Understanding the API

Jobs

Available Resources

The available resources in the Smile Open API are made up of two types:

  • Smile Network Resources
  • User Data

Smile Network Resources

These are data resources for integrating and getting data from the Smile Open API.

There are general resources in use by most Smile products and processes, and some that are specific to the processes you wish to implement.

General Resources

ResourceProcessDescription
ProvidersGeneralList of employment data providers available in the Smile Network. The data providers are further segmented into different subtypes such as Gig platforms, HR platforms, and others.
UsersGeneralThese are your users who have initiated the account linking process and have given their consent to share their employment data with you and Smile. When a new user is created, a token is issued at the same time.
TokensGeneralThe tokens to be able to access account-related data of a user. You can use this resource to either retrieve existing tokens, or refresh a token for an existing user.
WebhooksGeneralWebhooks are used to notify your application in real time when an event happens in your environment.
Consent TemplatesGeneralStore your consent documents with Smile API for easier referencing of your user's consent while processing their data.
AccountsAccount LinkingThe accounts which your users have successfully logged into, and from which account-related data will be retrieved from. For more information, see below on "Source Data".
InvitesAccount LinkingYou can use this to invite users to link their work account via their preferred communication channel such as email.
Invite TemplatesAccount LinkingIf you will invite users to connect their work account via an invitation, use this to define and retrieve what the invite looks like.
ArchivesDocument ProcessingThis refers to archives that contain files of scanned or photographed documents that the users have uploaded.
File TypesDocument ProcessingRefers to the types of files that are accepted for upload, and which will be available as an archive once it has been uploaded.

User Data Resources

User Data can either come from linked accounts, uploaded data, or through verification or signal requests.

To be able to retrieve rich user data such as income and employment data and use it in your application, you will need to either use our Account Linking, Document Processing, or Form Processing products and these into your application. Otherwise, our Risk Screening products can still provide valuable and actionable insights.

Rich User Data

📘

Note

To learn more about the Wink Widget, check out the section on "Getting User Data"

If you will be embedding the Client SDK yourself into your own application, you will need to instantiate the widget, after which a user will be created in the Smile Network, with a short-lived token. When the widget is instantiated, your users will first need to provide their consent for Smile to retrieve that data on their behalf. After that, we will display a list of employment and income data providers that your users can choose from. They will then need to either:

  1. Authenticate with a digital data provider. If we have a direct connection to that data provider, we will display it in a list from which the user can choose from. If they have an account with any of the displayed providers, they can select that provider, then afterwards enter their credentials with that selected data provider. After giving permission, an account is created in the Smile Network from which data will be retrieved, aggregated, and normalized into a standard schema and sent to you in a developer-friendly JSON format.
  2. Upload a scanned or photographed document containing their employment or income information. Not all source employment and income information is in digital form. Typically the source for this type of information still comes in the form of paper documents. Users can scan or photograph these documents, upload it, and we can then digitize and retrieve the pertinent data from it, in most cases also extracting the data (via Optical Character Recognition or OCR) into a developer-friendly JSON format. In cases where we cannot automatically extract the information, we will always provide a URL to the uploaded file available via the /archives endpoint.
ResourceTypeDescription
IdentityUser DataGet vetted identity information from current and previous employers such as name, contact information, residential address, and others.
TransactionsUser DataGet detailed financial transactions of the user from the source data provider. This includes additions (or credits) and deductions (or debits) recorded from the source provider.
RatingsUser DataGet information on user's job performance ratings.
DocumentsUser DataGet documentary information such as their driver's license, national identity card ID, and others.
EmploymentsUser DataGet previous employment information such as the company the user has worked for, job title, tenure and others.
IncomesUser DataGet previous income information such as gross pay and net pay, as well as other components that make up income.
Estimated Income (early access) data from Contributions and Transactions is also freely available for a limited time.
ContributionsUser DataGet previous social security contribution information to get an indication of income level.
LiabilitiesUser DataGet information on current and previous loans obtained from employment-related data sources and social security services.

Actionable User Insights

ResourceTypeDescription
Verification RequestsRisk ScreeningVerification can help you confirm matches between your user provided data and data from pre-verified and/or authoritative sources.
Signal RequestsRisk ScreeningObtain key risk signals on your user's behavior with only a phone number or email address.
FootprintsRisk ScreeningObtain valuable insights on your user's digital footprint and online activities.
Multiple Application WarningRisk ScreeningDiscover early indications on your user's lending activities.
BlacklistEnsure your user is not blacklisted.

Modes

Modes of Operation

The API is available in two modes that can be accessed by sending requests to different base URLs. Each API client secret you are granted can only be used with a single mode. For example: an API client ID and secret granted to access the Sandbox Mode can only be used in that mode.

ModeHostDescription
Sandboxhttps://sandbox.smileapi.io/v1Use Sandbox mode to build and test your integration. In this mode, you must use test credentials to authenticate with the employment data providers. All API endpoints will return mock data and no actual user data is returned. Sandbox mode is instantly turned on for all users.
Productionhttps://open.smileapi.io/v1Production mode is used to go live with your integration. Your end-users will use their login credentials to authenticate with their employment data providers. API endpoints return real data and in this mode, all API calls are billable. Production mode access is subject to approval.

Upon signup, you will have instant and free access to test on our Sandbox environment. If you need Production environment access, contact us.

Testing in Sandbox Mode

Smile provides a Sandbox mode for our production environment to allow you to test your integration with sample data.

To use the Sandbox, you can use the following example credentials:

User NameFull NameEmailMobile PhonePasswordVerification CodeSS Number
GeorgeGeorge Palomero Jr.[email protected](+63) 955999123412345612343300000008
RyanRyan Lestari[email protected](+62) 81199943216543211234N/A
ChristinaChristina Tan[email protected](+65) 99996789YGUS11234N/A
AnishaAnisha Bhatia[email protected](+91) 95111987651234561234N/A

Archives in Sandbox Mode return only specific payslips. To test Archives while in Sandbox Mode, you may download the sample payslips within the Developer Portal and upload it through the Wink Widget or through the API. Other files uploaded during Sandbox mode will return errors.


Authentication

Authentication

The Smile Open API uses HTTP Basic Auth.

Basic authentication is a simple authentication scheme built into the HTTP protocol. To use it, send your HTTP requests with an Authorization header that contains the word Basic followed by a space and a base64-encoded string API Key:API Secret.

These credentials are associated with your Smile tenant account and can be used to access the Smile Network. To retrieve your credentials, simply sign up on our Developer Portal and access your API Keys in the developer portal.

📘

Example

Authorization: Basic ZGVtbzpwQDU1dzByZA==

To retrieve data from our API, you should include in your Authorization header the word Basic, followed by a space and a base64-encoded (non-encrypted) string apikey:apisecret or Authorization: Basic {base64 encoded string}.

Your API Key and Secret can be found by logging into the Developer Portal under the API Keys section.

Upon signup, you will have instant and free access to test on our Sandbox environment. If you need Production environment access, contact us.

where-to-find-api-keys.png

You may click on the Copy icon next to your API Key and Secret to easily copy it to your computer clipboard.


Versions

Versioning

The version is included in the URI Path. So for example it will look like: https://open.smileapi.io/v1/

The versioning convention we use is the 1.2.3 format, where 1 is the major version, 2 is the minor version, and 3 is the patch update:

  • Major version: The version used in the URI, and denotes breaking changes to the API. While we try to keep changes backward compatible, there may be occasions where we will need to introduce changes that might change existing behavior or functionality. These changes will be implemented in versions of the API accessible under a differnet URI (eg https://open.smileapi.io/v2/). You can continue to use the existing URI to avoid breaking existing integrations, but in order to take advantage of new features, you will have to update your application to point to the new version and URI.
  • Minor and Patch versions: These are transparent to the client and we use this internally for backward compatible updates. You do not need to update your integration when we release minor updates or patches. We will communicate these via via our change logs and email notifications, so you are updated about all of these changes.

Alert

Error Messages

HTTP Status CodeStatus DescriptionSmile CodeMessage
400 - Bad RequestThe request could not be understood by the server due to incorrect syntax. The client SHOULD NOT repeat the request without modifications.INVALID_CREDENTIALSThe credentials you provided are incorrect.
400 - Bad RequestThe request could not be understood by the server due to incorrect syntax. The client SHOULD NOT repeat the request without modifications.INVALID_PARAMETERSMissing or invalid parameters were sent in your request.
401 - UnauthorizedIndicates that the request requires user authentication information. The client MAY repeat the request with a suitable Authorization header fieldINVALID_TOKENThe token you provided is invalid or has expired.
403 - ForbiddenUnauthorized request. The client does not have access rights to the content. Unlike 401, the client’s identity is known to the server.UNAUTHORIZED_ACCESSYou do not have permission to access this resource.
404 - Not FoundThe server can not find the requested resource.MISSING_RESOURCEThe resource you provided cannot be found or is unavailable.
415 - Unsupported Media TypeThe payload format is either not defined or is in an unsupported format.UNSUPPORTED_TYPEPlease specify a valid content type for your request.
429 - Too Many RequestsToo many requests sent in a given amount of timeREQUEST_LIMIT_EXCEEDEDYou have exceeded your rate limit for this resource. Please try again later or contact support.
500 - Internal Server ErrorThe server encountered an unexpected condition which prevented it from fulfilling the request.SERVER_ERROROur system is currently experiencing issues. Please try again later or contact support.
501 - Not ImplementedThe HTTP method is not supported by the server and cannot be handled.UNSUPPORTED_METHODThe HTTP method you used is not supported for this resource.
503 - Service UnavailableThe server is not ready to handle the request.SERVER_UNAVAILABLEThe server is not available to handle the request. It may be down or under maintenance. Please try again later or contact support.
504 - Gateway TimeoutThe server cannot give a response in time.TIME_LIMIT_EXCEEDEDThe server was not able to give a response in the allotted time. Please try again or contact support.

JSON

Body of Results

All responses are encoded in JSON and return the following attributes:

  • code
  • message
  • requestId
  • data

If the response is a single object, the value of the data attribute is that object. For example, the Get Identity endpoint will return the following, with the attribute data returning a single Identity object:

{
    "code": "OK",
    "message": "Success!",
    "requestId": "58be58d8-fdc9-4834-a5d2-711fb7386a0c",
    "data": {
      "id": "i-123abc456def789abc123def456abc78",
      "fullName": "George Cimafranca Palomero, Jr",
      "firstName": "George",
      "middleName": "Cimafranca",
      "lastName": "Palomero",
      "suffix": "Jr",
      "gender": "Male",
      "dob": "1970-08-24",
      "maritalStatus": "Married",
      "countryResidence": "PH",
      "citizenship": "Citizen",
      "photoUrl": "https://cdn.smileapi.io/image/avatar/v20211115191600/george.jpg",
      "referenceId": null,
      "profileUrl": null,
      "emails": [
        {
          "address": "[email protected]",
          "type": "Primary"
        }
      ],
      "phones": [
        {
          "number": "+639559991234",
          "type": "Mobile"
        }
      ],
      "socialProfiles": [
        {
          "socialUrl": "https://www.facebook.com/gpalomero1234",
          "type": "Facebook"
        }
      ],
      "addresses": [
        {
          "fullAddress": "12 Maybunga St, Barangay Paraiso, Pasig City, NCR, 1600, PH",
          "line1": "12 Maybunga St",
          "line2": "Barangay Paraiso",
          "city": "Pasig City",
          "region": "NCR",
          "zip": "1600",
          "country": "PH",
          "latitude": "14.573454",
          "longitude": "121.085042",
          "type": "Primary"
        }
      ],
      "metadata": {
        "createdAt": "2022-08-19T07:29:08Z",
        "itemCreatedAt": "2022-08-24T05:24:37Z",
        "sourceId": "a-123abc456def789abc123def456abc78",
        "sourceType": "ACCOUNT",
        "userId": "tenantId-123abc456def789abc123def456abc78",
        "providerId": "abccorp"
      }
    }
}

If the result is related to data retrieved from a user's account, a metadata object is also returned with more information about the response such as:

  • createdAt
  • itemCreatedAt
  • sourceId
  • sourceType
  • userId
  • providerId

If the response is a list or collection, the value of the data attribute is an array of objects. For example, the List Transactions endpoint will return a collection of Transactions:

{
    "code": "OK",
    "message": "Success!",
    "requestId": "508a2074-9229-4d59-b716-bb6b4221e196",
    "data": {
        "nextCursor": null,
        "items": [
            {
                "id": "t-f4b8293631c84e759d30afebb7d98678",
                "date": "2021-08-06",
                "description": "Order revenue",
                "currency": "PHP",
                "amount": 222.0000,
                "referenceId": "Order ID-945485798532",
                "metadata": {
                    "createdAt": "2022-02-22T05:26:09Z",
                    "itemCreatedAt": "2022-02-22T05:36:09Z",
                    "sourceId": "0e0e97100eec49e8b954e9e419d527fe",
                    "sourceType": "ACCOUNT",
                    "userId": "smilejan-329789936388493f831ad0edd1f8bc8c",
                    "providerId": "upwork"
                }
            },
            {
                "id": "t-281ad47efdc043e796e128ee5bdf50c3",
                "date": "2021-08-07",
                "description": "Order revenue",
                "currency": "PHP",
                "amount": 114.0000,
                "referenceId": "Order ID-023485780332",
                "metadata": {
                    "createdAt": "2022-02-22T05:26:09Z",
                    "itemCreatedAt": "2022-02-22T05:36:09Z",
                    "sourceId": "0e0e97100eec49e8b954e9e419d527fe",
                    "sourceType": "ACCOUNT",
                    "userId": "smilejan-329789936388493f831ad0edd1f8bc8c",
                    "providerId": "upwork"
                }
            },
            {
                "id": "t-6853edd863514eae98b18abf56764fc3",
                "date": "2021-08-08",
                "description": "Platform fee",
                "currency": "PHP",
                "amount": -25.5000,
                "referenceId": "Order ID-934585780080",
                "metadata": {
                    "createdAt": "2022-02-22T05:26:09Z",
                    "itemCreatedAt": "2022-02-22T05:36:09Z",
                    "sourceId": "0e0e97100eec49e8b954e9e419d527fe",
                    "sourceType": "ACCOUNT",
                    "userId": "smilejan-329789936388493f831ad0edd1f8bc8c",
                    "providerId": "upwork"
                }
            },
            {
                "id": "t-9409019eb2f141f898e73775be4c6600",
                "date": "2021-04-04",
                "description": "Order revenue",
                "currency": "PHP",
                "amount": 220.0000,
                "referenceId": "Order ID-934587514002",
                "metadata": {
                    "createdAt": "2022-02-22T05:26:09Z",
                    "itemCreatedAt": "2022-02-22T05:36:09Z",
                    "sourceId": "0e0e97100eec49e8b954e9e419d527fe",
                    "sourceType": "ACCOUNT",
                    "userId": "smilejan-329789936388493f831ad0edd1f8bc8c",
                    "providerId": "upwork"
                }
            },
            {
                "id": "t-a402ac196f404ab5bf1d148c5685624f",
                "date": "2021-08-09",
                "description": "Platform fee",
                "currency": "PHP",
                "amount": -20.0000,
                "referenceId": "Order ID-156987512999",
                "metadata": {
                    "createdAt": "2022-02-22T05:26:09Z",
                    "itemCreatedAt": "2022-02-22T05:36:09Z",
                    "sourceId": "0e0e97100eec49e8b954e9e419d527fe",
                    "sourceType": "ACCOUNT",
                    "userId": "smilejan-329789936388493f831ad0edd1f8bc8c",
                    "providerId": "upwork"
                }
            },
            {
                "id": "t-d318e3b6ad7845fda960a5d5add60bcb",
                "date": "2021-08-10",
                "description": "",
                "currency": "PHP",
                "amount": 59.0000,
                "referenceId": "Order ID-664426992012",
                "metadata": {
                    "createdAt": "2022-02-22T05:26:09Z",
                    "itemCreatedAt": "2022-02-22T05:36:09Z",
                    "sourceId": "0e0e97100eec49e8b954e9e419d527fe",
                    "sourceType": "ACCOUNT",
                    "userId": "smilejan-329789936388493f831ad0edd1f8bc8c",
                    "providerId": "upwork"
                }
            },
            {
                "id": "t-b1b8412a02e5482da260c7dbb045f455",
                "date": "2021-08-12",
                "description": "Platform fee",
                "currency": "PHP",
                "amount": -20.0000,
                "referenceId": "Order ID-234728692099",
                "metadata": {
                    "createdAt": "2022-02-22T05:26:09Z",
                    "itemCreatedAt": "2022-02-22T05:36:09Z",
                    "sourceId": "0e0e97100eec49e8b954e9e419d527fe",
                    "sourceType": "ACCOUNT",
                    "userId": "smilejan-329789936388493f831ad0edd1f8bc8c",
                    "providerId": "upwork"
                }
            }
        ]
    }
}

Parameters

Null Values

Sometimes you might see null as the returned value for a given attribute in the API response. This might happen when:

  • The data provider does not have a field for that attribute. For example, it has no fields for 'citizenship' or 'country of residence' related to Identity data.
  • In other cases, the field is supported by the data provider, but it is an optional field that is not enabled, or is hidden, or only shows up in certain conditions that are not present at the time the user shared their information. For example, details like their mobile phone or address may not be available if they have not gone through account verification or KYC process in their employment platform.

ISO

Conventions and Standards

To help in logging and troubleshooting, we apply some conventions when returning data to you.

Resource AttributePrefixExampleDescription
User IDtenantId-smile1234-a5b39dfe76174defb353d7e97a88a85eeach user ID has a prefix related to their tenant ID in our system
Identity IDi-i-45567e7689be49d5bc052a6e4a3805e6Identity related information
Transaction IDt-t-11de60721342404daa35f60d2875f37bTransaction related information
Ratings IDr-r-ff4723f9af5f4dc5b6a22ea27fb3c8a1Ratings related information
Documents IDd-d-ff4723f9af5f4dc5b6a22ea27fb3c8a1Documents-related information
Employments IDe-e-ff4723f9af5f4dc5b6a22ea27fb3c8a1Employments-related information
Incomes IDinc-inc-ff4723f9af5f4dc5b6a22ea27fb3c8a1Incomes-related information
Estimated Incomes ID
(early access)
einc-einc-ff4723f9af5f4dc5b6a22ea27fb3c8a1Estimated Incomes-related information
Contributions IDcon-con-ff4723f9af5f4dc5b6a22ea27fb3c8a1Incomes-related information
Archives IDu-u-ff4723f9af5f4dc5b6a22ea27fb3c8a1Uploaded files available as archives
Invites IDiv-iv-ff4723f9af5f4dc5b6a22ea27fb3c8a1Invitations sent out
Invite Templates IDivt-ivt-ff4723f9af5f4dc5b6a22ea27fb3c8a1Invite Templates created

To standardize data formats, we use commonly accepted standards to format the data, including:

Data TypesFormatExampleStandard
dateyyyy-MM-dd2021-04-21ISO 8601 full date
date-timeyyyy-MM-ddTHH:mm:ssZ2021-04-21T08:25:05ZISO 8601 full time
monthyyyy-MM2021-04ISO 8601 month
phone number+ (country code) (local area code) (phone number)+65281234567E.164
country codeISO alpha-2'SG' for SingaporeISO 3166
currencyISO alpha-3'USD' for US DollarsISO 4217

Pagination

List results and Pagination

Resources, or API endpoints, can return a list or a collection of objects. By default we return 10, with a maximum of 150, at a time. You can limit the results by passing a parameter for size. For more information on filtering or limiting results, see below on query parameters.

When Smile returns a collection, we will also return a value called nextCursor. See below for an example:

{
    "code": "OK",
    "message": "Success!",
    "requestId": "17bc5a84-2468-47f6-9d3c-05b5257befa5",
    "data": {
        "nextCursor": "20",
        "items": ["..."]
    }
}

To go to the next page in a collection, simply append the cursor parameter when you query an endpoint, using the nextCursor value returned from your previous query to go to the next page in the collection. See below for more information on cursor and other query parameters.


Parameters

Query Parameters

API endpoints which return a list or collection of objects can be filtered or limited based on different query parameters. Below are some examples:

ParameterDescription
sizeThe number of objects you want returned in a collection. See more information above on default values.
cursorUses the filter values of the previous page to determine the next set of items. See more information above on pagination.
userIdFilter the results by the associated userId
sourceIdFor source-related data, filter the results based on the associated sourceId
startDateFor data that has a date attribute, to be able to filter results by date range
endDateFor data that has a date attribute, to be able to filter results by date range

Some resources, however, have unique query parameters associated with them. Check out the documentation in each of the endpoints to find out more.


Rate Limits

Rate Limits

Smile limits the amount of API calls that can be made to each endpoint to ensure the stability and availability of the platform. At the moment we only allow clients a maximum of up to 20 requests per second per IP address. This is across all API endpoints. Clients which make too many requests in succession will be given an error with HTTP Status Code 429 or too many requests.

To request a higher limit, please contact [email protected].