API Documentation

Basic Connectivity

CorePro is a middleware solution. This means there is no concept of end-user login in CorePro; application-level authentication is all that is necessary. As such, connecting to CorePro is as simple as knowing an API Key and Secret and presenting a valid Basic Authentication header in an HTTPS request from whitelisted IP address.


CorePro's REST API requires authentication via the Authorization header. The format of this header is HTTP Basic Authentication . This consists of the following:

  • API Key (string)
  • Secret (string)

The API key in HTTP Basic Authentication terms is the username. The Secret in HTTP Basic Authentication terms is the password. For example, if your API Key (aka username) is "philipjfry" and your Secret (aka password) is "10.77", the authorization header will look like the following:

  • Authorization: Basic cGhpbGlwamZyeToxMC43Nw==

Try it right now!


Token Authentication

Additionally, CorePro supports customer specific token Authentication. This is a configurable program setting, when enabled every request that affects a customer must contain the customer's token in the request header. For example: X-CorePro-CustomerToken: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVfb...

CorePro does not store this token, if lost it cannot be recovered.

To facilitate a smooth transition, a back-fill period is introduced. During this period customer/generateToken will return a token for the specified customer. When all customer tokens have been retrieved, the program can be moved to enforce customer tokens. customer/generateToken will not be available.

Please contact your Sales Representative or Relationship Manager for additional information.

Test Connectivity

To test connectivity from a whitelisted IP, you may simply:

  1. Using your browser, visit the sandbox environment or the production environment . (Note a whitelisted IP for the sandbox environment may not work in the production environment and vice versa).
  2. You will be prompted for a username and password by your browser's Basic authentication mechanism.
  3. Enter your API Key for the username.
  4. Enter your API Secret for the password.
  5. If connectivity is successful, you will get a valid json response containing a welcome message.

The API key and Secret are available via the CorePro Admin site or from a CorePro representative.


CorePro provides two distinct environments:

  • Sandbox - for testing your code
  • Production - for your production code

Each environment is completely distinct from the other; all settings, limits, whitelisted IPs, etc. are unique to each environment. This also means the API Key / Secret values used for sandbox are different from the ones used for production. There are also a few subtle functionality differences between the two as well. This is intended to ease testing in the sandbox environment. All differences are detailed in the following section.

Environment Differences

Sandbox Production
API Url https://sandbox-api.corepro.io https://api.corepro.io
ID Verification Consult documentation provided at program registration time for specific "fake" customer information that works successfully via sandbox Provide customer's actual personally identifiable information
Tax ID Multiple customers may have the same taxId (allows for easier testing) Each customer must have a unique taxId
Customer Registration No limit to number of failed customer registrations for a given taxId in any timeframe A default limit of 2 failed customer registrations for a given taxId in a 48 hour timeframe (configurable)
  NOTE: The following apply only if your program has ACH via NACHA enabled.
Routing Number Verification The "magic value" of 123456789 for routingNumber may be used for easy testing. The external account's name property will be set to COREPRO SANDBOX BANK. An actual valid routing number must be provided. "Valid" is defined by performing a real-time lookup based on the Federal Reserve data file.
External Account Verification Trial deposit amounts are hardcoded to $0.18 and $0.28 for easy testing. Can be verified immediately via /externalAccount/verify Trial deposits are two random amounts between $0.01 and $0.49 inclusive. Must be verified at a later date by calling /externalAccount/verify.
Depositing from External Accounts Automatically settles every hour on the hour, give or take 5 minutes. Funds are available immediately after settling. Settles following the Transfer Timeline. Funds are available depositAvailableDays after settlement occurs. See /program/get for details.
ACH Files Not currently supported Supported
Customer Tag Uniqueness of tag on the /customer/object is not enforced Uniqueness of tag on the /customer/object is enforced
Debit Card Transactions Not currently supported Supported

Ready to start a conversation?

Email Us