Basics
The API base URL:
https://app.sixpark.com.au
The API base URL including version (for resource or client credentials authorized endpoints):
https://app.sixpark.com.au/api/v1
Welcome to the Six Park API. You can use this API to access the Six Park API endpoints.
The Six Park API is a HTTPS only, RESTful API, meaning (generally) URLs are resource-oriented. It accepts form-encoded request bodies, returns JSON encoded responses and uses standard HTTP response codes, HTTP headers and OAuth2 for authorisation/authentication.
You must be pre-approved to use the API. If you are approved you will be assigned a client_id and a client_secret, synonymous to a username/password combination, which you will exchange for a client credentials access token to access certain API endpoints.
The API specification version is currently V1, meaning most endpoints will contain /api/v1 in the URL path.
We've provided language bindings in Shell but recommend Postman and have included a Postman collection and environment with this documentation. You can view Shell code examples in the dark area to the right.
Authentication
To access authenticated endpoints, add the Authorization header as shown below:
# With shell, you can just pass the correct header with each request
curl "api_endpoint_here"
--header "Authorization: Bearer access_token"
Make sure to replace
access tokenwith the token returned via the client credentials or the modified authorization code flow.
Access to the API is provided via OAuth2 using the client credentials flow and a modified authorization code flow.
Applications that request an access token via the client credentials flow will be granted access to all non-resource owner (user) endpoints.
Applications that have acquired a resource owner access token will be granted access to resource owner (user) endpoints.
Other than Authorization requests, the API expects a valid access token to be included in all other API requests via an Authorization header:
Authorization: Bearer access_token
POST > Client credentials Bearer access token
curl "https://app.sixpark.com.au/oauth/token"
--request POST
--header "Accept: application/json"
--header "Content-Type: application/x-www-form-urlencoded"
--header "Authorization: Basic HVnUjFOMWh2aGVYMWxRNkVPeWhqelRCaDdzaS1w"
--data-urlencode 'grant_type=client_credentials'
--data-urlencode 'scope=questionnaire.questions.read users.read'
A successful (200 HTTP status code) example JSON response body:
{
"access_token": "8-2kNsh0CoPn8-_hFVQa5r7W14KqNgdwtwi2j-DAb",
"token_type": "Bearer",
"expires_in": 7200,
"scope": "questionnaire.questions.read users.read",
"created_at": 1592809139
}
Retrieve a client credentials (application) access token to authenticate against client credentials API endpoints.
The endpoint accepts one parameter and a Basic authentication header which must be in the following format:
Authorization: Basic <Base64('client_id:client_secret')>
HTTP Request
POST https://app.sixpark.com.au/oauth/token
Scopes
| Name | Description |
|---|---|
| questionnaire.questions.read | Read questionnaire question data |
| questionnaire.results.read | Read questionnaire result data |
| users.read | Read user data |
| users.write | Write user data |
| users.accounts.read | Read user accounts data |
| users.accounts.write | Write user accounts data |
| users.accounts.results.write | Write user accounts result data |
| users.accounts.portfolio.read | Read user accounts portfolio data |
FORM Parameters
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| grant_type | yes | string | no default |
Must be client_credentials |
| scope | no | string | no default |
Must be one or many scopes separated by a ' ' |
Query Parameters
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| grant_type | yes | string | no default |
Must be client_credentials |
| scope | no | string | no default |
Must be one or many scopes separated by a '+' |
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | no | Not authenticated |
200 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| access_token | string | The access token to include in authorized requests |
| token_type | string | Always Bearer |
| expires_in | integer | The number of seconds the access token is valid for |
| scope | string | The scopes, either [ read, write ], the access token is/are valid for |
| created_at | integer | the Unix time of when the token was issued |
POST > Refresh resource owner access token
curl "https://app.sixpark.com.au/oauth/token"
--request POST
--header "Accept: application/json"
--header "Content-Type: application/x-www-form-urlencoded"
--header "Authorization: Basic HVnUjFOMWh2aGVYMWxRNkVPeWhqelRCaDdzaS1w"
--data-urlencode 'grant_type=refresh_token'
--data-urlencode 'refresh_token=<refresh_token>' \
A successful (200 HTTP status code) example JSON response body:
{
"access_token": "8-2kNsh0CoPn8-_hFVQa5r7W14KqNgdwtwi2j-DAb",
"token_type": "Bearer",
"expires_in": 7200,
"refresh_token": "ik8StCrDnKrI5uLWdxaTx3bOWHIipDnwTl5Pn2ozpRs",
"scope": "read",
"created_at": 1592809139
}
Retrieve a resource owner access token to authenticate against resource owner API endpoints using a refresh token.
The endpoint accepts two parameters and a Basic authentication header which must be in the following format:
Authorization: Basic <Base64('client_id:client_secret')>
HTTP Request
POST https://app.sixpark.com.au/oauth/token
FORM Parameters
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| grant_type | yes | string | no default |
Must be refresh_token |
| refresh_token | yes | string | no default |
The refresh_token |
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | yes | Access is granted via Basic authentication |
200 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| access_token | string | The access token to include in authorized requests |
| token_type | string | Always Bearer |
| expires_in | integer | The number of seconds the access token is valid for |
| refresh_token | string | The refresh token which is exchanged for a new access token |
| scope | string | The scopes, either [ read, write ], the access token is/are valid for |
| created_at | integer | the Unix time of when the token was issued |
Errors
Error API responses may look like this:
{
"code": "url_invalid",
"message": "Sorry, that page does not exist.",
"links": {
"error": "https://..."
}
}
The Six Park API returns standard HTTP response codes to indicate the result of an API request.
Some unsuccessful API responses will include a human readable error message as part of the response which may indicate the action required to remedy a subsequent request.
Provided is the standard set of HTTP status code:
| Error Code | Description |
|---|---|
| 400 | Bad Request - The request is invalid, often due to a missing parameter. |
| 401 | Unauthorized - The access token is missing or invalid. |
| 403 | Forbidden - The access token does not have the permissions to perform the request. |
| 404 | Not Found - The specified resource could not be found. |
| 406 | Not Acceptable - The requested format was not JSON. |
| 415 | Unsupported Media Type - The requested media type is in an unsupported format, ie: not JSON. |
| 422 | Unprocessable Entity - The request was well-formed but was unable to be completed. |
| 429 | Too Many Requests - The rate at which the API is being accessed is too fast. |
| 500 | Internal Server Error - We had a problem with our application/API. Try again later. |
| 503 | Service Unavailable - We're temporarily offline. Please try again later. |
HATEOAS
HATEOAS responses may contain links similar to the below:
{
"..."
"links": {
"questions": "https://...",
"results": "https://..."
}
}
Where possible, the API will adhere to the HATEOAS REST extension. Clients are strongly encouraged to follow the HATEOAS guidelines to loosely couple their integration to the API.
Pagination
curl "https://app.com/api/v1/users?page=1&per_page=100"
--header "Authorization: Bearer access_token"
An example of an API request using pagination parameters and the response body containing links to related pages
{
"...",
"links": {
"next_page": "https://...",
"previous_page": "https://...",
"first_page": "https://...",
"last_page": "https://..."
}
}
API Endpoints that return a collection of resources will always be paginated. The API will accept the following parameters for these endpoints:
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| page | no | integer | 1 | The page number |
| per_page | no | integer | 50 | The number of results returned per page |
Paginated results will contain at minimum 4 links to related pages, including next_page, previous_page, first_page and last_page.
Rate Limiting
An example of a HTTP 429 - Too Many Requests JSON response body:
{
"code": "rate_limit_exceeded",
"message": "Too many requests, too quickly. We recommend an exponential backoff.",
"links": {
"error": "https://..."
}
}
The Six Park API uses HTTP headers to communicate rate limits and consumption rates.
Applications should parse and respect the following 3 headers:
| Header | Description |
|---|---|
| x-rate-limit-limit | the limit on number of request for the endpoint |
| x-rate-limit-remaining | the number of requests remaining for the rate limit window |
| x-rate-limit-reset | the Unix time at which the rate limit window is reset |
When an application exceeds the rate limit for an endpoint, the API will return a HTTP 429 - Too Many Requests status code and associated response body.
Versioning
The API base URL including version:
https://app.sixpark.com.au/api/v1
The API specification version is currently V1, therefore all endpoints will contain /api/v1 in the URL path.
When backwards-incompatible changes are made to the API, a new version is released.
We consider backwards-compatible changes to include:
- Adding new API resources.
- Adding new optional request parameters to existing API methods.
- Adding new properties to existing responses.
- Changing the order of properties in existing API responses.
- Changing the length or format of object IDs.
Validation
An example of a HTTP 422 - Unprocessable Entity JSON response body:
{
"code": "validation_failed",
"message": "Validation failed due to ...",
"errors": [
{
"message": "Must be one of ...",
"field": "type"
}
]
}
Resource mutation API requests will trigger resource validations.
For failed requests, the API will return a HTTP 422 - Unprocessable Entity status code and associated body containing a collection of errors.
Questions
GET > Get questions and associated multiple choice answers
curl "https://app.sixpark.com.au/api/v1/questionnaire/questions"
--header "Accept: application/json"
--header "Authorization: Bearer <access_token>"
A successful (200 HTTP status code) example JSON response body:
{
"data": [
{
"id": "3a8610d7-988f-47f1-9130-6c6662950855",
"type": "question",
"attributes": {
"text": "What is your age?",
"description": "Generally, younger investors have a...",
"answers": [
{
"id": "edfa8ab2-d35a-448a-b731-f1607396d164",
"text": "18-25 yrs"
},
{
"id": "e8b6469a-8bf3-4691-90bd-caf197aced3c",
"text": "36-50 yrs"
},
"..."
]
},
"links": {
"self": "https://app.sixpark.com.au/api/v1/questionnaire/questions/tnEKYuedAjPvB"
}
},
"..."
],
"links": {
"self": "https://app.sixpark.com.au/api/v1/questionnaire/questions",
"results": "https://app.sixpark.com.au/api/v1/questionnaire/results/:id"
}
}
Retrieve a set of questions and multiple choice answers as per the Six Park questionnaire/risk assessment.
HTTP Request
GET https://app.sixpark.com.au/api/v1/questionnaire/questions
Query Parameters
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| investor_type | no | string | individual | The investor type to tailor the questionnaire for - one of either [ individual, group ] |
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | client credentials | Access is granted via a client credentials access token |
| paginated | no |
200 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| data | collection | A collection of questions |
| data[id] | string | Unique identifier for the question object |
| data[type] | string | The resource type - question |
| data[attributes[text]] | string | The question text |
| data[attributes[description]] | string | Context as to why this question is asked |
| data[attributes[answers]] | collection | Multiple choice answers associated with the question |
| data[attributes[answers[id]]] | string | Unique identifier for the answer object |
| data[attributes[answers[text]]] | string | The answer text |
| links | object | Links to related endpoints |
| links[self] | string | Link to questions |
| links[results] | string | The endpoint where to submit answers, and solicit a result |
GET > Retrieve a question and associated multiple choice answers
curl "https://app.sixpark.com.au/api/v1/questionnaire/questions/:id"
--header "Accept: application/json"
--header "Authorization: Bearer <access_token>"
A successful (200 HTTP status code) example JSON response body:
{
"data": {
"id": "3a8610d7-988f-47f1-9130-6c6662950855",
"type": "question",
"attributes": {
"text": "What is your age?",
"description": "Generally, younger investors have a...",
"answers": [
{
"id": "7cef5e95-6606-4cac-b121-6b99f56cebb4",
"text": "18-25 yrs"
},
{
"id": "cce4adcf-f91d-40dd-9f44-66a344910778",
"text": "36-50 yrs"
},
"..."
]
},
"links": {
"self": "https://app.sixpark.com.au/api/v1/questionnaire/questions/tnEKYuedAjPvB",
"related": "https://app.sixpark.com.au/api/v1/questionnaire/questions"
}
}
}
Retrieve details of a question and multiple choice answers as per the Six Park questionnaire/risk assessment.
HTTP Request
GET https://app.sixpark.com.au/api/v1/questionnaire/questions/:id
Parameters
Not applicable.
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | client credentials | Access is granted via a client credentials access token |
| paginated | no |
200 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| data | object | The question object |
| data[id] | string | Unique identifier for the question object |
| data[type] | string | The resource type - question |
| data[attributes[text]] | string | The question text |
| data[attributes[description]] | string | Context as to why this question is asked |
| data[attributes[answers]] | collection | Multiple choice answers associated with the question |
| data[attributes[answers[id]]] | string | Unique identifier for the answer object |
| data[attributes[answers[text]]] | string | The answer text |
| data[links] | object | Links to related endpoints |
| data[links[self]] | string | Link to question |
| data[links[related]] | string | Link to all questions |
Result
GET > Get questionnaire result
curl "https://app.sixpark.com.au/api/v1/questionnaire/results/:id"
--header "Accept: application/json"
--header "Authorization: Bearer <access_token>"
To generate the ID:
echo 'AG6DpLkUwLCCNyZRhHEi,tnEKYuedAjPvBC6EFwAL' | base64
> QUc2RHBMa1V3TENDTnlaUmhIRWksdG5FS1l1ZWRBalB2QkM2RUZ3QUwK
An unsuccessful (400 HTTP status code) example JSON response body:
{
"code": "bad_request",
"message": "Bad Request."
}
A successful (200 HTTP status code) example JSON response body:
"data": [
{
"id": "QUc2RHBMa1V3TENDTnlaUmhIRWksdG5FS1l1ZWRBalB2QkM2RUZ3QUwK",
"type": "result",
"attributes": {
"name": "Balanced",
"key": "cGVyc29uYWxfYWR2aWNlOmJhbGFuY2Vk",
"performance": {
"window": "3 years",
"annualised_return_percent": 5.49,
"return_over_cpi_percentage": 4.0
},
"descriptions": [
{
"type": "composition",
"description": "This portfolio invests in a diversified portfolio of growth and income ...",
},
{
"type": "rating",
"description": "We rate this portfolio as \"Medium Risk\". This means...",
},
{
"type": "blurb",
"description": "We've considered the answers you've provided about your investment goals..",
}
],
"classifications": [
{
"type": "growth",
"percentage": 50.00
},
{
"type": "defensive",
"percentage": 50.00
}
],
"allocations": [
{
"name": "Intl Equities (Hedged)",
"ticker": "VGAD",
"classifications": [
{
"type": "growth",
"percentage": 50.0
},
{
"type": "defensive",
"percentage": 50.0
}
],
"issuer_name": "Vanguard",
"portfolio_percentage": 10.00,
"documents": {
"pds": {
"content_type": "application/pdf",
"url": "https://assets.sixpark.com.au/pds/vgad.pdf"
},
"fact_sheet": {
"content_type": "application/pdf",
"url": "https://assets.sixpark.com.au/factsheets/vgad.pdf"
}
}
},
"..."
],
"answers": [
{
"id": "0db8f2a0-e382-4b5c-a5de-c467a461ef93",
"text": "18-25 yrs",
"question": {
"data": {
"id": "a8610d7-988f-47f1-9130-6c6662950855",
"type": "question",
"attributes": {
"text": "What is your age?",
"description": "Generally, younger investors have a greater appetite for..."
},
"links": {
"self": "https://app.sixpark.com.au/api/v1/questionnaire/questions/a8610d7-988f-47f1-9130-6c6662950855",
"related": "https://app.sixpark.com.au/api/v1/questionnaire/questions"
}
}
}
},
{
"id": "67f9b299-fcc9-413c-85a1-c33c5ecd20c4",
"text": "$125,000 to $249,999",
"question": {
"data": {
"id": "5aea0a2f-7753-4d89-bf19-b266d390d940",
"type": "question",
"attributes": {
"text": "What is the total value of your liquid assets...",
"description": "Generally, the greater the liquid assets you have, the more capacity you have to take on risk...",
},
"links": {
"self": "https://app.sixpark.com.au/api/v1/questionnaire/questions/67f9b299-fcc9-413c-85a1-c33c5ecd20c4",
"related": "https://app.sixpark.com.au/api/v1/questionnaire/questions"
}
}
}
},
"..."
],
"conflicts": [
{
"text": "It is unusual to seek high-risk investments when...",
"answers": [
{
"id": "9560f411-5585-4a42-adfe-93aa8721fa09",
"text": "Mostly concerned with potential...",
"question": {
"data": {
"id": "28695094-1871-4931-bf44-7fe9359122ad",
"type": "question",
"attributes": {
"text": "Which statement best describes your primary concern...",
"description": "This question helps assess your desire for risk..."
},
"links": {
"self": "https://app.sixpark.com.au/api/v1/questionnaire/questions/9560f411-5585-4a42-adfe-93aa8721fa09",
"related": "https://app.sixpark.com.au/api/v1/questionnaire/questions"
}
}
}
},
{
"id": "edfa8ab2-d35a-448a-b731-f1607396d164",
"text": "I want to play it safe and protect...",
"question": {
"data": {
"id": "f8ef5076-8070-4d3a-a85c-9756363da094",
"type": "question",
"attributes": {
"text": "Which statement BEST describes your current...",
"description": "This question helps assess your desire for risk..."
},
"links": {
"self": "https://app.sixpark.com.au/api/v1/questionnaire/questions/f8ef5076-8070-4d3a-a85c-9756363da094",
"related": "https://app.sixpark.com.au/api/v1/questionnaire/questions"
}
}
},
"...",
},
"...",
],
},
],
}
}
],
"links": {
"self": "https://app.sixpark.com.au/api/v1/questionnaire/results/QUc2RHBMa1V3TENDTnlaUmhIRWksdG5FS1l1ZWRBalB2QkM2RUZ3QUwK",
"sign_up": "https://app.sixpark.com.au/api/v1/users"
}
Retrieve the Six Park questionnaire/risk assessment result.
Each result within the response will reflect back a collection of answers as provided by the originating request.
As part of the response, a collection of conflicts may be returned for the risk:recommended result. Conflicts must be shown as part of the customer journey and acknowledged or the answer(s) that raised the conflict, changed (until no further conflicts exist).
HTTP Request
GET https://app.sixpark.com.au/api/v1/questionnaire/results/:id
ID Parameter
This endpoint requires your application to generate the :id. It is a comma separated Base64 safe encoded string of answer IDs.
Query Parameters
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| feature | no | string | nil | The feature to use - one of either [ sustainable ] |
Validation
All questions must be answered with no duplicates otherwise a 400 Bad request will be returned.
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | client credentials | Access is granted via a client credentials access token |
| paginated | no |
200 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| data | collection | A collection of results |
| data[id] | string | Unique identifier for the result object (Base64 safe encoded string, including comma separated string of answer IDs) |
| data[type] | string | The resource type - result |
| data[attributes[name]] | string | The name of the Portfolio - one of [ 'Conservative', 'Conservative Balanced', 'Balanced', 'Balanced Growth', 'Aggressive Growth' ] |
| data[attributes[risk]] | string | The risk of the Portfolio as determined by the provided answers - one of [ 'more_defensive', 'recommended', 'more_growth' ] |
| data[attributes[performance]] | object | The performance object |
| data[attributes[performance[window]]] | string | For how many years performance is being reported - one of [ '1 year', '3 years', '5 years' ] |
| data[attributes[performance[annualised_return_percent]]] | float | Percentage return - precision to 2 decimal places |
| data[attributes[performance[return_over_cpi_percentage]]] | float | Percentage return over cpi - precision to 2 decimal places |
| data[attributes[descriptions]] | collection | Portfolio descriptions |
| data[attributes[descriptions[type]]] | string | The type of the description - one of [ 'composition', 'rating', 'blurb' ] |
| data[attributes[descriptions[description]]] | string | A description about the related type |
| data[attributes[classifications]] | collection | Portfolio classifications |
| data[attributes[classifications[type]]] | string | The classification - one of [ 'growth', 'defensive' ] |
| data[attributes[classifications[percentage]]] | float | How much of the Portfolio the classification is assigned - precision to 2 decimal places |
| data[attributes[allocations]] | collection | A collection of equities the Portfolio is comprised of |
| data[attributes[allocations[name]]] | string | Name of the equity |
| data[attributes[allocations[ticker]]] | string | The ASX symbol |
| data[attributes[classifications]] | collection | Asset Class classifications |
| data[attributes[allocations[classifications[type]]]] | string | The classification - one of [ 'growth', 'defensive' ] |
| data[attributes[allocations[classifications[percentage]]]] | float | How much of the Portfolio the classification is assigned - precision to 2 decimal places |
| data[attributes[allocations[issuer_name]]] | string | The issuer of the ETF |
| data[attributes[allocations[portfolio_percentage]]] | float | How much of the Portfolio this equity is assigned - precision to 2 decimal places |
| data[attributes[allocations[documents]]] | object | A collection of financial documents |
| data[attributes[allocations[documents[pds]]]] | string | The product disclosure statement |
| data[attributes[allocations[documents[pds[content_type]]]]] | string | The content type of the document |
| data[attributes[allocations[documents[pds[url]]]]] | string | The link to the document |
| data[attributes[allocations[documents[fact_sheet]]]] | string | The fact sheet document |
| data[attributes[allocations[documents[fact_sheet[content_type]]]]] | string | The content type of the document |
| data[attributes[allocations[documents[fact_sheet[url]]]]] | string | The link to the document |
| data[attributes[answers]] | collection | The set of answers reflected back as part of the originating request |
| data[attributes[answers[id]]] | string | Unique identifier for the answer object |
| data[attributes[answers[text]]] | string | The answer text |
| data[attributes[answers[question[data[id]]]]] | string | Unique identifier for the question object |
| data[attributes[answers[question[data[type]]]]] | string | Type string for the question object |
| data[attributes[answers[question[attributes[text]]]]] | string | The question text |
| data[attributes[answers[question[attributes[description]]]]] | string | Context as to why this question is asked |
| data[attributes[answers[question[links]]]] | object | Links related to question |
| data[attributes[answers[question[links][self]]]] | object | Link to question |
| data[attributes[answers[question[links][related]]]] | object | Link to all questions |
| data[attributes[conflicts]] | collection | The set of conflicts that may have arisen from conflicting answers |
| data[attributes[conflicts[text]]] | string | The conflict text |
| data[attributes[conflicts[answers]]] | collection | A collection of the conflicted answers |
| data[attributes[conflicts[answers[id]]]] | string | Unique identifier for the answer object |
| data[attributes[conflicts[answers[text]]]] | string | The answer text |
| data[attributes[conflicts[answers[question[id]]]]] | string | Unique identifier for the question object |
| data[attributes[conflicts[answers[question[text]]]]] | string | The question text |
| data[attributes[conflicts[answers[question[description]]]]] | string | Context as to why this question is asked |
| data[attributes[conflicts[answers[question[links]]]]] | object | Links related to question |
| data[attributes[conflicts[answers[question[links][self]]]]] | object | Link to question |
| data[attributes[conflicts[asnwers[question[links][related]]]]] | object | Link to all questions |
| links | object | Links to related endpoints |
| links[sign_up] | string | Where to submit the result to create a Six Park user and associations |
| links[self] | string | link to result |
Users
POST > Create a new user
curl "https://app.sixpark.com.au/api/v1/users"
--request POST
--header "Accept: application/json"
--header "Content-Type: application/x-www-form-urlencoded"
--header "Authorization: Bearer <access_token>"
--data-urlencode "email=email@email.com"
--data-urlencode "first_name=FirstName"
--data-urlencode "last_name=LastName"
--data-urlencode "'result': { 'id': '<the result ID>' }'"
A successful (201 HTTP status code) example JSON response body:
{
"id": "33047f9a-8be9-41e0-82b5-d6f265f69bea",
"email": "email@email.com",
"first_name": "FirstName",
"last_name": "LastName",
"accounts": [
{
"id": "5cbcb043-4e20-46d6-9d85-71018debad6c",
"display_name": "FirstName LastName",
"open": false,
"links": {
"portfolio": "https://...",
"related": "https://...",
"self": "https://..."
}
}
],
"authentication": {
"access_token": "8-2kNsh0CoPn8-_hFVQa5r7W14KqNgdwtwi2j-DAc1I",
"token_type": "Bearer",
"expires_in": 194220,
"refresh_token": "8-2kNsh0CoPn8-_hFVQa5r7W14KqNgdwtwi2j-DAc1I",
"scope": "users.read",
"created_at": 1592809139
},
"links": {
"self": "https://..."
}
}
A successful request to this endpoint will create a Six Park user resource. Once created, the user becomes automatically authorized for your application.
As part of the response, an authentication property is returned which includes the access token and refresh token.
These credentials are to be persisted within your application (for the user) so they can be used for resource owner authenticated API endpoints.
This endpoint is flexible in the parameters it accepts and caters for the following scenarios:
- Create a user: a newly created and associated account is returned in the response. The account has no associated result and so the questionnaire must be finished before onboarding can commence.
- Create a user and assign a result to the newly created account: the account has an associated result and onboarding can commence.
Validations
Outside of general property validation:
- If the
result[id]parameter does not produce a correct result, the response will return a HTTP 400 - Bad Request status code.
HTTP Request
POST https://app.sixpark.com.au/api/v1/users
FORM Parameters
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| yes | string | no default |
The user's email | |
| first_name | yes | string | no default |
The user's first name |
| last_name | yes | string | no default |
The user's last name |
| result[id] | no | string | no default |
Base64 encoded id as returned from the result endpoint |
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | client credentials | Access is granted via a client credentials access token |
| paginated | no |
201 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| id | string | Unique identifier for the user object |
| string | The user's email | |
| first_name | string | The user's first name |
| last_name | string | The user's last name |
| phone_number | string | The user's phone number |
| accounts | collection | The collection of accounts associated to the user |
| accounts[id] | string | Unique identifier for the account object |
| accounts[display_name] | string | A display name for this account |
| accounts[open] | boolean | Whether this account is open |
| accounts[links] | object | Links to related endpoints |
| accounts[links[portfolio]] | string | The endpoint where to retrieve details about the portfolio |
| authentication | object | The authentication object |
| authentication[access_token] | string | The access token to include in authorized requests |
| authentication[token_type] | string | Always Bearer |
| authentication[expires_in] | integer | The number of seconds the access token is valid for |
| authentication[refresh_token] | string | The refresh token which is exchanged for a new access token |
| authentication[scope] | string | One or more scopes listed under authentication |
| authentication[created_at] | integer | the Unix time of when the token was issued |
GET > Retrieve the resource owner's details
curl "https://app.sixpark.com.au/api/v1/users/me"
--header "Accept: application/json"
--header "Authorization: Bearer <access_token>"
A successful (200 HTTP status code) example JSON response body:
{
"data": {
"id": "33047f9a-8be9-41e0-82b5-d6f265f69bea",
"type": "user",
"attributes": {
"email": "email@email.com",
"first_name": "FirstName",
"last_name": "LastName",
"phone_number": "0410000000"
},
"links": {
"accounts": "https://...",
"self": "https://..."
}
}
}
Retrieve details of the resource owner.
HTTP Request
GET https://app.sixpark.com.au/api/v1/users/me
Parameters
Not applicable.
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | resource owner | Access is granted via the resource owner's access token |
| paginated | no |
200 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| data | object | The user object |
| data[id] | string | Unique identifier for the user object |
| data[type] | string | The resource type - user |
| data[attributes[email]] | string | The user's email |
| data[attributes[first_name]] | string | The user's first name |
| data[attributes[last_name]] | string | The user's last name |
| data[attributes[phone_number]] | string | The user's phone number |
| data[links] | object | Links to related endpoints |
Accounts
GET > Retrieve a user's accounts
curl "https://app.sixpark.com.au/api/v1/users/:user_id/accounts"
--header "Accept: application/json"
--header "Authorization: Bearer <access_token>"
A successful (200 HTTP status code) example JSON response body:
{
"data": [
{
"id": "5cbcb043-4e20-46d6-9d85-71018debad6c",
"type": "account",
"attributes": {
"display_name": "FirstName LastName",
"strategy_name": "Balanced",
},
"relationships": {
"portfolio": {
"data": {
"id": "5326fc80-f144-44c6-839b-07f4a911de12",
"type": "portfolio"
}
}
},
"links": {
"related": "https://...",
"self": "https://..."
}
},
"..."
],
"included": [
{
"id": "ed83e246-c1ce-499a-9ed7-28c38fac1e7a",
"type": "holdings_total",
"attributes": {
"value": 868151.31,
"payout_gain": 98778.02,
"capital_gain": 173955.82,
"currency_gain": 0.0,
"total_gain": 272733.84,
"account_value": 870351.72,
"cma_value": 120140.5,
"unsettled_trades_adjustment": -117940.09,
"unpaid_payouts_adjustment": 0.0,
"payout_gain_percent": 4.41,
"capital_gain_percent": 7.76,
"currency_gain_percent": 0.0,
"total_gain_percent": 12.17,
"as_at_date": "2021-08-02"
},
"relationships": {
"portfolio": {
"data": {
"id": "5326fc80-f144-44c6-839b-07f4a911de12",
"type": "portfolio"
}
}
}
},
{
"id": "5326fc80-f144-44c6-839b-07f4a911de12",
"type": "portfolio",
"relationships": {
"account": {
"data": {
"id": "5cbcb043-4e20-46d6-9d85-71018debad6c",
"type": "account"
}
},
"current_total": {
"data": {
"id": "ed83e246-c1ce-499a-9ed7-28c38fac1e7a",
"type": "holdings_total"
}
},
"current_holdings": {
"data": [
{
"id": "5b9e2131-a557-4ec8-a851-c2bb228c4e35",
"type": "holding"
},
...
]
}
},
"links": {
"self": "https://...",
"related": "https://..."
}
},
...
]
}
Retrieve a collection of the resource owner's accounts.
HTTP Request
GET https://app.sixpark.com.au/api/v1/users/:user_id/accounts
Parameters
Not Applicable
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | resource owner | Access is granted via the resource owner's access token |
| paginated | no |
200 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| id | string | Unique identifier for the account object |
| display_name | string | A display name for this account |
| strategy_name | string | The investment strategy used by the account |
| links | object | Links to related endpoints |
POST > Create a new account for a user
curl "https://app.sixpark.com.au/api/v1/users/:user_id/accounts"
--request POST
--header "Accept: application/json"
--header "Content-Type: application/x-www-form-urlencoded"
--header "Authorization: Bearer <access_token>"
--data-urlencode "id=<the result ID>"
A successful (201 HTTP status code) example JSON response body:
{
"data": {
"id": "5cbcb043-4e20-46d6-9d85-71018debad6c",
"attributes": {
"display_name": "FirstName LastName",
"strategy_name": "Balanced",
},
"relationships": {
"portfolio": {
"data": {
"id": "5326fc80-f144-44c6-839b-07f4a911de12",
"type": "portfolio"
}
}
},
"links": {
"portfolio": "https://...",
"related": "https://...",
"self": "https://..."
}
}
}
A successful request to this endpoint will create a Six Park account resource and associate it with the resource owner.
This endpoint is flexible in the parameters it accepts and caters for the following scenarios:
- Create a new account: a newly created and associated account is returned in the response. The account has no associated result and so the questionnaire must be finished before onboarding can commence.
- Create a new account and assign a result: the account has an associated result and onboarding can commence.
HTTP Request
POST https://app.sixpark.com.au/api/v1/users/:user_id/accounts
FORM Parameters
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| id | no | string | no default |
Base64 encoded id as returned from the result endpoint |
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | resource owner | Access is granted via the resource owner's access token |
| paginated | no |
201 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| id | string | Unique identifier for the account object |
| display_name | string | A display name for this account |
| strategy_name | string | The investment strategy used by the account |
| links | object | Links to related endpoints |
| links[portfolio] | string | The endpoint where to retrieve details about the portfolio |
POST > Create a new result for an account
curl "https://app.sixpark.com.au/api/v1/users/:user_id/accounts/:account_id/results"
--request POST
--header "Accept: application/json"
--header "Content-Type: application/x-www-form-urlencoded"
--header "Authorization: Bearer <access_token>"
--data-urlencode "id=<the result ID>"
A successful (201 HTTP status code) example JSON response body:
{
"data": {
"id": "5cbcb043-4e20-46d6-9d85-71018debad6c",
"attributes": {
"display_name": "FirstName LastName",
"strategy_name": "Balanced",
},
"relationships": {
"portfolio": {
"data": {
"id": "5326fc80-f144-44c6-839b-07f4a911de12",
"type": "portfolio"
}
}
},
"links": {
"portfolio": "https://...",
"user": "https://...",
"self": "https://..."
}
}
}
A successful request to this endpoint will assign a new result to an existing account resource owned by the resource owner.
HTTP Request
POST https://app.sixpark.com.au/api/v1/users/:user_id/accounts/:account_id/results
FORM Parameters
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| id | no | string | no default |
Base64 encoded id as returned from the result endpoint |
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | resource owner | Access is granted via the resource owner's access token |
| paginated | no |
201 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| id | string | Unique identifier for the account object |
| display_name | string | A display name for this account |
| open | boolean | Whether this account is open |
| links | object | Links to related endpoints |
| links[portfolio] | string | The endpoint where to retrieve details about the portfolio |
| links[user] | string | The endpoint where to retrieve details about the user |
GET > Retrieve an account's details
curl "https://app.sixpark.com.au/api/v1/users/:user_id/accounts/:account_id"
--header "Accept: application/json"
--header "Authorization: Bearer <access_token>"
A successful (200 HTTP status code) example JSON response body:
{
"data": {
"id": "5cbcb043-4e20-46d6-9d85-71018debad6c",
"display_name": "FirstName LastName",
"strategy_name": "Balanced",
"relationships": {
"portfolio": {
"data": {
"id": "5326fc80-f144-44c6-839b-07f4a911de12",
"type": "portfolio"
}
}
},
"links": {
"portfolio": "https://...",
"user": "https://...",
"self": "https://..."
}
},
"included": [
{
"id": "ed83e246-c1ce-499a-9ed7-28c38fac1e7a",
"type": "holdings_total",
"attributes": {
"value": 868151.31,
"payout_gain": 98778.02,
"capital_gain": 173955.82,
"currency_gain": 0.0,
"total_gain": 272733.84,
"account_value": 870351.72,
"cma_value": 120140.5,
"unsettled_trades_adjustment": -117940.09,
"unpaid_payouts_adjustment": 0.0,
"payout_gain_percent": 4.41,
"capital_gain_percent": 7.76,
"currency_gain_percent": 0.0,
"total_gain_percent": 12.17,
"as_at_date": "2021-08-02"
},
"relationships": {
"portfolio": {
"data": {
"id": "5326fc80-f144-44c6-839b-07f4a911de12",
"type": "portfolio"
}
}
}
},
{
"id": "5326fc80-f144-44c6-839b-07f4a911de12",
"type": "portfolio",
"relationships": {
"account": {
"data": {
"id": "5cbcb043-4e20-46d6-9d85-71018debad6c",
"type": "account"
}
},
"current_total": {
"data": {
"id": "ed83e246-c1ce-499a-9ed7-28c38fac1e7a",
"type": "holdings_total"
}
},
"current_holdings": {
"data": [
{
"id": "5b9e2131-a557-4ec8-a851-c2bb228c4e35",
"type": "holding"
},
...
]
}
},
"links": {
"self": "https://...",
"related": "https://..."
}
},
...
}
Retrieve details of an account.
HTTP Request
GET https://app.sixpark.com.au/api/v1/users/:user_id/accounts/:account_id
Parameters
Not applicable.
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | resource owner | Access is granted via the resource owner's access token |
| paginated | no |
200 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| id | string | Unique identifier for the account object |
| display_name | string | A display name for this account |
| strategy_name | string | The investment strategy used by the account |
| links | object | Links to related endpoints |
| links[portfolio] | string | The endpoint where to retrieve details about the portfolio |
| links[user] | string | The endpoint where to retrieve details about the user |
Webhooks
Webhooks are used as a means of notifying your application that a particular event has occurred.
On successfully creating a Webhook, as part of the response, a signature_token property is returned. It is to be persisted and used in the verification process.
Six Park will use this property to compute a SHA256 HMAC of each webhook request body. The computed HMAC is passed as the value of the X-SixPark-Signature header.
In turn, this header is used by your application to validate the authenticity and completeness of the request, ie: that it hasn't been tampered with and that it has originated from Six Park.
The verification process matches the creation process:
- Your application will compute the SHA256 HMAC of the un-parsed, raw request body using the
signature_tokenproperty as was returned as part of create webhook response. - Your application will then compare the computed HMAC and the HMAC from the
X-SixPark-Signatureheader. If the values match, the request is complete and valid.
Webhook urls must respond with a 200 HTTP status code on a successful request. Unsuccessful responses will yield up to 5 retries using an exponential backoff strategy.
POST > Create a new webhook
curl "https://app.sixpark.com.au/api/v1/webhooks"
--request POST
--header "Accept: application/json"
--header "Content-Type: application/x-www-form-urlencoded"
--header "Authorization: Bearer <access_token>"
--data-urlencode "url=https://..."
--data-urlencode "description=This is my webhook..."
A successful (201 HTTP status code) example JSON response body:
{
"data": {
"id": "330acf46d-ce50-4788-a219-1de5ae9ac484",
"type": "webhook",
"attributes": {
"url": "https://...",
"description": "This is my webhook...",
"signature_token": "b7bcf4a088215ed9396b07c9e8b931a5697bc0c4"
},
"links": {
"self": "https://app.sixpark.com.au/api/v1/webhooks/30acf46d-ce50-4788-a219-1de5ae9ac484"
}
}
}
A successful request to this endpoint will create a new Webhook.
HTTP Request
POST https://app.sixpark.com.au/api/v1/webhooks
FORM Parameters
| Parameter | Required | Type | Default | Description |
|---|---|---|---|---|
| url | yes | string | no default |
The HTTP url where the request will be made |
| description | yes | string | no default |
The description of the webhook |
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | resource owner | Access is granted via the resource owner's access token |
| paginated | no |
201 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| data[id] | string | Unique identifier for the user object |
| data[type] | string | The resource type - webhook |
| data[attributes[url]] | string | The HTTP url where the request will be made |
| data[attributes[description]] | string | The description of the webhook |
| data[attributes[signature_token]] | string | The signature token used to create the SHA256 HMAC |
GET > Retrieve a webhook
curl "https://app.sixpark.com.au/api/v1/webhook/:id"
--header "Accept: application/json"
--header "Authorization: Bearer <access_token>"
A successful (200 HTTP status code) example JSON response body:
{
"data": {
"id": "330acf46d-ce50-4788-a219-1de5ae9ac484",
"type": "webhook",
"attributes": {
"url": "https://...",
"description": "This is my webhook...",
"signature_token": "b7bcf4a088215ed9396b07c9e8b931a5697bc0c4"
},
"links": {
"self": "https://app.sixpark.com.au/api/v1/webhooks/30acf46d-ce50-4788-a219-1de5ae9ac484"
}
}
}
Retrieve webhook with the given :id.
HTTP Request
GET https://app.sixpark.com.au/api/v1/webhooks/:id
Parameters
Not applicable.
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | resource owner | Access is granted via the resource owner's access token |
| paginated | no |
200 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| data[id] | string | Unique identifier for the user object |
| data[type] | string | The resource type - webhook |
| data[attributes[url]] | string | The HTTP url where the request will be made |
| data[attributes[description]] | string | The description of the webhook |
| data[attributes[signature_token]] | string | The signature token used to create the SHA256 HMAC |
DELETE > Remove a webhook with the given :id.
curl "https://app.sixpark.com.au/api/v1/webhook/:id"
--request DELETE
--header "Accept: application/json"
--header "Authorization: Bearer <access_token>"
A successful (204 HTTP status code) response will contain no response body.
Delete a webhook.
HTTP Request
DELETE https://app.sixpark.com.au/api/v1/webhooks/:id
Parameters
Not applicable.
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | resource owner | Access is granted via the resource owner's access token |
| paginated | no |
204 HTTP status code properties
Not applicable.
POST > {url}
A sample JSON encoded response body.
{
"data": {
"id": "ecb20ef1-a543-4ae5-9446-0661a882a616",
"type": "webhook-event",
"attributes": {
"even_type": "ACCOUNT_ONBOARDED"
},
"relationships": {
"webhook": {
"data": {
"type": "webhook",
"id": "75fe2702-114a-401c-8a5f-61d9fa15e0eb"
},
"links": {
"related": "https://app.sixpark.com.au/api/v1/webhooks/75fe2702-114a-401c-8a5f-61d9fa15e0eb"
}
},
"account": {
"data": {
"type": "account",
"id": "f11b778a-3c83-43b5-a481-6b46e4d8aabb"
},
"links": {
"related": "https://..."
}
}
}
}
}
POST requests containing JSON encoded bodies are made to configured webhook URLs.
HTTP Request
POST {url}
Event Types
| Value | Description |
|---|---|
| ACCOUNT_OPENED | Account has been opened |
Headers
| Name | Value | Description |
|---|---|---|
| X-SixPark-Signature | SHA256 HMAC of raw request body | Used to verify the completeness and authenticity of the request |
Body Properties
| Property | Type | Description |
|---|---|---|
| data[id] | string | Unique identifier for the user object |
| data[type] | string | The resource type - webhook |
| data[attributes[url]] | string | The HTTP url where the request will be made |
| data[attributes[description]] | string | The description of the webhook |
| data[attributes[signature_token]] | string | The signature token used to create the SHA256 HMAC |
Holdings Totals
Holdings Total Properties
| Parameter | Type | Description |
|---|---|---|
id |
string | Unique identifie for the resource |
value |
number | Total value of the account at the date of recording |
payout_gain |
number | Total payout gain of all account holdings |
payout_gain_percent |
number | Payout gain as a percentage, to 2 decimal places |
capital_gain |
number | Total capital gain of all account holdings |
capital_gain_percent |
number | Capital gain as a percentage, to 2 decimal places |
currency_gain |
number | Total currency gain of all account holdings |
currency_gain_percent |
number | Currency gain as a percentage, to 2 decimal places |
total_gain |
number | Total gain of all account holdings |
total_gain_percent |
number | Total gain as a percentage, to 2 decimal places |
account_value |
number | Total value of the account at the date of recording |
cma_value |
number | Value of cash in the cash management account |
unsettled_trades_adjustment |
number | Total value of unsettled trades |
unpaid_payouts_adjustment |
number | Total value of unpaid payouts |
as_at_date |
string | The date represented by this snapshot of the acounts holdings totals |
GET > Retrieve holding totals for an account
curl "https://app.sixpark.com.au/api/v1/users/:user_id/accounts/:account_id/portfolio/holding_totals"
--header "Accept: application/json"
--header "Authorization: Bearer <access_token>"
A successful (200 HTTP status code) example JSON response body:
{
"data": [
{
"id": "af66cddf-fc5b-4fd8-badf-99c71c4e6d69",
"type": "holdings_total",
"attributes": {
"as_at_date": "2020-09-06",
"account_value": 1234567.89
},
"relationships": {
"portfolio": {
"data": {
"id": "5326fc80-f144-44c6-839b-07f4a911de12",
"type": "portfolio"
}
}
}
},
"..."
]
}
Retrieve a collection of an account's holdings totals.
HTTP Request
GET https://app.sixpark.com.au/api/v1/users/:user_id/accounts/:account_id/portfolio/holdings_totals
Parameters
Not Applicable
Summary
| Configuration | Value | Description |
|---|---|---|
| authenticated | resource owner | Access is granted via the resource owner's access token |
| paginated | no |
200 HTTP status code properties
| Property | Type | Description |
|---|---|---|
| id | string | Unique identifier for the holdings total object |
| as_at_date | string | The date represented by this snapshot of the acounts holdings totals |
| account_value | string | Total value of the account at the date of recording |
Holdings
Holding Properties
| Parameter | Type | Description |
|---|---|---|
id |
string | Unique identifie for the resource |
symbol |
string | The holding code / symbol |
market |
string | The market code (eg. ASX, NZX, etc) |
name |
string | The name of the holding |
quantity |
number | Quantity currently held |
value |
number | Dollar value of the holding |