Frequently Asked Questions

We do not currently implement any functionality related to the refresh_token. This applies to both "Development" (Sandbox) and "Production" states.

Should there be any changes in the implementation, the documentation available in our Portal will be properly updated.

The POST request to the Token URL requires the client_id and client_secret of your app:

  • either as body parameters,
  • or within the Authorization Header, with Basic Authentication as such:   Authorization: Basic <base64 encoded string client_id:client_secret>

For further details, please read the chapter "Authorization (OAuth)" in "Getting Started", here.

Yes. There are three available sets of credentials, one for each predefined user in Sandbox.

Please visit the chapter "Sandbox" in "Getting Started", here. There, you can find all the information you need to proceed, including valid input data to perform tests.

Once you receive the ExtraPin token you have to use it within 2 minutes. After its validation, the ExtraPin is valid until session expiration. If the ExtraPin token is not used on time or the current session expires (which forces a new login), you have to perform another request to generate a new ExtraPin token.

The parameter input_filter follows a format specified by a particular definition in each API.

For instance, as you can see in the image below, for "/assets/accounts/{accountId}/transactions/{input_filter}", the input_filter follows the definition Asset_Accounts_Transactions_Input, in which you can also find an example.


For your convenience, here is an example for input_filter :

      "fromDate": "2015-1-9",
      "toDate": "2015-4-9",
      "fromRow": "",
      "pageSize": 20,
      "lastBalance": 0.0

No. The base API endpoint is common for both states. This information is available within the section “API Products”, where you select each product, to view the APIs it contains along with all the required information. Currently, the base API endpoint for applications of both states is:

This information is located in the section API Products, where each available product is presented, along with the APIs it contains and any related information. Additionally, you can visit the section “Getting Started”, where the available documentation provides the basic knowledge regarding OAuth2 and the Authorization process.

When upgrading an application from “Development” to “Production”, the Authorization and Token URLs, as well as the scope used in the Authorization process change.

An example of the current URLs and scopes for each state is presented below, however you should always check each API’s specification for more accurate information.


Authorization URL

Token URL




Authorization URL

Token URL


winbankAccess winbankAccess.monetaryTransactions

For further information regarding the Development and Production states, read the respective Chapter in “Getting Started” (here).

This field is not necessary to complete the registration process. However, it is mandatory during the Authorization process followed when you need to call an API. You can fill in or change this information either upon registration or at a later time, but you always have to make sure that this Redirect URI is the same with the one you are using as input when you call the Authorize and Token URLs of OAuth.

When logged in, follow the next steps:

  1. Go to the Apps page and click on the “+ Create new App” link.
  2. In the respective form, fill in the title, a description and a redirect URI for the oAuth flow and click "Submit".
  3. In the next page, save the Client ID and Client Secret. The Client ID can be seen at any given time. On the contrary the Client Secret is only visible upon registration, so make sure you keep it stored. Otherwise, you will have to reset it and take note of the new value. At this point, the application is registered and you can browse and subscribe to the available APIs, through specific product plans.

For further information, read the chapter “First Steps” in the section “Getting Started” (here).

A product is a bundle of specific APIs and plans to which you can subscribe in order to use the APIs.

Each plan sets limitations and subscription details of how you can use our API Products. Some plans are free and no approval is required, several plans require approval, and some may ultimately require approval and a monthly subscription. Consider what you need and choose the most suitable plan.

To do so, when logged in, you can visit the “API Products” page, either from the Menu or from the Products shown in the Homepage. There, you can select a product, see its description, along with the APIs it contains and the available plans. Select the plan that best suits your needs, click subscribe and select the application for which you want to subscribe. Repeat the process for each product you are interested in. You can select as many products your application may utilize.

For further information, read the chapter “First Steps” in the section “Getting Started” (here).

When logged in, click on the user menu and select “My Organization”. In this page you can:

  1. Edit your organization (change its name)
  2. Add new users
  3. Remove existing users
  4. Get Analytics for your applications

When logged in, click on the user menu and select “Create an Organization”. You can have multiple organizations managed by a single account.

When logged in, click on the user menu (by clicking on your email address at the upper right corner of the Portal Header) and select the first item on the menu (again your email address). In this page you can view and edit your information (first name, last name, company name, phone number, email address, password, preferred code snippet language etc)

Click the upper right link “Create an account” and fill in the form. All fields are mandatory.