Skip to content


The AmpliFi API is designed to support Banking as a Service (BaaS) by providing a clear and consistent interface to back end banking services. It provides a layer of abstraction in front of popular banking-as-a-service APIs. The API provides direct server-side access to the AmpliFi back end functionality. This provides a single, unified, simplified, enriched, streamlined API for your front-end applications.

Key Features

Some key features of the API include the following:

  1. Multi-backoffice routing -- A single user may get products from two different back-end systems. The API can orchestrate transactions in different back-offices into a single transaction in the front-end.

  2. Multi-everything -- supports multiple customer segments, multiple users per customers, multiple languages, multiple authentication methods, and multiple back-offices across multiple banks, countries and currencies.

  3. Data caching -- all the data passing through the middleware is stored in the database and is accessible as a stand-in for the front-end. In case of sudden communication failure AmpliFi can keep serving the front end for read-only transactions and can queue some active transactions until the back-office comes back online.

  4. Two-way data synchronization -- AmpliFi pushes all the customer data into the front-end applications in real time in the background.

API Concepts

The API provides a collection of methods in the form of microservices available through a set of REST endpoints. These methods can be accessed directly from your program code.

All requests are made using the http verbs GET, PUT, POST and DELETE. The endpoints available through the Amplifi API are listed below.

The format for calling each API is given in the individual descriptions. For example, the call to the ping endpoint is given as

GET /ping/heartbeat

Using the cURL command line package this could be called as

curl --location --request GET http:\\{url}/ping/heartbeat

where {url} is the URL for the AmpliFi server.

Endpoint Usage
ping Check that the server is alive
token Get or deactivate authorization token
user Get and modify user details
devices get all user's devices
authenticateddevices get authenticated devices
account, accounts get info for one or all accounts, make changes to an account
card, cards get info for one or all of user's cards, make changes to a card
transfer transfer funds between accounts
remittances pay to external accounts
beneficiary, beneficiaries list, create and modify beneficiaries or payees
externalaccount, externalaccounts work with external accounts
prospect work with prospective new users
bill, bills manage bills paid by a user
cheques, checqueimage manage checks
messages manage messages for a user
invite, invites manage invitations to possible new users
iou manage IOUs
alerts manage alerts
geocode, pois access geographic location data
rates get FX rates
at show how an app was installed
undo undo a previous action

Details for each endpoint are described in the individual sections.

Common Elements

This section describes some elements that are common to most, if not all, of the AmpliFi API calls. These elements are not discussed in the individual descriptions unless necessary.

Each method is invoked by an http request to an API endpoint using one of the verbs GET, PUT, POST or DELETE. Path parameters may be encoded in the URL. Query parameters are not used.

All requests except login require the authorization token that is returned by a login call. This token must be copied to a header parameter named "token".

POST and PUT requests provide a request body, in JSON format. The Content-Type header should be application/json. For GET requests the body is empty.

Date-time strings are given in ISO 8601 format. Their names are prefixed with "dts".

Each request returns a status code, along with a set of standard http headers which may be ignored.

In some cases a response body is also returned in JSON format.

If the call succeeds, the response body includes the element

"success": true

and the status code is 200 or 201. If the call fails, the status code is 300 or greater, and the response body gives an appropriate message.