API status

Preparing cryptographic keys

As a client, you need to exchange secrets with Upvest in order to access the Investment API and upload documents.

Prerequisites

  • Support of your IT security team

    Cryptographic key generation and storage is typically subject to strict controls within organisations. Please make sure you are aware of your company's policies and have the support of your IT security team before continuing.

Implementation steps

Please complete the following steps to ensure that you have the correct keys setup up to work with the Upvest Investment API.

  1. Create a PGP key

    First, create a PGP key we can use when communicating credentials to you.

    Make sure you have a PGP key that you can share with us so that Upvest's onboarding support team can encrypt your credentials for the Upvest Investment API and transfer them to you securely.


    To learn how to generate a PGP key pair in order to provide it to us, go to the 'PGP Keys' guide. Here, we show you step by step how to do this.

    We will only require the public part of your PGP key-pair, which is designed to be shared as plain text without creating a security problem. It is very important that you retain the private key securely and do not share it with Upvest or anyone else.


  2. Generate a second key pair

    The second key pair is for signing HTTP calls.

    When interacting with the Upvest Investment API, you will be required to include cryptographic message signatures in the header portion of each HTTP request. We use HTTP signatures to ensure the call is actually coming from your client backend and has not been tampered with on the way.

    You will need to create a separate key pair for signing HTTP requests. In this instance we have strict requirements for the nature of this key-pair. You may only use one of the following two key types:


    Initially you will provide us with keys you will use for signing requests to the Sandbox environment. Later, you will have to repeat this process for the live environment. Secrets, signing keys, and document buckets should always be unique between the Sandbox and Live environment.


You should now have two public keys ready to be transferred to Upvest later.

Next steps

Return to the "Getting Started" tutorial and continue at Setup of Cloud Storage Bucket.

Was this page helpful?