The primary purpose of the SDK is to enable the secure granting of access, either read only or write to an investment account.
Only one party can ever have access to an investment account at any one time. Access is always granted within the context of either:
Self directed management - the account owner links their own account and is responsible for all execution.
This is the default scenario and while the account owner does of course already have access to their account, there are many reasons why they would want to link to their own account. This includes for example, if the account owner's intent was to allow a third party i.e. their financial advisor, access to the account data, during the read-only linking process, write access would be automatically granted to the account owner.
Account management - responsibility is granted to another party to manage the account. The intent is for account owner to pass all portfolio management and execution decisions and implementation for the account to a manager where the account is managed independently of any other account. How the account is managed will be highly customised to the account owner.
Discretionary/Execution management - responsibility is granted to another party to manage the account within the context of a strategy (fund) that is typically applied to >1 accounts. When the account owner is linking their account, it is clear that they are linking their account to become part of a 'fund'. A fund also has its own aggregate reporting.
Any number of parties/partners can have read only access to an investment account, provided the account owner has granted permission. Access is always granted within the context of either:
Basic Information - the simplest portfolio data from an account which contains only the asset details. This is intended for services such as financial news websites where it can help
Advisory - expanded data from an account gives a partner in-depth
When an account is linked, there are constraints on how the account can be managed. These constraints are always 'owned by' the account owner as it is always their account and their money and they can control, to some extent, how much risk is taken with their money and where it is allocated, regardless of who is managing their account.
There are three core settings:
All orders must respect these settings unless the account owner has explicity allowed them to be bypassed.
For Self Directed investors, these settings to apply as they help to manage their own risk, but as they are the account owners, the settings can be adjusted, changed for a single order or bypassed allowing plenty of flexibility.