The Ingo Money Dupex Duplicate Check Management API advises a user whether a check has been previously cashed and/or accepted.
API requests MUST be performed using a secure transport layer over HTTPS with a minimum TLS version of 1.2.
The APIs are designed for machine to machine communication and are restricted by adding our partner's IP addresses to an "Allowed List" of IP addresses.
A single IP, multiple IPs or a range of IPs can be added to the list.
The Client Id and Client Secret will be provisioned by Ingo Client Services and provided via a PGP encrypted file format.
We will need our client's Public Key information to encrypt the authentication credentials.
The current API version is "1".
The API supports the apiVersion parameter via:
By default, if no version is specified, the API will assume the default version 1.
APIs are secured using an OAuth2 Client Credentials Grant Flow.
The Access Token can be retrieved from the following authorization URLs:
Refer to the following Client Credentials Flow link for further details and examples on how to send in a valid authorization request.
Authentication using a shared secret.
POST https://auth-uat.ingo.money/connect/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic Q2xpZW50SWQ6UEBzc3cwckQjRXhAYW1wbGUh
scope=https://apis.ingo.money/auth/insights/check/dupex&grant_type=client_credentials
POST https://auth-uat.ingo.money/connect/token
Content-Type: application/x-www-form-urlencoded
scope=https://apis.ingo.money/auth/insights/check/dupex&grant_type=client_credentials&client_id=The_Best_Client_Ever&client_secret=Super_DOOPER_Secret
STATUS CODE: 200 (OK)
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkUxQjNCQkJFMzhDNDdBREJDNzk0N0FDQ0U1OTVFMjQ3MUNEMkFGQUVSUzI1NiIsInR5cCI6ImF0K2p3dCIsIng1dCI6IjRiTzd2ampFZXR2SGxIck01WlhpUnh6U3I2NCJ9.eyJuYmYiOjE2MDYzMjA1NTYsImV4cCI6MTYwNjMyNDE1NiwiaXNzIjoiaHR0cHM6Ly9hdXRoLWxvY2FsLmluZ28ubW9uZXk6NTUwMDEiLCJhdWQiOlsiSWRlbnRpdHlJbnNpZ2h0cy5BcGkiLCJodHRwczovL2F1dGgtbG9jYWwuaW5nby5tb25leTo1NTAwMS9yZXNvdXJjZXMiXSwiY2xpZW50X2lkIjoiTmV0U3BlbmQiLCJpZGVudGl0eS5zY29yaW5nIjoidHJ1ZSIsImp0aSI6IjlEODREMjUyOUQyNTY4NTMwQzI1RTY4NDA0MTdFQzAxIiwiaWF0IjoxNjA2MzIwNTU2LCJzY29wZSI6WyJodHRwczovL2FwaXMuaW5nby5tb25leS9hdXRoL2luc2lnaHRzL2lkZW50aXR5LXNjb3JlIl19.W8Sz3_A_8sJr2p_zqbhrAisr8ECwu5cVYdxVlMqYzEwI4l22_ulIVwRpKNWEmp7wlngnSV5cl9fwoj5QqOSwZoixsk4sFGk6vcZcdbmutOvum-Q7lZ1iTwfwpQv_Q2Cp__NHc9KFSD3KR8qFdAucE5UlOr5VvOb__r-mvtvL1f1HYRRG2JSkkzjXy04Nbn-UKcvYm0VoqL3vaye3-uOPyo9NI0mMcgJCJpM1jmnM6BkdZOr2zvd4-jOt2FOcZWlHCoeGf8YFm4RWCF6o3MNIxbrOqxfZ8YKztmBIxTUnWe6GPtbkU16FYIbgdp4uaJcr3YQIvgPt0FhT-tXxr8qjdQ",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "https://apis.ingo.money/auth/insights/check/dupex"
}
To improve performance, it is recommended that the client can reuse the access_token for back-to-back API calls.
The expires_in response parameter can guide the storage / cachsing mechanisms and timing of when the client's system needs to request a new access_token.
Before clients can go live, Ingo Money will work closely with the Client Integration and Application Engineering teams to ensure that all possible known responses are being handled appropriately.
This process will ensure our clients are well prepared for their production deployments and edge cases have been covered.
The certification process may include but is not limited to the following scenarios:
Success scenarios:
Error scenarios:
As with any external network dependency, we recommend our clients use a fault-tolerant API access strategy with a retry policy. An example can be located here Resilience policies.