Last updated

Getting started: what you need

To access Atto APIs, you will need access credentials that will be provided to you by our support team. These credentials will be used to obtain an access_token using Authorization API. The access_token can then be used as a Bearer Token to authenticate with the Atto API endpoints.

Once your user has connected to their bank through Atto Connect, you can call the Atto API endpoints to retrieve their bank data.


Each set of credentials comprises the following information:

  • A client_id, which is the OAuth public identifier for your application
  • A client_secret, which is the secret used to authenticate the client_id
  • A scope, which is used to determine API access.

Obtain and Use access_token

We'll provide you with two sets of credentials for dev and live environments. It is recommended to use dev credentials first to simulate your real-world use cases. When you authenticate with your dev credentials, we will not charge your account.

To protect your production data, your dev credentials can't interact with the data in your live account. It's important that you keep dev and live environments separate.

To receive notifications about the user's status, you need to provide us with a webhook URL which we will notify upon successful connection with the bank. For further information please see the Webhooks section.


In summary, you'll need the following:

  • URL, resource ID, and credentials for Atto APIs
  • A page on which you can insert the link to Atto Connect
  • A web service "Webhook" that we call when your user has completed their journey, and the bank data is ready