Regions

How to send requests to the right region

Multi-Regional Platform

We are a multi-regional integration platform that provides access to financial institutions across the globe. Each Account Servicer belongs to a specific region. In order to access data for a particular Account Servicer, requests must be directed to the corresponding region.

Applications are cross-regional - the same Application can access the API across all available regions. This is controlled by a region header in both the initial OAuth token request, as well as subsequent requests to the API. The region header ensures that requests are directed to the correct region for the Account Servicer you are accessing.

1514

The region in your Application's access token must match the region of the account servicer you are requesting data from.

 

📘

Data Aggregation

Data aggregation and retrieving bulk data sets that span multiple Account Servicers is limited to Account Servicers within the same region.

For instance an application may retrieve bulk Customer records via the /customers API for all Account Servicers in the UK with a token requested for region: EU

Selecting the region to access begins with requesting a token for the region of interest.

Example request to obtain an access token for region EU:

curl -X POST https://api.sandbox.tapico.io/v1/oauth/token \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'region: EU' \
  -d 'grant_type=client_credentials&scope=https://tapico.io/open-wealth&client_id={client_id}&client_secret={client_secret}'

📘

API Authentication

For more information on API Authentication click here.

The resulting access token is a JWT that includes the region as a claim and can be used to access Account Servicers for that region.

Any subsequent API requests with that access token must include a region header matching the claim:

curl -X POST https://api.sandbox.tapico.io/v1/account-access-consents \
-H 'Content-Type: application/json' \
-H 'region: EU' \
-H 'Authorization: Bearer eyJhbGc.CJkPD9.lqjnVzo1zx7B-tg' \
-d '{
    "externalUserId": "{{unique_user_id_in_your_system}}"   
}'

🚧

Header and Token region mismatches

If the header value (set to "EU" when sending the request) doesn't match the claim value ("Pacific" from above example), then the request will fail

Example error response for region header mismatch:

{
    "code": "401",
    "errors": [
        "Region not allowed"
    ]
}