What is Bridge Open Banking?

Bridge Open Banking is a set of API products that allow you to connect to East West Bank.  You can use these APIs to enable a wide variety of services including managing accounts and transferring funds.

What kind of data and access do I get?

Once you create an account, you can access the “Try It” area of the portal.  There you can make test API calls that mimic the production environment.  Once you are ready to proceed further, please contact us for access to the sandbox which allows connectivity to a live banking environment with test accounts and live transfers.

What functionality is available in the sandbox?

Functionality in the sandbox includes the ability to open and manage test accounts, obtain information on accounts and transactions, transfer funds, and retrieve statements.  The objective is to allow you to fully develop your application code and test it with us in a simulation of production.

What does it cost to use Bridge Open Banking?

There are no fees to access the Bridge Open Banking portal. If you wish to move to our sandbox and production environments, please contact your GTS sales consultant for pricing and next steps.

I want to access Bridge Open Banking. How do I create an account?

To access the Bridge Open Banking portal, you just need to create an account using our Sign Up page. Submit the form and we’ll email you an invitation, then follow the link inside the email and you’ll be redirected to the secure section of the portal. The link expires in seven days so be sure to use it. Also, sometimes our email ends up in the spam folder, so please be on the lookout.

What do I do if I never received an activation email or the activation link expired?

If you never received an activation email, or your activation link expired, let us know at ewbb@eastwestbank.com. We will get back to you as soon as possible.

How do I get a new password?

If you forgot your password or just want to change it, contact us at ewbb@eastwestbank.com for assistance.

Do I need a certificate to work in the sandbox? What about production?

Yes, you will need a certificate for connectivity to the sandbox and production environments, although no certificate is needed for access to the Bridget Open Banking portal.  Once you are ready to take the next steps with sandbox and production, please contact your GTS sales consultant.  Your GTS sales consultant will be able to share more information, including pricing and the documents needed to setup further access to sandbox and production.  We will also provide the necessary certificate and access credentials.

What system of authorization do you use for your APIs, and how do I get authorized to make calls?

We use a standard OAuth 2.0 scheme for authorization.

How do I base-encode my ClientID and ClientSecret?

Most programming languages have base-encoding built in or readily available as a library. When coding your business logic on your application server, we recommend base-encoding your client and secret in-application rather than storing the encoding as a static string. If you’re looking to prototype quickly, there are online tools that can help you get running, which can be found with a quick search.

How do I try out the APIs before implementing them?

Our documentation pages allow in-browser testing on the Bridge Open Banking portal. Simply pre-populate the data using the documentation prompts and insert missing fields from your application or access token information. Once all the fields are filled, you’re ready to try out the API call.

How do I get test data for accessing APIs?

We supply test data, including live test accounts, in our sandbox environment.  You can use the sandbox environment to open test accounts, get account information, or perform test transfers.  If you wish to move to our sandbox and production environments, please contact your GTS sales consultant for pricing and next steps.

What is the purpose of the unique ‘requestId’ parameter within your APIs?

Each API account opening or funds transfer request should contain a ‘requestId’ parameter, which is a ‘Globally Unique Identifier’ (GUID) assigned to the request to make it idempotent.  An API request may be resubmitted if the original request resulted in a timeout or server error. In this situation, it is important to reuse the same ‘requestId’ to ensure that the account or funds transfer is not duplicated.  If the original request succeeded despite an initial error response from the API, the second or later requests will note a successful response and will not duplicate the requested account or funds transfer.

I keep receiving a 401 ‘Unauthorized’ response. What can I do to resolve it?

Here are some common fixes:

• Check that your client-id and secret are correctly matched against the application you created

• Verify your base-64 encoding has been correctly formatted per the authorization documentation

• Ensure that Basic is pre-fixed to the encoded ClientID and ClientSecret while making your token call

• Make sure that your access token is not invalidated or expired