Uphold’s robust Open API provides developers with a revolutionary way to develop innovative applications and services on top of a secure and established platform. From Uphold Connect to our sandbox environment, we want to assist in the disruption of the financial services ecosystem in a positive, powerful way.
Uphold Open API Benefits for Developers
Uphold’s open API has a variety of development and support features, such as open API documentation, app directory, application testing environment, and more.
Uphold Connect serves as the hub for Uphold integration into your financial services application. Developers using our open API platform can access:
- A highly secure infrastructure (KYC and AML)
- Real-time transaction transparency
- Multi-currency/multi-commodity transactions
- One-to-one reserve of value stored on the Uphold platform
Uphold API also supports a number of SDKs, providing developers with easy application integration. The Uphold API SDKs include:
- Android SDK
- iOS SDK
- Ruby SDK
- Python SDK
- PHP SDK
Ready to start building innovative applications and services on the Uphold platform? The first step is to create an account in our Sandbox Environment.
Step #1: Create an Uphold Sandbox Account
The Uphold Sandbox Environment is where you will build and test applications built upon the Uphold platform. And don’t worry, no real money is used in the sandbox development and testing environment.
The first step is to signup for a sandbox account.
The signup process is straightforward and simple. All you need to do is verify your email and phone number. Verify your phone number using verification code “0000000” (no SMS is sent).
Step #2: Fund Your Sandbox Account
Once you verify your email and phone number, you can fund your sandbox account using a Bitcoin testnet “faucet” (fake bitcoin).
These are our recommendations:
After adding “fake funds” via a faucet, your dashboard will look like this . . .
Step #3: Connect Your Application to Uphold
It’s time to connect your application to the Uphold platform. There are a few considerations prior to doing this:
- The application needs to be SSL certificate secured by a Known Certificate Authority
- Your redirect URL must be a valid static sub-resource (cannot be reconfigured)
- The redirect URL can be a URI, like my-app://uphold/connect
- Users can abandon your application at any time (re-request user authorization)
- Uphold Terms of Service allow automated suspension of any application
- Standard rate limits apply to access tokens
When you’re ready to connect your app, click on the profile icon in the top-right corner of your sandbox account dashboard and choose “Settings.”
Then select “Applications.”
Next, select the “Developer Applications” box.
You’ll be prompted to register your application from this screen. Choose “Register Application.”
Once your app is registered you’ll receive a secured ClientID and ClientSecret. There are a few requests needed, such as user application authorization. Uphold’s open API supports these “permissions” scopes:
Step #4: Application Authentication
The following web application flow assists developers in obtaining Uphold user information on a specified account to take action on behalf of the user. These authentication guidelines are aligned with the Uphold OAuth 2.0 compliant service.
When authenticating an app, the following URLs need to be in use to redirect users properly:
Developers also need to use query parameters supported by the Uphold platform.
Token Request and Use
After a user accepts an authorization request, they will be redirected to your site with a temporary code (5-minute validation). You can also exchange the code for an access token using POST https://api.uphold.com/oauth2/token as well.
The supported parameters for token requests are:
After the access token is received, a protected API method can be used for the user like this:
For security, developers cannot use any other authentication method. Only Authorization: Bearer <token> is supported on the platform. This is simply to protect token theft via logs, browser history, and query URLs from unsecure locations.
Personal Access Tokens (PAT)
You can also use Personal Access Tokens (PAT) for personal use, verifying you to provide access to your user account without Two Factor Authentication.
Basic Authentication Request
Uphold also lets you make a basic authentication request via username or email and password.
However, if Two-Factor Authentication is enabled, you’ll receive an HTTP 401 error. To bypass this, simply pass your OTP Verification like this, OTP-Token: <OTP-Token>.
Once an application is registered and authenticated, you can begin development or implementation on Uphold’s developer-friendly, easy to use platform.
Do you have questions about using Uphold Open API? Well, we have plenty of answers. Here are a few of the most common questions developers have asked while creating new applications and services on our platform.
What is the Rate Limit?
The Uphold open API rate limits are based on the number of requests per predefined length of time. The remote client IP defines the global rate limits. However, some endpoints may have stricter rate limit guidelines.
For instance, from /password/forgot endpoint 10 requests per 10-minute interval per IP address, but with multiple IPs only 3 requests per 5-minute interval via a single user account, like [email protected], for example.
The current rate limits are:
Can I Query Exchange Rates?
Yes. Developers can query exchange rates, or “currency pairs” at any time using this request: GET https://api.uphold.com/v0/ticker.
The query return will look like this:
What Accounts Can I Use to Deposit Funds?
Uphold users can fund accounts (cards) using ACH accounts, debit/credit cards, and wire transfers. You can also move funds from an Uphold account via ACH account or wire transfer.
Deposits into an Uphold account (card) are converted to the card’s value automatically. For example, $100 deposited from a debit card to a Bitcoin card will be automatically valued for an amount of Bitcoin.
Can I Query Account Lists?
Yes. Developers can easily retrieve account lists for a current user using this request: GET https://api.uphold.com/v0/me/accounts. It will look like this:
You can also retrieve other account details using this request:
How Do I Create an Uphold Account Card?
Uphold uses cards to reflect the store value of different supported currencies. For instance, there is a Bitcoin card, Ethereum card, USD card, Euro card, etc. Uphold has over 35 cryptocurrency and fiat currency cards available.
Developers can create an Uphold card via the open API using this request: POST https://api.uphold.com/v0/me/cards.
Each Uphold card does require the cards: write scope for Uphold Connect applications. Parameters include:
How Can I Create a Transaction?
To create a transaction, developers will need to specify the following transaction details:
- Currency to denomination of transaction
- Value amount to send in denomination currency
- Origin of the transaction can be a valid account ID (deposit option)
- Destination of the transaction in Bitcoin address, account ID, email, app ID, or Uphold username
Transactions supported are . . .
The transaction creation and return will look like this:
Can I Use Uphold Open API for My Business?
Yes. Uphold open API is for developers, partners, and businesses. To start using Uphold open API for your next innovative business strategy, simply signup and start building.
All applications built using our open API are showcased in our App Directory. This provides your newly approved app with a built-in audience.
Make Uphold Open API Your Application Platform
Uphold open API is a premier platform for application builds and developer services. Our enhanced security protocols, innovative features, and ease of use for development make Uphold a powerful app solution.
Our open API also comes with unprecedented support for developers, partners, and businesses using the platform. Our Developer Community provides support and feedback from fellow developers and our team of professional developers at Uphold.
Questions? Contact us about our open API solution at [email protected].