Bondora API Sandbox renewal


Recently we announced the release of Bondora API (Application Program Interface) that has been up and running for testing. We received a lot of great feedback and in the end of this week we are planning to roll out an updated version of the API to fulfill the requests.

We spoke with our Head of Engineering, Tarmo Protsin, to ask what the new version includes.

In short, what is Bondora API and how does it work?

API is the messenger that takes requests and tells a system what you want to do and then returns the response back to you – the interaction between applications, data and devices. It’s like a doorway which people with the right key can pass. It allows you access to Bondora in a controlled manner and it’s limited by the key – it is a tool that provides information and exposes Bondora’s functionality for other services and applications.

How the Bondora API works

Every investor can create their own implementation of the client application by choosing any programming language and platform. You can even create a browser plugin and have the UI look the way you want and show the data that you are interested in.

Investors who do not have the necessary tech skills will also benefit from the API as 3rd party developers can now build new application on top of our data and functionality. We expect there to be a number of companies that will provide specific add-ons to our core product that will complement the user experience on Bondora.

Who benefits the most from Bondora API?

Investors who want to create their personalized Portfolio Manager to run their own models on the loan data to make investment decisions and investors who want to have data or filters that our website does not provide. Bondora API will support the more active, trader type of investors by allowing granular reporting and customized investment strategies. First and foremost, it will give active investor the flexibility that the new Portfolio Manager does not.

What can our investors see in the renewed Sandbox environment?

Bondora API includes Primary Market list, bidding, loan detail information, list of your investments, Secondary Market list, buying and selling through Secondary Market. We have also improved the documentation and added OAuth 2.0 authorization for more secure authentication and authorization.

What has been the most valuable investor feedback that you implemented in the product?

For example instead of the basic authorization we added OAuth 2.0 for authorization. We have added Secondary Market functionality, more filters and fixed the bugs that investors have reported.

To wrap up, we have received many questions about security. How secure is Bondora API?

By using OAuth 2.0 authorization instead of the basic authentication the users do not have to expose their username and password to 3rd party applications because the authentication (login) is made on Bondora website. We have added permissions for accessing different user resources and for actions made on behalf of the user. User can also choose the actions and data that he will allow access to. The process is similar to Google, Facebook and Twitter where you are allowing access to your personal information or posting on your behalf.

18 responses to “Bondora API Sandbox renewal”

  1. Nice link: “Site update in progress
    Apologies, but we are running a site update to make it work better for you.”

  2. Please specify, when you write “… to roll out an updated version of the API…” if this is still only the non-productive playground or do you mean an production environment in order to provide a proper interface as the “old” PM has been retired without providing a sensible replacement…?

  3. 1. I (and others too) can’t log in at the sandbox side “Username and password did not match “.
    2. Some code examples in java how to authefiticate would be great.
    3. Your servers have a very poor performance. Since some days I get this “Problems with the site” allways. How will you master a lot of API traffic on top??

    • Hi!

      1. You have to register at the Bondora API site
      2. You can find lot’s of OAuth 2.0 code samples and tutorials from Google. We recommend to use ready-made libraries.
      3. We have separate servers for API and public web and additionally we have load balanced our API across multiple servers.

  4. So, it’s now in live environment too. And at the same time, the sandbox is still completely empty of data…

    Also, i still don’t see a reasonable “last_update” timestamp attached to each auction. I’ve already seen some auctions where data changes over time. To successfully implement incremental update, i would need to know, what is the latest timestamp when something changed for the auction and also i would need filtering option in the request where i can give my latest timestamp and so you could send me back all loans, that have something changed after given timestamp.

    And in the end, the current “auctions” request has some filter on your side too. How can i get latest auction information about an auction, that is finished? I would like to get full list of all loans, if i don’t give you the “last_update” timestamp. (Or make it at least mandatory) With your current filtering i have no idea, what happened with some loan, that is finished and so i can’t “deactivate” that loan in my own system.

    Any updates coming soon to solve those issues?

    • Hi Joonatan,

      The /api/v1/auctions endpoint returns only active auctions. If the auction is closed – cancelled or user accepted the loan terms, the auction will not be shown in auctions list anymore. The data for the auction does not change over time. We have field ListedOnUTC which indicates the date and time when the auction was published. We do not have date time field for auction change time because the auction cannot change – it can be cancelled (by the Bondora or by the borrower) or successfully funded and accepted by the borrower.

      You can get information about your investments from the api/v1/account/investments endpoint and specific information about loan or investment from api/v1/auction/{id} (borrower and loan related data – income, liabilities, debts ) and api/v1/loanpart/{id} endpoints (investment aka loanpart related data – scheduled payments, transfers, debt events, etc.).

    • Hi Kai-Riin,

      As i have understood, some data will change over time like income checks or something as i remember some time ago there were news about how auctions were published before all the data was available to speed up the whole process.
      If i remember wrongly, sorry about that.

      As i understand, the proper way to update client’s local database would be:
      use “api/v1/auctions” only for new loan information and use “api/v1/auction/{id}” for updating loan information already existing in local database? (if there might happen to be a reason for that)

      Thank you,

  5. Is there any way to get some kind of identificator of the user account itself? For example i would like to save some user filters into my own database and i would like to link it somehow to bondora’s account. Currently there’s no user id or anything i could retrieve. Closest is the token itself, but this one can change.

  6. Hi Joonatan,

    We have changed the process back to perform all the borrower identification and validation checks before the auction is published.

    You have to store the auctions if you want to have a list of all auctions that have been on the market. The api/v1/auction/{id} will return detailed information about the auction, loan and the borrower.

    Currently we haven’t focused on providing general data for statistical analysis through the API. You can get information about the active auctions and about the loans you have invested in. We don’t provide data about the user through the OAuth authorization flow because it’s not the purpose of it. We might add additional endpoint for getting data about the user (name, email, …) if this is something that API developers are interested in and users are willing to reveal that information. Certainly we will then add a scope, so that the user can choose to deny access to that information.

    • Hi Kai-Riin,

      I would only need whatever identifying piece of data you could give me from your system about the currently logged in user.

      Imagine a situation: Some user logs in to my webpage with bondora credentials and for example i allow the user to write some notes. (Saved into my own database)
      Now, when the user would login in again later, how should i identify, which notes in my database are connected to currently logged in user?

      If there would be at least your own, system id of the user account, that would be enough. Current system doesn’t allow to detect, whether the current user is same as one of the previously logged in users. I don’t need any kind of personal data.

      Okay, one piece of data should be still existing about the user account: How much free money there is to invest on the account.

  7. Some other thoughts too to add.

    The “GET api/v1/auction/{id}” allows to download only one loan’s data with one query. At the same time, in the secondary market there are over 40 000 loan pieces to sell. In addition, the API restricts how many queries one can make per minute. (And it’s way too low to start downloading loan information for 40 000 pieces… even considering that some loan pieces are about the same loan)

    I would suggest to make the following changes to the api:
    1: Allow “GET api/v1/auction/{id}” to have multiple auction ids in request and so response would also return multiple auctions’ information.
    2: Change “GET api/v1/auctions” to return only auction id and the specific information that is only valid for primary market. (country and city for example are not specific to primary market)
    3: Change “GET api/v1/secondarymarket” the same way as point 2 – return auction id and only loan part specific information, nothing else.

    Then i could make 2 and 3 queries to check, what is currently active and then download “extended auction information” (1) only for the currently active loans. (If i already don’t have that data)

    With these changes, i would expect that the queries get quicker for your server too, as you don’t have to look up loan information on queries 2 and 3. Then you can maybe also loosen the frequency restriction to api server, as right now, it’s impossible to write anything on top of secondary market.

    Thank you!

    • Hi Joonatan,
      Thanks for your thorough suggestions – I will forward them to our engineering team.

  8. api/v1/account/investments – returned MyInvestmentItem objects has total amount of principal/interest/penalty paid, but does not show how much I have received. If i look at MyInvestmentItem that i have bought from secondary market, then I have no info about how much of these principal/interest/penalty I received. Is there a plan to add those “actually received” amounts?

    Currently I am missing account statement in api. Is there a plan to add account statement endpoint?

    • Hi Peeter,
      Currently we do not have the account statement endpoint, but we are planning to add it soon.