Log In / Register

Onboarding Clients for Data Direct: Real-Time

Data Direct: Real-Time can be configured to deliver banking event messages to your custom webhook in near real-time. Apiture’s Developer Portal allows you to provide connection and authentication data about your webhook.

This will walk you through the steps needed to get your Data Direct: Real-Time webhook registered and sent data.

The financial institution must have an active contract for Data Direct: Real-Time in order for the Apiture Digital Banking platform to send event messages to registered webhooks. Third party partners should contract with the financial institution if they wish to register a webhook to receive banking activity events via Data Direct: Real-Time. The financial institution must inform Apiture (via their customer support representative or Apiture professional services) when they wish to allow a third party partner to have development access to their financial institution. Until this step is complete, the partner will not have visibility to the financial institution from within the Apiture Developer Portal.

Create Developer Portal Accounts 

Financial institution developers or fintech developers may create a Developer Portal account at any time, even if you have never done business with Apiture. This is necessary before you can register a webhook. The financial institution must also request Apiture to allow the partner to view or connect to their institution via the Developer Portal.

At least one representative contact from your partner organization who develops the webhook will need to create a developer portal account.

Visit developer.apiture.com/auth/login to register for Developer Portal access.

Create an API Digital Banking Application that uses Data Direct: Real-Time

The Banking Events Administration API is available for use with a financial institution that licenses Data Direct: Real-Time. The Banking Events Administration API is part of the Data Direct: Real-Time API product. Client applications may use the Banking Events Administration API to poll for historic data of event messages, such as filling in data gaps due to the Webhook delivery failures, and use other APIs in the Data Direct: Real-Time API product to access additional data related to the events.

It is best to register a client application to use Data Direct: Real-Time API product for the API as you register a webhook for Data Direct: Real-Time. It is not required to receive event messages via webhooks. However, by using the other APIs in the Data Direct: Real-Time product, your client application can use the APIs to fetch additional data related to the event messages and (if the client application is granted such access) perform additional actions within the banking system. You may also choose to use the Banking Events Administration API to periodically poll for banking events instead of registering a webook. 

Regardless of the method by which your system collects banking event data, if your system suspects malicious activity with a high degree of confidence, it could disable money movement for a suspicious banking customer, or lock such user out of the system until the financial institution can research the incident.

When creating the API Digital Banking application, the user must select the product Data Direct: Real-Time.

Click here for instructions on how to create an API application in the Developer Portal.

Create a Webhook Application

Webhook registration includes the webhook’s URL location and authentication information. You manage your webhook on the Developer Portal. 

To register a webhook:

  1. Log onto the Apiture Developer Portal using your corporate email address at developer.apiture.com/auth/login . You can also register for an Developer Portal account on that page using the Register tab.
  2. From the dashboard landing page, select the Clients menu and select Webhooks
  3. Click the Register a New Webhook Client button to open the form for registering a new webhook.
  4. Fill in the form by entering the public URL where your webhook is deployed, and select the type of authentication that the Apiture Digital Banking platform can use to authenticate in order to securely send data to your webhook. Apiture recommends using OAuth2 Client Credentials for webhook authentication; it is more secure than using Basic Credentials. The Developer Portal stores the credentials as encrypted data. You must also keep the credentials secure so that no one else can authenticate and send your webhook malicious data.
  5. Select the set of event categories from the list.
  6. Select one financial institution that you wish to connect with. See instructions earlier to obtain access to a financial institution if your desired institution is not visible. (The financial institution must request access to partners, based on the login email address domain.)
  7. Select Send Request
  8. The Apiture Digital Banking platform will send a test “healthcheck” event message (category system and event message type of webhookHealthCheck) to the webhook to confirm the authentication credentials and to confirm the webhook handles the POST operation successfully. The web service at that URL must return a 2xx HTTP response code. If the web service fails (for example, the service is not running, or it fails in some other way), Apiture Digital Banking cannot activate the webhook, and the save operation will fail.

The developer who registered the webhook is designated as the webhook owner. Only owners may edit the webhook or view the credentials. Other Developer Portal users at the same partner domain (same email address domain) may see/view the webhook but may not not edit it or view the webhook credentials. An owner can grant additional webhook ownership by selecting Invite Owner from the webhook action menu in the list of webhooks, granting them access to edit the webhook information when needed.  For more information about ownership, see the Application Owners article.

After you submit a webhook, Apiture will confirm the selections and request approval from the selected financial institution. Once the financial institution approves the webhook access, Apiture will provision and activate the webhook. Your webhook will not receive traffic until these approval and provision steps are complete.

Once a webhook has been approved and provisioned, attempting to modify the webhook (change the URL, change the authentication, or change the categories) results in automatically cloning the webhook and creating a new webhook registration. The financial institution must approve the new webhook before Apiture can provision and activate the (edited) new webhook. 

Test the Webhook

Apiture is able to send event data to the webhook at this time. The FI or third-party should ensure their webhook is receiving data properly.

When the webhook was created, it was registered to receive events from specific event categories. A person from the FI or third-party should trigger an event belonging to that event category, and check that the webhook processes the event correctly.

For example, if the webhook will receive Authentication events, the person testing should log into Apiture Digital Banking and then see if events were received.

Questions

Apiture is glad to provide assistance with any questions you may have about the developer portal or the data sent by Data Direct: Real-Time. Reach out to your Apiture contact, and they will be happy to point you in the right direction.