Quickstart Guide

    This quickstart guide is here to help you get up and running with Credfin's system. In this guide, we will be connecting a user with their nominated bank account, extracting and analysing all of the transactions from the last year in that account and displaying it.


    To gain access, you must first create an account. The easiest way to do this is to submit the relevant information here. Once that is done, you can set up all your token and secret on our dashboard.

    Further, you will be provided with a vendor reference code. This code will be used in all your future API requests as a way of quickly and positively identifying your organisation.

    Basic User Flow

    There are three simple steps required to connect an end-user to the Credfin system and extract and analyse their bank account information.

    • Submit the initial user information
    • Handle any inputs that the bank requests, as necessary, including Multi-Factor Authentication (MFA)
    • Retrieve data

    We'll cover each of these steps in greater detail below.

    Submit the Initial User Information

    Submitting the user information creates what is referred to as a profile of that end user. A profile contains all the relevant information for that user. To create a profile POST the appropriate information to the following endpoint:


    This endpoint accepts the following information:

    { "full_name": "string", "email": "string", "phone": "string", "bank_id": 0, "days_to_retrieve": 0, "balances": false, "transactions": false, "interims": false, "estatements": false, "analysis": true }

    You will notice one of the requirements as a vendor_specific_id. This is a unique code created by yourself, that you should store somewhere safe. It is your reference number that you can be used to find your users' analysed transaction information in the future.

    There are a whole bunch of inputs that you can send to this API endpoint. However, to keep it simple let’s just send a simpler one:

    { "full_name": Donald Duck "email": test@test.com "phone": 040000000, "bank_id": 130 }

    For the bank_id, you can get a list of the most up to date supported banks from this endpoint:


    In this case the test bank id, ‘Bank of Credfin’, has been provided to run this initial test. Upon sending the POST request a UUID will be returned, looking something like this:

    { "profile": 10000, "uuid": "ba8f4a5e-be0b-4bcd-954a-483d86628e90", "application": 100000, "bank_id": 130, "timestamp": "2020-09-10T11:26:25.576759+10:00", "status": "QUEUED" }

    Using this UUID you can now poll to collect updates and inputs required by the bank crawler:


    Handle Inputs

    This endpoint will tell you what you need to provide for the specific bank. For example, username, password, mfa. Using this information you can then POST back the response to the same input to provide this for the bank crawler extracting the information from the bank account.

    { "status": "AUTH", "code": 1008, "message": { "status": "AUTH", "standardError": { "code": 1008, "message": "Requesting users initial credential inputs" }, "inputs": { "pan": { "name": "pan", "label": "Personal Access Number", "rel": "user", "required": true, "attrs": { "autocomplete": "invalid-browser-string", "type": "text" }, "decorations": [] }, "securecode": { "name": "securecode", "label": "Secure Code", "rel": "password", "required": true, "attrs": { "autocomplete": "invalid-browser-string", "type": "password" }, "decorations": [] } } }, "pending_messages": [ { "sequence": 6, "message": { "types": ["client", "input"], "payload": { "inputs": { "pan": { "name": "pan", "label": "Personal Access Number", "rel": "user", "required": true, "attrs": { "autocomplete": "invalid-browser-string", "type": "text" }, "decorations": [] }, "securecode": { "name": "securecode", "label": "Secure Code", "rel": "password", "required": true, "attrs": { "autocomplete": "invalid-browser-string", "type": "password" }, "decorations": [] } } }, "sequence": 6 } } ], "overflow": null, "webhook_events": [] }

    As you can see in this response, two inputs are required pan and securecode. POSTing these inputs with the provided key names e.g.

    {"pan": "username", "securecode": "password"}

    The crawler is able to log into the account and begin collecting the user information. This is the same for any MFA requests that are made by the bank account. Once the crawler has progressed to a point that it will no longer be needing to request any more input from you, the status will change to ‘RELEASED’ (see lifecycle documentation for more details).

    Retrieve the data

    Upon creation of your account you will automatically be set up with test webhooks from webhook.site for you to test with. You can, however, change or remove these at any time and replace with your own webhooks, either through the API or in the dashboard.

    These webhooks will notify you when each part of the data for the account has been analysed and ready for viewing. To make it faster and more responsive, analysis is done in such a way that we send the data in segments as it’s ready for you to view. However, for simplicity sake, we shall wait until all analysis is completed. When it’s done you will receive a webhook event called application.bundle_ready:

    { "event": "application.bundle_ready", "payload": { "id": 100000, "vendor_specific_id": "123456789", "vendor_label": "test", "timestamp": "2020-09-10T08:53:02.229592+10:00", "crawler": [ { "profile": 10000, "uuid": "ba8f4a5e-be0b-4bcd-954a-483d86628e90", "application": 100000, "bank_id": 130, "timestamp": "2020-09-10T08:53:04.039916+10:00", "status": "COMPLETED" } ], "full_name": "Donald Duck", "email": "test@test.com", "mobile": "04000000", "finalised": true, "analysed": true } }

    Using this information, we can view the fruits of our labour, in HTML:


    in JSON:


    or PDF:

    Subscribe to our newsletters

    Subscribe to our newsletter and stay up to date with the latest news about Credfin.