYED1XT+N9h7r
+Dsp1tQrF0rOrpvDnXt/dJojlxNf4w6F7dRt1HaYBtwVDVKqaj19Eu28HJmS/osr
uKO2/sLwbNJdcTonSsMbDC2eZRelb/rILtv9vamvdmoVdqQBHdWIsnzV+/e6g3Sc
hgXl3LUmbS06SuNyWNE/f3k8kZoRBjdu/Q5uuEMTZoOGrcfM2C16X1Q1JhIgv/5J
Y+y8YrHfNcuWiDCLS5Mcwi1jCNpSiygoVfOwcGPEgbREP3FtGMkLaQumHyLBcFC4
2dereFmK2bx+wFm0xN7WUkiYAnEBs0gtL9cgx5r+zsiDVGsgkQxmoHU5qs0FFyL0
KSvMQ82IBrA5btDRheGZE0HYOsVQpNgnl3qgaTJf65OlprClBMcmWSemSPoFc2sf
f7QkVXB2ZXN0IFNlY3VyaXR5IDxzZWN1cml0eUB1cHZlc3QuY28+iJYEExEIAD4W
IQRwPyzA5LepSx0JlLtJEnjYxA88bQUCXKXXmAIbAwUJB4YfgAULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgAAKCRBJEnjYxA88bTYIAP9prNSqhcV4hQQhe4ZYwnKwkYYt
dFVmrDOlUhbBTMhBdQD/VQiADhz/yNONWdmYNT7bwaEIyQcqbT9wOOXYEhtttrmJ
AjMEEAEIAB0WIQT5dQ/tbAYlQMALYNCX9QUTx4gQpwUCXNwj8wAKCRCX9QUTx4gQ
p/pKD/0RdX3BQbuhvg7RFIkQRwIxBBNCoDH7Um4ZBtcNWWJWhA2GQo755AiHdIdH
IRmb6xxqQMStp4s83FY9kVu4+qMs/W/h2N6GL/vxl3kMZKPf4Th2u5KOZmsWk99c
9M5LyePxj/Yg9kxF7d2v5dCm1a6NRIDc6/WeSXTo9RV9niiGlu01PsLimv7Hp2Jy
kFkV3iAXWn20JkebpUjSKzTxwzmxM7p4r1/eLYUiA/RfyUzRDWYZ87rCAkZZhK0u
O3MyeqKgtqK8dLkWvtTnDcIaevPwNKSt0Kfn73508uKwu1tblb4LJzYuTIckF6+k
o7Wqud7WoTCyebrBTANVkqXrMfKSpPqC2NS6IBTFUSV6aS0OXNbwor/taER6Ae3a
uemHW3tOOYhwxF3KqTlmLbZ+CEMrOREreyGtZGe0LWy74FVzqdZBfd5hThctYKZU
s2VcD5azdqod6r3/9dQY9V6OU9qQY/LVO6U7bH8UdesxfxrWKgfTQe9eUPO/T1Zf
W5PQywf9YevOVI93GiniqZikF7D0aE2Yf88A87BsrDB25xuQ28Vkkwc2z3tA5L4D
RBR1gYNo4N0tJkTs7kcJOIoJ0PzzBarCoL7AhWSsXvUUORtneHrTIHjGiZWgdruN
Ez9SPbDqtv6deTR/zwHuenGhnFqHv2DVOxydVDzQLNwn0ZfXQLkDDQRcpdeYEAwA
lBiQ/Eyp2HSNS3Nr1OUgHFVRznRN3nsJ8sZIZKOl0kk50we4/tsXqLiTEGcRP3p2
v0fcxhiJwmB+6QiaFoSfdW0ZoyFq/k+ZdWm71j2pqITyxM83GSI4MQoFNl9rCIrj
2uL/aE96BXnTrJvk+S/pgcdT4clTbZzpmoeVLs7Mn1wzntKvv7dal0RTWWZaCnIj
rYmTsSYsGyAtkJmcQbUHb0g7JeUXM/AmcvWD9SU3YKYcRAuxeYN4spAMW1Z2TO0H
KdQNv8uIu2hGq+Wec5uw8J83j1HHm2thNJxNaW1wm1+MUdaeFze3MosXWgQ9QQf+
HCxo3fhml9lucL8E4b69JbU0HM26C31lKoDxi6r51NvZPY+pr8JnqexIlPmNpUWJ
Upnne7GX2DviCrkpHKONXDanQfKGWaO24WLw/NO9FR3G5so52rFOskXgmYTT5rg8
t4pQHqDbL/Ey28JDooRVjd5bNNateTWFmMSc3q5WouYibwlkK8uXYpqSm20EthC7
AAMGC/sGrsW7HyMO2stWUEL36EbiYyICamH+n+BdyXv0qhRGk+NAWceB39vtchFY
OCOWwXegKYUtMVlzObc013OZ/li94H4F/RetQZjNF/sHisEMwngJC79NWiw+4Fud
SSNDUWK8/0Yc4rhT69wctWQLor85D9I4XgxajFm4nCy8acf4xTJkgwoP3VIP34Mu
YbdlnjcLzSAYg4BJQ+BEmE9q0O6oRxfACBC0ieUZ50+EyWDr35diJWQ+jHc9IFJb
VuBjU4eZpRTP/OGU5GdAdRuC0/bbdeqry1l37RY8WCEc0ICr0AJsNy0f3KCzBaDJ
aWLzygErq3cY/hVGOyYWN+meup8xw+75U34qweUDiiWjmviVooBLQcIhgaZn2xYh
zFOqlXALWouKfZnm5y96Y7+n8NUb3CmnxqJX7fA824OW8AGTl3x7EqwbJkXXC+uI
kO0w3Yw4IgyDEo4npTxZNYT/ZIrVwzE2vpg+0JH8LKyWbi1WtqzjBEB95Uz6JE/W
dSqB8wCIfgQYEQgAJhYhBHA/LMDkt6lLHQmUu0kSeNjEDzxtBQJcpdeYAhsMBQkH
hh+AAAoJEEkSeNjEDzxt0/8BAIEmstAgJM8YsBizRg7r5Z6xrq1CKfFmgCSiO2CW
KddxAP94zYPgH70mciAEIsc2HZbFu94Bw9P+LJYc9O30rAwfwA==
=gbhl
-----END PGP PUBLIC KEY BLOCK-----
Step 5 Optional: Install and set up a local HTTP signing proxy
Optionally, you can install and set up a local HTTP signing proxy to use tools such as Postman while testing and integrating the Investment API.
Installing the local HTTP signing proxy enables you to call the Investment API endpoints without having to implement signatures on your side. However, we recommend this only for testing in the Sandbox, not the Live environment.
Step 6: Accessing the Investment API
Congratulations! Now you are ready to access the Investment API and discover all the features.
Base URLs
Here you go, below you find the base URL of our servers:
Environment | Base URL |
---|---|
Sandbox | https://sandbox.upvest.co |
Live | https://api.upvest.co |
Go to the API references to find out more.
Was this page helpful?
On This Page
- Step 1: Sign up for the Investment API
- Step 2: Share your data
- Step 3: Prepare a secure API access
- 1. Share your public GPG key
- 2. Generate a key pair for signing HTTP calls
- 3. Collect the public key component of the key pair
- Step 4: Set up a cloud storage bucket
- 1. Set up a cloud storage bucket
- 2. Share your bucket credentials
- 3. Optional: Using the default download bucket
- Upvest public GPG key
- Step 5 Optional: Install and set up a local HTTP signing proxy
- Step 6: Accessing the Investment API
- Base URLs