This page differs depending on which API version you are browsing at the moment.


  • Client-id and Service-secret headers are no longer supported. In V4, each Client is able to create an unlimited amount of API keys for API use. You can manage your keys on the Keys and Secrets page.

  • Each request will now have consistent auth headers: App-id + Secret for both Apps and Services (ex: logins#create).


  • clients#info route;
  • categorize flag/field from Attempt object and from logins#create. Instead, the new categorization flag was added to the same route. Possible values: none, personal, business, default: personal.


  • All IDs are returned as strings in API responses and HTTP callbacks;
  • Categories objects from /api/v4/categories now include business and personal categories list;
  • md5 digest from imported file hash was changed to sha256;
  • sha1 digest from request signature was changed to sha256;
  • sha1 digest from callback signature was changed to sha256;
  • fetch_type was replaced by fetch_scopes, required on login/token create and is optional on login/token reconnect or refresh;
  • Consent window is now automatically shown every time on Login create, so there is no need to send the show_consent_confirmation flag anymore. In other cases, it will be shown only when fetch_scopes has changed.


  • override_credentials and override_credentials_strategy flags that allow overriding previous credentials when reconnecting a Login via an API request or Token respectively.

  • New callbacks header - Signature-key-version which holds the version of the private key used to sign the callback. You can find the public_key that corresponds to this version here;

  • New currencies:

ERN - Eritrean nakfa (232)
ITL - Italian lira (380)
ECS - Ecuadorian sucre (218)
DEM - German mark (276)
KYD - Cayman Islands dollar (136)
CYP - Cypriot pound (196)
FRF - French franc (250)
SIT - Slovenian tolar (705)

New errors

  • AppIdNotProvided - missing App-id from headers;
  • ApiKeyNotFound - the API key with the provided App-id and Secret does not exist or is inactive;
  • FetchScopesInvalid - client sent invalid values. Ex: fetch_scopes: [accnts];
  • FetchScopesNotAllowed - client sent not supported values. Ex: he has access only to holder_info (Credit bureau for ex.) but sent fetch_scopes: [accounts].