This page differs depending on which API version you are browsing at the moment.


  • Client-id and Service-secret headers are no longer supported. In V4, each Client is able to create an unlimited amount of API keys for API use. You can manage your keys on the Keys and Secrets page.

  • Each request will now have consistent auth headers: App-id + Secret for both Apps and Services (ex: logins#create).


  • clients#info route;
  • categorize flag/field from Attempt object and from logins#create. Instead, the new categorization flag was added to the same route. Possible values: none, personal, business, default: personal.


  • All IDs are returned as strings in API responses and HTTP callbacks;
  • Categories objects from /api/v4/categories now include business and personal categories list;
  • md5 digest from imported file hash was changed to sha256;
  • sha1 digest from request signature was changed to sha256;
  • sha1 digest from callback signature was changed to sha256;
  • fetch_type was replaced by fetch_scopes, required on login/token create and is optional on login/token reconnect or refresh;
  • Consent window is now shown by default, unless show_consent_confirmation is false. In other cases, it will be shown only when fetch_scopes has changed;
  • Consents can now have an expiration date. It can be set by passing the consent duration in the consent_period_days flag.


  • Support for payments (BETA);
  • identification_mode - provider attribute that shows whether the requests to the provider are made with your authorization headers or with SaltEdge’s;
  • Support for merchant identification;
  • identify_merchant - flag that shows if merchant identification is enabled for a login;
  • Support for encrypted_credentials that can be sent on logins#create, logins#reconnect and logins#interactive;
  • consent_period_days - flag that allows limiting the time the consent is valid;
  • override_credentials and override_credentials_strategy flags that allow overriding previous credentials when reconnecting a Login via an API request or Token respectively;
  • New callbacks header - Signature-key-version which holds the version of the private key used to sign the callback. You can find the public_key that corresponds to this version here;
  • transactions#remove that allows transaction removal older than a specified period.
  • New currencies:

    • ERN - Eritrean nakfa (232)
    • ITL - Italian lira (380)
    • ECS - Ecuadorian sucre (218)
    • DEM - German mark (276)
    • KYD - Cayman Islands dollar (136)
    • CYP - Cypriot pound (196)
    • FRF - French franc (250)
    • SIT - Slovenian tolar (705)
  • number and dynamic_select natures to provider fields;

  • immediate flag added to categories#learn route.

  • Provider logos (see logo_url in provider attributes)

New errors

  • AppIdNotProvided - missing App-id from headers;
  • ApiKeyNotFound - the API key with the provided App-id and Secret does not exist or is inactive;
  • FetchScopesInvalid - client sent invalid values. Ex: fetch_scopes: [accnts];
  • FetchScopesNotAllowed - client sent not supported values. Ex: he has access only to holder_info (Credit bureau for ex.) but sent fetch_scopes: [accounts].