Transactions v0.8.1

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

The Transactions API allows bank customers to view the transactions history associated with a banking account. The client may filter the transaction history by date, amount, transaction type, and other criteria. The transaction response is paginated since there may be many thousands of transactions for an account.

Transactions have a type which indicates if the item is a balance transaction which establishes the account's balance, or a debit, or a credit transaction. Examples of debit transactions are checks drawn against an account, withdrawals, transfers from the account, fees, and adjustments. Examples of credit transactions are deposits, transfers to the account, interest, and adjustments. Check transactions include the check number and links to the check front and back images.

Some transactions, such as ACH transfers or debit card payments, include information about the merchant, such as the merchant name, the merchant's website URL, and logo URL if available.

Transactions also have a memo descriptive field which the customer can change. Each non-balance transaction can also be assigned to a category. The customer can edit their list of custom transaction categories. There is also a pre-defined list of fixed categories. (Category management is to be designed.)

Note: The financial institution may limit transaction history to the last 12 months of data.

Download OpenAPI Definition (YAML)

Base URLs:

https://api.apiture.com/banking

Email: Apiture Web: Apiture

License: Apiture API License

Authentication

API Key (apiKey)
- header parameter: API-Key
- API Key based client identification. See details at Secure Access.

OpenID Connect authentication (accessToken)
- OpenId Connect (OIDC) authentication/authorization. The client uses the authorization_endpoint and token_endpoint to obtain an access token to pass in the Authorization header. Those endpoints are available via the OIDC Configuration URL. The actual URL may vary with each financial institution. See details at Secure Access.
- OIDC Configuration URL = https://oidc.apiture.com/oidc/.well-known/oidc-configuration

Transactions

Banking Account Transactions

listTransactions

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/banking/accounts/{accountId}/transactions \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.apiture.com/banking/accounts/{accountId}/transactions HTTP/1.1
Host: api.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/banking/accounts/{accountId}/transactions',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/banking/accounts/{accountId}/transactions',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.apiture.com/banking/accounts/{accountId}/transactions',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.apiture.com/banking/accounts/{accountId}/transactions', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/banking/accounts/{accountId}/transactions");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/banking/accounts/{accountId}/transactions", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return a collection of transactions

GET https://api.apiture.com/banking/accounts/{accountId}/transactions

Return a paginated collection of transaction history for this internal account. The nextPage_url link in the response, if present, is a pagination link to the next page of transactions for the given filters.

This operation returns a 403 Forbidden error if the customer does not have view permissions in the account.allows object, or a 422 Unprocessable Entity if called on an external account.

The default response lists only recent transactions. Normally, this is transactions for the most recent 30 days, although for high-volume accounts, it may be a shorter period.

Parameters

Parameter	Description
`start`	`string` The location of the next item in the collection. This is an opaque cursor supplied by the API service. Omit this to start at the beginning of the collection. The client does not define this value; the API services automatically pass the `?start=` parameter on the `nextPage_url`. Default: `""` `maxLength: 256`
`limit`	`integer(int32)` The maximum number of items to return in this paged response. Default: `100` `minimum: 0` `maximum: 10000`
`occurredOn`	`string` Return only transactions whose `occurredOn` date is in this date range. Dates ranges use dates expressed in `YYYY-MM-DD` RFC 3339 `date` format. Each account has an implicit default transaction history range of n days. This is normally 30 days but may be shorter for accounts with high activity. This n day period is applied to any unbounded date ranges. The default date range is the most recent n days. Example date ranges: `2023-05-19` match transactions occurring on May 19, 2023. `[2023-05-01,2023-05-31]` match transactions occurring between May 1 and 31, 2023, inclusive `[2023-05-01,2023-06-01)` match transactions occurring in May, 2023 (on or after May 1, but before June 1) `[2023-05-09,]` match transactions n days on or after May 9, 2023 `(2023-05-09,)` match transactions n days after May 9, 2023 `[,2023-05-09]` match transactions n days on or before May 9, 2023 `(,2023-05-09)` match transactions n days before but excluding May 9, 2023 `pattern: ^\d{4}-\d{2}-\d{2}\|([[(](\d{4}-\d{2}-\d{2},(\d{4}-\d{2}-\d{2})?\|,\d{4}-\d{2}-\d{2})[)\]])$`
`posted`	`boolean` Limit transactions in the response based on the transaction's `posted` value. If `true`, include only posted transactions. If `false`, include only non-posted transactions. If omitted, do not filter based on `posted`.
`createdOn`	`dateRange` Return only transactions whose `createdOn` date is in this date range. Example date ranges are the same format as the `occurredOn` query parameter. Warning: The parameter `createdOn` was deprecated on version `v0.6.0` of the API. Use the `?occurredOn=` query parameter instead. `createdOn` will be removed on version `v0.9.0` of the API. `pattern: ^\d{4}-\d{2}-\d{2}\|([[(](\d{4}-\d{2}-\d{2},(\d{4}-\d{2}-\d{2})?\|,\d{4}-\d{2}-\d{2})[)\]])$`
`postedOn`	`dateRange` Return only transactions whose `postedOn` date is in this date range. Example date ranges are the same format as the `occurredOn` query parameter. Warning: The parameter `postedOn` was deprecated on version `v0.6.0` of the API. Use the `?occurredOn=` query parameter instead. `postedOn` will be removed on version `v0.9.0` of the API. `pattern: ^\d{4}-\d{2}-\d{2}\|([[(](\d{4}-\d{2}-\d{2},(\d{4}-\d{2}-\d{2})?\|,\d{4}-\d{2}-\d{2})[)\]])$`
`category`	`array[string]` Filter transactions to only those whose `category` is in this pipe-separated list. Categories are set by a transaction cleansing service or assigned by the account holder. Categories can include names such as `"Shopping"`, `"Deposit"`, `"Bill"`, `"Transfer"`, or `"Other"`. `unique items` `minItems: 1` `maxItems: 16` `pipe-delimited` items: » `minLength: 1` » `maxLength: 64`
`type`	`array[string]` Filter transactions to only those whose `type` is in this pipe-separated list. `unique items` `minItems: 1` `maxItems: 4` `pipe-delimited` items: » enum values: `balance`, `debit`, `credit`
`subtype`	`array[string]` Filter transactions to only those whose `subtype` is in this pipe-separated list. `unique items` `minItems: 1` `maxItems: 2` `pipe-delimited` items: » enum values: `check`, `other`
`amount`	`amountRange` Return only transactions whose `amount` is in this numeric range. This compares only the absolute value of the transaction. That is, the value `[1000.00,1100.00)` will match either a debit of `-1070.25` or a credit of `1021.90`. Some examples of specifying an amount range: `1200.50` match the dollar amount 1,200.50 exactly `[1000.00,1200.00)` matches items where `1000.00 <= amount < 1200.00` `[1000.00,1199.99]` matches items where `1000.00 <= amount <= 1199.99` `(999.99,1200.00]` matches items where `999.99 < amount <= 1200.00` `[1200.50,]` matches items where `amount >= 1200.50` `(1200.50,)` matches items where `amount > 1200.50` `[,1200.50]` matches items where `amount <= 1200.50` `(,1200.50)` matches items where `amount < 1200.50` `pattern: ^((\d+(\.\d{0,2})?)\|([\[$](((\d+(\.\d{0,2})?),((\d+(\.\d{0,2})?))?)\|(,(\d+(\.\d{0,2})?)))[\]$]))$`
`checkNumber`	`checkNumberRange` Return only transactions whose `check.number` is in this integer range. Examples: `1200` match the integer 1,200 exactly `[1000,1200)` matches items where `1000 <= number < 1200` `[1000,1199]` matches items where `1000 <= number <= 1199` `(999,1200]` matches items where `999 < number <= 1200` `[1200,]` matches items where `number >= 1200` `(1200,)` matches items where `number > 1200` `[,1200]` matches items where `number <= 1200` `(,1200)` matches items where `number < 1200` `pattern: ^\d+\|([[(](\d+,(\d+)?\|,\d+)[)\]])$`
`retryCount`	`integer` When retrying the operation, pass the `retryCount` from the `incompleteTransactions` response. `minimum: 1` `maximum: 10`
`accountId`	`resourceId` (required) The unique identifier of this account resource. This is an opaque string. `minLength: 6` `maxLength: 48` `pattern: ^[-_:.~$a-zA-Z0-9]+$`

Example responses

200 Response

{
  "start": "d1b48af913464aa49fcb07065dcc0616",
  "limit": 10,
  "nextPage_url": "https://production.api.apiture.com/banking/accounts/c9fc25b47d52916fc9ad/transactions?start=6117a4dcefb841cab7316cef1ac8b58c&limit=10",
  "count": 2381,
  "items": [
    {
      "id": "d62c0701-0d74",
      "type": "balance",
      "occurredOn": "2023-06-18",
      "amount": "0.00",
      "posted": true,
      "balance": "8509.38"
    },
    {
      "id": "88f5bf17-ecc4",
      "type": "debit",
      "subtype": "check",
      "occurredOn": "2023-06-18",
      "memo": "Paid electric bill",
      "merchant": {
        "name": "B&T's Excellent Electric Co.",
        "website_url": "https://BillTedsExcellentElectricCompany.example.com/",
        "logo_url": "https://BillTedsExcellentElectricCompany.example.com/img/logos/medium.png"
      },
      "amount": "1276.21",
      "posted": true,
      "balance": "8509.38",
      "category": {
        "label": "Utilities",
        "id": "127"
      },
      "check": {
        "number": 8412,
        "imageFront_url": "/accounts/1d16e438-18e0/transactions/88f5bf17-ecc4/images/front/content",
        "imageBack_url": "/accounts/1d16e438-18e0/transactions/88f5bf17-ecc4/images/back/content"
      }
    }
  ]
}

Responses

Status	Description
200	OK
	OK.
	Schema: `transactions`
202	Accepted
	Accepted. The service accepted the request but could not list the transactions for the date range in a reasonable amount of time. The system continues fetching the transactions so that they are available after one or more retries. Try the call again after the time in the `Retry-After` response header has passed, passing the value of the `retryCount` from the `incompleteTransactions` response as `retryCount` query parameter with. If there is no `Retry-After` response header, the client has reached its maximum number of tries and should not retry the operation. If the system is unable to fetch the transactions after several attempts, the call returns 504 Gateway Timeout.
	Schema: `incompleteTransactions`
Header	`Retry-After` `string`
	Indicates an absolute time, in HTTP `date-time` format, UTC or a delay in seconds (a non-negative integer) after which the client may retry the operation. See RFC7231: Retry-After Examples: `Retry-After: 5` `Retry-After: Mon, 03 May 2022 23:59:59 GMT`

Status Description

400 Bad Request

Status	Description
400	Bad Request
	Bad Request. The request body, request headers, and/or query parameters are not well-formed. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/badRequest/v1.0.0` The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.
	Schema: `problemResponse`

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: problemResponse

Status	Description
401	Unauthorized
	Unauthorized. The operation require authentication but none was given. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/unauthorized/v1.0.0` The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request. `https://production.api.apiture.com/errors/sessionExpired/v1.0.0` The user's session has expired. Remediation: Re-authenticate the user to get a new access token or other authorization. `https://production.api.apiture.com/errors/additionalAuthenticationRequired/v1.0.0` Additional authentication, such as multi-factor authentication, required. Remediation: Complete the additional factors as per the `WWW-Authenticate` response header and add an additional `Authorization` to the call. `https://production.api.apiture.com/errors/loginIncomplete/v1.0.0` The user is correctly authenticated but additional actions are required for activating their login session. Remediation: Instruct the user to complete the additional actions to activate their login session. `https://production.api.apiture.com/errors/passwordChangeRequired/v1.0.0` The user must change their password. Remediation: Instruct the user to change their password or other login credentials. `https://production.api.apiture.com/errors/invalidCsrfToken/v1.0.0` The CSRF token is invalid. Remediation: The client application is not correctly configured to send CSRF.
	Schema: `problemResponse`
Header	`WWW-Authenticate` `string`
	Optionally indicates the authentication scheme(s) and parameters applicable to the target resource/operation. This normally occurs if the request requires authentication but no authentication was passed. A 401 Unauthorized response may also be used for operations that have valid credentials but which require step-up authentication.

Status Description

403 Forbidden

Status	Description
403	Forbidden
	Forbidden. The authenticated caller is not authorized to perform the requested operation. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/forbidden/v1.0.0` The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation. `https://production.api.apiture.com/errors/customerDisabled/v1.0.0` The customer is disabled. Remediation: Have the customer contact the financial institution for support. `https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0` The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software. `https://production.api.apiture.com/errors/modificationForbidden/v1.0.0` The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
	Schema: `problemResponse`

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.

Schema: problemResponse

Status	Description
404	Not Found
	Not Found. There is no such banking account resource at the specified `{accountId}` or the customer does not have entitlement to that account.
	Schema: `problemResponse`

Status Description

422 Unprocessable Entity

Unprocessable Entity. The request body and/or query parameters were well formed but otherwise invalid.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/transactionsForInternalAccountOnly/v1.0.0
Transactions are not available for external accounts. Remediation: Request transactions only for internal accounts.

Schema: problemResponse

Status Description

429 Too Many Requests

Status	Description
429	Too Many Requests
	Too Many Requests. The client has sent too many requests in a given amount of time. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/tooManyRequests/v1.0.0` The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.
	Schema: `problemResponse`

Too Many Requests. The client has sent too many requests in a given amount of time.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/tooManyRequests/v1.0.0
The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.

Schema: problemResponse

Status Description

504 Gateway Time-out

Status	Description
504	Gateway Time-out
	Gateway Timeout. The server did not receive a timely response from an upstream server it needed to access in order to complete the request. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/gatewayTimeout/v1.0.0` The server did not receive a timely response from an upstream server it needed to access in order to complete the request. Remediation: Wait a few minutes and try again, or gracefully fail the client request.
	Schema: `problemResponse`

Gateway Timeout. The server did not receive a timely response from an upstream server it needed to access in order to complete the request.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/gatewayTimeout/v1.0.0
The server did not receive a timely response from an upstream server it needed to access in order to complete the request. Remediation: Wait a few minutes and try again, or gracefully fail the client request.

Schema: problemResponse

Transaction Categories

Banking Account Transaction Categories

listTransactionCategories

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/banking/transactionCategories \
  -H 'Accept: application/json' \
  -H 'If-None-Match: string' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.apiture.com/banking/transactionCategories HTTP/1.1
Host: api.apiture.com
Accept: application/json
If-None-Match: string

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'If-None-Match':'string',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/banking/transactionCategories',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json',
  'If-None-Match':'string',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/banking/transactionCategories',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'If-None-Match' => 'string',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.apiture.com/banking/transactionCategories',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'If-None-Match': 'string',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.apiture.com/banking/transactionCategories', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/banking/transactionCategories");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "If-None-Match": []string{"string"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/banking/transactionCategories", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return a collection of transaction categories

GET https://api.apiture.com/banking/transactionCategories

Return a collection of transaction categories. The response is limited to 1,000 categories.

This is a conditional operation when the If-None-Match header is used. If the client has a transactionCategories response and the ETag returned from a previous call, this operation returns a 304 Not Modified if called again when the categories collection has not changed.

Parameters

Parameter	Description
`If-None-Match`	`string` The entity tag that was returned in the `ETag` response header of a previous call. If the resource's current entity tag value matches this header value, the `GET` will return 304 (Not Modified) and no response body, else the current resource representation and updated `ETag` is returned. `maxLength: 512`

Example responses

200 Response

{
  "items": [
    {
      "id": "ef7958260dce34abddb7",
      "label": "Groceries",
      "type": "debit"
    },
    {
      "id": "f24096860ebf1383e202",
      "label": "Dining",
      "type": "debit"
    },
    {
      "id": "33c3d38ca0a744b8d903",
      "label": "Entertainment",
      "type": "debit"
    }
  ]
}

Responses

Status	Description
200	OK
	OK.
	Schema: `transactionCategories`
Header	`ETag` `string`
	The value of this resource's entity tag, to be passed with `If-Match` and `If-None-Match` request headers in other conditional API calls for this resource.

Status	Description
304	Not Modified
	Not Modified. The resource has not been modified since it was last fetched.

Status Description

400 Bad Request

Status	Description
400	Bad Request
	Bad Request. The request body, request headers, and/or query parameters are not well-formed. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/badRequest/v1.0.0` The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.
	Schema: `problemResponse`

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: problemResponse

Status	Description
401	Unauthorized
	Unauthorized. The operation require authentication but none was given. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/unauthorized/v1.0.0` The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request. `https://production.api.apiture.com/errors/sessionExpired/v1.0.0` The user's session has expired. Remediation: Re-authenticate the user to get a new access token or other authorization. `https://production.api.apiture.com/errors/additionalAuthenticationRequired/v1.0.0` Additional authentication, such as multi-factor authentication, required. Remediation: Complete the additional factors as per the `WWW-Authenticate` response header and add an additional `Authorization` to the call. `https://production.api.apiture.com/errors/loginIncomplete/v1.0.0` The user is correctly authenticated but additional actions are required for activating their login session. Remediation: Instruct the user to complete the additional actions to activate their login session. `https://production.api.apiture.com/errors/passwordChangeRequired/v1.0.0` The user must change their password. Remediation: Instruct the user to change their password or other login credentials. `https://production.api.apiture.com/errors/invalidCsrfToken/v1.0.0` The CSRF token is invalid. Remediation: The client application is not correctly configured to send CSRF.
	Schema: `problemResponse`
Header	`WWW-Authenticate` `string`
	Optionally indicates the authentication scheme(s) and parameters applicable to the target resource/operation. This normally occurs if the request requires authentication but no authentication was passed. A 401 Unauthorized response may also be used for operations that have valid credentials but which require step-up authentication.

Status Description

403 Forbidden

Status	Description
403	Forbidden
	Forbidden. The authenticated caller is not authorized to perform the requested operation. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/forbidden/v1.0.0` The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation. `https://production.api.apiture.com/errors/customerDisabled/v1.0.0` The customer is disabled. Remediation: Have the customer contact the financial institution for support. `https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0` The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software. `https://production.api.apiture.com/errors/modificationForbidden/v1.0.0` The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
	Schema: `problemResponse`

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.

Schema: problemResponse

Status	Description
422	Unprocessable Entity
	Unprocessable Entity. The request body and/or query parameters were well formed but otherwise invalid.
	Schema: `problemResponse`

Schemas

amountRange

"[1000.00,1200.00)"

Amount Range (v1.2.1)

A monetary amount range, supporting inclusive or exclusive endpoints. The value may have the following forms:

1200.50 match the dollar amount 1,200.50 exactly
[1000.00,1200.00) matches items where 1000.00 <= amount < 1200.00
[1000.00,1199.99] matches items where 1000.00 <= amount <= 1199.99
[999.99,1200.00] matches items where 999.99 < amount < 1200.00
[1200.50,] matches items where amount >= 1200.50
(1200.50,) matches items where amount >= 1200.50
[,1200.50] matches items where amount <= 1200.50
(,1200.50) matches items where amount < 1200.50

Type: string
pattern: ^((\d+(.\d{0,2})?)|([([])]))$

apiProblem

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/accountNotFound/v1.0.0",
  "title": "Account Not Found",
  "status": 422,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "No account exists at the given account_url",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

API Problem (v1.1.0)

API problem or error, as per RFC 7807 application/problem+json.

Properties

Name	Description
`type`	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`.
`title`	`string` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`.
`status`	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
`detail`	`string` A human-readable explanation specific to this occurrence of the problem.
`instance`	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment
`id`	`string: readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `read-only` `minLength: 6` `maxLength: 48` `pattern: ^[-_:.~$a-zA-Z0-9]+$`
`occurredAt`	`string(date-time): readOnlyTimestamp` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `read-only` `minLength: 20` `maxLength: 30`
`problems`	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing.
`attributes`	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

checkNumberRange

"[1000,1200)"

Check Number Range (v1.0.0)

A numeric range for a checking account check number.

Type: string
pattern: ^\d+|([([)]])$

creditOrDebitValue

"3456.78"

Credit Or Debit Value (v1.0.0)

The monetary value representing a credit (positive amounts with no prefix or a + prefix) or debit (negative amounts with a - prefix). The numeric value is represented as a string so that it can be exact with no loss of precision.
The schema creditOrDebitValue was added on version 0.4.0 of the API.

Type: string
pattern: ^(-|+)?(0|[1-9][0-9]*).[0-9][0-9]$

dateRange

"2022-05-19"

Date Range (v1.0.0)

A date range, supporting inclusive or exclusive endpoints. Dates ranges use dates expressed in YYYY-MM-DD RFC 3339 date format. The value may have the following forms:

YYYY-MM-DD match the date exactly; equivalent to matching dates in the range [YYYY-MM-DD,YYYY-MM-DD]
[YYYY-MM-DD,YYYY-MM-DD] between two dates, inclusive of the endpoints
(YYYY-MM-DD,YYYY-MM-DD) between two dates, exclusive of the endpoints
[YYYY-MM-DD,] on or after the date
(YYYY-MM-DD,) after the date
[,YYYY-MM-DD] before or on the date
(,YYYY-MM-DD) before the date

Type: string
pattern: ^\d{4}-\d{2}-\d{2}|([([)]])$

incompleteTransactions

{}

Incomplete Transactions (v1.0.0)

Response when requesting transactions that are not yet available.

Properties

Name	Description
`retryCount`	`integer` (required) Pass this value as the as the `?retryCount=` parameter with the next retry of the `listTransactions` operation. `minimum: 1` `maximum: 10`

positiveIntegerRange

"[1000,1200)"

Positive Integer Range (v1.1.0)

A positive integer range, supporting inclusive or exclusive endpoints. The value may have the following forms:

1200 match the integer 1,200 exactly
[1000,1200) matches items where 1000 <= number < 1200
[1000,1199] matches items where1000 <= number <= 1199
[999,1200] matches items where 999 < number < 1200
[1200,] number >= 1200
(1200,) greater than the value: number >= 1200
[,1200] less than or equal to the value: number <= 1200
(,1200) less than the value: number < 1200

Type: string
pattern: ^\d+|([([)]])$

problemResponse

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/noSuchAccount/v1.0.0",
  "title": "Account Not Found",
  "status": 422,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "No account exists for the given account reference",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

Problem Response (v0.3.0)

API problem or error response, as per RFC 7807 application/problem+json.

Properties

Name	Description
`type`	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`.
`title`	`string` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`.
`status`	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
`detail`	`string` A human-readable explanation specific to this occurrence of the problem.
`instance`	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment
`id`	`string: readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `read-only` `minLength: 6` `maxLength: 48` `pattern: ^[-_:.~$a-zA-Z0-9]+$`
`occurredAt`	`string(date-time): readOnlyTimestamp` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `read-only` `minLength: 20` `maxLength: 30`
`problems`	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing.
`attributes`	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

readOnlyResourceId

"string"

Read-only Resource Identifier (v1.0.0)

The unique, opaque system-assigned identifier for a resource. This case-sensitive ID is also used in URLs as path parameters or in other properties or parameters that reference a resource by ID rather than URL. Resource IDs are immutable.

Type: string
read-only
minLength: 6
maxLength: 48
pattern: ^[-_:.~$a-zA-Z0-9]+$

readOnlyTimestamp

"2021-10-30T19:06:04.250Z"

Read-Only Timestamp (v1.0.0)

A readonly or derived timestamp (an instant in time) formatted in RFC 3339 date-time UTC format: YYYY-MM-DDThh:mm:ss.sssZ.
The schema readOnlyTimestamp was added on version 0.4.0 of the API.

Type: string(date-time)
read-only
minLength: 20
maxLength: 30

resourceId

"string"

Resource Identifier (v1.0.0)

The unique, opaque system identifier for a resource. This case-sensitive ID is also used as path parameters in URLs or in other properties or parameters that reference a resource by ID rather than URL.

Type: string
minLength: 6
maxLength: 48
pattern: ^[-_:.~$a-zA-Z0-9]+$

transactionCategories

{
  "items": [
    {
      "id": "ef7958260dce34abddb7",
      "label": "Groceries",
      "type": "debit"
    },
    {
      "id": "f24096860ebf1383e202",
      "label": "Dining",
      "type": "debit"
    },
    {
      "id": "33c3d38ca0a744b8d903",
      "label": "Entertainment",
      "type": "debit"
    }
  ]
}

Transaction Category Collection (v1.1.0)

Collection of transaction categories. The list contains both financial institution defined immutable categories and customer defined categories.

Properties

Name	Description
`items`	`array: [transactionCategory]` (required) An array containing transaction category items. `maxItems: 1000`

transactionCategorization

{
  "label": "string",
  "id": "string"
}

Transaction Categorization (v1.2.1)

The transaction categorization.

Properties

Name	Description
`label`	`string: transactionCategoryLabel` (required) The label of a transaction category, such as `"Shopping"`, `"Deposit"`, `"Bill"`, `"Transfer"`, or `"Other"`. `minLength: 1` `maxLength: 64`
`id`	`string` (required) The unique ID of this transaction's category. `read-only` `minLength: 1` `maxLength: 32` `pattern: ^[-_:.~$a-zA-Z0-9]{1,32}$`

transactionCategory

{
  "id": "0399abed-fd3d",
  "type": "debit",
  "label": "Dining"
}

Transaction Category (v1.1.0)

Representation of transaction category resources.

Properties

Name Description

label string: transactionCategoryLabel (required)
The label of a transaction category, such as "Shopping", "Deposit", "Bill", "Transfer", or "Other".
minLength: 1
maxLength: 64

id string (required)
The unique ID of this transaction's category.
read-only
minLength: 1
maxLength: 32
pattern: ^[-_:.~$a-zA-Z0-9]{1,32}$

type

string: transactionCategoryType (required)

Classifies a transaction category as applying to either debit or credit transactions.

transactionCategoryType strings may have one of the following enumerated values:

Value	Description
`credit`	Credit: This transaction category applies to credit (expense) transactions.
`debit`	Debit: This transaction category applies to debit (income) transactions.

enum values: credit, debit

transactionCategoryLabel

"string"

Transaction Category Label (v1.1.0)

The label of a transaction category, such as "Shopping", "Deposit", "Bill", "Transfer", or "Other".

Type: string
minLength: 1
maxLength: 64

transactionCategoryType

"credit"

Transaction Category (v1.0.0)

Classifies a transaction category as applying to either debit or credit transactions.

transactionCategoryType strings may have one of the following enumerated values:

Value	Description
`credit`	Credit: This transaction category applies to credit (expense) transactions.
`debit`	Debit: This transaction category applies to debit (income) transactions.

Type: string
enum values: credit, debit

transactionCheck

{
  "number": 1,
  "imageFront_url": "../dictionary",
  "imageBack_url": "../dictionary"
}

Transaction Check (v2.0.0)

Describes a check associated with a transaction for a checking account. This object is only present if the transaction type is debit and the subtype is check.

Properties

Name	Description
`number`	`integer` (required) The check number. `minimum: 1`
`imageFront_url`	`string(uri-reference)` The URL for downloading the image of the front of the check. `maxLength: 400`
`imageBack_url`	`string(uri-reference)` The URL for downloading the image of the front of the check. `maxLength: 400`

transactionItem

{
  "id": "88f5bf17-ecc4",
  "type": "debit",
  "subtype": "check",
  "occurredOn": "2023-05-18",
  "memo": "Paid electric bill",
  "merchant": {
    "name": "B&T's Excellent Electric Co.",
    "website_url": "https://BillTedsExcellentElectricCompany.example.com/",
    "logo_url": "https://BillTedsExcellentElectricCompany.example.com/img/logos/medium.png"
  },
  "amount": "1276.21",
  "posted": true,
  "balance": "8509.38",
  "category": {
    "label": "Utilities",
    "id": "127"
  },
  "check": {
    "number": 8412,
    "imageFront_url": "/accounts/1d16e438-18e0/transactions/88f5bf17-ecc4/images/front/content",
    "imageBack_url": "/accounts/1d16e438-18e0/transactions/88f5bf17-ecc4/images/back/content"
  }
}

Transaction Item (v2.1.1)

Summary representation of a transaction resource in transactions collections.

Properties

Name	Description
`id`	`string` (required) This transaction's unique identifier. `read-only` `minLength: 6` `maxLength: 128` `pattern: ^[-_:,.~$a-zA-Z0-9]{6,128}$`
`type`	`string: transactionType` (required) The transaction type. If the `type` is `debit` or `credit`, the `subtype` conveys further transaction type details. enum values: `balance`, `debit`, `credit`
`subtype`	`string: transactionSubType` (required) The transaction's kind of debit or credit. enum values: `check`, `other`
`occurredOn`	`string(date)` (required) The date of the transaction in `YYYY-MM-DD` RFC 3339 `date` format. This is derived and immutable. `read-only`
`createdOn`	`string(date)` The date when the transaction occurred in `YYYY-MM-DD` RFC 3339 `date` format. This is derived and immutable. Warning: The property `createdOn` was deprecated on version `v2.1.0` of the schema. Use the `occurredOn` property instead. `createdOn` will be removed on version `v3.0.0` of the schema. `read-only` `deprecated`
`postedOn`	`string(date)` The date when this transaction was posted (cleared and applied to the account balance) in RFC 3339 date `YYYY-MM-DD` format, UTC. This is derived and immutable and only present if `posted` is `true`. Warning: The property `postedOn` was deprecated on version `v2.1.0` of the schema. Use the `occurredOn` property instead. `postedOn` will be removed on version `v3.0.0` of the schema. `read-only` `deprecated`
`amount`	`string: creditOrDebitValue` (required) The transaction amount in dollars. This value is negative if the transaction is a debit and positive if it is a credit. `pattern: ^(-\|\+)?(0\|[1-9][0-9]*)\.[0-9][0-9]$`
`posted`	`boolean` (required) If `true`, the transaction has been posted (cleared) and applied to the account. If `false`, the transaction is still pending and might be canceled.
`balance`	`string: creditOrDebitValue` The account's running current balance as of this transaction. The `balance` may be omitted if the request includes filters which preclude the inclusion of a running balance. `pattern: ^(-\|\+)?(0\|[1-9][0-9]*)\.[0-9][0-9]$`
`memo`	`string` The user-settable transaction memo. `maxLength: 128`
`description`	`string` The transaction description assigned by the transaction cleansing service. `maxLength: 128`
`category`	`object: transactionCategorization` The transaction category, if assigned.
`merchant`	`object: transactionMerchant` Describes the merchant associated with a transaction.
`check`	`object: transactionCheck` Describes a check associated with a transaction for a checking account. This object is only present if the transaction `type` is `debit` and the `subtype` is `check`.

transactionMerchant

{
  "name": "string",
  "website_url": "../dictionary",
  "logo_url": "../dictionary"
}

Transaction Merchant (v1.0.0)

Describes the merchant associated with a transaction.

Properties

Name	Description
`name`	`string` The merchant's name. `maxLength: 32`
`website_url`	`string(uri-reference)` The merchant's website URL. `maxLength: 400`
`logo_url`	`string(uri-reference)` The optional URL of the merchant's logo. This image must be an image resource (SVG, PNG, GIF, JPEG image) that does not require any authentication. The URL may contain query parameters. `maxLength: 400`

transactionSubType

"check"

Transaction Subtype (v1.0.0)

If the type is debit or credit, the subtype conveys further transaction type details.

transactionSubType strings may have one of the following enumerated values:

Value	Description
`check`	Check: A check drawn from a checking account.
`other`	Other: Some other transaction type.

Type: string
enum values: check, other

transactionType

"balance"

Transaction Type (v2.0.0)

Distinguishes between balance, debit, or credit transactions.

transactionType strings may have one of the following enumerated values:

Value	Description
`balance`	Balance: A pseudo-transaction that conveys the account balance.
`debit`	Debit: A debit against the account.
`credit`	Credit: A credit transaction.

Type: string
enum values: balance, debit, credit

transactions

{
  "start": "d1b48af913464aa49fcb07065dcc0616",
  "limit": 10,
  "nextPage_url": "https://production.api.apiture.com/banking/accounts/c9fc25b47d52916fc9ad/transactions?start=6117a4dcefb841cab7316cef1ac8b58c&limit=10",
  "count": 2381,
  "items": [
    {
      "id": "d62c0701-0d74",
      "type": "balance",
      "occurredOn": "2023-06-18",
      "amount": "0.00",
      "posted": true,
      "balance": "8509.38"
    },
    {
      "id": "88f5bf17-ecc4",
      "type": "debit",
      "subtype": "check",
      "occurredOn": "2023-06-18",
      "memo": "Paid electric bill",
      "merchant": {
        "name": "B&T's Excellent Electric Co.",
        "website_url": "https://BillTedsExcellentElectricCompany.example.com/",
        "logo_url": "https://BillTedsExcellentElectricCompany.example.com/img/logos/medium.png"
      },
      "amount": "1276.21",
      "posted": true,
      "balance": "8509.38",
      "category": {
        "label": "Utilities",
        "id": "127"
      },
      "check": {
        "number": 8412,
        "imageFront_url": "/accounts/1d16e438-18e0/transactions/88f5bf17-ecc4/images/front/content",
        "imageBack_url": "/accounts/1d16e438-18e0/transactions/88f5bf17-ecc4/images/back/content"
      }
    }
  ]
}

Transaction Collection (v2.1.1)

Collection of transactions. The items in the collection are ordered in the items array. The response object may contain the nextPage_url pagination link.

Properties

Name	Description
`limit`	`integer(int32)` (required) The number of items requested for this page response. The length of the `items` array may be less that `limit`. Default: `100` `minimum: 0`
`nextPage_url`	`string(uri-reference)` The URL of the next page of resources. If this URL is omitted, there are no more resources in the collection. `read-only` `maxLength: 8000`
`start`	`string` The opaque cursor that specifies the starting location of this page of items. `maxLength: 256`
`items`	`array: [transactionItem]` (required) An array containing a page of transaction items.
`count`	`integer(int32)` The total number of transactions which satisfy the request filters. This is optional and only included if the service can calculate it. `minimum: 0`