Switch Language
  1. Help Centre
  2. FAQ

Frequently Asked Questions

Overview

What are BMO APIs?

APIs (Application Programming Interfaces) allow systems and apps to share information with each other in real time.

BMO APIs let you connect your accounting, treasury management and other financial systems to your Online Banking for Business accounts. That connection gives you access to your real-time banking activity and lets you make transactions directly in the programs you use every day – without having to export data, upload files, or sign in to Online Banking for Business. You can also use our APIs to build your own features to integrate our banking services directly within your own applications and platforms. Our APIs make your banking data work for you.

What can I use BMO APIs for?

BMO APIs let you access and use your account data and payment services whenever and wherever you want. Clients like you are using our APIs to:

  • See real-time balances for all accounts
  • Retrieve day-end, month-end and year-end balances for all accounts
  • Pull transaction histories
  • Review transactions based on a specific set of criteria
  • Replace BAI files and other settlement reports and processes
  • Retrieve images of deposited cheques and other items
  • Validate third-party accounts before creating transactions
  • Send or collect payments
  • Process in-app purchases and fund digital wallets
  • Receive real-time payment status updates by API, email or text message.

What can I do in the BMO Developer Portal?

Once you create an account on the BMO Developer Portal, you can:

  • Add and manage access for your team members
  • Explore our APIs and detailed documentation
  • Use our API Explorer to try our APIs and get sample request code
  • Access your Sandbox credentials for your applications
  • Generate Sandbox access tokens
  • Connect your applications directly to our Sandbox
  • Request access to our Pre-Production environment
  • Manage test data for Pre-Production testing
  • Request access to Production environment

Who can use BMO APIs?

If you're an Online Banking for Business customer, you can use our APIs to connect your BMO accounts and create payments right from your accounting, treasury management and other financial systems.

How much does it cost to use BMO APIs?

You can safely experiment with our APIs in our Sandbox and test them in our Pre-Production environment at no cost. When you’re ready to launch your application, please contact us to discuss pricing.

What APIs are available?

Currently, you can use BMO APIs to pull your account information and images of deposited cheques from our database. You can also validate third-party accounts as well as create domestic and international payments without leaving your application. For more details, view Our APIs

My Account

How do I create an account on the BMO Developer Portal?

To explore our APIs in the Sandbox and Pre-Production environments, you'll need to apply for an organization account on the BMO Developer Portal. Once we've reviewed and approved your application, we'll send you an email with your account credentials and instructions for adding your team members.

What if I don't receive the email to set up my account?

When you apply and are approved for an organization account, we'll send you two emails: one with setup details and one with a link to create a password. If you don't see these emails, please check your spam folder. If you still can't find them, please contact us.

How do I change my password?

You can reset your password by selecting the Reset link on the Sign In page and entering your registered email. If it matches our records, we'll email you a link to create a new password.

If you've changed your email or it doesn’t match what we have on file, please contact us.

Testing in the sandbox

What can I do in the Sandbox?

The Sandbox is our lower environment intended to help you during the early build phase of your code. Here you can safely try common scenarios using sample data. You need a free account to access the Sandbox environment.

If you're just looking to try basic API responses without any code, you can use our API Explorer tool on this site. This option is a good choice if you're still experimenting in the early phases of your build or are confident that you won't need testing at this stage.

If you want to try our APIs directly in your own application with our static data, you can use the Sandbox credentials, including Client ID, Client secret and API key, provided in your account.

Once your code is ready, you can request access to our Pre-Production environment which will allow much more comprehensive testing ahead of your launch.

Testing in my app

How do I get a Sandbox API key?

To try our Sandbox in your own application, you'll need an API key. This API key, along with the Client ID and Client secret displayed under "My applications", can be used directly in your application to communicate with our Sandbox environment. Depending on your language preferences, you can choose between an API key for English code responses and one for French responses.

Once you have your API key, use our Authorize API or go to our API Explorer on this site to generate your access token. You can use this token and the other Sandbox credentials to try any of our APIs.

  1. In the BMO Developer Portal, select your username and choose My Apps from the dropdown.
  2. Select the Register New App button.
  3. Fill in the details and select Register New App.

Once you have your key, go to our sandbox and generate an Access Token. You can use this token to test any of your registered apps.

What is my API key?

Your API key is one of the credentials we assign to you. It lets us verify your identity and determine which application is trying to connect to our APIs.

In our Sandbox, the API key can be shared for all your applications and can be found under “My applications” along with other credentials. Here, we also offer 2 distinct API keys that will determine the language you want to receive your code responses in.

For our Pre-Production and Production environments, we'll send you a separate, unique API key for each application.

How many applications can I register?

You can use your account's Sandbox credentials with an unlimited number of applications – no need to register specific applications at this stage.

Once an application is ready to progress to the Pre-Production environment, simply request access and we'll register your application for you and share your new credentials. There are no limits to how many applications you can have registered in Pre-Production. The same goes for when you’re going live into Production.

Launching my app

How do I move my app into production?

When you're ready to launch your app, contact us. We'll work with you to determine pricing and switch your sandbox credentials to production ones.

Managing my live apps

How do I revoke an application's access to my BMO accounts?

You can easily disconnect an application from your BMO APIs and remove its access to all your accounts and payment services.How to modify an application’s API access.

  • In Online Banking for Business, select the Administration tab.
  • Under "Settings", choose Company Profile.
  • Select the Services tab.
  • In the left-hand menu, choose  BMO APIs and then select Manage Applications.
  • Under "Connected applications", next to the relevant application, select Disconnect application.
  • Confirm your choice by selecting Remove Access Now.

The application has been disconnected and can no longer access your Online Banking for Business accounts or payment services. You can view your disconnected applications under "Disconnected applications".

Who can access BMO APIs in Online Banking for Business?

If you're a Primary Customer Administrator (PCA), you can manage connected applications that use our BMO APIs in Online Banking for Business. You can also entitle other PCA users to the service.

Authorize APIs

What authorization system do you use?

All our APIs use the standard OAuth 2.0 framework.

How do I get authorized to make calls?

To get authorized to make calls, please check our Authorize documentation. It contains all the information you’ll need to implement a two-legged or three-legged OAuth flow.

Why do I need an access token?

You need to generate and use an access token to authorize your application to connect to our Sandbox, Pre-Production or Production environments. You can generate Sandbox access tokens in our API Explorer tool on this site or use the Authorize API. For Pre-Production and Production environments, you need to generate your access tokens using our Authorize API only. For more details, please view our Authorize API documentation

What sign-in credentials should I enter when I'm generating an access token?

The credentials you use depend on whether you're connecting to our Sandbox, Pre-Production or Production environment.

In our Sandbox and Pre-Production environments, all sign-in credentials are pre-filled for you.

When you're ready to launch your application and grant access to your accounts, please use your existing Online Banking for Business credentials.

How do I resolve a 401 ‘Unauthorized’ response?

Here's what to do if you keep getting a 401 ‘Unauthorized’ response:

  • Check that your client-id and secret are correctly matched against the application you created
  • Verify your base-64 encoding has been correctly formatted per the authorization documentation
  • Ensure that Basic is pre-fixed to the encoded client_id and client_secret while making your token call
  • Make sure that your access token is not invalidated or expired

If you've tried all these and the issue persists, please contact us

Account Information APIs

Which bank account is associated with my BMO API account ID?

When you make a GET call to our system, specifically Search for Accounts, you'll be returned a list of authorized accounts. For security reasons, these accounts will be identified with a unique account ID that is different from the account number.

To see which account is associated with the account ID returned, check the account_number field in the body of the return.

What accounts will I be able to see when I connect an application in Production?

When you connect an application in production, you’ll be able to see the same accounts you’re entitled to in Online Banking for Business.

Can I choose which accounts I share with different applications?

As part of the authorization flow, you’ll be able to choose which accounts you’d like to grant access to.

Will new accounts that I add in Online Banking for Business be automatically shared with a connected application?

New qualifying accounts will not be automatically shared with a connected application. To add them, please complete the consent flow again to update your account selection for each API. For more details, please follow our Sandbox guide, Pre-Production guide or Production guide (sent by email) respectively.

Imaging APIs

Do I need additional APIs to retrieve my deposit images?

Apart from the Authorize API to give your application secure access to our servers, you’ll only need the Image Retrieval API to retrieve deposit images.

How do I search for and retrieve deposit images?

Once your application has been authenticated using the Authorize API, you can start your search for deposit images. Here's how it works:

  • Get a list of your authorized Online Banking for Business accounts.
  • Specify the account number, date range and item type. You can also add other search criteria.
  • From the index of available images, choose the ones you want to retrieve.

Is the process different between Canadian and U.S. items?

The process is the same for Canadian and U.S. items.

How long can I access cheque images using the API?

You can request images of deposited items as far back as 7 years. To retain them even longer, you can use the API to automatically download and store them in your own archive.

Which format are the images in?

All images will be in TIFF format.

Account Validation API

Do I need additional APIs to verify account ownership?

Apart from the Account Validation API to verify account ownership, you’ll also need the Authorize API to give your account secure access to our servers and the Encryption API to protect sensitive information from end-to-end.

Which types of U.S. accounts are currently supported?

Currently, this API only supports U.S. savings and deposit accounts.

How many accounts can I validate per call?

Each call can validate up to 100 accounts. There’s no limit for the calls you submit.

Can I choose to check only account ownership or risk level?

You can choose if you want to check account ownership, risk level or both. Simply submit the details you want us to check.

What do the owner match and account risk scores mean?

Owner Match

This score shows how well the account owner information you provided matches what the other bank has on file. You can also review the results for each field.

To improve the confidence in the match, you can check additional owner details in your inquiry.

Account Risk

This score shows the risk of setting up a transaction involving this account. It considers a variety of factors such as:

  • Is the account open and active?
  • Does the account accept credits and debits?
  • Is enough information available about the account?
  • Is there a history of fraud, insufficient funds or recall requests?
RiskPossible Reasons
HighAccount may be closed or has a history of fraud or insufficient funds.
MediumAccount is open but has limited available information or a history of a few unsuccessful transactions.
LowAccount is open and active with no recent negative history.