Deposit Account Opening with the API
This guide is for Platform API v2011101. For guidance on the newest version, see Connectivity Integration Guides.
In this guide, we cover the steps for connecting your end user’s account to retrieve account and routing number, account owner information, and additional account details such as balance. This guide only uses API endpoints to connect members and fetch the data you need.
You'll want to use an API-only integration if:
- You don't want to use our Connect Widget.
- You need a highly-customized solution that you want to build yourself.
To make this guide easier to follow, we don't cover multifactor authentication or OAuth. We have in-depth guides on how to manage MFA or OAuth depending on the product you’re using.
Before you Begin
Before you can you can use this guide, complete the following:
- Sign up for the Client Dashboard.
- Retrieve your
client_idandapi_keyfrom the dashboard; you’ll need them to pass requests. - Whitelist your IP addresses.
- Ensure all requests are using HTTPS with TLSv1.2 encryption or higher or else they will fail.
- Get familiar with MX Bank, our test environment; MX Bank only allows specific test scenarios; and our guides follow these test experiences.
- Work with your MX representative to enable the following products:
Workflow
- Create a user
- Create a member
- Fetch and read the account and routing number
- Fetch and read account owner data
- Fetch and read balance data (for future payments)
Create a User
In order to gather information about your end user, we need a user guid. This is a unique identifier on our platform that represents your application's end user. Generating the guid in this step ensures that you can send multiple requests related to the same end user which includes connecting them to their accounts and gathering data for them.
To create a user, make a POST request to the create user endpoint, as shown below.
No parameters are required, but the user object cannot be empty. We recommend that you always set the id parameter to a value of your choice when creating a user. You may also include metadata, such as the date the user was created or the end user’s name. Don’t include any sensitive information, such as credentials.
_12curl -i -X POST 'https://int-api.mx.com/users' \_12-u 'client_id:api_key' \_12-H 'Accept: application/vnd.mx.api.v1+json' \_12-H 'Content-Type: application/json' \_12-d '{_12 "user": {_12 "id": "partner-2345",_12 "is_disabled": false,_12 "email": "totally.fake.email@notreal.com",_12 "metadata": "Yada yada yada"_12 }_12 }'
In the response, the API gives each new user an MX-defined guid (or user_guid when appearing outside the user object). Between your id and the guid, you can map between your system and ours. You’ll need the user guid for nearly every request on the MX API, at least when using basic authorization.
_10{_10 "user": {_10 "email": "totally.fake.email@notreal.com",_10 "guid": "USR-11141024-90b3-1bce-cac9-c06ced52ab4c",_10 "id": "partner-2345",_10 "is_disabled": false,_10 "metadata": "Yada yada yada"_10 }_10}
Create a Member
Next, create a member. A member represents the relationship between a user and an institution, and creating one is how you connect one to the other. Multiple members may be attached to a single user (for example, one member for their bank, another for their mortgage provider, another for their credit card provider, etc.).
To create a member:
- Search for an institution
- Get the institution-required credentials
- Make a request to the create member endpoint
A. Search for an Institution
First, you need to know what financial institution the member should be connected to and what type of credentials the institution expects to get.
Search for an institution by making a GET request using query parameters on the list institutions endpoint.
The example that follows searches for MX Bank, which is MX’s institution for testing and development.
The response returns a paginated list of institutions that match the string you send in the name query parameter. Make a note of the code you find in the example response; you’ll need this for the next step.
B. Get the Institution-required Credentials
Each institution requires different types of credentials. Some require an email and a password, some require a username and a password, and some may require other types of credentials.
Make a GET request to the list institution credentials endpoint.
Include the institution code retrieved from the previous step in the request URL. This endpoint returns the guid for each credential returned, which is used to match the credentials the end user provides to the required credential type in the next step.
Request
_10curl -X GET https://int-api.mx.com/institutions/mxbank/credentials \_10 -H 'Accept: application/vnd.mx.api.v1+json' \_10 -u 'client_id:api_key'
Response
_18{_18 "credentials": [_18 {_18 "display_order": 1,_18 "field_name": "LOGIN",_18 "field_type": "LOGIN",_18 "guid": "CRD-9f61fb4c-912c-bd1e-b175-ccc7f0275cc1",_18 "label": "Username"_18 },_18 {_18 "display_order": 2,_18 "field_name": "PASSWORD",_18 "field_type": "PASSWORD",_18 "guid": "CRD-e3d7ea81-aac7-05e9-fbdd-4b493c6e474d",_18 "label": "Password"_18 }_18 ]_18}
C. Create the Member
After you have the user_guid, an institution_code, and a guid for each credential required by the institution, create a new member. For this step, you need the values provided by the end user for each necessary credential.
Make a POST request to the create member endpoint shown below. There are several parameters that you can pass in this request which are included in the table below.
| Parameter | Data Type | Description | Required? |
|---|---|---|---|
background_aggregation_is_disabled | Boolean | When set to true, background aggregation will be disabled for this member. | No |
credentials | Array | The credentials endpoint for the requested institution will give you a list of all the credentials required to create a member for a given institution. Each required credential will need to be included within this array. | Yes |
id | String | The unique partner-defined identifier for the member. | No |
institution_code | String | The unique code for the institution to which the member will connect. Defined by MX. | Yes |
metadta | String | Additional information you can store on this member. | No |
Request
The following example uses MX Bank and requires a username and a password. It sets the username to mxuser and the password to password which are the credentials for the test user for MX Bank. For real institutions, these values must be the end user’s correct login information.
Do not add multiple members that connect to the same institution using the same credentials on the same user. This will result in a 409 Conflict error.
_19curl -i -X POST 'https://int-api.mx.com/users/USR-11141024-90b3-1bce-cac9-c06ced52ab4c/members' \_19-u 'client_id:api_key' \_19-H 'Accept: application/vnd.mx.api.v1+json' \_19-H 'Content-Type: application/json' \_19-d '{_19 "member": {_19 "credentials": [_19 {_19 "guid": "CRD-1ec152cd-e628-e81a-e852-d1e7104624da",_19 "value": "mxuser"_19 },_19 {_19 "guid": "CRD-1ec152cd-e628-e81a-e852-d1e7104624da",_19 "value": "password"_19 }_19 ],_19 "institution_code": "mxbank"_19 }_19 }'
Response
If the request is successful, the response returns with the newly created member and indicates that the connection process has started. The connection_status should be CREATED and the is_being_aggregated field should be true.
_15{_15 "member": {_15 "aggregated_at": null,_15 "connection_status": "CREATED",_15 "background_aggregation_is_disabled": false,_15 "guid": "MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0",_15 "id": null,_15 "institution_code": "mxbank",_15 "is_being_aggregated": true,_15 "metadata": null,_15 "name": "MX Bank",_15 "successfully_aggregated_at": null,_15 "user_guid": "USR-11141024-90b3-1bce-cac9-c06ced52ab4c"_15 }_15}
The connection_status must be one of the following in order to continue with verification. For this guide, we just created a member so the connection_status is still CREATED and we can move forward, but if you've already connected a member for a different reason, validate that the status is one of the following. Also, validate that is_being_aggregated: false because you cannot initiate verification for a member if a connection already in process.
CREATEDCONNECTEDDEGRADEDDISCONNECTEDEXPIREDFAILEDIMPEDEDRECONNECTEDUPDATED
We suggest you add a Connection Status Webhook in the Client Dashboard. We provide webhooks that send HTTPS POST callback requests to the URL of your choice. This webhook notifies you whenever a member’s connection_status field enters into an end-user-actionable state. For more information on webhooks, click here.
Fetch Account and Routing Numbers
Now that you've created a member, you can request account and routing number to verify the end-user's financial account using Instant Account Verification (IAV). For more information about this product, review our IAV guides.
To start the process, make a POST request to the verify member endpoint.
_10curl -i -X POST 'https://int-api.mx.com/users/USR-11141024-90b3-1bce-cac9-c06ced52ab4c/members/MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0/verify' \_10-u 'client_id:api_key' \_10 -H 'Accept: application/vnd.mx.api.v1+json' \_10 -H 'Content-Type: application/json'
The response indicates the status of the request. Next you'll check the connection status and answer any possible challenges.
_18{_18 "member": {_18 "aggregated_at": null,_18 "background_aggregation_is_disabled": false,_18 "connection_status": "CREATED",_18 "guid": "MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0",_18 "id": null,_18 "institution_code": "mxbank",_18 "is_being_aggregated": true,_18 "is_managed_by_user", true,_18 "is_oauth": false,_18 "metadata": null,_18 "name": "MX Bank",_18 "successfully_aggregated_at": null,_18 "user_guid": "USR-11141024-90b3-1bce-cac9-c06ced52ab4c",_18 "user_id": null_18 }_18}
A. Check the Connection Status
After verification has been initiated, poll the member by making a GET request to the read member endpoint. We suggest you invoke this call every 2- 3 seconds until a member is in a connected state and no longer being aggregated.
_10curl -i 'https://int-api.mx.com/users/USR-11141024-90b3-1bce-cac9-c06ced52ab4c/members/MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0/status' \_10-H 'Accept: application/vnd.mx.api.v1+json' \_10-u 'client_id:api_key'
Poll until the connection_status is CONNECTEDand is_being_aggregated. This indicates that the member has been successfully authenticated and verification has begun.
_10{_10 "member": {_10 "aggregated_at": null,_10 "connection_status": "CREATED",_10 "guid": "MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0",_10 "is_authenticated": false,_10 "is_being_aggregated": true,_10 "successfully_aggregated_at": null_10 }_10}
B. Answer the Account-selection Challenge
The end user must select which account to verify. If you have to select an account, the status switches to CHALLENGED, and the response includes the challenges you need to answer.
_10curl -i 'https://int-api.mx.com/users/USR-11141024-90b3-1bce-cac9-c06ced52ab4c/members/MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0/status' \_10-H 'Accept: application/vnd.mx.api.v1+json' \_10-u 'client_id:api_key'
If you don’t get the challenge and the member goes to directly to connection_status: CONNECTED and is_being_aggregated: false, it means that there are no eligible accounts to verify and there’s nothing more to do.
_28{_28 "member": {_28 "aggregated_at": null,_28 "challenges": [_28 {_28 "field_name": null,_28 "guid": "CRD-bc26dc1d-9fe3-41f1-9d67-e84070cf3055",_28 "label": "Please select an account:",_28 "options": [_28 {_28 "label": "Checking",_28 "value": "act-23445745"_28 },_28 {_28 "label": "Savings",_28 "value": "act-352386787"_28 }_28 ],_28 "type": "OPTIONS"_28 }_28 ],_28 "connection_status": "CHALLENGED",_28 "guid": "MBR-84ca0882-ad6c-4f10-817f-c8c0de7424fa",_28 "is_authenticated": true,_28 "is_being_aggregated": true,_28 "successfully_aggregated_at": null_28 }_28}
Use the Resume Endpoint
To answer the account-selection challenge, present the challenge from the previous step to end users, gather their response, and return it to MX using the resume endpoint.You may or may not run into MFA issued by the institution. If you do, you may get challenged multiple times.
Use the resume aggregation endpoint to answer the challenge. Include the appropriate credential GUID with the value chosen by the end user.
_14curl -i -X PUT 'https://int-api.mx.com/users/USR-11141024-90b3-1bce-cac9-c06ced52ab4c/members/MBR-84ca0882-ad6c-4f10-817f-c8c0de7424fa/resume' \_14-u 'client_id:api_key' \_14-H 'Accept: application/vnd.mx.api.v1+json' \_14-H 'Content-Type: application/json' \_14-d '{_14 "member": {_14 "challenges": [_14 {_14 "guid": "CRD-bc26dc1d-9fe3-41f1-9d67-e84070cf3055",_14 "value": "act-23445745"_14 }_14 ]_14 }_14 }'
The response should come back with connection_status: RESUMED.
_17{_17 "member": {_17 "aggregated_at": null,_17 "background_aggregation_is_disabled": false,_17 "connection_status": "RESUMED",_17 "guid": "MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0",_17 "id": null,_17 "institution_code": "mxbank",_17 "is_being_aggregated": true,_17 "is_oauth": false,_17 "metadata": null,_17 "name": "MX Bank",_17 "successfully_aggregated_at": null,_17 "user_guid": "USR-151a102b-90b3-1bc3-48d1-c24cad5a2b13",_17 "user_id": "10405939560"_17 }_17}
Check the Status Again
Check connection_status, is_being_aggregated, and successfully_aggregated_at.
- The
is_being_aggregatedfield indicates whether verification is complete; it’ll betruewhile IAV is running andfalsewhen complete. - When you see
connection_status: CONNECTEDandis_being_aggregated: falseat the same time, verification is done and you can pull account and routing data. - The
successfully_aggregated_atfield gives the exact time verification was finished.
_10curl -i 'https://int-api.mx.com/users/USR-11141024-90b3-1bce-cac9-c06ced52ab4c/members/MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0/status' \_10-H 'Accept: application/vnd.mx.api.v1+json' \_10-u 'client_id:api_key'
_10{_10 "member": {_10 "aggregated_at": "2020-05-07T22:01:00Z",_10 "connection_status": "CONNECTED",_10 "guid": "MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0",_10 "is_authenticated": true,_10 "is_being_aggregated": false,_10 "successfully_aggregated_at": "2020-05-07T22:01:25Z"_10 }_10}
Read the Account Numbers
When verification is complete, retrieve account and routing numbers. There are two endpoints for this: list account numbers by member and list account numbers by account.
The first is shown here.
_10curl -i 'https://int-api.mx.com/users/USR-11141024-90b3-1bce-cac9-c06ced52ab4c/members/MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0/account_numbers' \_10 -H 'Accept: application/vnd.mx.api.v1+json' \_10 -u 'client_id:api_key'
If MX has both an account number and a routing number for at least one of the member’s accounts, that information is returned. No information is returned for accounts that are missing a value for one or both of these fields.
The account number returned from this endpoint may be a Tokenized Account Number (TAN). See the section on TANs for information on dealing with these properly.
_20{_20 "account_numbers": [_20 {_20 "account_guid": "ACT-82a93692-f756-534f-9b2e-ad10a0f38462",_20 "account_number": "10001",_20 "institution_number": null,_20 "member_guid": "MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0",_20 "routing_number": "68899990000000",_20 "passed_validation": true,_20 "transit_number": null,_20 "user_guid": "USR-11141024-90b3-1bce-cac9-c06ced52ab4c"_20 }_20 ],_20 "pagination": {_20 "current_page": 1,_20 "per_page": 25,_20 "total_entries": 1,_20 "total_pages": 1_20 }_20}
Read the Account Details
Before using the account numbers you’ve just gathered for things like ACH transfers, read the account details by making a GET request to the read account endpoint.
Request
_10curl -i -X GET 'https://int-api.mx.com/users/USR-11141024-90b3-1bce-cac9-c06ced52ab4c/accounts/ACT-82a93692-f756-534f-9b2e-ad10a0f38462' \_10 -H 'Accept: application/vnd.mx.api.v1+json' \_10 -u 'client_id:api_key'
Read the account’s details to confirm that:
- The
available_balanceshows sufficient funds. - The account is still open:
is_closed: false.
This helps prevent ACH returns.
_51{_51 "account": {_51 "account_number": "****0001",_51 "apr": null,_51 "apy": null,_51 "available_balance": 500000,_51 "available_credit": null,_51 "balance": 500000,_51 "cash_balance": null,_51 "cash_surrender_value": null,_51 "created_at": "2020-09-21T19:43:44Z",_51 "credit_limit": null,_51 "currency_code": null,_51 "day_payment_is_due": 12,_51 "death_benefit": null,_51 "guid": "ACT-82a93692-f756-534f-9b2e-ad10a0f38462",_51 "holdings_value": null,_51 "id": "act-23445745",_51 "imported_at": "2023-02-24T09:01:25Z",_51 "institution_code": "mxbank",_51 "insured_name": null,_51 "interest_rate": null,_51 "is_closed": false,_51 "is_hidden": false,_51 "last_payment": null,_51 "last_payment_at": null,_51 "loan_amount": null,_51 "matures_on": null,_51 "member_guid": "MBR-84ca0882-ad6c-4f10-817f-c8c0de7424fa",_51 "member_id": null,_51 "member_is_managed_by_user": true,_51 "metadata": null,_51 "minimum_balance": null,_51 "minimum_payment": null,_51 "name": "Checking",_51 "nickname": null,_51 "original_balance": null,_51 "pay_out_amount": null,_51 "payment_due_at": "2021-05-12T16:01:00Z",_51 "payoff_balance": null,_51 "premium_amount": null,_51 "routing_number": "005026788",_51 "started_on": null,_51 "subtype": null,_51 "total_account_value": null,_51 "type": "CHECKING",_51 "updated_at": "2023-02-24T09:01:25Z",_51 "user_guid": "USR-11141024-90b3-1bce-cac9-c06ced52ab4c",_51 "user_id": "partner-2345"_51 }_51}
Verify Account Owner Information
In addition to account and routing numbers, you may also want to verify the end-user's account information such as their first and last name, phone number, and potentially more using the Account Owner Identification product. For more information about this product, review our Account Owner Identification guide.
A. Check the Member's Status Again
As with the IAV product, you can't initiate a new request to gather information if one is still in progress.
Again, check connection_status, is_being_aggregated, and successfully_aggregated_at.
- The
is_being_aggregatedfield indicates whether verification is complete; it’ll betruewhile account owner identification is running andfalsewhen complete. - When you see
connection_status: CONNECTEDandis_being_aggregated: falseat the same time, verification is done and you can fetch the account owner data. - The
successfully_aggregated_atfield gives the exact time the account owner identification finished.
B. Make a Request to the Identity Endpoint
Make a POST request to the identify member endpoint. This request starts the account owner identification process.
_10curl -i -X POST 'https://int-api.mx.com/users/USR-fa7537f3-48aa-a683-a02a-b18940482f54/members/MBR-7c6f361b-e582-15b6-60c0-358f12466b4b/identify' \_10 -H 'Accept: application/vnd.mx.api.v1+json' \_10 -H 'Content-Type: application/json' \_10 -u 'client_id:api_key'
The response returns the status of the process that gathers the account owner information.
_19{_19 "member": { _19 "aggregated_at": "2016-10-13T18:07:57.000Z",_19 "background_aggregation_is_disabled": false,_19 "connection_status": "CONNECTED",_19 "guid": "MBR-7c6f361b-e582-15b6-60c0-358f12466b4b",_19 "id": "unique_id",_19 "institution_code": "chase",_19 "is_being_aggregated": false,_19 "is_managed_by_user": false,_19 "is_oauth": false,_19 "metadata": "\"credentials_last_refreshed_at\": \"2015-10-15\"",_19 "name": "Chase Bank",_19 "oauth_window_uri": "https://mxbank.mx.com/oauth/authorize?client_id=b8OikQ4Ep3NuSUrQ13DdvFuwpNx-qqoAsJDVAQCyLkQ&redirect_uri=https%3A%2F%2Fint-app.moneydesktop.com%2Foauth%2Fredirect_from&response_type=code&scope=openid&state=d745bd4ee6f0f9c184757f574bcc2df2",_19 "successfully_aggregated_at": "2016-10-13T17:57:38.000Z",_19 "user_guid": "USR-fa7537f3-48aa-a683-a02a-b18940482f54",_19 "user_id": "user123"_19 }_19}
C. Read Account Owner Details
After you've connected, list account owner information using the list account owners by member endpoint to review identity-related data. Information returned depends on what is available from the institution the end user connected to. You'll need the user_guid and member_guid to pass the request.
_10curl -i -X GET 'https://int-api.mx.com/users/USR-fa7537f3-48aa-a683-a02a-b18940482f54/members/MBR-7c6f361b-e582-15b6-60c0-358f12466b4b/account_owners?page=1&records_per_page=10' \_10 -H 'Accept: application/vnd.mx.api.v1+json' \_10 -u 'client_id:api_key'
Fetch and Read Balance Data for Future or Delayed Payments
Account and routing numbers can be used for things like ACH transfers for as long as the account is still open, so there is no need to use IAV again for the account. However, information about the available balance in that account can become out of date within a few hours.
Before using these numbers again in the future (or if you wait a while to use them after the initial verification) run a balance check to get the latest available_balance before you initiate a payment or transfer. This prevents errors related to insufficient funds or closed accounts. For more information on Balance Checks, review our Balance Check product guide.
A. Fetch Account Balance
Make a POST request to the check balances endpoint.
_10curl -i -X POST 'https://int-api.mx.com/users/USR-11141024-90b3-1bce-cac9-c06ced52ab4c/members/MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0/check_balance' \_10 -H 'Accept: application/vnd.mx.api.v1+json' \_10 -H 'Content-Type: application/json' \_10 -u 'client_id:api_key'
Aggregating balance data takes some time, so check on the status of this process. Initially, you should see the is_being_aggregated field return with true.
_18{_18 "member": {_18 "aggregated_at": "2023-02-24T21:33:23Z",_18 "background_aggregation_is_disabled": false,_18 "connection_status": "CONNECTED",_18 "guid": "MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0",_18 "id": null,_18 "institution_code": "mxbank",_18 "is_being_aggregated": true,_18 "is_managed_by_user": true,_18 "is_oauth": false,_18 "metadata": "Additional information",_18 "name": "MX Bank",_18 "successfully_aggregated_at": "2023-02-24T21:11:23Z",_18 "user_guid": "USR-11141024-90b3-1bce-cac9-c06ced52ab4c",_18 "user_id": "partner-2345"_18 }_18}
B. Check the Status of the Balance Process
The balance check is complete when the following state is reached. You may need to check the status multiple times using the read member endpoint.
connection_status: CONNECTEDis_being_aggregated: falsesuccessfully_aggregated_atupdates to the current time.
_10curl -i -X GET 'https://int-api.mx.com/users/USR-11141024-90b3-1bce-cac9-c06ced52ab4c/members/MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd/status' \_10 -H 'Accept: application/vnd.mx.api.v1+json' \_10 -u 'client_id:api_key'
_11{_11 "member": {_11 "aggregated_at": "2023-02-24T21:42:05Z",_11 "connection_status": "CONNECTED",_11 "guid": "MBR-3bdc7d6b-efd4-1497-a0af-b23501cf9bd0",_11 "has_processed_account_numbers": false,_11 "is_authenticated": true,_11 "is_being_aggregated": false,_11 "successfully_aggregated_at": "2023-02-24T21:42:07Z"_11 }_11}
C. Read the Account Details Again
Check to see that available_balance is sufficient for your purposes and that is_closed is false. Make a GET request to the read account endpoint.
_10 curl -i -X GET 'https://int-api.mx.com/users/USR-11141024-90b3-1bce-cac9-c06ced52ab4c/accounts/ACT-82a93692-f756-534f-9b2e-ad10a0f38462' \_10 -H 'Accept: application/vnd.mx.api.v1+json' \_10 -u 'client_id:api_key'
We suggest you add a Balance Webhook in the Client Dashboard. We provide webhooks that send HTTPS POST callback requests to the URL of your choice. This webhook notifies you when new balance data is successfully returned. Note this webhook does not trigger member-based actions. For more information on webhooks, click here.