Basic concepts

Security protocols

Pluggy's API enforces the use of HTTPS TLSv1.2 or upper versions for security reasons. Other TLS version requests will be rejected. All communication requires to be in HTTPS.

API verbs and Protocols

Pluggy's API is a RESTful API based on JSON requests and responses, so all requests must have set the header Content-Type of application/json.

We follow the RESTful standards and all verbs match their specific action for the resource you will be communicating.


API response fields

We evolve our API in a non-breaking way, by adding new fields to our endpoint responses.

This makes it simpler since there are no complicated versioning mechanisms, but it also means that your HTTP client must support receiving unknown fields in a response and ignore them.

In most libraries this is supported by default, but please review your particular case to check that this is configured correctly.


Our production environment is accepting requests in the following host:


Some Pluggy's responses can yield a large amount of data, in which cases the size of the response is limited and divided in pages.

For example, if you make a request to /transaction?accountId={ACCOUNT_ID}, you will receive an object like:

    "total": 200,
    "totalPages": 15,
    "results": [],
    "page": 1
  • total: the size of the data of the request
  • totalPages: the total number of pages encompassing all available records
  • results: the content of the current page
  • page: the number of the current page
    • For example, /transaction?accountId={ACCOUNT_ID}&page=2 is the second page of transactions results
    • By retrieving /transaction?accountId={ACCOUNT_ID}, then /transaction?accountId={ACCOUNT_ID}&page=2, and so on, you may access to all the data available, one page at a time.

To sum up, to obtain all the data from a paginate endpoint, after your first request you should iterate many times as totalPages making a new request and changing the page query param.