Onteric Open Finance API
The Onteric Open Finance API provides secure document data extraction and open banking connectivity services. It is part of Onteric's Open Finance solution, enabling clients to extract structured data from documents and connect to banking data through regulated Account Information Service Providers (AISPs).
Using these APIs it is possible to extract data from a wide range of document types including bank statements, utility bills, identity documents, council tax bills, mortgage statements, mortgage illustrations, insurance proposals and schedules, and more.
This API supports multiple authentication models:
-
API Key Authentication: For server-to-server communication, clients can use API keys to authenticate requests. API keys are associated with specific clients and scopes, controlling access to API features. Onteric no longer issues API keys to new clients; instead, OAuth2 client credentials are the preferred method.
-
OAuth2 Client Credentials Grant: For machine-to-machine authentication, clients can obtain access tokens using the OAuth2 client credentials grant flow. This method is recommended for new integrations and provides enhanced security and flexibility. Tokens shoud be obtained from the token endpoint.
-
Bearer Tokens from Identity Providers: For user-based authentication, bearer tokens issued by Onteric's user identity providers can be used to access the API on behalf of users. Users may be individuals managing their own data as part of a wallet through the Onteric Open Finance platform, the end-users of tenants integrating Onteric services into their applications, or users of Onteric's turnkey applications.
- Internal users and clients should authenticate against
authentication.onteric.com. - External users managing their own data should authenticate against
identity.wallet.onteric.com.
- Internal users and clients should authenticate against
-
Validated Public Client: For session-only operations on third-party websites, such as when using Onteric's Web Library. The client is identified and validated based on the origin of the request. A valid client ID is still required and must be passed when initiating a session. Public clients are restricted to session-based operations and cannot access wallet storage, open banking, or identity verification features. Persistence of the data is expected to take place on the client side, with limited data retained by Onteric only to enable the session functionality.
Authentication
- API Key: API key
- OAuth 2.0: Bearer token
Send the ApiKey scheme name and the key supplied by Onteric, separated by a space, within the Authorization header
Security Scheme Type: | apiKey |
|---|---|
Header parameter name: | Authorization |
Send the Bearer scheme name and the OAuth2 access token, separated by a space, within the Authorization header
Security Scheme Type: | oauth2 |
|---|---|
OAuth Flow (clientCredentials): | Token URL: https://api.onteric.com/oauth/token Scopes:
|
OAuth Flow (authorizationCode): | Authorization URL: https://authentication.datawollet.com/oauth2/authorize Scopes:
|