An application is a program that utilizes Apiture APIs. Applications can be created within the Developer Portal to receive secure keys that confirm your application has permission to access the APIs and any relevant data. Your application cannot access any of Apiture’s APIs or data without the secure keys.
Each application exist within an environment. Very similar applications, such as a development version of a Financial Institution’s (FI’s) website and a production version of an FI’s website, may exist; however, each of those websites would still be unique a application in the Developer Portal because they have different environments. For more information on managing and creating environment, see the environments article.
Applications also access a single FI. Each application has one environment and one FI. Even if the code base for several applications is very similar, every time there is a different FI or a different environment, a new application needs to be created within the Developer Portal.
Additional Profile Information
If you have not completed the information in your profile, a module will appear asking for your US Citizenship status and requesting you read the Terms and Conditions when you attempt to create an application. This information updates on your Profile once completed.
For more information on these questions, including notes on the U.S. Citizenship status question, see the Profile section.
All accounts can create an application in the shared Tiburon Community Financial (TCF) sandbox environment. Note: Real-world data should never be entered into the testing environment.
Dedicated environments are available once a company has been confirmed by Apiture. If you are expecting to see private environments and applications from your company but they are not displaying, ensure your account is connected to your company correctly and that your company has been validated by Apiture staff. See My Company in your Profile for more details.
Creating an Application
From the Applications screen, click the Create Application button. A new form opens asking for the following information:
Application Name: A descriptive name of your application. This name is not visible by end users of your application. You may want to include a description of the environment(s) in the name if you have multiple, separated datasets used by a similar codebase, such as ‘Program (dev)’ and ‘Program (prod).’
Application Type: The type of client application, such as a web or mobile application. Different application types have different API and security requirements.
Authentication: The type of authentication the application will use. There are two types of authentication:
Authorization Code Flow: The user authenticates with the application’s authorization server using OAuth authentication. This code flow requires at least one Redirect URL (described below).
Client Credentials Flow: The program uses the client credentials provided by the developer portal after an application has been created.
Site URL / Download Location: A URL of a web page with additional information about the application, including information on downloading or licensing the application.
Redirect URL: Only required for Authorization Code Flow. The authorization server will redirect to this URL to complete the OAuth authentication process. This is required for the Authorization Code Flow authentication option. You can add up to 8 redirect URLs.
Description: Optional. A markdown description of the application. Apiture recommends including the FI and the environment in the description for easy visibility. The markdown formatting can be checked by clicking the preview button at the bottom of the textbox.
Products and APIs: Select the various Apiture products the application will use. Each product comes with at least one API that the product uses. If applicable, also select the specific APIs your application uses and deselect the APIs that are not needed for your application. For security purposes, please only select products that the application is using. For more information on our products and APIs, view our documentation.
If the product is an Embedded Banking Web Component, additional information needs to be provided. This is described in a section below.
Environments: Select the environment or multiple environments the application can access. Read this article for more information on environments.
Excluded Scopes: Scopes are what an application or API is allowed to do. The list of scopes is completed automatically based on the products selected. Usually, the automated scope selection are appropriate for an application. For more information on scopes, read this article.
The scopes for an application may rarely need to be modified. For example, if an is only displaying information, but not creating new information, it should be limited to read-only scopes. Check the Exclude Write Scopes option if your application does not need to create or edit any data to quickly exclude all scopes that allow writing data. Other scope customization can be done by clicking the checkmark next to specific scopes that your application does not require.
Note: Application Type and Authentication cannot be edited once an application has been created.
If the product type is an Embedded Banking Web Component, a list of additional fields will appear under the Exclude Scopes menu for customizing your Web Component. The following information must also be completed:
Authentication URL: The URL for the associated FI’s authentication page. This is typically a log in form.
Connect URL: The URL to connect or re-establish a connection to the FI. When returning to the site hosting an embedded component, the user may already be logged in, and skip the Authentication URL, but still need to re-connect to the FI.
Disconnect URL: The URL to redirect to during log out.
Maximum Connection Days: The amount of time in days until the site automatically logs the user out.
Once this information has been completed and the application requires manual approval from Apiture. Once Apiture approves or denies an application, the user who created the application will receive an email with information on next steps.