A reusable integration that earned a brokerage the #1 Globe & Mail ranking
Wealthscope needed a way for brokerages to offer portfolio analytics without sharing client data. The previous vendor quoted $50k per integration. SteelSprint built a reusable package that replaced all of them with a single install.
The Company
Wealthscope is a portfolio analytics platform built by a team led by a York University finance professor. It scores investment portfolios on performance, risk, fees, diversification, and income. Their enterprise business sells integrations to online brokerages and wealth management firms.
The Problem
Wealthscope needed to embed its analytics inside partner platforms. Their existing development partner quoted $50,000 per integration. Each new brokerage partner would cost another $50,000. At that rate, the enterprise business couldn't scale.
The consultant's approach had a bigger problem. Their plan was a nightly batch job that would pull all client data from the partner's systems into Wealthscope's servers. Every client, every account, every holding. For a brokerage handling billions in assets, that's not an integration strategy. It's a data breach waiting to happen.
The Approach
We built a reusable integration package that solved both problems at once. Instead of pulling data out of the partner's platform, we pushed Wealthscope's analytics into it.
The key decision was building the integration once, not per partner. The first integration took two months. Every integration after that cost Wealthscope $0 in development. Partners drop in the package, configure a few options, and go live. No custom work required from Wealthscope's team.
The security model was just as important. Instead of moving all client data to a third party's servers, we moved the analytics to the client's data. No bulk data export. No nightly jobs. No client data stored on Wealthscope's servers.
Technical detailsThe partner's data never leaves their environment. We built a secure embedding layer, a cryptographic authentication flow, and a three-method integration interface that lets any partner go live without custom development.+
The SDK injects a secure iframe into the partner's page. Wealthscope's analytics UI runs inside the iframe. The partner's platform feeds only the current user's portfolio data into the iframe via postMessage, piggybacking off the partner's own authentication session.
Each partner generates a signed JWT token with the current user's portfolio data. Wealthscope verifies the signature against the partner's registered public key. If the signature checks out, the analytics load. If not, the iframe rejects the session. The partner never shares credentials with Wealthscope. Wealthscope never touches the partner's auth system.
The SDK handles iframe injection, message passing, and session management. Partners integrate via three methods: render, login, logout. The package also exposes a REST API integration for partners who want custom UI instead of the embedded iframe.
What We Delivered
An open-source integration package, still in use six years later.
Embeddable analytics: Wealthscope's full analysis embedded directly inside the partner's platform
Secure by design: no client data ever leaves the partner's environment
Zero marginal cost: each new partner integration requires no development from Wealthscope
Full documentation: integration guide and examples for partner teams
The Results
Virtual Brokers, a CI Financial subsidiary, was the first partner to go live. The integration launched in January 2019. That same year, Virtual Brokers earned the #1 online brokerage ranking in the Globe & Mail's annual survey by Rob Carrick.
The reusable package eliminated the per-integration cost entirely. What would have been $50,000 per partner became a one-time investment that scales to unlimited integrations. The package still receives weekly downloads six years later.
The Takeaway
Build the product, not the integration. A reusable solution cost the same as one custom build and eliminated every future cost. The security model was better too: instead of moving all client data to a third party's servers, we moved the analytics to the client's data.