Developers will need to register their application before getting started. A registered application will be assigned a unique Client Id and Client Secret.
Security Notice: Your Client Secret should never be shared, must be kept secret at all times and should only be used from your server-side application.- For security reasons, your application must be secured with a valid SSL certificate issued by a known Certificate Authority.
- Likewise, the provided Redirect URL when registering the application must be a valid static subresource. Notice that this property cannot be dynamically reconfigured during authorization requests for security reasons.
- The Redirect URL can also be a valid URI with a non-http/https protocol which is useful for mobile and desktop applications, for example:
my-app://uphold/connect. - Users can revoke access to your application at any time. Your application must be prepared for this and, if necessary, should request authorization from the user again.
- Likewise, when users change their password, all authorization tokens are expired and the user enters a cool-down period where outbound transactions are not allowed, for security reasons. Your application must be prepared for this.
- Your application may be suspended in an automated fashion in accordance with our Terms of Service.
- Standard rate limits apply to all issued access tokens.
When requesting authorization from a user the application must specify the level of access needed. These scopes are displayed to the user on the authorization form and currently the user cannot opt-out of individual scopes.
The API supports the following scopes:
| Scope | Description |
|---|---|
| accounts:read | Can view all accounts and their information. |
| cards:read | Can view all cards and their information. |
| cards:write | Can create and update any card. |
| phones:read | Can view all phone numbers and their information. |
| phones:write | Can add new phone numbers. |
| transactions:deposit | Can create a deposit transaction. |
| transactions:read | Can view any transaction. |
| transactions:transfer:application | Can create a transaction between the user and the application. |
| transactions:transfer:others | Can create a transaction between different users. |
| transactions:transfer:self | Can create a transaction between a user's cards. |
| transactions:withdraw | Can create a withdrawal transaction. |
| user:read | Can view the user and their information. |
The following scopes are deprecated and will be removed in a future version of the API:
| Scope | Description |
|---|---|
| transactions:write | Can create a transaction from any origin to any destination (another card or an external address), cancel and resend transactions. This scope is now deprecated in favor of the more fine-grained write scopes above (deposit, transfer and withdraw). |
You can always request more scopes later by asking for user consent again.
We prefer that you use these image resources when connecting your applications to Uphold.
small (129x40), large (258x80), vector (SVG)
small (206x40), large (412x80), vector (SVG)
small (199x40), large (398x80), vector (SVG)
small (129x40), large (258x80), vector (SVG)
