API Reference

Security

Scopes

We take security very seriously, and we understand the importance of keeping our customers' data safe. That's why we've implemented a comprehensive security system for our developer API.

One key aspect of our security system is the use of authentication credential key pairs (client id and secret). These key pairs are unique to each API user and provide a secure way to authenticate and authorize API requests. For each REST API, certain scopes are defined on the authentication credential key pair, and these scopes must be activated for the API to work.

This means that users must have the appropriate level of authorization to access specific API endpoints. For example, if a user only needs to retrieve customer information, they will only have access to the API endpoints that allow them to do so. If they need to perform more advanced functions, such as customer information about personal tax income, they will need to have the appropriate authorization level.

By using scopes in this way, we can ensure that our API is secure and that users can only access the data and functionality that they are authorized to use. We also monitor API usage closely to detect any suspicious activity and take action to protect our customers' data if necessary.

We take security very seriously at our company, and we are committed to providing our customers with a safe and secure API experience.

Available scopes

Scopes define which data a credential pair has access to on the Accounton Developer API. In the current version, the following scopes are available:

  • customers.read: This scope is necessary to read the customers.
  • customers.write: This scope is necessary to create, update or delete customers.
  • privacy.read: This scope is necessary to read privacy sensitive information about customers.
  • pti.read: This scope is necessary to read any information related to personal income tax (checklist, documents, transcripts)
  • pti.write: This scope is necessary to assign PTI checklists to customers
  • users.read: This scope is necessary to read the list of user accounts.
  • users.write: This scope is necessary to write users.
  • settings.read: This scope is necessary to read the backoffice settings.
  • settings.write: This scope is necessary to write the backoffice settings.
  • minfin.read: This scope enables listing and downloading of customer's Minfin documents.

IP Whitelisting

Our system has been designed with a robust IP blocking functionality in place to ensure the security of our REST API. To access your specific Accounton environment, kindly request to have your IP addresses added to a whitelist. In the absence of any specified IP addresses, our system will grant access to any IP using your active API credentials by default, for the respective Accounton environment. We urge you to prioritize the security of your API credentials by ensuring that only authorized IPs are granted access.