Switch Language

Frequently Asked Questions

Overview

What are BMO APIs?

APIs (Application Programming Interfaces) allow systems and apps to share information with each other.

BMO APIs let you connect your accounting, treasury management and other financial systems to your Online Banking for Business accounts. That connection gives you access to your real-time banking activity in the programs you use every day – without having to export data, upload files, or sign in to Online Banking for Business. You can also use our APIs to build your own apps. Our APIs make your banking data work for you

What can I use BMO APIs for?

BMO APIs let you access and use your account data however and wherever you want. Clients like you are using our APIs to:

  • See real-time balances for all accounts
  • Retrieve day-end, month-end and year-end balances for all accounts
  • Pull transaction histories
  • Review transactions based on a specific set of criteria
  • Replace BAI files and other settlement reports and processes

What can I do in the BMO Developer Portal?

Once you create an account on the BMO Developer Portal, you can access our sandbox. Our sandbox is a secure environment where you can test our APIs. You can also get secure sandbox credentials so you can test safely in your own environment.

Who can use BMO APIs?

If you're an Online Banking for Business customer, you can use our APIs to connect your accounts to your accounting, treasury management and other financial systems.

How much does it cost to use BMO APIs?

You can safely experiment with our APIs and test your code in our sandbox at no cost. When you’re ready to launch your app, please contact us to discuss pricing.

What APIs are available?

Currently, you can use BMO APIs to pull your account information from our database. We’re working on APIs for initiating payments, reconciling accounts, opening accounts, forecasting cash flow and multiple third-party integrations.

My Account

How do I create an account on the BMO Developer Portal?

To access the Sandbox, you’ll need to apply for an organization account on the BMO Developer Portal. Just fill out the application form. Once we’ve reviewed and approved it, we’ll send you an email with details on how to set up your account.

What if I don’t receive the email to set up my account?

When you apply and are approved for an organization account, we'll send you two emails: one with setup details and one with a link to create a password. If you don't see these emails, please check your spam folder. If you still can't find them, please contact us.

How do I change my password?

You can reset your password by selecting the Reset link on the Sign In page and entering your registered email. If it matches our records, we'll email you a link to create a new password.

If you've changed your email or it doesn’t match what we have on file, please contact us.

Testing in the sandbox

What can I do in the Sandbox?

Our Sandbox is a safe environment to test your code with dummy data. You need a free account to access it.

If you're just looking to test basic API responses, you can use the sandbox area on this site without registering your app with us. This option is a good choice if you're still experimenting in the early phases of your build or are confident that you won't need real-life testing for your code.

If you want to test directly in your own app, you'll need to register your app with us and generate a sandbox API Key. How do I get a sandbox API key?

Testing in my app

How do I get a sandbox API key?

To start testing in your own app, you’ll first need to generate an API key. This key, along with the Client ID and Client Secret displayed under My Apps, can be used directly in your app. It will let your app communicate with our servers just as if it were live. The only difference is that we’ll send you dummy data instead of real account information.

This option is closest to a real-life test but requires you to register your app with us. Here’s how:

  1. In the BMO Developer Portal, select your username and choose My Apps from the dropdown.
  2. Select the Register New App button.
  3. Fill in the details and select Register New App.

Once you have your key, go to our sandbox and generate an Access Token. You can use this token to test any of your registered apps.

What is my API Key?

Your API Key is a credential we assign to you. It lets us verify your identity and see which test app you're using to request information. You'll use it, along with your Access Token and the Client ID and Client Secret, to test our APIs in your own systems.

What is an application, and how many can I register?

An application is a way for you to generate and manage an API key to use with your own app during testing. You can register an unlimited number of applications in your account.

Launching my app

How do I move my app into production?

When you're ready to launch your app, contact us. We'll work with you to determine pricing and switch your sandbox credentials to production ones.

Managing my live apps

How do I revoke an app’s access to my BMO accounts?

You can manage which applications have access to your accounts through the API service in Online Banking for Business. Here’s how:

Who can access the API service in Online Banking for Business?

If you're a Primary Customer Administrator (PCA), you can access the API service in Online Banking for Business. You can also entitle other PCA users to the service.

Authorize APIs

What authorization system do you use?

All our APIs use the standard OAuth 2.0 framework.

How do I get authorized to make calls?

To get authorized to make calls, please check our Authorize documentation. It contains all the information you’ll need to implement a two-legged or three-legged OAuth flow.

Why do I need an Access Token?

You need to generate and use an Access Token in our sandbox to authorize test calls against our demo server. You can see our sample requests and responses in the BMO Developer Portal.

You can also use an Access Token to make authorized calls directly from your in-house development applications.

What sign in credentials should I enter when I’m generating an Access Token?

What sign in credentials you use depends on whether you’re testing in the sandbox or launching your app.

Because they are for a mock scenario, all sign in credentials are pre-filled for you in the sandbox.

When you’re ready to launch your app and grant access to your accounts, use your existing Online Banking for Business credentials.

How do I resolve a 401 ‘Unauthorized’ response?

Here's what to do if you keep getting a 401 ‘Unauthorized’ response:

  • Check that your client-id and secret are correctly matched against the application you created
  • Verify your base-64 encoding has been correctly formatted per the authorization documentation
  • Ensure that Basic is pre-fixed to the encoded client_id and client_secret while making your token call
  • Make sure that your access token is not invalidated or expired

If you've tried all these and the issue persists, please contact us

Account Information APIs

Which bank account is associated with my BMO API account ID?

When you make a GET call to our system, specifically Search for Accounts, you'll be returned a list of authorized accounts. For security reasons, these accounts will be identified with a unique account ID that is different from the account number.

To see which account is associated with the account ID returned, check the account_number field in the body of the return.

What accounts will I be able to see when I connect an application in Production?

When you connect an application in production, you’ll be able to see the same accounts you’re entitled to in Online Banking for Business.

Can I choose which accounts I share with different applications?

As part of the authorization flow, you’ll be able to choose which accounts you’d like to grant access to.

Will new accounts that I add on OLBB be automatically shared with a connected application?

New qualifying accounts will not be automatically shared with a connected application. You can choose to automatically share all current and future accounts when going through the OAuth 2.0 flow.