API Documentation (2.1.3)

Financial Analytics API

Overview

The Financial Analytics API provides comprehensive data analysis and insights for ISA investments and trading behavior. This powerful platform enables financial institutions, advisors, and analysts to access detailed metrics, trends, and recommendations through a simple, consistent REST API.

Key Capabilities

ISA Analytics

Access detailed analytics on Individual Savings Accounts (ISAs) including:

  • Provider market share and performance metrics
  • Customer demographic analysis across age groups and income brackets
  • Behavioral patterns and investment preferences
  • Term duration and risk profile analysis
  • Personalized provider recommendations

Trading Analytics

Comprehensive trading data analysis including:

  • Market trends and sentiment indicators
  • Trading pair popularity and directional bias
  • Trader behavior patterns and preferences
  • Broker performance metrics and comparison
  • Predictive signals and anomaly detection

Authentication

All API requests require authentication using an API key which should be passed as a query parameter:

GET /isa/summary?api_key=your_api_key

Contact our team to obtain your API key and access credentials.

Rate Limits

Our API offers different tiers of access:

  • Standard: 60 requests per minute
  • Premium: 300 requests per minute
  • Enterprise: Custom limits available

Response Format

All responses are returned in JSON format and follow a consistent structure:

{
  "timestamp": "2024-03-20T12:00:00Z",
  "data": {
    // Response data specific to the endpoint
  }
}

Error Handling

The API uses standard HTTP status codes to indicate the success or failure of requests:

  • 200: Success
  • 400: Bad request (invalid parameters)
  • 401: Unauthorized (invalid API key)
  • 404: Resource not found
  • 422: Validation error
  • 429: Rate limit exceeded
  • 500: Server error

Error responses include detailed information to help troubleshoot the issue:

{
  "timestamp": "2024-03-20T12:00:00Z",
  "error": "Validation Error",
  "detail": "Invalid parameter: start_date must be in DD-MM-YY format"
}

Versioning

The API uses a semantic versioning system (Major.Minor.Patch). The current version is 2.1.3.

Getting Started

  1. Sign up for an API key at our developer portal
  2. Explore the available endpoints in this documentation
  3. Make your first request to the API
  4. Implement the insights into your application or analysis
Download OpenAPI description
openapi.json
openapi.yaml
Languages
Servers
Mock server
https://docs.tfe.ai/_mock/openapi/
Production server
https://api.tfe.ai/

Behavioral

Operations

Demographic

Operations

Provider

Operations

Summary

Operations

Market Analysis

Analysis of market trends, instruments, and trading signals

Operations

Trader Analytics

Analysis of trader behavior and demographics

Operations

Broker Insights

Broker analysis, comparison, and performance metrics

Operations

Summary Metrics

Overview statistics and most popular metrics

Operations

FAQ

Error Handling

Quick Start Guide

Authentication

API Security Features for TFE API

Handling Rate Limits

When you exceed your rate limit, the API returns a 429 (Too Many Requests) status code. Implement exponential backoff retry logic to handle these cases gracefully.

Example in Python:

import requests
import time
import random

def make_api_request_with_backoff(url, api_key, max_retries=5):
    headers = {"X-API-Key": api_key}
    
    for attempt in range(max_retries):
        response = requests.get(url, headers=headers)
        
        if response.status_code == 200:
            return response.json()
            
        if response.status_code == 429:
            if attempt == max_retries - 1:
                raise Exception("Rate limit exceeded after maximum retries")
                
            # Get retry time from headers or use exponential backoff
            retry_after = int(response.headers.get('X-RateLimit-Reset', 1))
            # Add jitter to prevent thundering herd
            sleep_time = retry_after + (random.random() * 0.5)
            print(f"Rate limited. Retrying after {sleep_time:.2f} seconds")
            time.sleep(sleep_time)
            continue
            
        # Handle other errors
        response.raise_for_status()
        
    raise Exception("Request failed after maximum retries")

## Compliance & Certifications

The TFE API is designed with security best practices that align with the following standards:

* **GDPR**: For handling personal data of EU residents
* **PSD2**: For payment services directives (where applicable)
* **ISO 27001**: Information security management principles
* **Financial Conduct Authority (FCA)**: Adherence to UK financial regulations

### Security Assessment

* Regular penetration testing by independent security firms
* Vulnerability scanning is performed weekly
* Security practices are continuously reviewed and updated
* Compliance with banking industry security standards

## Incident Response

### Security Incident Process

In the event of a security incident:

1. We will identify and contain the incident
2. We will notify affected clients within 24 hours
3. We will investigate the root cause
4. We will remediate vulnerabilities
5. We will provide post-incident reports to affected clients

### Reporting Security Issues

If you discover a security vulnerability, please report it to [security@tfe.ai](mailto:security@tfe.ai).

## Audit & Monitoring

### Request Auditing

All API requests are logged with the following information:

* Timestamp
* Client ID
* IP address
* Requested endpoint
* Response status code
* Request ID (returned in the `X-Request-ID` header)
* Request duration

These logs are used for:

* Security monitoring
* Compliance auditing
* Performance analysis
* Troubleshooting
* Threat detection

### Access Control Audit

All authentication events are logged:

* Successful and failed authentication attempts
* API key usage
* Token generation and usage
* Access to sensitive endpoints
* Administrative actions

### Monitoring System

Our monitoring system provides:

* Real-time alerting for suspicious activities
* Detection of unusual request patterns
* Continuous monitoring of security controls
* Automated response to potential threats
* Anomaly detection using machine learning

## Error Codes & Responses

The API uses standard HTTP status codes and a consistent error response format:

### HTTP Status Codes

* `200 OK`: Request successful
* `400 Bad Request`: Invalid request parameters
* `401 Unauthorized`: Authentication failed
* `403 Forbidden`: Insufficient permissions
* `404 Not Found`: Resource not found
* `429 Too Many Requests`: Rate limit exceeded
* `500 Internal Server Error`: Server-side error

### Error Response Format

```json
{
  "timestamp": "2023-07-01T14:30:00Z",
  "error": "Error type",
  "detail": "Human-readable error message"
}

Getting Started

Environments

The API provides two environments:

  1. Sandbox: For development and testing

    • Less strict rate limits
    • Test data available
    • Uses test API keys

  2. Production: For live applications

    • Full security controls enforced
    • Real data access
    • Requires production API keys

Security