Get Started

With the Treasure API, you can integrate our suite of cash management services directly into your platform. Manage your businesses, portfolios, transfers, documents, and bank accounts on your own time with our RESTful API.
Request Access
Access the APIs
  • Client ID
  • Client Secret
You can access our API through two environments –– sandbox and production. The sandbox environment allows you to simulate your business integration before moving to production, while production is our "live" API. Each environment has a different URL to avoid confusion.
Below, you’ll find the URL for Sandbox and the URL for our API reference. Please contact your Treasure integration team for the production URL.
Contact your Treasure integration team
Retrieve Your Credentials
To get started with our APIs, contact your Treasure integration team to receive your Client ID and Client Secret keys.
Your Client ID and Client Secret pair will be emailed to you via a single-use secure transfer mechanism. While your Client ID will not change, you can request a new Client Secret from Treasure directly by reaching out to your integration support team. Make sure to keep your credentials somewhere safe, as you may need to access them again.
Once you have your Client ID and Client Secret, you can create your OAuth token, which is used to authenticate all API calls. To receive your OAuth token, make the following call to POST /v1/oauth/token
        "client_id": "1234567890",
        "client_secret": "1234567890"
The response will look something like this:
        "expires_in": 83725,
"access_token": "eyJhbGciOiJSUzI1NiIsI...",
"token_type": "Bearer"
The response returns an access token, its expiration time, and the token type. In our sandbox and production environments this token will be "Bearer," and the token has a TTL (time-to-live) of 24 hours.
Note: the "expires_in" value is in seconds, so 24 hours would be a value of 86400.
The access_token value should be used as part of your Authorization header for all subsequent API requests. For example, a call to list all businesses would look like the following:
curl --request GET \
  --url \
  --header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsI...'
As a best practice, you should plan to call the OAuth Token API in the following cases:
  • Your server does not have an access token cached and available for use.
  • You receive a 401 Http Status code for an API request.
  • The expiration time for your OAuth token has elapsed or is nearing expiration.
Define User Data
user_data field. This convenience field allows you to provide information specific to your system and attach it to our API entities. This information will be returned to you any time that API entity is returned, including webhooks.
As best practice, you should include internal identifiers from your system in the user_data field so that your software can determine which entities in your system are related to an entity in Treasure’s. For example, you might attach a “customer ID” to a Business in Treasure’s API that represents the ID of that customer in your system.
Review Webhooks
Our APIs support webhooks that you can configure through your Webhooks Dashboard (powered by Throughout this integration guide, you’ll see references to webhooks and how they tie into various user flows. You can expect to receive the following webhooks:
  • bank_account.created
  • bank_account.updated
  • business.created
  • business.updated
  • document.created
  • onboarding.updated
  • portfolio.updated
  • transfer.created
  • transfer.updated
To access your Webhooks Dashboard, call the /v1/webhooks/dashboard endpoint. The response will include a link that authenticates and redirects you to your dashboard. For example:
"dashboard_url": ""
The authentication to your Webhooks Dashboard is tied to the link provided in the API response. As a matter of best practice, we recommend that you:
  • Do not save the URL provided in the API response, as the key used for logging in via the link is short-lived.
  • Protect access to this URL to ensure only individuals that are expected to manage or view webhook configurations can access it.
Your Webhooks Dashboard provides you with an Event Catalog where you can select and view event types and payload structures. Note that SSNs will not appear in Webhooks for security purposes.
All Webhooks follow the same structure:
  • SVIX provides a unique ID in the message header
  • The payload contains:‍
    • Type
    • Data, with the object the webhook notified you about
    • business_id
We recommend you query the related API when you receive a webhook to ensure you’re looking at the most up-to-date information.
For more information on how to configure and receive webhooks to your application, please refer to the Svix documentation.
Treasure Technologies Inc.
447 Sutter St
STE 405 PMB 25
San Francisco, CA 94108
Website is operated by Treasure Investment Management, LLC ("Treasure"), a wholly-owned subsidiary of Treasure Technologies, Inc., and an investment adviser registered with the U.S. Securities and Exchange Commission ("SEC"). Brokerage services are provided to clients of Treasure by Apex Clearing Corporation ("Apex"), an SEC-registered broker-dealer and member FINRA.

Investing involves risk, including loss of principal. The contents of this website are provided for information purposes only and do not constitute an offer to sell or a solicitation to buy securities. Past performance is no guarantee of future returns.