API status

Preparation and start-Up

This tutorial will guide you through the steps that must be completed in order to securely receive API credentials and proceed to the point where you can make authenticated requests against the Investment API.

Upvest holds itself to extremely high security standards, and the steps here are designed to ensure that all connectivity between Upvest and your organisation is secure, from this initial process and throughout your use of the Investment API.

Prerequisites

Please make sure you meet the following conditions before attempting this tutorial.

  • A relationship with Upvest

    If you are not already in discussions with Upvest about using our API, please go directly to our Contact Page.

    We are sorry, but we cannot issue credentials for the Investment API without this.

  • Understand which operating model you are using

    Make sure you know which of the operating models offered by the Upvest Investment API you are planning to use. Please select the correct operating model from the drop-down menu, at the top of this page, as the steps in the tutorial below differ slightly based on this choice.

    You're currently viewing: Take Our License

  • Know who to talk to in your own organisation

    This tutorial will require you to setup cloud storage and generate keys used to encrypt messages sent between your software and the Investment API. Most companies have defined policies for how such keys should be stored and managed.

    Please make sure you have identified the responsible team or person in your organisation and have their support during this tutorial.

Technical setup

If you have completed the prerequisites of this tutorial, you should have been sent a link to an online form entitled "Investment API credentials request".

We will lead you through the tasks required to gather the information you must provide in that form and some essential first steps when you have received your credentials.

Before you can fill out the "Investment API credentials request", you'll need to setup some of the required technical resources in order that you can give us details about them.

  1. Preparing your cryptographic keys

    Create cryptographic keys you can use to share information securely with Upvest.

    -> Preparing your cryptographic keys


  2. Setup of cloud storage bucket

    We'll need shared access to a secure cloud storage bucket in order to share documents securely within the API.

    -> Setup cloud storage buckets

    You should now have the technical details you need to move onto submitting your request for credentials.


  3. Submit credentials request

    Now you should be ready to fill in the "Investment API credentials request" that was sent to you by Upvest at the beginning of this process. If you don't have access to this form, please read the prerequisites above.

    Fill out the provided form with the details we describe in this sub-tutorial.

    -> Submit credentials request


  4. Checking access to the default bucket

    If you opted to use Upvest's "Default Bucket" in the Sandbox environment, you should now have received credentials to do so. If you provided your own bucket you can skip to the next step.

    -> Test default bucket

    Fill out the provided form with the details you've gathered.


  5. HTTP message signing

    To communicate with the Upvest Investment API, you'll need a cryptographic signature in the header of every HTTP Message.

    Setup the convenient HTTP message signing proxy, and plan for messaging signing in your application.

    -> Setup message signing


  6. Setup complete

    Congratulations! Now you are ready to access the Investment API and discover all the features.

Accessing the Investment API

Each environment has a unique URL on which you can access it. The base URLs are:


EnvironmentBase URL
Sandboxhttps://sandbox.upvest.co
Livehttps://api.upvest.co

To access the Investment API you will need the credentials we have provided to you. Specifically, you should now have:

  • a client_id
  • a client_secret

Providing this information in authentication requests allows Upvest to recognise who is making calls to the Investment API.

The client_secret is only used to create an access token which is used for further authentication.

Please note that even this initial request for a token must be made using the HTTP Message signatures detailed in the previous step.

Tokens have an expiry time. It is your responsibility to request a new authentication token before the existing one expires. If you do not do so, you will receive error responses when the token expires.

Was this page helpful?