General
Developer guidelines
Step-by-step guide to build, test and release your integration.
1
Discover our available APIs and endpoints
Go through our API Reference to identify the API(s) and endpoints you will need for your use case.
2
Sign up to the Developer Portal and create an app
By signing up to the Developer Portal and creating an app, you’ll be able to get all the authentication credentials you need to access the Sandbox environment (cf. demo below).
Are you interested in seeing how Qonto Embed could supercharge your platform with embedded financial services? Check out our sample app.
If the use case you’re interested in warrants it, our Partnership team will get in touch to support you in the integration and agree on a partnership contract.
3
Set up the Sandbox environment
Before making your first API calls, we strongly recommend you set up the Sandbox environment to play with dummy data and check if the API responses are the expected ones.
In the following steps, if any verification screen is prompted, please fill
123456.Log in to the Sandbox web app
Log in to the Sandbox web app
-
From the Toolkit, click on “Sandbox web app”.
Please, do not click on “Open an account”. -
Log in with the credentials available in the Developer Portal.
Please, do not change this password and the preferred language (english) since it’s a shared account. -
If the verification screen is prompted, fill
123456.
You have access to Qonto Sandbox web app!
Create my own user (optional)
Create my own user (optional)
Do I need to create my own user?The user associated to owner@qonto.eu is a shared user.If you need privacy concerning your testing data and/or more autonomy, then you should create your own user.
- From the Toolkit, click on “Sandbox web app”.
- Log in with the credentials available in the Developer Portal.
- For any organization, click on the “User management” tab.
- Click on the “Invite team member” button.
- Create a new user.
- If the verification screen is prompted, fill
123456. - From the Toolkit, click on “Mailcatcher”.
- Find the email sent to the email address of your new user.
- Click on “Accept invitation” in the email and go through the self-onboarding process.
Your new user is activated!N.B. : You don’t need to verify your identity.
Create my own organization (optional)
Create my own organization (optional)
Do I need my own organization?The organizations associated to owner@qonto.eu are shared organizations.If you need privacy concerning your testing data and/or more autonomy, then you should create your own organization.
- Create your own user (cf. previous step).
- From the Toolkit, click on “QA tool”.
- Click on “Create Organization”.
-
Fill the following fields:
Owner: the email address of your new user.Price plan code: choose your plan depending on the functionalities you need to test; indeed, some functionalities are only available for given plans (cf. Qonto pricing for more details).Organization nameBalance amount: it will be the amount available in your test bank account,100000€ will be a good start!
-
Submit the form.
From the Toolkit, click on “Sandbox web app”. Your new organization is created!
4
Make your first API call
To call the Sandbox environment, you should use Sandbox base URLs not Production base URLs.
Set up Postman
Set up Postman
-
Fork our Postman collection and environments
-
On your workspace, select the ‘Qonto Sandbox’ environment.
Your Postman workspace is set up!
Authenticate
Authenticate
You’ll find all the authentication credentials you need in the Developer Portal.
Don’t forget to include the
X-Qonto-Staging-Token in your API calls to the Sandbox environment.If you need to authenticate through:
-
OAuth 2.0 (customers using sensitive endpoints and partners) 👉 follow those steps;
To understand better the OAuth flow, please check this Postman visual flow.
- your API Key (customers only) 👉 follow those steps.
5
Build your integration
Here are some examples of the Business API most used capabilities:
List transactions
List transactions
To do so, you will need to call 2 endpoints:
-
Retrieve the authenticated organization and list bank accounts
To learn more about this endpoint, click here.🔗 Endpoint GET https://thirdparty.qonto.com/v2/organization🔒 Auth API Key or OAuth 2.0 ( organization.readscope)📲 SCA No -
List transactions
You will need to specify the
idor theibanof the bank account retrieved with the previous API call.
To learn more about this endpoint, click here.🔗 Endpoint GET https://thirdparty.qonto.com/v2/transactions🔒 Auth API Key or OAuth 2.0 ( organization.readscope)📲 SCA No
Initiate external transfers
Initiate external transfers
There are 3 different ways of initiating external transfers:
-
Create external transfers with beneficiaries data
This endpoint is only accessible using Strong Customer Authentication 👉 it requires a user interaction during the external transfers creation flow: the authenticated membership needs to approve the external transfers in the Qonto mobile app (after receiving a push notification).
To learn more about this endpoint, click here.🔗 Endpoint POST https://thirdparty.qonto.com/v2/external_transfers/checkout🔒 Auth OAuth 2.0 only ( payment.writescope)📲 SCA Yes 👉 the external transfers creation will not be fully automated; the authenticated membership will receive a push notification and will have to approve the external transfers within 15 minutes. 👤 Beneficiary type Any type of beneficiary (i.e. new or existing one, trusted or not); if the beneficiary doesn’t exist, it will be created once the transfer is successfully created. 🔢 Number of transfers Up to 400 -
Create an external transfer with trusted beneficiary
This endpoint doesn’t require any user interaction once the beneficiary is trusted. A beneficiary can only be trusted through Qonto app.
To learn more about this endpoint, click here.🔗 Endpoint POST https://thirdparty.qonto.com/v2/external_transfers🔒 OAuth scope OAuth 2.0 only ( payment.writescope)📲 SCA No 👉 the external transfer creation will be fully automated. 👤 Beneficiary type Only trusted beneficiary; the list of trusted beneficiaries can be retrieved through the List beneficiaries endpoint. 🔢 Number of transfers 1 -
Create a transfers request
This endpoint requires a user interaction after the transfers request creation: the transfers request must be approved by a membership of the authenticated organization with permissions to review requests.
To learn more about this endpoint, click here.🔗 Endpoint POST https://thirdparty.qonto.com/v2/requests/multi_transfers🔒 OAuth scope OAuth 2.0 only ( request_transfers.writescope)📲 SCA No 👉 the transfers request creation will be fully automated but not the external transfers creation since the request will have first to be approved by a membership in the Qonto app without any time constraints. 👤 Beneficiary type Any type of beneficiary (i.e. new or existing one, trusted or not); if the beneficiary doesn’t exist, it will be created once the transfer is successfully created. 🔢 Number of transfers Up to 400
6
Release your integration
All the API operations can be replicated from the Sandbox to the Production environment by following the next steps:
-
Get your Production credentials through the Developer Portal.
If you are using the Onboarding API, you will need to sign an ORIAS mandate (France only) and a partnership contract with Qonto in order to release your integration to Production.
-
Replace your Sandbox credentials by your Production credentials.
The
X-Qonto-Staging-Tokenheader is not necessary in Production. - Replace the endpoints base URL.
If you are a licensed partner, you must identify yourself through your QSeal certificate when calling our Business API endpoints in Production (cf. the requirements); otherwise you will receive a
401 Unauthorized error to your API calls.Your integration is ready to be released in Production!We would be super grateful if you could take few minutes to share your feedback regarding our Public APIs: Tell us what you think
7
Publish your integration in our Marketplace (optional)
To publish your app in our Integrations & Partnership section, you need to meet the following requirements:
- Your integration should be used at least by 25 beta testers.
- Once you meet the first requirement, send us at cp@getqonto.atlassian.net:
- a video of the functionalities of your integration;
- credentials so we can login into your product and test your integration.
- Once your integration is approved, you will have to provide us with the information you want to display in the integration page.