Getting Started

Introduction to the Difitek API

The Difitek API is used to build online platforms and marketplaces globally for managing private placements, securities, real estate, crowdfunding, peer-to-peer lending, and public stock trading. This public REST API provides an end-to-end server side application, which supports the technical back office requirements for client side applications of various kinds in the online investing and lending markets. The Difitek API also contains private financial back office functions and other third-party services which are made available on request.

Difitek operates two environments: sandbox and production. When you first set up your account with Difitek and you receive your API credentials, these will give you access to the sandbox environment. Some functionality, such as data export, transactional emails, webhooks, and analytics are disabled in the sandbox environment and only available to live, production accounts.

Once you are ready to launch your platform in the live, production environment, please get in touch with us in order to set up your live environment credentials.

The Difitek Infrastructure

The API is part of a broad infrastructure that includes everything that you might need to build your own unique digital finance marketplace. As well as the API, we provide a secure, hosted Admin Portal that allows you and your team to manage your operations and keep a complete audit log of all activities on your front-end user platform.

The API itself then provides access to a Difitek hosted database and Content Delivery Network for storing documents, such as images, offering documents or investment contracts, as well as access to dozens of third-party services that support the online funding process.

The Difitek Infrastructure also enables transactional emails and webhooks that can be generated using trigger points in your platform's activity, for instance whenever a new User registers or an Offering is first published. These emails and webhooks are only available in live environments and are disabled on sandbox.

API Architecture

The Difitek API follows REST principles. Every resource (User, Organization, Offering, etc.) has a unique identifying URI with which you can interact with it. All data must be sent in JSON format via HTTPS and all response data is returned in JSON format.

The API responds to GET, POST, PATCH and DELETE requests. Responses will either be in Success format:

The HTTP Code describing the response
The data requested in a JSON-formatted string

or in Error format:

The HTTP Code describing the response
A JSON-formatted string containing:
code: An exception code for this error
developer_message: A description of the exception for developers
user_message: A sanitized description of the exception for your end users
fields: Additional fields that may be included for debugging purposes

API Credentials

In order to start building on top of the Difitek API, you will need to authenticate your requests using credentials that are supplied by Difitek.

Authentication with the Difitek API is handled through a request header. All requests to the API must include a cv-auth header, which should be generated using one of Difitek's SDKs. The header is created using:

The name of your Network. This is your unique customer identifier for the Difitek system
API Key:
A valid API Key that is associated with your Network
API Secret:
A valid API Secret that is associated with your API Key
An email address that represents the User making the request
A valid password associated with the User making the request

To make a request to the Public or Social endpoint, for instance to register a new User or to retrieve Featured Offerings, which are available to site visitors who are not currently logged in, specify the following values for Username and Password when generating the header:


All requests to all other API endpoints must be made on behalf of a specific User, and therefore must use a valid Username and Password or an authenticated Social account when generating the header.

When using a Username and Password those two values should be used to generate the cv-auth header. Otherwise, to allow the User to authenticate using Single Sign On, provide a 'jwt-auth' header and use the 'single sign in' version:


Please see the Single Sign On section of the Key Concepts reference page for further information on using SSO.

All requests to the Difitek API must be made using HTTPS.

Third-Party Service Credentials

The Difitek API includes several third-party services to provide functionality and processes that are not offered directly by Difitek, for instance Payments, KYC/AML or identity verification, Risk and Credit Scoring services, Data services, and so on.

Every such third-party service requires its own credentials, which must be added to your Difitek account before the relevant functionality can be accessed through the Difitek API. Third-party services may also incur additional costs when used in live, production environments.

In order to set up your credentials for any third-party service, please get in touch with Difitek. You may also request additional services that may not yet be available through the Difitek API.


To test the API functionality using your own credentials, please download one of our SKDs or visit our Generate Token page, where you can create an authentication token for the API using your own credentials.


Software Development Kits are available at Difitek's Github page. To request SDKs in languages that are not currently available please get in touch to find out more.

Sample User Interfaces

Visit Funding Themes Hub to see a repository of sample User Interface code for securities platforms, real estate marketplaces, peer-to-peer lending platforms, trading platforms and crowdfunding platforms. These sites have been developed by Difitek Certified Partners to be compatible with the Difitek API.


Visit our Tutorials page to see recorded webinars explaining how to build on top of the Difitek API.

Further Support

Get in touch with our support team to get technical support or to find certified Difitek delivery partners. Review our Getting Started Checklist to find out about other resources you may need as part of a new project.

Difitek is a trading name of Crowd Valley Inc.

Crowd Valley, Inc does not engage in the offer, sale or transfer of securities and securities may not be offered, sold or transferred via this website. Securities may not be offered or sold in the United States absent (i) registration under the U.S. Securities Act of 1933, as amended (the Securities Act) or (ii) an available exemption from registration under the Securities Act. Please consult legal counsel in the appropriate jurisdiction before offering, selling or buying securities as registration under the Securities Act or similar state legislation may be required.

Please note that the provision of the information on this website does not create and is not intended to create a relationship between Crowd Valley Inc. and any other person. You are not and should not regard yourself as being a client or customer of Crowd Valley Inc. and must not expect Crowd Valley Inc. to have any duties or responsibilities to you, act for you or your clients, or be responsible for providing protections afforded to customers or yourselves or be responsible for advising you in any respect.

© Difitek, All rights reserved.