Quiltt Connections API

REST Admin endpoints to list, retrieve, and manage a Profile's Connections - the links to underlying aggregator sources (Plaid Item, MX Member, Finicity Institution Login) that back the accounts and transactions surfaced through the GraphQL API.

OpenAPI Specification

quiltt-openapi.yml Raw ↑
openapi: 3.0.3
info:
  title: Quiltt Admin & Auth REST API
  description: >-
    Quiltt is a hybrid API platform. This REST specification covers the
    administrative and authentication surfaces used to manage Profiles,
    Connections, Session Tokens, and Webhooks. End-user financial data
    (accounts, balances, transactions, holdings, statements) is read through
    the separate GraphQL Data API at https://api.quiltt.io/v1/graphql.
    Admin endpoints are authenticated with your Quiltt API Secret Key
    (Bearer). Session Token endpoints live on the auth host.
  termsOfService: https://www.quiltt.io/legal/terms
  contact:
    name: Quiltt Support
    url: https://www.quiltt.dev
    email: support@quiltt.io
  version: '1.0'
servers:
  - url: https://api.quiltt.io/v1
    description: Admin API (Profiles, Connections, Webhooks)
  - url: https://auth.quiltt.io/v1
    description: Auth API (Session Tokens)
security:
  - apiSecretKey: []
tags:
  - name: Profiles
    description: Manage end-user Profiles.
  - name: Connections
    description: Manage a Profile's aggregator Connections.
  - name: Session Tokens
    description: Issue, verify, and revoke Profile-scoped session tokens.
  - name: Webhooks
    description: Manage webhook subscriptions for real-time events.
paths:
  /profiles:
    get:
      operationId: listProfiles
      tags:
        - Profiles
      summary: List Profiles
      description: Retrieve a paginated list of Profiles in the environment.
      parameters:
        - name: page
          in: query
          schema:
            type: integer
            minimum: 1
        - name: per_page
          in: query
          schema:
            type: integer
            minimum: 1
            maximum: 100
      responses:
        '200':
          description: A list of Profiles.
          content:
            application/json:
              schema:
                type: object
                properties:
                  profiles:
                    type: array
                    items:
                      $ref: '#/components/schemas/Profile'
    post:
      operationId: createProfile
      tags:
        - Profiles
      summary: Create Profile
      description: Create a new Profile.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ProfileInput'
      responses:
        '201':
          description: The created Profile.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Profile'
  /profiles/{profileId}:
    parameters:
      - name: profileId
        in: path
        required: true
        description: The Profile ID (e.g. p_17KTMuJseY4Cx2LcbgKA7wU) or your UUID.
        schema:
          type: string
    get:
      operationId: getProfile
      tags:
        - Profiles
      summary: Get Profile
      responses:
        '200':
          description: The requested Profile.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Profile'
        '404':
          description: Profile not found.
    patch:
      operationId: updateProfile
      tags:
        - Profiles
      summary: Update Profile
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ProfileInput'
      responses:
        '200':
          description: The updated Profile.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Profile'
    delete:
      operationId: deleteProfile
      tags:
        - Profiles
      summary: Delete Profile
      description: Permanently delete a Profile and its associated data.
      responses:
        '204':
          description: Profile deleted.
  /profiles/{profileId}/connections:
    parameters:
      - name: profileId
        in: path
        required: true
        schema:
          type: string
    get:
      operationId: listConnections
      tags:
        - Connections
      summary: List Connections
      description: List the Connections belonging to a Profile.
      responses:
        '200':
          description: A list of Connections.
          content:
            application/json:
              schema:
                type: object
                properties:
                  connections:
                    type: array
                    items:
                      $ref: '#/components/schemas/Connection'
  /profiles/{profileId}/connections/{connectionId}:
    parameters:
      - name: profileId
        in: path
        required: true
        schema:
          type: string
      - name: connectionId
        in: path
        required: true
        description: The Connection ID.
        schema:
          type: string
    get:
      operationId: getConnection
      tags:
        - Connections
      summary: Get Connection
      responses:
        '200':
          description: The requested Connection.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Connection'
        '404':
          description: Connection not found.
    delete:
      operationId: deleteConnection
      tags:
        - Connections
      summary: Delete Connection
      description: >-
        Disconnect and remove a Connection, stopping Quiltt from syncing data
        from the underlying aggregator source.
      responses:
        '204':
          description: Connection deleted.
  /webhooks:
    get:
      operationId: listWebhooks
      tags:
        - Webhooks
      summary: List Webhook Subscriptions
      responses:
        '200':
          description: A list of webhook subscriptions.
          content:
            application/json:
              schema:
                type: object
                properties:
                  webhooks:
                    type: array
                    items:
                      $ref: '#/components/schemas/Webhook'
    post:
      operationId: createWebhook
      tags:
        - Webhooks
      summary: Create Webhook Subscription
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/WebhookInput'
      responses:
        '201':
          description: The created webhook subscription.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Webhook'
  /webhooks/{webhookId}:
    parameters:
      - name: webhookId
        in: path
        required: true
        schema:
          type: string
    get:
      operationId: getWebhook
      tags:
        - Webhooks
      summary: Get Webhook Subscription
      responses:
        '200':
          description: The requested webhook subscription.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Webhook'
    delete:
      operationId: deleteWebhook
      tags:
        - Webhooks
      summary: Delete Webhook Subscription
      responses:
        '204':
          description: Webhook subscription deleted.
  /users/sessions:
    post:
      operationId: issueSessionToken
      tags:
        - Session Tokens
      summary: Issue Session Token
      description: >-
        Issue a Profile-scoped JWT session token. Authenticated with your API
        Secret Key. Served from https://auth.quiltt.io/v1. Rate limited to
        10 per hour and 20 per day per Profile.
      servers:
        - url: https://auth.quiltt.io/v1
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SessionTokenInput'
      responses:
        '201':
          description: The issued session token.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SessionToken'
        '429':
          description: Session token rate limit exceeded for this Profile.
  /users/session:
    get:
      operationId: verifySessionToken
      tags:
        - Session Tokens
      summary: Verify Session Token
      description: >-
        Verify a session token. Pass the session token itself as the Bearer
        credential. Served from https://auth.quiltt.io/v1.
      servers:
        - url: https://auth.quiltt.io/v1
      security:
        - sessionToken: []
      responses:
        '200':
          description: The token is valid; returns its claims.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SessionToken'
        '401':
          description: The token is invalid, revoked, or expired.
  /users/sessions/revoke:
    post:
      operationId: revokeSessionToken
      tags:
        - Session Tokens
      summary: Revoke Session Token
      description: >-
        Revoke a session token. Pass the token to revoke as the Bearer
        credential. Served from https://auth.quiltt.io/v1.
      servers:
        - url: https://auth.quiltt.io/v1
      security:
        - sessionToken: []
      responses:
        '200':
          description: The token was revoked.
components:
  securitySchemes:
    apiSecretKey:
      type: http
      scheme: bearer
      description: Your Quiltt API Secret Key used for Admin and token-issuance calls.
    sessionToken:
      type: http
      scheme: bearer
      description: A Profile-scoped JWT session token.
  schemas:
    Profile:
      type: object
      properties:
        id:
          type: string
          example: p_17KTMuJseY4Cx2LcbgKA7wU
        uuid:
          type: string
          description: Your own external identifier for the Profile.
        name:
          type: string
        email:
          type: string
          format: email
        phone:
          type: string
        birthday:
          type: string
          format: date
        address:
          type: object
          additionalProperties: true
        metadata:
          type: object
          additionalProperties: true
          description: Arbitrary key-value data you store on the Profile.
        connectionIds:
          type: array
          items:
            type: string
        createdAt:
          type: string
          format: date-time
        updatedAt:
          type: string
          format: date-time
    ProfileInput:
      type: object
      properties:
        uuid:
          type: string
        name:
          type: string
        email:
          type: string
          format: email
        phone:
          type: string
        birthday:
          type: string
          format: date
        address:
          type: object
          additionalProperties: true
        metadata:
          type: object
          additionalProperties: true
    Connection:
      type: object
      properties:
        id:
          type: string
        provider:
          type: string
          enum:
            - PLAID
            - MX
            - FINICITY
            - MASTERCARD
          description: The underlying aggregator source.
        status:
          type: string
          enum:
            - INITIALIZING
            - SYNCING
            - SYNCED
            - DISCONNECTED
            - ERROR_REPAIRABLE
            - ERROR_SERVICE
            - ERROR_INSTITUTION
          description: Sync status of the Connection.
        institution:
          type: object
          properties:
            name:
              type: string
            logo:
              type: string
        externallyManaged:
          type: boolean
        metadata:
          type: object
          additionalProperties: true
        createdAt:
          type: string
          format: date-time
        updatedAt:
          type: string
          format: date-time
    SessionTokenInput:
      type: object
      properties:
        userId:
          type: string
          description: An existing Profile ID to scope the token to.
        uuid:
          type: string
          description: Your external identifier; creates a Profile if none exists.
        email:
          type: string
          format: email
        metadata:
          type: object
          additionalProperties: true
    SessionToken:
      type: object
      properties:
        token:
          type: string
          description: The JWT session token.
        userId:
          type: string
        environmentId:
          type: string
        expiration:
          type: integer
          description: Unix timestamp when the token expires.
        expiresAt:
          type: string
          format: date-time
    Webhook:
      type: object
      properties:
        id:
          type: string
        url:
          type: string
          format: uri
        events:
          type: array
          items:
            type: string
          example:
            - profile.created
            - connection.synced.successful
            - account.verified
        enabled:
          type: boolean
        createdAt:
          type: string
          format: date-time
    WebhookInput:
      type: object
      required:
        - url
        - events
      properties:
        url:
          type: string
          format: uri
        events:
          type: array
          items:
            type: string
            enum:
              - profile.created
              - connection.synced.successful
              - connection.synced.successful.initial
              - connection.synced.successful.historical
              - connection.synced.errored.repairable
              - account.verified