API Basics
The below sections contain important information about how to get started using our API.
API Basics
Signing Up
Note: Signing up for Quovo through our website creates your API user — so make sure the email and password you choose are the credentials you want to use for ongoing API access at your organization.
Making Requests
- GET: Use the GET method to retrieve information about your users, their accounts, and any associated financial data. This will always be a read-only request, so queried objects will never be modified by a GET request.
- POST: Use a POST method to create a new object, such as a new user or connection. Request parameters should be given in JSON format. The response body will typically return the newly created resource.
- PUT: Use a PUT method to update an object, such as updating account credentials. As with a POST request, parameters should be given in JSON format. If successful, the response body will typically return the modified object.
- DELETE: Use a DELETE method to delete an object, such as deleting one of your users. Successful DELETE requests will typically return an empty response body.
curl -X GET \ -H "Authorization: Bearer a724809d37d0a21b7e9257f45cee416f5aec61993ab4b09e" \ "https://api.quovo.com/v3/users/162703/transactions"
Getting Responses
/v3/users
will return an object with “users” as the key and the list of users as its value.
If you are fetching multiple entries, such as retrieving information on all of your end users, the data will be returned as a list. If you are fetching a single entry, such as a GET call for a specific end user, the data will be returned as a single object.
Here is an example response body:
{ "users": [ { "email": "testuser@quovo.com", "id": 162703, "name": "Quovo Testuser", "username": "quovo_test_user", "value": 173471.15110 }, { "email": "another.testuser@quovo.com", "id": 162713, "name": "Quovo Testuser II", "username": "quovo_test_user_2", "value": 2944.11 } ] }Additionally, Quovo’s APIs use standard HTTP status codes to indicate the status of a request. You can review standard HTTP codes here. If there’s an error with your request, a JSON containing an error ID and message will be returned.
Access Tokens
/tokens
endpoint to manage your access tokens. To authenticate to the /tokens
endpoint, you’ll need to use the API user credentials you used to sign up for API access. This is one of the few API endpoints where you will need to use your API user credentials—most other endpoints are authenticated through access tokens.
Pass your API credentials to the /tokens
endpoint using Client-side Basic Auth.
In order to manage API tokens, you should:
- POST https://api.quovo.com/v3/tokens to create a new token. You should pass a unique name for your token as a string in the name parameter. Response fields will include the name , created date, and expires date for the token you’ve created.
- GET https://api.quovo.com/v3/tokens to see all of your access tokens. The response body will include the name , created date, and expires date for your tokens. The response body will not include the access token itself.
- PUT https://api.quovo.com/v3/tokens to rename a token. Pass through the current name of the token and the new_name you’d like to give it.
- DELETE https://api.quovo.com/v3/tokens and pass through the name of the token you’d like to delete in order to eliminate a token.
curl -X POST --user "my_api_username:my_api_password" \ -H "Content-Type: application/json" \ -d '{"name": "main_token"}' \ "https://api.quovo.com/v3/tokens"Once you have an access token, you can authenticate to any other API endpoint to which you have access. Pass the access token in the request header in the format Authorization: Bearer {token} , where {token} is your newly created access token. This token authenticates your API user without having to send API user credentials in every request. The token will be referenced at the start of an API call (in the header); when sending the token in the header, only pass along the token itself (which should look like a string of numbers and letters), not the entire token JSON object.
API Dashboard
Note: Our API dashboard is a great way to generate tokens when you’re getting started, but in ongoing production you’ll need to programmatically generate them to remain authenticated as you and your end users hit our API.
Verifying API User Info
/me
endpoint is authenticated with your API username and password, not with an API access token.
The response will include the email of your API user, as well as an array of available API endpoints. This array will reflect the products for which you’ve been permissioned, based on the package you purchased from Quovo. If you’ve only signed up for the free trial products available through our self-service portal, the endpoints in this array will include account Aggregation, Instant Auth, and Connect.
To change your API user password make a PUT call to /me
. Changing your API password means that all future request to/tokens
must use this new password to properly authenticate, although changing your password won’t affect current live access tokens.
API passwords have several requirements:
- Must be at least 6 characters long
- Must contain a letter, a number, and a special character
- Must not contain or be similar to your registered email
Postman
Note: These docs are for our v3 API. If you’re an existing user of v2, you can access our Aggregation, Authentication, and Connect docs via the provided links.