Digital Toolkit

Getting Started

Admin API > Getting Started

What is it?

The Admin API is how you can manage the back office using the same API that powers Banno’s own Banno People, Banno Marketing, and other back office experiences.

The Admin API is how you can automate the administrative side of Banno.

What is its purpose?

The Admin API is intended to be used when an External Application wants to call API endpoints without direct user interaction. This means that authentication is for the application itself.


Have you completed the Authentication - Client Credentials (Command Line) Quickstart?
Have you completed the Authentication - Authorization Code (Command Line) Quickstart?

How do I get help?

If you are having issues with the Admin API, try stepping through the Troubleshooting page.


How do I use it?

These are some of the things you should know about the Admin API.

Client credentials flow

The Admin API uses the OAuth Client Credentials flow to obtain an Access Token. An External Application can use its credentials to directly obtain an Access Token.

Once the Access Token expires, the External Application requests a new one when necessary.

The Client Credentials flow requires authenticating with a signed JSON Web Token (JWT) that uses a public key + private key pair.

Have you read the Client Credentials Flow topic?

Public key + private key

The authentication process for the Admin API requires managing a Public Key + Private Key pair to sign a JSON Web Token (JWT).

The Private Key remains solely in your possession and must be kept secret. This is what you will use to create the signed JWT when authenticating with the API.

The Public Key is configured as part of an External Application in the Users & Groups app within Banno. The back office administrator at your financial institution can do this for you in the Users & Groups section of Banno.

Have you read the Public Key + Private Key topic?

Associated user

When an External Application authenticates itself with the Admin API, all actions are performed and logged as a single Associated User in Banno.

The Associated User acts as a back office administrator at the financial institution. As such, it is best to have the Associated User be created with only the privileges/permissions that are specifically necessary for the External Application to function.

Have you read the Associated User topic?


Authenticating to the Admin API requires an External Application configuration to be created within Banno.

The back office administrator at your financial institution can do this for you in the Users & Groups section of Banno.

Have you read the Configuration topic?

API reference

The Admin API is based on REST and has predictable resource-oriented URLs. The Admin API uses standard HTTP verbs and status codes and returns JSON-encoded responses.

The Admin API protects access to user data using OAuth 2.0. Login credentials are never shared with third party apps. Authorization is provided to third party applications via an Access Token.

The Access Token is encoded in JSON Web Token format.

Have you reviewed the API Reference?

How have others used it?

These are some of the ways that 3rd party developers have used the Admin API:

  • Enable call center agents to use new functionality within an existing CRM (customer relationship management) tool:
    • Look up user status
    • Unlock a user account
    • Send an email or SMS to reset a user’s password

Additional details

These are some additional details that you may find useful as you build your apps.


Guides are designed to provide you with bite-sized introductions to our API. Each guide showcases a part of our API and how to use it in the simplest way.

We recommend reading the Guide to Reset a User Password or Building User Support Tools.

Other “Getting Started” pages

These pages will help you get started with other parts of the Digital Toolkit:

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Mon Jul 24 2023