Skip to main content

Acorns Partner API

The Acorns Partner API is a combination of two sets of APIs, the Oauth and Partner APIs, that a third party can use to access an Acorns user's data on behalf of said user.

From an Acorns perspective, there are two types of partners that would be using the Partner API, a partner (a third party who pulls Acorns data to use itself), and an aggregator (a third party who pulls Acorns data to be used by other entities). Both can access the Partner API, but there's some slight differences between how the two identify themselves that we will discuss down below

If your organization is interested in utilizing the Acorns Partner API, you can reach out to Acorns at the email partner-api@acorns.com, and someone will get back to you to discuss onboarding your organization.

Onboarding

Once your organization has had initial talks with Acorns, and both Acorns and your organization have decided to move forward, Acorns will begin the onboarding process with your organization.

Acorns will request this information from your organization at this time:

  • redirect_uri: This is the uri that Acorns will redirect the user back to with the authorization grant, once the authorization grant has been created. Acorns will validate the redirect_uri provided in the /authorize call and ensure it matches the one provided by your organization during onboarding.
  • Partner or Aggregator: Select "Partner" if you are using the data within your organization. Select "Aggregator" if your organization is requesting data on behalf of your customers.
  • icon: This is an SVG file that contains an icon for your organization. The icon should be 64x64px and have no whitespace. This will be displayed on the Acorns Oauth Login page when the user is authenticating with Acorns.

At this time, Acorns will create an account for your organization in the Oauth Service. Once your organization's account has been created, your organization will be provided with these values that you will need to provide when utilizing the Oauth and Partner APIs.

  • client_id: The client identifier for your organization. Your organization needs to provide this in all of your requests to Oauth and Partner APIs. There will be a slight difference for a partner and aggregator when using the client_id.
    • For a partner (an organization using the data themselves), the client_id just needs to be provided as is (as provided from Acorns).
    • For an aggregator (an organization pulling the data and providing it to their clients), they must take the client_id value they received from Acorns, and append a unique identifier for their client (generated by your organization), before providing it to Acorns. The format is partnerId:partnerClientId. This allows Acorns to disambiguate the organizations clients in our systems, and provide multiple access tokens for said aggregator.
  • client_secret: The client secret is the way that Acorns validates a request comes from your organization. This will be a string value which will be provided once, and cannot be recovered once it has been created, as Acorns stores a hashed version of the secret. This value will be passed as the Authorization header when requesting tokens on behalf of a user. To use your secret, you must provide the value as Basic Base64Encode(client_id:client_secret).

Your organization will also be provided with access to the Acorns Partner sandbox, which will allow your organization to test your implementation using Acorns test data.