API Documentation

Frequently Asked Questions

  • What does CorePro do?

    CorePro is essentially a bank core exposed as an API. There are several primary areas of interest:

    • Customers

      • Tracking sensitive information such as SSN, drivers license / passport details, etc.
      • On-boarding with verification using IDology services (optional)
      • Maintaining addresses, phones, beneficiaries, etc.
      • Security functions, such as locking, archiving, date tracking, etc.
      • Ability to easily apply a lock via Admin console
    • Accounts

      • FDIC Insured
      • DDA, FBO, Savings
      • Joint account support
      • Available, Pending, and Actual balances
      • Supports concept of a goal via account properties
      • Ability to easily apply a lock via Admin console
    • External Accounts

      • Real-time routing number verification via the Federal Reserve
      • Account number verification via Trial Deposits (optional)
      • Ability to easily apply a lock via Admin console
    • Transactions

      • Extensive rules and limits for enforcing safe, reliable transfers with minimal fraud risk
      • Detailed auditing of who and when transaction state changes
      • Tight, real-time integration of transactions and balances
      • Settling, hold days, bank holidays -- all taken into account for funds availability
      • End-to-end tracking of ACH returns
    • Debit Cards

      • Integrated with debit rails via ISO-8583 interface
      • Real-time card locking via API
      • Coming soon: Real-time notifications for transaction successes / denials
    • Backend Processes

      • ACH Processing Including Same-day ACH
      • Monthly or Quarterly interest payment (daily accrual)
      • Daily file generation: Customer Registrations, Customers, Account Balances, and Posted Transactions
      • Event notification file generated every 15 minutes - keep your data in sync with CorePro's
      • Goal target met processing
      • Bulk Transfers
      • Monthly statement generation
      • Quarterly OFAC re-verification
      • Annual 1099-INT statement generation
      • Daily Recon and Trial Balance calculation
      • Monthly RegD fee calculation
      • Numerous others
    • Admin Functionality

      • At-a-glance dashboard to realize the "health" of your program
      • Extensive, granular security for all functionality
      • Quickly search customers by several data points, drill-down details, etc.
      • Transfer funds on behalf of customers if needed
      • Customer on-boarding Manual Review queue
      • Detailed Reports - Updated hourly
      • Much, much more

    Back to top
  • What will CorePro not do?

    • User login / credentials management
    • Funds movement between two external Financial Institutions
      • It is possible to have two external accounts for a given customer in CorePro, and move funds from one FI into CorePro then from CorePro out to another FI -- but your Bank of Record must agree to enabling more than one external account per customer at a time.
    • WebHooks. Please review our AMQP realtime event solution.

    Back to top
  • What is CorePro's pricing model?

    • Our pricing model can vary greatly depending on several factors such as estimated user base, average accounts per customer, average monthly transaction counts, deposit volume, etc.
    • Contact sales@corepro.io for more information

    Back to top
  • How do I get access to CorePro?

    Back to top
  • What kind of security measures does CorePro adhere to?

    • Annual PCI Compliance Level 1 Audit
    • Annual SOC 2 Audit
    • HTTPS TLS 1.1+ for API
    • SFTP for file transfer
    • IP whitelisting for API and SFTP server access
    • Fully encrypted TLS 1.2 internal network communications
    • AES-256 encryption for sensitive data at rest
    • PCI compliant key management (annual key rotations, multiple active keys, key custodians, etc) for PAN and other PCI-sensitive data
    • Optional PGP encryption for files sitting on SFTP server

    Back to top
  • Why can't I connect to sandbox-api.corepro.io or api.corepro.io?

    This issue is typically due to one of the following:

    • The API Key / Secret pair being presented is incorrect or expired
    • The IP(s) from which you are making the actual HTTP requests to the CorePro API environment does not match those we have on record
    • We have not yet whitelisted the IP from which you are trying to connect
    • The public IP for the current machine is displayed in the upper right corner. To access this programmatically, you may also use https://docs.corepro.io/tools/myip
    If none of the above apply, please contact us. Having your list of IP addresses to whitelist handy would be beneficial.

    Back to top
  • Why can't I connect to sandbox-sftp.corepro.io or sftp.corepro.io?

    This issue is typically due to one of the following:

    • The login credentials are incorrect or expired
    • The IP(s) from which you are making the actual SecureFTP requests to the CorePro SFTP environment does not match those we have on record
    • We have not yet whitelisted the IP from which you are trying to connect
    • The public IP for the current machine is displayed in the upper right corner. To access this programmatically, you may also use https://docs.corepro.io/tools/myip
    If none of the above apply, please contact us. Having your list of IP addresses to whitelist handy would be beneficial.

    Back to top
  • Should I call /customer/create or /customer/initiate? And what's /customer/verify? Help! I'm confused.

    CorePro is a very configurable service, and as such not all routes may apply to your particular situation.

    • If you have already vetted a customer's identity OR you are relying on CorePro to perform an OFAC check for you, you should call only /customer/create
    • If you are relying on CorePro to vet a customer's identity, you should call /customer/initiate, then let the user respond to some identity questions, and send those answers to /customer/verify
    • Extensive details can be found on the Customer defintion page.

    Back to top
  • Should I call /externalAccount/create or /externalAccount/initiate? And what's /externalAccount/verify? Help! I'm confused.

    CorePro is a very configurable service, and as such not all routes may apply to your particular situation.

    • If you have already vetted a customer is the owner of the external account, you should call only /externalAccount/create
    • If you are relying on CorePro to issue microdeposits to ensure a customer is in fact the owner of an external account, you should call /externalAccount/initiate, then after the microdeposits have appeared in that external account, prompt the user to enter the value(s) and send those answers to /externalAccount/verify
    • Extensive details can be found on the External Account defintion page.

    Back to top
  • Why no Webhooks?

    A number of API's expose out-of-band "callbacks" as Webhooks. They are very convenient, intuitive, familiar, and popular. In lieu of Webhooks, CorePro provides an attractive alternative: Azure Service Bus. Azure Service Bus is PCI compliant and provides a .NET Azure Service Bus SDK and Java Azure Service Bus SDK for you to use in your code.

    Azure Service Bus is essentially a service to which your code connects using AMQP 1.0 .

    CorePro also provides the Event Notification File which emits the same events as the Azure Service Bus. If you consume events via the Azure Service Bus, they will appear nearly instantly after being generated in CorePro. The Event Notification File is generated and uploaded to the SFTP server at most once every 15 minutes.

    Back to top
  • Why isn't there example code on this site for consuming the CorePro API?

    Working code always wins over example code. That is why we created several open source SDK's in various languages:

    Back to top
  • Do you support XML? Do you have an XSD?

    In short, the answer is no. We do not have XML and will not be supporting it in the future. In lieu of an actual XSD, this documentation site serves as the official definition for all data types and file formats.

    Back to top
  • My question isn't answered here...

    Please contact us and if it is a common question, we will update the documentation to include your question in the FAQ.

    Back to top

Ready to start a conversation?

Email Us