Developer Docs
API Reference Overview
RESTful APIs built for financial engineers. OAuth 2.0 + API key authentication. Sandbox environment available on day one — no contract required to explore.
Quickstart
Create your first account in minutes
POST /v1/accounts — Create Investment Account
# Request curl -X POST https://api.joineko.investments/v1/accounts \ -H "Authorization: Bearer eko_sk_sandbox_xxxxxxxxxxxx" \ -H "Content-Type: application/json" \ -d '{ "kyc_tier": "standard", "institution_id": "ins_a1b2c3d4", "member_ref": "mem_0001", "account_type": "individual_brokerage" }' # Response — 201 Created { "account_id": "acct_2x8kf9p3", "status": "pending_kyc", "kyc_url": "https://kyc.joineko.investments/flow/2x8k...", "created_at": "2026-03-14T09:22:01Z" }
Endpoints
API endpoint groups
| Group | Method | Path | Description |
|---|---|---|---|
| Accounts | POST | /v1/accounts | Create a new investment account with KYC/CIP flow |
| GET | /v1/accounts/{id} | Retrieve account status and details | |
| GET | /v1/accounts | List all accounts for your institution | |
| Orders | POST | /v1/orders | Submit a market, limit, or fractional order |
| GET | /v1/orders/{id} | Retrieve order status and fill details | |
| Portfolio | GET | /v1/portfolio/{account_id} | Current holdings, values, and performance |
| GET | /v1/portfolio/{id}/history | Historical returns and transaction log | |
| Reports | GET | /v1/reports/compliance | FINRA Rule 4511 audit-ready export (JSON/CSV) |
| GET | /v1/reports/aml | AML transaction monitoring report | |
| Webhooks | POST | /v1/webhooks | Register a webhook endpoint |
| GET | /v1/webhooks/events | List recent webhook event deliveries and retries |
Authentication
Two auth modes for different integration patterns
API Key
Best for server-to-server integrations from your core banking middleware. Keys scoped per institution with read/write permissions. Rotate without downtime via the management API.
Authorization: Bearer eko_sk_prod_xxxx # Sandbox prefix: eko_sk_sandbox_ # Production prefix: eko_sk_prod_
OAuth 2.0
Recommended for third-party integrations and partner systems. Standard client_credentials flow. Token expiry 1 hour; refresh tokens available for long-running integrations.
# Token endpoint POST /oauth/token grant_type=client_credentials scope=accounts:write orders:write
SDKs
Client libraries for your stack
Python
github.com/joineko/eko-python
Node.js
github.com/joineko/eko-node
Java
github.com/joineko/eko-java
Rate Limits & SLA
Infrastructure-grade reliability commitments
| Plan | Requests/min | Daily Limit | Uptime SLA | Support Response |
|---|---|---|---|---|
| Launch | 100 req/min | 50,000/day | 99.5% | Email, 24h |
| Growth | 500 req/min | 500,000/day | 99.9% | Dedicated, 4h |
| Enterprise | Custom | Unlimited | Custom SLA | Dedicated team, 1h |
Start building in the sandbox today
Request API credentials and access our sandbox environment. No commitment required to explore.