API Requirements

Partners can gain access to the SSO API by receiving an API Key and having their IP Addresses white-listed on the system.

Production requests should be directed to https://api2.moneydesktop.com/.

Integration requests (during integration testing) should be directed to https://int-api2.moneydesktop.com/.

API Key

Every Partner has exactly one unique API Key given to it. This Key should be kept secure on the Partner’s system. All access attempts to the API must include the Key in the request query string. The Key’s value should be keyed as a single “k” character. The example to the right illustrates this:

IP Addresses

Each Partner may have any number of IP Addresses where access requests must originate from. Please contact Customer Service to have an IP Address added or removed from your account.

Issues accessing the system

Attempts to access the SSO API will fail with no return if coming from a non-whitelisted IP address or if the API key is invalid. The API key and IP address together authenticate the Accessor (Partner) into the MX platform. Contact Customer Service if you are having trouble accessing the API.

Client GUID

All API calls must contain the Client GUID of the Client to which the User belongs. The Client GUID’s value should be keyed as a single “c” character. Either the client_guid or the external_client_guid may be used.

Requests and Responses

When sending POST and PUT requests to the API, send the JSON object in the body and set the Content-Type in the header to “application/json” as shown to the right. The same Content-Type will also be returned for all responses. GET and DELETE requests do not have a body and as a result do not need a Content-Type to be set.

Security

Requests must use TLS 1.2 (or higher) with known secure ciphers.

API Requirements

API Key​

IP Addresses​

Issues accessing the system​

Client GUID​

Requests and Responses​

Security​