Authentication v1
SVB uses HMAC message authentication for ACH APIs.

API credentials over HTTP are used to authenticate clients. All ACH API requests will need to include HMAC signatures.


SVB provides two environments, sandbox for testing and production for live transactions.







API Credentials

SVB API authenticates users by the provided API key in each request.  Additionally, HMAC authentication requires HMAC signing of each API request. 

Environment information will be specified on the api key:

       Sandbox access:           api key will start with test_ 
       Production access:       api key will start with live_ 

To provide your API key with a request, pass it in the HTTP Authorization header as a bearer token:

Authorization: Bearer YOUR_API_KEY

Example request:

curl -H "Authorization: Bearer YOUR_API_KEY" \

Note: Store your API key in a secure location. Anyone who obtains your key can access the API with all of your privileges.

IP Whitelisting

We recommend IP whitelisting as an additional means of controlling access to SVB Developer API whenever possible. While some architectures may preclude IP whitelisting as a viable means of protection, this additional level of security can help mitigate certain attacks. The Developer API can whitelist individual addresses or CIDR ranges of IP addresses as needed.

Contact SVB API team to configure or modify existing IP restrictions.