top of page

API Developer Guide

For details on each API call and the data returned see the API Guide.

​

As the flow-chart indicates below, client application interacts with Sophtron API in a sequential order: first, client application makes request with login credentials, and receive response of accounts under the login. Following that client application can request transactions detail with each account, and receive responses correspondingly.

overview.png

After you have an account follow the Authorization instructions to authorize client application request.

Authorization

Direct API

Sophtron accepts direct API requests with authorization header.

​

An authorization header with bearer is required in the request. The authorization header must be generated with a specific digital signature method.

​

To generate the digital signature, you will need to use your developer account's UserId and Accesskey, which can be found in your Developer Profile.

​

C# Code snippet for how to generate the authorization header:

directapi_auth.png

Complete sample code on how to implement direct API integration is provided here.

Javascript Code snippet for how to generate the authorization header:

directapi_auth_javascript.png

Ruby Code snippet for how to generate the authorization header:

directapi_auth_ruby.png
OAuth2.0

Sophtron supports OAuth2.0 authorization.

​

To get authorized, you will need to provide ClientId, Shared Secret and RedirectUrl at Developer Profile.

​

Code snippet for fetching oauth2.0 token:

oauth_code.png

Code Samples on how to implement OAuth2.0 integration are provided here.

 

Next step, follow the Quick Start instructions to write your integration code.

Quick Start

Direct API Guide

As the direct API flow-chart indicates below, client application interacts with Sophtron Data API in a sequential order.

​

Step 1: Create a UserInstitution (login) by making a request with login information: UserName, Password, PIN (optional) for a specific institution.


Response to the CreateUserInstitution request includes a JobId for tracking purpose.

​

Step 2: Poll the Job with JobId to examine whether the Job's SuccessFlag is true. If not, check the Job information to see if there are MFA questions (security question, token delivery methods, capture images).

​

Step 3: If there are MFA questions, update the Job information with corresponding answers by making requests. Repeat the process until Job's SuccessFlag turns true.

​

Step 4: Once the Job succeeds, make further requests to retrieve accounts found under the UserInstitution.

create_userinsitution.png

To retrieve detailed transaction information under each account, make requests to Refresh a UserInstitutionAccount.

​

Step 1: Refresh a UserInstitutionAccount by making a request with accountID. Response to the RefreshUserInstitutionAccount request includes a JobId for tracking purpose.

​

Step 2: Poll the Job with JobId to examine whether the Job's SuccessFlag is true. If not, check the Job information to see if there are MFA questions (security question, token delivery methods, capture images).

​

Step 3: If there are MFA questions, update the Job information with corresponding answers by making requests. Repeat the process until Job's SuccessFlag turns true.

​

Step 4: Once the Job succeeds, make further requests to retrieve transactions found under the UserInstitutionAccount within a given date period.

refresh_account.png

Details about how to handle MFA questions are provided in the following code snippet.

mfa.png

Complete sample code on how to implement direct API integration are provided here.

OAuth Guide

To get started, you will need to provide ClientId, Shared Secret and RedirectUrl at Developer Profile.

​

Then follow the code snippet below on how to obtain AccessToken and RefreshToken from Sophtron Authorization Server through 'Authorization Code Grant' method.

​

Use the AccessToken to make authorized requests to Sophtron API.

Complete sample code on how to implement OAuth2.0 integration are provided here.

Sample Code

Github Source Code

​

Step 1: git clone the sample code to a local folder.

​

Step 2: Sign up at here for a Sophtron account.

​

Step 3: Replace UserId and AccessKey with your developer account's UserId and Accesskey, which can be found in your Developer Profile.

Test Accounts

We provide test accounts for each MFA type to facilitate implementation of integration with Sophtron API.

​

1. Security Question. Choose "Sophtron Bank SecurityQuestion" as InstitutionName. Use dummy credentials and dummy security answer to pass MFA prompt.

​

2. Multiple Security Questions. Choose "Sophtron Bank SecurityQuestion Multiple" as InstitutionName. Use dummy credentials and dummy security answers to pass MFA prompt.

​

3. Token. Choose "Sophtron Bank Token" as InstitutionName. Use dummy credentials and dummy token input to pass MFA prompt.

​

4. Token to read out. Choose "Sophtron Bank TokenRead" as InstitutionName. Use dummy credentials and dummy token input to pass MFA prompt.

​

5. Captcha Image. Choose "Sophtron Bank Captcha" as InstitutionName. Use dummy credentials and dummy captcha input to pass MFA prompt.

​

6. No MFA. Choose "Sophtron Bank NoMFA" as InstitutionName. Use dummy credentials.

​

7. Combined MFA prompts. Choose "Sophtron Bank" as InstitutionName. Use dummy credentials and dummy MFA answers to pass MFA pormpt.

bottom of page