Recently we announced the release of Bondora API (Application Program Interface) that has been up and running for testing. We received a lot of great feedback and in the end of this week we are planning to roll out an updated version of the API to fulfill the requests.

We spoke with our Head of Engineering, Tarmo Protsin, to ask what the new version includes.

In short, what is Bondora API and how does it work?

API is the messenger that takes requests and tells a system what you want to do and then returns the response back to you – the interaction between applications, data and devices. It’s like a doorway which people with the right key can pass. It allows you access to Bondora in a controlled manner and it’s limited by the key – it is a tool that provides information and exposes Bondora’s functionality for other services and applications.

How the Bondora API works

Every investor can create their own implementation of the client application by choosing any programming language and platform. You can even create a browser plugin and have the UI look the way you want and show the data that you are interested in.

Investors who do not have the necessary tech skills will also benefit from the API as 3rd party developers can now build new application on top of our data and functionality. We expect there to be a number of companies that will provide specific add-ons to our core product that will complement the user experience on Bondora.

Who benefits the most from Bondora API?

Investors who want to create their personalized Portfolio Manager to run their own models on the loan data to make investment decisions and investors who want to have data or filters that our website does not provide. Bondora API will support the more active, trader type of investors by allowing granular reporting and customized investment strategies. First and foremost, it will give active investor the flexibility that the new Portfolio Manager does not.

What can our investors see in the renewed Sandbox environment?

Bondora API includes Primary Market list, bidding, loan detail information, list of your investments, Secondary Market list, buying and selling through Secondary Market. We have also improved the documentation and added OAuth 2.0 authorization for more secure authentication and authorization.

What has been the most valuable investor feedback that you implemented in the product?

For example instead of the basic authorization we added OAuth 2.0 for authorization. We have added Secondary Market functionality, more filters and fixed the bugs that investors have reported.

To wrap up, we have received many questions about security. How secure is Bondora API?

By using OAuth 2.0 authorization instead of the basic authentication the users do not have to expose their username and password to 3rd party applications because the authentication (login) is made on Bondora website. We have added permissions for accessing different user resources and for actions made on behalf of the user. User can also choose the actions and data that he will allow access to. The process is similar to Google, Facebook and Twitter where you are allowing access to your personal information or posting on your behalf.

18 responses to “Bondora API Sandbox renewal”

  1. Hi Joonatan,

    We have changed the process back to perform all the borrower identification and validation checks before the auction is published.

    You have to store the auctions if you want to have a list of all auctions that have been on the market. The api/v1/auction/{id} will return detailed information about the auction, loan and the borrower.

    Currently we haven’t focused on providing general data for statistical analysis through the API. You can get information about the active auctions and about the loans you have invested in. We don’t provide data about the user through the OAuth authorization flow because it’s not the purpose of it. We might add additional endpoint for getting data about the user (name, email, …) if this is something that API developers are interested in and users are willing to reveal that information. Certainly we will then add a scope, so that the user can choose to deny access to that information.

    • Hi Kai-Riin,

      I would only need whatever identifying piece of data you could give me from your system about the currently logged in user.

      Imagine a situation: Some user logs in to my webpage with bondora credentials and for example i allow the user to write some notes. (Saved into my own database)
      Now, when the user would login in again later, how should i identify, which notes in my database are connected to currently logged in user?

      If there would be at least your own, system id of the user account, that would be enough. Current system doesn’t allow to detect, whether the current user is same as one of the previously logged in users. I don’t need any kind of personal data.

      Okay, one piece of data should be still existing about the user account: How much free money there is to invest on the account.

  2. Some other thoughts too to add.

    The “GET api/v1/auction/{id}” allows to download only one loan’s data with one query. At the same time, in the secondary market there are over 40 000 loan pieces to sell. In addition, the API restricts how many queries one can make per minute. (And it’s way too low to start downloading loan information for 40 000 pieces… even considering that some loan pieces are about the same loan)

    I would suggest to make the following changes to the api:
    1: Allow “GET api/v1/auction/{id}” to have multiple auction ids in request and so response would also return multiple auctions’ information.
    2: Change “GET api/v1/auctions” to return only auction id and the specific information that is only valid for primary market. (country and city for example are not specific to primary market)
    3: Change “GET api/v1/secondarymarket” the same way as point 2 – return auction id and only loan part specific information, nothing else.

    Then i could make 2 and 3 queries to check, what is currently active and then download “extended auction information” (1) only for the currently active loans. (If i already don’t have that data)

    With these changes, i would expect that the queries get quicker for your server too, as you don’t have to look up loan information on queries 2 and 3. Then you can maybe also loosen the frequency restriction to api server, as right now, it’s impossible to write anything on top of secondary market.

    Thank you!

    • Hi Joonatan,
      Thanks for your thorough suggestions – I will forward them to our engineering team.

  3. api/v1/account/investments – returned MyInvestmentItem objects has total amount of principal/interest/penalty paid, but does not show how much I have received. If i look at MyInvestmentItem that i have bought from secondary market, then I have no info about how much of these principal/interest/penalty I received. Is there a plan to add those “actually received” amounts?

    Currently I am missing account statement in api. Is there a plan to add account statement endpoint?

    • Hi Peeter,
      Currently we do not have the account statement endpoint, but we are planning to add it soon.