Upvest complies with the highest security standards both in communication with our customers and in the handling of any data. For this reason, we set the bar high when it comes to the technical structures for working with the Investments API.
In this tutorial, we will walk you through the necessary steps you need to take to set up access to the Investment API. After receiving the credentials from Upvest, you are all set to continue with the authentication process guide.
This guide is valid for both the Sandbox and Live environments. If there are deviations in the implementation for Sandbox, we will explicitly point them out.
Step 1: Sign up for the Investment API
Start your Upvest journey by contacting us.
Next, our team of experts will reach out to you to check all technical and legal aspects. After completion, we will progress with granting you access to the Investment API.
Step 2: Share your data
To make sure you have the right access to the Investment API, we need to collect some basic information from you, such as for which environment (Sandbox or Live) and which operating model (TOL Single Accounts, BYOL Single Accounts or BYOL Omnibus), etc. suits your needs.
For technical communication and urgent notifications about the state of our API, we require a fall-back email address from you. Other key contacts can be set up later (e.g., a technical contact or a contact for accounting).
We need the following information from you:
The necessary information differs depending on the operating model and environment.
- Operating model (TOL Single Accounts, BYOL Single Accounts or BYOL Omnibus)
- Fall-back email address in case of failed webhook delivery
- Public key component of your PGP key
- Public key component of signing key pair
- Cloud storage bucket credentials PGP encrypted using Upvest’s public PGP key and a dummy test file in this bucket to test the connectivity. Setting up a document sharing bucket is optional in the Sandbox environment.
Step 3: Prepare a secure API access
As a client, you need to exchange secrets with Upvest in order to access the Investment API and upload documents.
1. Share your public PGP key
In order to exchange the credentials securely, we ask you to provide us with a public PGP key so that Upvest's onboarding support team can encrypt the credentials and transfer them to you securely.
You will access the Investment API with credentials, consisting of
client_id and a
client_secret; this allows Upvest to recognise who is calling it. The
client_secret is only used to create an access token which is used for further authentication.
2. Generate a key pair for signing HTTP calls
3. Collect the public key component of the key pair
After generating your key pair, collect the public key component. Together with other information you will need to share this with Upvest.
Please note that you have to complete this process twice: for the Sandbox environment and as well for the Live environment. Secrets, signing keys, and document buckets should always be unique between the Sandbox and Live environment.
Step 4: Set up a cloud storage bucket
1. Set up a cloud storage bucket
To share documents securely, for example for user onboarding, we download them directly from a cloud bucket set up on your site. We currently support the following cloud storage providers:
- Amazon AWS
- Microsoft Azure
- Google Cloud
To get progress with your integration work, we strongly recommend that you set up a download bucket on your side at an early stage. We ask you to upload a dummy file to your own bucket and to share the link with us, so that we can test the connectivity before your first calls.
We offer you the possibility to use the default download bucket in the Sandbox environment. If you use our default bucket, you can skip document bucket setup. We got you covered to start your journey with some mocked data and you can integrate your documents bucket later.
2. Share your bucket credentials
For the secure exchange of bucket credentials and the connectivity test dummy file link, we use public-private PGP keys as for all other Upvest secret exchanges. For encryption, you can use Upvest's public PGP key and send the encrypted credentials to firstname.lastname@example.org.
To integrate your document bucket the following credentials are required:
The credentials will then be securely stored in Upvest’s secrets manager, we test the bucket connnectivity using the dummy file you provided and you are all set to start uploading information securely via the Investment API.
3. Optional: Using the default download bucket
The default download bucket is for the Sandbox environment only.
To access the Sandbox environment, we provide a quick start with some mocked data in a bucket managed on our side. The bucket is integrated into the Investment API by default and you are free to use the following files for the corresponding check calls:
The links listed here are only to be used for API calls in the Sandbox environment.
Upvest public PGP key
-----BEGIN PGP PUBLIC KEY BLOCK----- Comment: 703F 2CC0 E4B7 A94B 1D09 94BB 4912 78D8 C40F 3C6D Comment: Upvest Security <email@example.com> xsPuBFyl15gRDAD5zIyo0oi/XIRg7db7uo1UI6tXA/cfcf7RLudLgyrbxgyYCAMA ilWgykipnYEa6KuMDyHuDpcQT/YA+fZ35mIxLASFEhppMBdng9Hf6LKG1IU+FUiW Dw35en5CHtKEA1MTuFO0g3X4ZVQUPm/tzqAStjU8oC3zzE1aShsKT64H9ILQMC5M 8tXcyP6qIaB4v0SkqzpLXtcqS8FG3rcR8nxvzNuz9zJ8YhiCdoRvB3K3nYVm+FRE krWW9YyO0KS6SWTJagSqi/Ejz5mn3q6wjxu30gRDOiHPZbtdhntYVm7KDwWSYZJW MqM6524qy4PrKHpW1IQfYZy+BDx7cg7Tu4O6UaKmWlaI2/UVofU65pPwb6R/EQ1u SlCZzfgRoC4MhWffJBzav0w40kVearMouauWgV6Wnq7HUig/OHHrxUW6xGzNH8o/ hiT4q6+jsgPEJChJUTBM6qEgoX0wrnxYRO5+cfPQEuxa37lOeMEgAM98qe07Ts4i 5HGrcsF+GakmwLcBAJR5C6GWudwcKE/mQ0m4tZM4muJt0LNmkj1q0h2Gc7VVC/4h /S4wcKw/H81rMgBpYxq3du5FBV99iMR8CCBRpBPQ21EBs9k46Z3U579e45HdGDkE kOGA7A7WMZWtRD2lI+C2o8WQns3braOSo1tmmWP4MIxnmlgPCSPIH1ry92vCl+fD l72J9XIobpO4VWnYpXgegRor2pxHWD+DKDL8QpFmisXEFuiK9QFrVVki74fHZ3Ps H+zcChg71ailveWlCaBES7o2HwqUeBJ+aiMvhUl0QTpL5ZQEQg3Zx5XbFthRaUvn dC4f4PB5dO55kk/NGhyNHuI0K5t6bJZzdogpaFJL6z5ALmXxN/hDm+FmMhek3+aL kcZh/6kf1aeIPD6pIW7v+XPkhctQYd757KY9Mv/5VwJXtFOFxRzpocnAdU2ZDgZR qOtYcW6lXf8Zgx9mxTeoO5khrUfv4/f0LdQsc7gqtzjuxLlD6cCmiZKnrbN2bpl5 3xlYX+amz0kA2az8l/BLZTywIlS1voUVYxftsNvsRjvNh0gBeKRzW/KwZTbZTyAM AICHY/a1UWOQCrt3+x9Egr1zMOJFVrGKZNFOx4KOZaks18W1ieNe7oOq3qnbAQ15 wm4L1Ui/infb5ABvljrfcfHxBjyanqCwjrZsEt/pJmkyDyu8JTskYED1XT+N9h7r +Dsp1tQrF0rOrpvDnXt/dJojlxNf4w6F7dRt1HaYBtwVDVKqaj19Eu28HJmS/osr uKO2/sLwbNJdcTonSsMbDC2eZRelb/rILtv9vamvdmoVdqQBHdWIsnzV+/e6g3Sc hgXl3LUmbS06SuNyWNE/f3k8kZoRBjdu/Q5uuEMTZoOGrcfM2C16X1Q1JhIgv/5J Y+y8YrHfNcuWiDCLS5Mcwi1jCNpSiygoVfOwcGPEgbREP3FtGMkLaQumHyLBcFC4 2dereFmK2bx+wFm0xN7WUkiYAnEBs0gtL9cgx5r+zsiDVGsgkQxmoHU5qs0FFyL0 KSvMQ82IBrA5btDRheGZE0HYOsVQpNgnl3qgaTJf65OlprClBMcmWSemSPoFc2sf f80kVXB2ZXN0IFNlY3VyaXR5IDxzZWN1cml0eUB1cHZlc3QuY28+wpYEExEIAD4C GwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRwPyzA5LepSx0JlLtJEnjYxA88 bQUCZILp7AUJDYCs1AAKCRBJEnjYxA88bRWjAP9RxlvyHAppNwvOjMpGILMI1g3b pwzlZaKg8v2Mj49tZgD/Y6R0vn+prLk3pg5RMM2U+IVefRhvURvf+2wk11GLAWHC lgQTEQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBHA/LMDkt6lLHQmU u0kSeNjEDzxtBQJkDtvuBQkLK2tWAAoJEEkSeNjEDzxtmZIA/j4pQndKVZhJBTq2 BupXlk1x3D1Kibqh7uvhsNCI92hvAP0XcIG0SYTlPaW9rNPs86RoY+aI2GqDJW6s jXYpHBsiiMKWBBMRCAA+FiEEcD8swOS3qUsdCZS7SRJ42MQPPG0FAlyl15gCGwMF CQeGH4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQSRJ42MQPPG02CAD/aazU qoXFeIUEIXuGWMJysJGGLXRVZqwzpVIWwUzIQXUA/1UIgA4c/8jTjVnZmDU+28Gh CMkHKm0/cDjl2BIbbba5zsJNBFyl15gQDACUGJD8TKnYdI1Lc2vU5SAcVVHOdE3e ewnyxkhko6XSSTnTB7j+2xeouJMQZxE/ena/R9zGGInCYH7pCJoWhJ91bRmjIWr+ T5l1abvWPamohPLEzzcZIjgxCgU2X2sIiuPa4v9oT3oFedOsm+T5L+mBx1PhyVNt nOmah5UuzsyfXDOe0q+/t1qXRFNZZloKciOtiZOxJiwbIC2QmZxBtQdvSDsl5Rcz 8CZy9YP1JTdgphxEC7F5g3iykAxbVnZM7Qcp1A2/y4i7aEar5Z5zm7DwnzePUceb a2E0nE1pbXCbX4xR1p4XN7cyixdaBD1BB/4cLGjd+GaX2W5wvwThvr0ltTQczboL fWUqgPGLqvnU29k9j6mvwmep7EiU+Y2lRYlSmed7sZfYO+IKuSkco41cNqdB8oZZ o7bhYvD8070VHcbmyjnasU6yReCZhNPmuDy3ilAeoNsv8TLbwkOihFWN3ls01q15 NYWYxJzerlai5iJvCWQry5dimpKbbQS2ELsAAwYL+wauxbsfIw7ay1ZQQvfoRuJj IgJqYf6f4F3Je/SqFEaT40BZx4Hf2+1yEVg4I5bBd6AphS0xWXM5tzTXc5n+WL3g fgX9F61BmM0X+weKwQzCeAkLv01aLD7gW51JI0NRYrz/RhziuFPr3By1ZAuivzkP 0jheDFqMWbicLLxpx/jFMmSDCg/dUg/fgy5ht2WeNwvNIBiDgElD4ESYT2rQ7qhH F8AIELSJ5RnnT4TJYOvfl2IlZD6Mdz0gUltW4GNTh5mlFM/84ZTkZ0B1G4LT9tt1 6qvLWXftFjxYIRzQgKvQAmw3LR/coLMFoMlpYvPKASurdxj+FUY7JhY36Z66nzHD 7vlTfirB5QOKJaOa+JWigEtBwiGBpmfbFiHMU6qVcAtai4p9mebnL3pjv6fw1Rvc KafGolft8Dzbg5bwAZOXfHsSrBsmRdcL64iQ7TDdjDgiDIMSjielPFk1hP9kitXD MTa+mD7QkfwsrJZuLVa2rOMEQH3lTPokT9Z1KoHzAMJ+BBgRCAAmAhsMFiEEcD8s wOS3qUsdCZS7SRJ42MQPPG0FAmSC6XAFCQ2ArFgACgkQSRJ42MQPPG3D2QEAiaax /0GfH7aUHSl5Y/uiS386jqxzW3sExbXNqC4BfyABAIBpY5DuP5W5NsouLnlrGbMx H/vLWHE/+fjwbMI0M83mwn4EGBEIACYCGwwWIQRwPyzA5LepSx0JlLtJEnjYxA88 bQUCZA7cDQUJCytrdQAKCRBJEnjYxA88bf6DAP4hnypwxuAGRvNFFJZTyWSNa5sa YR2MrRBKzQpf1q/bzwD/cg3vwHdl96IdKPy+ixAjuFlLjSUFR+nPKuIbovIAcH3C fgQYEQgAJhYhBHA/LMDkt6lLHQmUu0kSeNjEDzxtBQJcpdeYAhsMBQkHhh+AAAoJ EEkSeNjEDzxt0/8BAIEmstAgJM8YsBizRg7r5Z6xrq1CKfFmgCSiO2CWKddxAP94 zYPgH70mciAEIsc2HZbFu94Bw9P+LJYc9O30rAwfwA== =WMqK -----END PGP PUBLIC KEY BLOCK-----
Step 5 Optional: Install and set up a local HTTP signing proxy
Installing the local HTTP signing proxy enables you to call the Investment API endpoints without having to implement signatures on your side. However, we recommend this only for testing in the Sandbox, not the Live environment.
Step 6: Accessing the Investment API
Congratulations! Now you are ready to access the Investment API and discover all the features.
Here you go, below you find the base URL of our servers:
Go to the API references to find out more.
Was this page helpful?