API Developer Guide
For details on each API call and the data returned see the API Guide.
​
As the flow-chart indicates below, client application interacts with Sophtron API in a sequential order: first, client application makes request with login credentials, and receive response of accounts under the login. Following that client application can request transactions detail with each account, and receive responses correspondingly.
After you have an account follow the Authorization instructions to authorize client application request.
Authorization
Direct API
Sophtron accepts direct API requests with authorization header.
​
An authorization header with bearer is required in the request. The authorization header must be generated with a specific digital signature method.
​
To generate the digital signature, you will need to use your developer account's UserId and Accesskey, which can be found in your Developer Profile.
​
C# Code snippet for how to generate the authorization header:
Complete sample code on how to implement direct API integration is provided here.
Javascript Code snippet for how to generate the authorization header:
Ruby Code snippet for how to generate the authorization header:
OAuth2.0
Sophtron supports OAuth2.0 authorization.
​
To get authorized, you will need to provide ClientId, Shared Secret and RedirectUrl at Developer Profile.
​
Code snippet for fetching oauth2.0 token:
Code Samples on how to implement OAuth2.0 integration are provided here.
Next step, follow the Quick Start instructions to write your integration code.
Quick Start
Direct API Guide
As the direct API flow-chart indicates below, client application interacts with Sophtron Data API in a sequential order.
​
Step 1: Create a UserInstitution (login) by making a request with login information: UserName, Password, PIN (optional) for a specific institution.
Response to the CreateUserInstitution request includes a JobId for tracking purpose.
​
Step 2: Poll the Job with JobId to examine whether the Job's SuccessFlag is true. If not, check the Job information to see if there are MFA questions (security question, token delivery methods, capture images).
​
Step 3: If there are MFA questions, update the Job information with corresponding answers by making requests. Repeat the process until Job's SuccessFlag turns true.
​
Step 4: Once the Job succeeds, make further requests to retrieve accounts found under the UserInstitution.
To retrieve detailed transaction information under each account, make requests to Refresh a UserInstitutionAccount.
​
Step 1: Refresh a UserInstitutionAccount by making a request with accountID. Response to the RefreshUserInstitutionAccount request includes a JobId for tracking purpose.
​
Step 2: Poll the Job with JobId to examine whether the Job's SuccessFlag is true. If not, check the Job information to see if there are MFA questions (security question, token delivery methods, capture images).
​
Step 3: If there are MFA questions, update the Job information with corresponding answers by making requests. Repeat the process until Job's SuccessFlag turns true.
​
Step 4: Once the Job succeeds, make further requests to retrieve transactions found under the UserInstitutionAccount within a given date period.
Details about how to handle MFA questions are provided in the following code snippet.
Complete sample code on how to implement direct API integration are provided here.
OAuth Guide
To get started, you will need to provide ClientId, Shared Secret and RedirectUrl at Developer Profile.
​
Then follow the code snippet below on how to obtain AccessToken and RefreshToken from Sophtron Authorization Server through 'Authorization Code Grant' method.
​
Use the AccessToken to make authorized requests to Sophtron API.
Complete sample code on how to implement OAuth2.0 integration are provided here.
Sample Code
​
Step 1: git clone the sample code to a local folder.
​
Step 2: Sign up at here for a Sophtron account.
​
Step 3: Replace UserId and AccessKey with your developer account's UserId and Accesskey, which can be found in your Developer Profile.
Test Accounts
We provide test accounts for each MFA type to facilitate implementation of integration with Sophtron API.
​
1. Security Question. Choose "Sophtron Bank SecurityQuestion" as InstitutionName. Use dummy credentials and dummy security answer to pass MFA prompt.
​
2. Multiple Security Questions. Choose "Sophtron Bank SecurityQuestion Multiple" as InstitutionName. Use dummy credentials and dummy security answers to pass MFA prompt.
​
3. Token. Choose "Sophtron Bank Token" as InstitutionName. Use dummy credentials and dummy token input to pass MFA prompt.
​
4. Token to read out. Choose "Sophtron Bank TokenRead" as InstitutionName. Use dummy credentials and dummy token input to pass MFA prompt.
​
5. Captcha Image. Choose "Sophtron Bank Captcha" as InstitutionName. Use dummy credentials and dummy captcha input to pass MFA prompt.
​
6. No MFA. Choose "Sophtron Bank NoMFA" as InstitutionName. Use dummy credentials.
​
7. Combined MFA prompts. Choose "Sophtron Bank" as InstitutionName. Use dummy credentials and dummy MFA answers to pass MFA pormpt.