For Personal or Institutional Investor Apps

Note: Personal and Institutional clients have a one-to-one relationship where a single client can only serve a single Prosper user. You cannot create a client for anyone other than the user associated with the account.

Step 1: Register your app with Prosper

If you have not already done so, register your app with Prosper. When your app is registered, you will receive a Client ID and Client Secret, which you will use to authorize your app with Prosper before making API calls.

App registration is done on your Prosper API settings page.

To open the API settings page:

  1. Select My Account > Settings
  2. Select Edit from the API settings section on the right side of the page.

To register your app and generate a Client ID and Client Secret, complete the registration form.

If you are registering a personal or institutional client you only need to provide a Company Name and a Phone Number. If you add an Email Address, it will only be used for communication purposes.

Note: You can enter your full name in the Company Name field if you are an individual investor.

All other fields are for third party agent clients only. You will use your Prosper login email address as your username when authenticating your app.

AppRegEmpty100

 

 

 

Step 2: Request an access/refresh token

If you are creating an app to make investments on your behalf or you are acting as an institutional investor, you can use your account username and password to authenticate with Prosper and start using our APIs.

You will authorize your app using the OAuth 2.0 password flow. The password flow results in Prosper issuing an access token for making API calls. We’ll also generate a refresh token for you.

ClientGetAuthTokensUPwd

 

Both the access and refresh tokens have an expiration time. Once the Access token has expired, you will use the Refresh token to gain a new Access token (see next section). Prosper Refresh tokens are currently set to expire in 10 hours.

Once the Refresh token has expired, you must make a new password flow request for a new Access/Refresh token for client sessions.

To make a token request:
You will make an HTTP urlencoded POST request to Prosper’s OAuth security token endpoint, passing the following parameters:

Parameter name Value
grant_type password
client_id The id Prosper provided to you when you registered your app
client_secret The secret Prosper provided to you when you registered your app
username Your username is the email address you use to login to your personal or institutional Prosper account.

Note: You may have used a different email address to register your app. Your client id is always tied to your Prosper account login email.

password The password used to login to your Prosper personal or institutional account.

Request:

POST https://api.prosper.com/v1/security/oauth/token
   Accept: application/json
   Content-type: application/x-www-form-urlencoded

grant_type=password&client_id=<your_client_id>&client_secret=<your_client_secret>&username=<your_prosper_username>&password=<your_prosper_password>

View curl and python examples of the above request at the end of this section.

Response:

{
   "access_token": "22a5aaaf-bb7b-4278",
   "token_type": "bearer",
   "refresh_token": "7fcb8a8a-e7dd-4fa9",
   "expires_in": 3599
}

The following parameters are passed back in the response:

Parameter name Value
access_token The new access token you will use when requesting resources from Prosper.
token_type The token type to set in the HTTP header when making resource requests from Prosper.
refresh_token The refresh token to use when the access token expires.
expires_in The amount of time left, expressed in seconds, before the access token expires. You will need to refresh the token when this time has passed.

Now that you have a user access token, you can make Prosper API calls to inspect resources. Use the access_token as bearer in every Authorization request header.

Step 3: Request a new Access token

You should make note of the expiration time for the Access token. When the Access token has expired, you must get a new one to resume making Prosper API calls.

To get a new Access token, your client will pass the Refresh token Prosper issued to your client in Step 2.

ClientRequestsANewAccessToken

Note: If your refresh token has expired, you need to repeat Step 2 to retrieve a new Access and Refresh token.

To make a new Access token request:

You will make an HTTP urlencoded POST request to Prosper’s OAuth security token endpoint, passing the following parameters:

Parameter name Value
grant_type refresh_token
client_id The id Prosper provided to you when you registered your app
client_secret The secret Prosper provided to you when you registered your app
refresh_token The refresh token Prosper provided to you when you requested an access token. The refresh token expires in 10 hours. You can make multiple refresh token requests for a new access token with this refresh token throughout the day.

Request:

POST https://api.prosper.com/v1/security/oauth/token
   Accept: application/json
   Content-type: application/x-www-form-urlencoded

grant_type=refresh_token&client_id=<your_client_id>&client_secret=<your_client_secret>&refresh_token=<existing_refresh_token_from_user_token_request>

View curl and python examples of the above request at the end of this section.

Response:

{
   "access_token": "5098afd7-f216",
   "token_type": "bearer",
   "refresh_token": "7fcb8a8a-e7dd",
   "expires_in": 3599
}

 

The following parameters are passed back in the response:

Parameter name Value
access_token The new access token you will use when requesting resources from Prosper.
token_type The token type to set in the HTTP header when making resource requests from Prosper.
refresh_token The refresh token to use when the access token expires. This value will be the same value you passed into the refresh token call request.
expires_in The amount of time left, expressed in seconds, before the access token expires. You will need to refresh the token when this time has passed.

 

Password Credentials Flow Errors

Error Code Error Reason(s) HTTP Status code
invalid_grant Not enough information supplied for the grant type
Missing/Invalid username or password
Bad credentials
400
password_reset_required User needs to reset their password 403
All User Status Errors below
All Client Authority Errors below

Access Token Errors

Error Code Error Reason(s) HTTP Status code
invalid_grant Not enough information supplied for the grant type
Missing/Invalid username or password
Bad credentials
400
invalid_token The access token is invalid (expired, not provided etc) 401
invalid_request Unsupported response types
Missing response type
No scopes provided
Invalid scope(s)
400
All Client Authority Errors below

Refresh Token Errors

Error Code Error Reason(s) HTTP Status code
invalid_grant Missing/Invalid refresh token 400
All Client Authority Errors below

User Status Errors

Error Code Error Reason(s) HTTP Status code
closed_account User account is closed 400
duplicate_account User has a duplicate account 400
expired_account User account has expired 400
inactive_account User account is inactive 400
account_on_hold User account is put on hold 400
account_pending_activation User account has not been activated 400
account_pending_approval User account pending approval 400
account_incomplete_registration User has not completed registration 400
suspended_account User account is suspended 400
terminated_account User account is terminated 400
unactivated_account The account’s email address has not been validated 400
All Client Authority Errors below

Client Authority Errors

Error Code Error Reason(s) HTTP Status code
unauthorized Invalid/Missing client Id
No Authorization (header) information provided
401
invalid_client Invalid/Missing credentials
Unauthorized grants
401
invalid_request Generic “Bad request”
Invalid/Missing grant type
400
unsupported_grant_type The grant type given is unsupported 400

 
 


 
 

Password flow token requests: curl and python examples

curl password flow access token request

curl -X POST -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=password&client_id=<your_client-id>&client_secret=<your_client_secret>&username=<prosper_account_username>&password=<prosper_account_password>' 'https://api.prosper.com/v1/security/oauth/token'

curl refresh token request

curl -X POST -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=refresh_token&client_id=<your_client_id>&client_secret=<your_client_secret>&refresh_token=<existing_refresh_token_from_user_token_request>' 'https://api.prosper.com/v1/security/oauth/token'

python password flow access token request

import requests
url = "https://api.prosper.com/v1/security/oauth/token"
payload = "grant_type=password&client_id=<your_client_id>&client_secret=<your_client_secret>&username=<prosper_account_username>&password=<prosper_account_password>"
headers = { 'accept': "application/json", 'content-type': "application/x-www-form-urlencoded" }
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)

python refresh token request

import requests
url = "https://api.prosper.com/v1/security/oauth/token"
payload = "grant_type=refresh_token&client_id=<your_client_id>&client_secret=<your_client_token>&refresh_token=<existing_refresh_token_from_user_token_request>"
headers = { 'accept': "application/json", 'content-type': "application/x-www-form-urlencoded" }
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)