Fetch Statements
This guide is for Platform API v2011101. For guidance on the newest version, see Connectivity Integration Guides.
This guide takes you through the statement aggregation process using API endpoints.
API Workflow
The workflow for performing a statement aggregation is as follows:
- Create a user.
- Search for an institution.
- Get the credentials required by the institution.
- Create a member.
- Start the statement job.
- Poll the member's connection status.
- Answer multifactor authentication, if necessary.
- Poll the member's connection status again until it reaches an end state.
- A successful end state is when the
connection_statusisCONNECTEDand theis_aggregatingfield changes from true to false.
- List the member's statement data.
- Download a statement PDF.
Create a user
A user represents your end user in the MX Platform. Make a request to the Create User endpoint (POST /users).
We recommend that you include a unique id of your choice with the request. You may also include metadata, such as the date the user was created or the end user's name. Don't include any sensitive information here, such as credentials.
None of these parameters are required, but the user object can't be empty. We recommend that you always set the id parameter when creating a user.
In the response, the API gives each new user an MX-defined guid (or user_guid when appearing outside the user object). Between your id and the guid, you can map between your system and ours. You'll need the user guid for nearly every request on the MX API, at least when using basic authorization.
Search for an Institution
To create a member, you need to know what financial institution the member should be connected to and what type of credentials the institution expects to get.
First, search for an institution using query parameters on the list institutions endpoint, GET /institutions?name={string}&supports_account_statement=true.
The example searches for MX Bank, which is MX's institution for testing and development. It also limits results to institutions that support statements.
The response returns a paginated list of institutions that match the string you send in the name query parameter. Make a note of the code you find in the example response; you'll need this for the next step.
Get the Institution's Required Credentials
Each institution requires different types of credentials. Some require an email and a password, some require a username and a password, and some may require other types of credentials.
Make a request to the List Institution Credentials endpoint (GET /institutions/{institution_code}/credentials). Include the institution code retrieved from the previous step in the request path.
This endpoint returns the GUID for each required credential, which is used to match the credentials the end user provides to the required credential type when creating a member.
Create a Member
For this step, you need to have already gathered from the end user the values needed for each credential such as their username and password. The following example uses the MX Bank institution and therefore requires a username and a password; it sets the username to mxuser and the password to password which are the credentials for the test user for MX Bank.
Make a POST request to the /users/{user_guid}/members endpoint. The response includes the newly created member.
- Put the
user_guidin the path. - In the body, include the credential GUIDs and their values in the
credentialsarray. - In the body, set the
skip_aggregationparameter totrue.- A standard aggregation is kicked off automatically whenever a member is created unless you explicitly prevent it using
skip_aggregation. Depending on your use case, you may or may not want that automatic agg to happen. Our example showsskip_aggregation: true.
- A standard aggregation is kicked off automatically whenever a member is created unless you explicitly prevent it using
- In the body, set the
idandmetadatafields as you see fit. This is not required, but is strongly encouraged. - Optionally, you can disable background aggregation with the
background_aggregation_is_disabledparameter. It defaults tofalse. In other words, background aggregation is enabled by default.
Do not add multiple members that connect to the same institution using the same credentials on the same user. This will result in a 409 Conflict error.
Fetch Statements
Now we can actually begin the process of gathering the end user's statements.
Make a POST request to the fetch statements endpoint. This request only starts the statements process; actually reading the aggregated data comes later. The response will be a member object with information about the state of the statements process that just started.
Check the Connection Status
Check the connection status of the member to get information on the state of the statement aggregation. Important fields include connection_status, is_being_aggregated, and successfully_aggregated_at. The is_being_aggregated field will tell you whether the statement aggregation is ongoing or complete.
When you see "connection_status": "CONNECTED" and "is_being_aggregated": false at the same time, the statement aggregation is done and you can move on to the next step. The successfully_aggregated_at field will give the exact time the aggregate successfully completed, but won't update if the statement aggregation fails.
You may need to check the connection status several times until an end state is reached.
Make a request to the Read Member Status endpoint (GET /users/{user_guid}/members/{member_guid}/status). The response in the example shows a successful end state.
Deal with Multifactor Authentication
Aggregation-type jobs such as statements may trigger multifactor authentication (MFA) from the institution associated with the member. This is indicated by connection_status: CHALLENGED.
Please see the detailed section on answering MFA challenges for more information. For this part of the guide, we'll assume there was no MFA and move on to the next step.
List the Available Statements
You can now see all the statements that are available to download. Make a note of the uri field on each statement object: this will be used in the next step to download a particular statement PDF.
Make a GET request to the /users/{user_guid}/members/{member_guid}/statements endpoint.
Download a Statement PDF
Now that you know which statements are available, pick one and use its uri to request a PDF of that statement.
Make a GET request /users/{user_guid}/members/{member_guid}/statements/{statement_guid}.pdf endpoint. Note the .pdf extension in the route, and the +pdf extension in the example's accept header.
MX will respond with the bytes of the PDF file.