Get started guide

This article will guide you through integrating Subaio functionality into your frontend applications and leveraging the Subaio Partner API to enrich your internal data.

Subaio integration revolves around three components

Using Subaio Partner API

Subaio exposes a REST based Partner API, that customers can use in order to integrate with Subaio’s platform.

The Partner API is normally accessible through https://partner.prod.subaio.com:9443/, but can also be deployed locally as part of an on-premises solution.

The following values are important to note:

Key Description
{partnerId} Path parameter identifying the customer. For Acme Bank it could be acmebank
brand Subaio supports a multi-tenant setup, where the customer can separate user groups (business, private) or country. For Acme Bank it could be acmebank_dk and acmebank_no.

A typical flow for onboarding a user, displaying frontend, and exchanging transaction data.

Step 1: Onboard user

The first step is to onboard a user which is done via the Partner API.

This is done through /partner/{partnerId}/2.0.0/users, where a user ID is specified that links the user in both the Subaio systems and the partner systems. Do not use a sensitive key such as SSN.

POST /partner/{partnerId}/2.0.0/users
{
  "bankUserId": "string",
  "brand": "somebank_dk",
  "locale": "da-DK",
}

See API documentation for details on payload

Step 2: Login user

After onboarding the user, the next step is to login the user so a subscription overview can be displayed.

Since transaction data is not yet available, a loading screen will be displayed temporarily.

Logging in a user is done by calling /partner/{partnerId}/2.0.0/users/logins, sending a signed JWT containing the user ID as the sub claim.

POST /partner/{partnerId}/2.0.0/users/logins
{
  "payload": "string"
}

Subaio Partner API verifies the login request using public key provided by you, and returns a JWT that can be used for other API calls.

The actual authentication method can be customized per customer, but Subaio suggests you

Partner API verifies the login request using a corresponding public key provided by you and returns a Subaio Partner API JWT.

Example java code to generate login payload:

var claims = Jwts.claims().setSubject(USER_ID);
var jwt = Jwts.builder()
              .signWith(SignatureAlgorithm.RS256, privateKey)
              .setClaims(claims)
              .setIssuer("acmebank-production")
              .setExpiration(new Date(Instant.now().plus(JWT_EXPIRATION_MINUTES, ChronoUnit.MINUTES).toEpochMilli()))
              .compact();

See API documentation for details on API

Step 3: Exchanging transaction data

Transaction data is often an important part of the solution, since it is used for detecting recurring costs and provide other insights.

Subaio supports exchanging transaction data in many ways to avoid putting any constraints on the integration. All of these options are currently used in production with our customers, and we have written a detailed guide on how to perform each integration.

Option Description
Push via SFTP Transactions are packaged into files and pushed to a customer specific SFTP server, where Subaio will ingest the files and process the transactions.
Push via Subaio Partner API Transactions are pushed to Subaio Partner API /partner/{partnerId}/2.0.0/transactions
Coming soon
Pull from you Coming soon
Pull from aggregator Coming soon