Vasco API Guides
Welcome to the Vasco GraphQL API documentation. These guides will help you understand the core concepts of the platform and walk you through the most common business workflows.
GraphQL Endpoint
All queries and mutations are sent as POST requests to:
/graphql/
Authentication
Most operations require authentication. Include a JWT Bearer token in the Authorization header:
Authorization: Bearer <your-jwt-token>
Public operations (user registration, password reset) can be called without a token.
Guide Structure
Concepts
Understand the building blocks of the Vasco platform before writing your first query.
| Concept | Description |
|---|---|
| Account | The investor's holding entity — the central object of the platform |
| User | A physical person who owns one or more accounts |
| Company, Security & Security Operation | The products and fund operations that investors subscribe to |
| Transaction | All money movements: investments, distributions, cessions, and more |
| Intermediated placement | The network of distributors and advisors |
| Forms | Configurable KYC and subscription forms |
Recipes
Step-by-step guides for the most common API workflows.
| Recipe | Description |
|---|---|
| Account Management | Create and retrieve accounts, manage portal access |
| KYC Management | Submit KYC answers, trigger analysis, and track compliance status |
| User Management | Create users and grant account access |
| Investment Management | Create an investment, fill subscription forms, and upload documents |