Orion
Orion is an OAuth-based portfolio management integration that syncs client households, accounts, and holdings from Orion Portfolio Solutions into RightCapital.
Overview
Section titled “Overview”| Attribute | Value |
|---|---|
| Integration Type | Portfolio Management (Data Sync) |
| Authentication | OAuth 2.0 (Non-RFC compliant) |
| Data Flow | Orion → RightCapital (inbound) |
| Data Sync | Nightly automatic + on-demand |
| Owner | Kewei Yan |
Entity Mapping
Section titled “Entity Mapping”| Orion Entity | RightCapital Entity |
|---|---|
| Client | Household |
| Account | Account |
| Portfolio | Account Group |
| Model | TargetCategoryMix |
Account Type Mapping
Section titled “Account Type Mapping”| Orion Account Type | RightCapital Subtype |
|---|---|
IRA, Traditional IRA, IRA Rollover | Traditional IRA |
Roth, Roth IRA, IRA Roth | Roth IRA |
Inherited IRA, IRA Inherited | Inherited Traditional IRA |
Simple IRA, SIMPLE IRA | Simple IRA |
SEP IRA | SEP IRA |
529, Educational Savings Account | 529 |
Trust, Revocable Trust, Living Trust | Trust |
401(K), 403(B), Individual 401(K) | 401K |
UTMA, Uniform Gift to Minors Account | UTMA |
Coverdell ESA | Coverdell |
Health Savings Accounts | HSA |
Annuity | Annuity (Taxable) |
Individual, Joint, JTWROS | Taxable |
Note: Life Insurance accounts are explicitly skipped during sync.
Authentication
Section titled “Authentication”Orion uses OAuth 2.0 but with non-RFC 6749 compliant behavior:
- Authorization code exchange: Uses
POSTmethod (standard) - Refresh token exchange: Uses
GETmethod with Bearer token in header (non-standard)
When authentication fails, Orion responds with HTTP 401 and an empty body.
API Endpoints
Section titled “API Endpoints”| Endpoint | Method | Purpose |
|---|---|---|
/api/v1/Authorization/User | GET | Get authenticated user info |
/api/v1/Portfolio/Clients | GET | List all clients (households) |
/api/v1/Portfolio/Clients/{id}/Accounts | GET | Get accounts for a client |
/api/v1/Portfolio/Clients/{id}/Assets/{date} | GET | Get holdings with cost basis |
Code Locations
Section titled “Code Locations”| Component | Path |
|---|---|
| Backend Integration | retail-api/app/Integrations/Orion/ |
| Config | Config.php |
| Connector | Connector.php |
| Controller | Controller.php |
| Integrator | Integrator.php |
| Sync | Sync.php |
| OAuth Provider | OAuth2/Provider.php |
| Models | Models/Household.php, Models/Account.php, Models/InvestmentAccount.php, Models/Holding.php |
SSO Support
Section titled “SSO Support”Orion supports Single Sign-On (SSO) for both advisors and clients:
| Attribute | Description |
|---|---|
alClientId | Firm ID (used as integration reference) |
userDetailId | User/advisor reference |
entityId | Client reference (when applicable) |
entity | Entity type (5 = Household/Client) |
originalEntity | Present when advisor is impersonating a client |
Common Issues
Section titled “Common Issues”Hierarchical Accounts
Section titled “Hierarchical Accounts”Orion supports nested account structures that RightCapital flattens by syncing all accounts under the top-level client.
Unknown Account Types
Section titled “Unknown Account Types”Accounts with unknown types default to TAXABLE and are logged for review.
Related
Section titled “Related”- Panoramix - Similar investment account integration