Introduction
The Transactions API is a set of basic services used to retrieve and manage the information related to any and all financial actions performed by a customer with a specific financial institution (FI).
Transactions are the movement of funds from one account to another. They're quite literally the lifeblood of a financial institution. The records of these transactions are vital to your business and critical to the financial health of your customers. The record of a customer's identity is who they are, and the record of their accounts represents what they have. Transactions are records of what they do.
The Transaction service enables customers of a financial institution to:
Ensure the right amounts are going to the right accounts, payments, vendors, etc.
Check for cleared and pending transactions, giving an accurate snapshot of financial health
Find and report fraudulent or inaccurate transactionsReview spending history over time, determine trends, set budgets and future plans
It enables the FI to:
Watch for fraudulent activity and ensure security of systems
Untangle disputes between customers and vendors, providers, or payees
Review spending trends to determine new or additional product offerings
It enables developers to:
Provide a central set of services to manage transaction history records, fetch by criteria, clear cache, get data for ancillary records like images and running balances
Key features and target audience
The Transactions API Technical Documentation in the API Specs section fully describes the endpoints, header values, parameters, and responses.
Below is an overview of the API capabilities:
Retrieve transaction records from FI host systems for any account
Transactions can be retrieved by FI customer, which can be a person or a business
Start and End Date parameters allow setting the range of transactions to be retrieved
Future Transactions (pending) can be retrieved if wished using a separate parameter
Business Banking user IDs can be retrieved per transaction for additional calls
Additional fields are available if requested
At present, the Time Zone and Time Zone Offset of transactions can be retrieved.
Other additional fields may be added in future versions of the API
If a transaction is associated with an image (Check or Deposit Slip), the image identifier can be retrieved
A separate call using these identifiers can retrieve the image files
The API also calculates a running balance for the account, per transaction
Returning the running balance is configurable - can be turned on or off.
The running balance can be displayed alongside transactions if desired.
- Used for trusted server-side applications
- Sending a request passes a key-and-secret pair assigned to your application
- Since the token is issued in the context of a Financial Institution (FI) rather than a user, no end-user login is required
- Response provides the Bearer Token to be used to call other DevEx APIs
Onboarding
Enim senectus in eget bibendum donec. Mauris urna lorem et aenean. Justo auctor vel phasellus tellus tincidunt et. Ullamcorper pretium ipsum.
Ante euismod vitae morbi nisi. Commodo mauris tincidunt arcu odio hendrerit ut pulvinar lectus laoreet. Odio odio nunc iaculis sed id tempor et. Aliquam tortor quis ipsum id blandit nunc sit etiam. Sed eget libero dui quam cras.
API Access
Two unique PrimaryBid Connect API client accounts will be created and granted upon sign-off on all legal and compliance Partnership agreements.
The API client accounts include a set of credential strings (ID and secret) used to authenticate requests to the PrimaryBid Connect API on our Staging and Production environments.
Authentication
Authentication proves that you are who you say you are. Authentication tokens identify a user (the person using the app or site).
You‘ll need the following items to set up basic authentication:
- Developer Experience account
- Sandbox environment with an organization
- Shared Key
- Secret Key
Generating your Secret Key
You’ll need a bearer token or an API security key to authenticate API calls. A secret key serves as a secure token to authenticate and authorize requests. Unauthorized use of a secret key could potentially cause a security breach. Thes ecret key holds the error token used to access real data through the API.
Visit our guide on authentication to learn more.
Before you begin, you‘ll require a unique client_id and client_secret for your app. Notify your implementation manager or PossibleNOW Support atsupport@possiblenow.com to request an OAuth client_id and client_secret. Include your My Preferences Client ID and the environment (staging (sandbox) or production) for which you want to generate the credentials in your request.
These credentials must be treated securely.
Auth Flow
- Sit lacus duis quisque nulla ultrices dignissim tristique amet sed.
- Et pretium ante vitae et sit at.
- Fusce arcu non semper tortor nunc. Urna justo cras feugiat interdum ut quam augue.
Getting Started
While the technical documentation in the API Specs section describes the endpoints (or ways to call the API with different parameters to execute different actions), the following provides a simplified list of use cases for Authentication:
The service available through the Candescent Digital Banking Developer Portal (providestokens for two different grant types.
Client Credentials
- Used for trusted server-side applications
- Sending a request passes a key-and-secret pair assigned to your application
- Since the token is issued in the context of a Financial Institution (FI) rather than a user, no end-user login is required
- Response provides the Bearer Token to be used to call other DevEx APIs
Password
- Best for first-party native applications (such as the FI’s own mobile application)
- Request is sent with key-and-secret pair plus the customer’s username and password
- Response provides Bearer Token to be used to call other DevEx APIs
