Digital Toolkit
JackHenry.dev
Learn how to develop with Jack Henry's digital banking platform to innovate faster and deliver top-notch experiences.
Digital Toolkit
Integrate with Jack Henry's plugin framework, authentication framework, admin API, and consumer API.
jXchange
Integrate with Jack Henry's SilverLake, CIF 20/20, and Core Director banking cores.
SymXchange
Integrate with Jack Henry's Symitar credit union core.
Payments
Embed check deposits, ACH transactions, bill payments, card issuing and processing, and real-time payments.
Design Guidelines
Create stunning products with this set of visual guidelines

Associated User

Admin API

When an External Application authenticates itself with the Admin API, all actions are performed and logged as a single Associated User in Banno.

Principle of least privilege

The principle of least privilege is a key concept in information security.

Don't
It is not recommended to create an Associated User that has all possible privileges/permissions assigned to it.
Do
It is highly recommended to follow the principle of least privilege when creating an Associated User.

The Associated User acts as a back office administrator at the financial institution. As such, it is best to have the Associated User be created with only the privileges/permissions that are specifically necessary for the External Application to function.

The back office administrator at your financial institution can do this for you in the Users & Groups section of Banno.

Example

If an External Application is only meant to view information about users then the Associated User should only include the permissions necessary to view users and should not include permissions to edit or delete users.

Key Concepts

The External Application is required to maintain its own audit log of actions.
All actions by the External Application are performed and logged as a single Associated User in Banno.
Warning
The Associated User acts as a back office administrator at the financial institution and should be created with only the privileges/permissions that are specifically necessary for the External Application to function.

A good rule of thumb is that the Associated User is able to perform the same tasks with the Admin API that they are able to do within the back office UI (ie. if the user is able to search and see users within the back office UI, the Associated User will also be able to perform this task from the Admin API).

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Wed Dec 28 2022