The Difitek API is used to build online platforms and marketplaces globally for managing private placements, securities, real estate, crowdfunding, peer-to-peer lending, and public stock trading. This public REST API provides an end-to-end server side application, which supports the technical back office requirements for client side applications of various kinds in the online investing and lending markets. The Difitek API also contains private financial back office functions and other third-party services which are made available on request.
Difitek operates two environments: sandbox and production. When you first set up your account with Difitek and you receive your API credentials, these will give you access to the sandbox environment. Some functionality, such as data export, transactional emails, webhooks, and analytics are disabled in the sandbox environment and only available to live, production accounts.
Once you are ready to launch your platform in the live, production environment, please get in touch with us in order to set up your live environment credentials.
The API is part of a broad infrastructure that includes everything that you might need to build your own unique digital finance marketplace. As well as the API, we provide a secure, hosted Admin Portal that allows you and your team to manage your operations and keep a complete audit log of all activities on your front-end user platform.
The API itself then provides access to a Difitek hosted database and Content Delivery Network for storing documents, such as images, offering documents or investment contracts, as well as access to dozens of third-party services that support the online funding process.
The Difitek Infrastructure also enables transactional emails and webhooks that can be generated using trigger points in your platform's activity, for instance whenever a new User registers or an Offering is first published. These emails and webhooks are only available in live environments and are disabled on sandbox.
The Difitek API follows REST principles. Every resource (User, Organization, Offering, etc.) has a unique identifying URI with which you can interact with it. All data must be sent in JSON format via HTTPS and all response data is returned in JSON format.
The API responds to
DELETE requests. Responses
will either be in Success format:
or in Error format:
In order to start building on top of the Difitek API, you will need to authenticate your requests using credentials that are supplied by Difitek.
Authentication with the Difitek API is handled through a request header. All requests to the API must include a
cv-auth header, which should be generated using one of Difitek's SDKs. The
header is created using:
To make a request to the Public or Social endpoint, for instance to register a new User or to retrieve Featured Offerings, which are available to site visitors who are not currently logged in, specify the following values for Username and Password when generating the header:
All requests to all other API endpoints must be made on behalf of a specific User, and therefore must use a valid Username and Password or an authenticated Social account when generating the header.
When using a Username and Password those two values should be used to generate the cv-auth header. Otherwise, to allow the User to authenticate using Single Sign On, provide a 'jwt-auth' header and use the 'single sign in' version:
Please see the Single Sign On section of the Key Concepts reference page for further information on using SSO.
All requests to the Difitek API must be made using HTTPS.
The Difitek API includes several third-party services to provide functionality and processes that are not offered directly by Difitek, for instance Payments, KYC/AML or identity verification, Risk and Credit Scoring services, Data services, and so on.
Every such third-party service requires its own credentials, which must be added to your Difitek account before the relevant functionality can be accessed through the Difitek API. Third-party services may also incur additional costs when used in live, production environments.
In order to set up your credentials for any third-party service, please get in touch with Difitek. You may also request additional services that may not yet be available through the Difitek API.
To test the API functionality using your own credentials, please download one of our SKDs or visit our Generate Token page, where you can create an authentication token for the API using your own credentials.
Software Development Kits are available at Difitek's Github page. To request SDKs in languages that are not currently available please get in touch to find out more.
Visit Funding Themes Hub to see a repository of sample User Interface code for securities platforms, real estate marketplaces, peer-to-peer lending platforms, trading platforms and crowdfunding platforms. These sites have been developed by Difitek Certified Partners to be compatible with the Difitek API.
Visit our Tutorials page to see recorded webinars explaining how to build on top of the Difitek API.