Skip to main content
This page focuses only on API integration.
Client → Backend only. These APIs are designed for front‑end clients (web/mobile) calling your Finhost backend using end‑user tokens from Amazon Cognito. They are not intended for backend‑to‑backend calls with client secrets.

Overview

Finhost exposes a single REST surface called Client API. It includes traditional banking features (clients, companies, accounts, transfers, transactions) and optional crypto‑exchange features.
  • All requests are JSON over HTTPS with Bearer auth.
  • Crypto endpoints are namespaced under /crypto-exchange within the same base URL.

Environments & Base URLs

Your tenant uses customer‑scoped hostnames.
  • Dev: https://client-api.dev.{your-domain}.io
  • Prod: https://client-api.{your-domain}.io
Replace {your-domain} with your assigned tenant domain (e.g., acmebank). Keep these values in env vars: 
export CLIENT_API_BASE="https://client-api.dev.{your-domain}.io" # or prod

Authentication (Cognito)

Finhost relies on Amazon Cognito User Pools for user authentication and token issuance.

What you need

  • User Pool ID and Region
  • Web App Client ID (no client secret for public web/mobile apps)
  • (Optional) Hosted UI domain if you use Cognito’s OAuth2/PKCE login

How it works

  1. Your web/mobile app authenticates the end user against Cognito:
    • Hosted UI + PKCE (recommended) or a library like AWS Amplify Auth.
  2. Cognito returns short‑lived JWTs:
    • ID token (user identity claims)
    • Access token (authorization for APIs)
    • Refresh token (to renew tokens silently)
  3. Your app calls Finhost Client API with the Access token in the header:
Authorization: Bearer <access_token>
  1. On expiry, renew tokens via the refresh token (Amplify or Hosted UI session) and retry.
Register your front‑end origins in CORS. Avoid storing tokens in localStorage; prefer memory or secure, httpOnly cookies where applicable.

Example — fetch profile (JS)

const res = await fetch(`${CLIENT_API_BASE}/client`, {
  headers: { Authorization: `Bearer ${accessToken}` }
});
const me = await res.json();

Example — cURL

curl --request GET \
  --url "$CLIENT_API_BASE/client" \
  --header "Authorization: Bearer $TOKEN"

Canonical integration flows

A) Individual onboarding (KYC → account → bank details → payments)

  1. Initiate clientPOST /client 
    curl -X POST "$CLIENT_API_BASE/client" \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{
    "name": "John", "surname": "Doe", "nationality": "UKR",
    "birthday": "2017-07-21", "phone": "+380689873682"
  }'
  2. Accept contract (client)POST /v2/clients/contract-accept 
    curl -X POST "$CLIENT_API_BASE/v2/clients/contract-accept" \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"contractId": "regularContract"}'
  3. Get KYC access tokenGET /v1/kyc/access-token (for Sumsub Web SDK) 
    curl -X GET "$CLIENT_API_BASE/v1/kyc/access-token" \
  -H "Authorization: Bearer $TOKEN"
  4. Create accountPOST /v1/accounts 
    curl -X POST "$CLIENT_API_BASE/v1/accounts" \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"title":"Main EUR","currency":"EUR","companyId":"<uuid>","variantId":"<id>"}'
  5. Fetch bank detailsGET /v1/ext-accounts/{extAccountId} 
    curl -X GET "$CLIENT_API_BASE/v1/ext-accounts/<extAccountId>" \
  -H "Authorization: Bearer $TOKEN"
    GET /account/details/{account} is deprecated. Use /v1/ext-accounts/{extAccountId} instead.
  6. Initiate external transferPOST /v2/transfer 
    curl -X POST "$CLIENT_API_BASE/v2/transfer" \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{
    "amount":"42",
    "from": {"type":"individual","accountId":"<uuid>"},
    "payment": {"method":"sepa","recipient": {"iban":"GB33...","bicSwift":"BUKBGB22","name":"John","surname":"Doe","country":"GB"}}
  }'
  7. List transactions (cursor)GET /v1/transactions 
    curl -X GET "$CLIENT_API_BASE/v1/transactions?accountId=<uuid>&limit=50&sortOrder=descending&lastKey=<cursor>" \
  -H "Authorization: Bearer $TOKEN"

B) Company onboarding (KYB)

  1. List companiesGET /v2/companies
  2. Get KYB access tokenGET /v2/companies/{companyId}/kyb-access-token
  3. Accept contract (company)POST /v2/companies/contract-accept

Crypto features (under Client API)

The crypto‑exchange feature set lives under the same base URL, namespaced at /crypto-exchange.
  • List orders (paginated)GET /crypto-exchange/orders 
    curl -X GET "$CLIENT_API_BASE/crypto-exchange/orders?pageLimit=10&pageSort=desc&pageKey=<cursor>" \
  -H "Authorization: Bearer $TOKEN"
  • Get orderGET /crypto-exchange/orders/{orderId} (eventual consistency)
  • Create orderPOST /crypto-exchange/orders
  • Create wallet (external account)POST /crypto-exchange/wallets
  • Create payout (transaction)POST /crypto-exchange/payouts
Pagination differs by area: core banking uses limit/lastKey; crypto uses pageLimit/pageKey/pageSort.

Status codes & patterns

  • 200 OK — successful GET/POST (lists, tokens, reads)
  • 201 Created — resource/operation created (transfers, accounts, orders)
  • 400 / 403 / 404 — validation/auth/lookup errors
  • 500 — server error
Best practices
  • Include Authorization: Bearer <access_token> on every request.
  • Set Content-Type: application/json for bodies.
  • Prefer cursor pagination (lastKey or pageKey) over offset.
  • Prefer new endpoints under /v2 when available.
  • Avoid deprecated paths such as /account/details/{account}.

Quick reference

FeatureEndpoint
Get client profileGET $CLIENT_API_BASE/client
Initiate clientPOST $CLIENT_API_BASE/client
Accept contract (client)POST $CLIENT_API_BASE/v2/clients/contract-accept
Get KYC tokenGET $CLIENT_API_BASE/v1/kyc/access-token
List companiesGET $CLIENT_API_BASE/v2/companies
Get KYB tokenGET $CLIENT_API_BASE/v2/companies/{companyId}/kyb-access-token
Create accountPOST $CLIENT_API_BASE/v1/accounts
Get bank detailsGET $CLIENT_API_BASE/v1/ext-accounts/{extAccountId}
External transferPOST $CLIENT_API_BASE/v2/transfer
Internal transferPOST $CLIENT_API_BASE/v2/transfer/internal
List transactionsGET $CLIENT_API_BASE/v1/transactions
List ordersGET $CLIENT_API_BASE/crypto-exchange/orders
Get orderGET $CLIENT_API_BASE/crypto-exchange/orders/{orderId}

Next steps

  • Configure Cognito (User Pool, Web Client ID, Hosted UI/PKCE) and CORS allow‑lists.
  • Use Dev for integration; switch env vars to Prod at go‑live.
  • Enable crypto features if required; endpoints will be available under /crypto-exchange.