Overview

Simple, Flexible Sophtron Data API


Sophtron is a next generation data aggregation service that makes accessing data a breeze. Currently we support financial, utility, phone, internet and other vendor billing accounts.

Armed with machine learning technologies, Sophtron's data aggregation system adjusts to data changes automatically. No matter whether the data source or format changes, our robust system will return the same format of data without any disruption.

As the flow-chart indicates below, client application interacts with Sophtron API in a sequential order: first, client application makes request with login credentials, and receive response of accounts under the login. Following that client application can request transactions detail with each account, and receive responses correspondingly.


To get started, first sign up for a Sophtron account.

Next step, follow the Authorization instructions to authorize client application's requests.



Free Banking API


Sophtron Banking and Billing API provides easy access to customers' financial and billing data. Account data include account detail, balance, due date and transactions. Account data include account's detailed information and transactions.

Sophtron Banking and Billing API currently supports over 12,000 financial institutions in the United States, covering most of the US banks, credit unions, and credit card companies.

Sophtron Banking and Billing API currently supports over 26,000 online billing accounts, including most of the utility, internet, phone service providers and other vendor accounts.

Sophtron Banking and Billing API is free to developers up to 10,000 requests per month. No credit card required. No setup fee.

To get started, first sign up for a Sophtron account.

Next step, follow the Authorization instructions to authorize client application's requests.



Authorization


Direct API

Sophtron accepts direct API requests with authorization header.

An authorization header with bearer is required in the request. The authorization header must be generated with a specific digital signature method.

To generate the digital signature, you will need to use your developer account's UserId and Accesskey, which can be found at Developer Profile.

C# Code snippet for how to generate the authorization header:

Complete sample code on how to implement direct API integration are provided here.


Javascript Code snippet for how to generate the authorization header:



Ruby Code snippet for how to generate the authorization header:


OAuth2.0

Sophtron supports OAuth2.0 authorization.

To get authorized, you will need to provide ClientId, Shared Secret and RedirectUrl at Developer Profile.

Code snippet for fetching oauth2.0 token:

Code Samples on how to implement OAuth2.0 integration are provided here.


Next step, follow the Quick Start instructions to write your integration code.



Quick Start


Direct API Guide

As the direct API flow-chart indicates below, client application interacts with Sophtron Data API in a sequential order.

Step 1: Create a UserInstitution (login) by making a request with login information: UserName, Password, PIN (optional) for a specific institution.
Response to the CreateUserInstitution request includes a JobId for tracking purpose.

Step 2: Poll the Job with JobId to examine whether the Job's SuccessFlag is true. If not, check the Job information to see if there are MFA questions (security question, token delivery methods, capture images).

Step 3: If there are MFA questions, update the Job information with corresponding answers by making requests. Repeat the process until Job's SuccessFlag turns true.

Step 4: Once the Job succeeds, make further requests to retrieve accounts found under the UserInstitution.


To retrieve detailed transaction information under each account, make requests to Refresh a UserInstitutionAccount.

Step 1: Refresh a UserInstitutionAccount by making a request with accountID. Response to the RefreshUserInstitutionAccount request includes a JobId for tracking purpose.

Step 2: Poll the Job with JobId to examine whether the Job's SuccessFlag is true. If not, check the Job information to see if there are MFA questions (security question, token delivery methods, capture images).

Step 3: If there are MFA questions, update the Job information with corresponding answers by making requests. Repeat the process until Job's SuccessFlag turns true.

Step 4: Once the Job succeeds, make further requests to retrieve transactions found under the UserInstitutionAccount within a given date period.


Details about how to handle MFA questions are provided in the following code snippet.

Complete sample code on how to implement direct API integration are provided here.


OAuth Guide

To get started, you will need to provide ClientId, Shared Secret and RedirectUrl at Developer Profile.

Then follow the code snippet below on how to obtain AccessToken and RefreshToken from Sophtron Authorization Server through 'Authorization Code Grant' method.

Use the AccessToken to make authorized requests to Sophtron API.

Complete sample code on how to implement OAuth2.0 integration are provided here.



Sample Code


Github Source Code

Step 1: git clone the sample code to a local folder.

Step 2: Sign up at here for a Sophtron account.

Step 3: Replace UserId and AccessKey with your developer account's UserId and Accesskey, which can be found at Developer Profile



Universal Connect Widget


Try and see Universal Connect Widget first!

Universal Connect Widget can be easily embedded in your application. With Universal Connect Widget you don't need to write any complicated code to let user link their financial accounts.

Universal Connect Widget will handle the end-to-end user login process and MFA interactions for you.


Please visit the opensource github repo for details.



White paper


Check out our latest API guide white paper to implement integration with Sophtron API.



Test Accounts


We provide test accounts for each MFA type to facilitate implementation of integration with Sophtron API.

1. Security Question. Choose "Sophtron Bank SecurityQuestion" as InstitutionName. Use dummy credentials and dummy security answer to pass MFA prompt.

2. Multiple Security Questions. Choose "Sophtron Bank SecurityQuestion Multiple" as InstitutionName. Use dummy credentials and dummy security answers to pass MFA prompt.

3. Token. Choose "Sophtron Bank Token" as InstitutionName. Use dummy credentials and dummy token input to pass MFA prompt.

4. Token to read out. Choose "Sophtron Bank TokenRead" as InstitutionName. Use dummy credentials and dummy token input to pass MFA prompt.

5. Captcha Image. Choose "Sophtron Bank Captcha" as InstitutionName. Use dummy credentials and dummy captcha input to pass MFA prompt.

6. No MFA. Choose "Sophtron Bank NoMFA" as InstitutionName. Use dummy credentials.

7. Combined MFA prompts. Choose "Sophtron Bank" as InstitutionName. Use dummy credentials and dummy MFA answers to pass MFA pormpt.