Authentication v1
SVB uses HMAC message authentication for ACH APIs.

API credentials over HTTP are used to authenticate clients. All ACH API requests will need to include HMAC signatures.
Frequently Asked Questions

Table of Contents

  • Environments
  • API Credentials
  • IP Whitelisting

    • Environments

    SVB provides two environments, sandbox for testing and production for live transactions.

    ENVIRONMENT URL
    Sandbox https://uat.api.svb.com
    Production https://api.svb.com

     

     

     

     

     

    API Credentials

    SVB API authenticates users by the provided API key in each request.  Additionally, HMAC authentication requires HMAC signing of each API request. 

    Environment information will be specified on the api key:

           Sandbox access:           api key will start with test_ 
           Production access:       api key will start with live_ 

    To provide your API key with a request, pass it in the HTTP Authorization header as a bearer token:

    Authorization: Bearer YOUR_API_KEY

    Example request:

    curl -H "Authorization: Bearer YOUR_API_KEY" \
    https://uat.api.svb.com/v1

    Note: Store your API key in a secure location. Anyone who obtains your key can access the API with all of your privileges.

    IP Whitelisting

    We recommend IP whitelisting as an additional means of controlling access to SVB Developer API whenever possible. While some architectures may preclude IP whitelisting as a viable means of protection, this additional level of security can help mitigate certain attacks. The Developer API can whitelist individual addresses or CIDR ranges of IP addresses as needed.

    Contact SVB API team to configure or modify existing IP restrictions.