What is it?
Admin API is how you can manage the back office using the same API that powers Banno’s own Banno People
, Banno Marketing, and other back office experiences.
Admin API is how you can automate the administrative side of Banno.
What is its purpose?
Admin API is intended to be used when an
External Application wants to call API endpoints without direct user interaction. This means that authentication is for the application itself.
Have you completed the Authentication Quickstart?
How do I use it?
These are some of the things you should know about the
Client Credentials Flow
Admin API uses the OAuth
Client Credentials flow to obtain an
Access Token. An
External Application can use its credentials to directly obtain an
Access Token. Once the
Access Token expires, the
External Application requests a new one when necessary.
Have you read the Client Credentials Flow topic?
Public Key + Private Key
The authentication process for the
Admin API requires managing a
Public Key +
pair to sign a JSON Web Token (JWT).
Private Key remains solely in your possession and must be kept secret. This is what you will use to create the signed JWT when authenticating with the API.
Public Key is configured as part of an
External Application in the Users & Groups
app within Banno. The back office administrator at your financial institution can do this for you in the Users & Groups section of Banno.
Have you read the Public Key + Private Key topic?
External Application authenticates itself
Admin API, all actions are performed and logged as a single
Associated User in Banno.
Associated User acts as a back office administrator at the financial institution. As such, it is best to have the
Associated User be created with only the privileges/permissions that are specifically necessary for the
External Application to function.
Have you read the Associated User topic?
Authenticating to the
Admin API requires an
External Application configuration to be created within Banno.
The back office administrator at your financial institution can do this for you in the Users & Groups section of Banno.
Have you read the Configuration topic?
Admin API protects access to user data using OAuth 2.0. Login credentials are never shared with third party apps. Authorization is provided to third party applications via an
Access Token is encoded in JSON Web Token format.
Have you reviewed the API Reference?
How have others used it?
These are some of the ways that 3rd party developers have used the
Enable call center agents to use existing CRM (customer relationship management) tool with new functionality:
- look up user status
- unlock a user account
- send an email or SMS to reset a user’s password
These are some additional details that you may find useful as you build your apps.
Guides are designed to provide you with bite-sized introductions to our API. Each guide showcases a part of our API and how to use it in the simplest way.
We recommend reading the Guide to Reset a User Password.
Other “Getting Started” pages
These pages will help you get started with other parts of the Banno Digital Toolkit: