Wiki

Clone wiki

dataapi / Home

Welcome To Wealth Access Data API Integration

Authenticating With Our API

Get required Authentication Information From Wealth Access

  1. Vendor APIKey: This is given to you directly by Wealth Access
  2. Shared Secret: This is given to you directly by Wealth Access
  3. Advisor External User Id: Advisors can navigate to the Setup Integrations page and click Generate Token under Wealth Access to create this.

Generate Signature

The signature is composed of the following values from the request headers separated by a new line command (\n):

  • Vendor APIKey
  • Method Type Name (ie. GET, POST, PUT, DELETE, PATCH)
  • Date and Time in GMT
  • Requested URI
  • List of parameters ordered by key alphabetically as key/value pairs separated by an ampersand (&). Note: Url-encoded characters in the parameter list are decoded using UTF8 prior to being included in the signature. The resulting string is encoded using HMACSHA256 and the vendor’s shared secret as the private key. This is then converted to Base64 encoding before it’s addition to the Authorization header as detailed above.

An example signature prior to encryption:

3F0BF83F-620A-496C-92A2-3838EE41786C\nGET\nTue, 01 Apr 2014 19:56:58 GMT\n/api/advisor/financialinstitution/\nparameter1=x

Passing These Options as Headers

Each message should include the following headers:

  • Authorization: WAS <AdvisorExternalUserId>:<Signature>
  • x-WAApiKey: Vendor APIKey
  • x-WATimestamp: Current date and Time in GMT

Calling Our Data Endpoints

Updated