Digital Toolkit
JackHenry.dev
Learn how to develop with Jack Henry's digital banking platform to innovate faster and deliver top-notch experiences.
Digital Toolkit
Integrate with Jack Henry's plugin framework, authentication framework, admin API, and consumer API.
jXchange
Integrate with Jack Henry's SilverLake, CIF 20/20, and Core Director banking cores.
SymXchange
Integrate with Jack Henry's Symitar credit union core.
Payments
Embed check deposits, ACH transactions, bill payments, card issuing and processing, and real-time payments.
Design Guidelines
Create stunning products with this set of visual guidelines

Public Key + Private Key

Admin API

Part of the authentication process requires managing a Public Key + Private Key pair.

Private Key

The Private Key remains solely in your possession and must be kept secret. This is what you will use to create the signed JSON Web Token (JWT) when authenticating with the API.

You’ll know that you are viewing a Private Key if the content begins with:

-----BEGIN PRIVATE KEY-----
[content omitted]
-----END PRIVATE KEY-----

Security Considerations

Don't
Do not share the Private Key via unsecured channels (e.g. email or instant messaging).
Don't

It is important to keep the Private Key secret and not leak it through some kind of frontend, client-accessible JavaScript call.

  • Similarly, do not commit the Private Key to your source code repository.

Public Key

The Public Key is configured as part of an External Application in the Users & Groups app within Banno. The back office administrator at your financial institution can do this for you in the Users & Groups section of Banno.

You’ll know that you are viewing a Public Key if the content looks like this:

-----BEGIN PUBLIC KEY-----
[content omitted]
-----END PUBLIC KEY-----

Security Considerations

The Public Key is used to verify that API requests which claim to be from your External Application do in fact originate from your application.

Generating a Public Key + Private Key pair

Generating the Public Key + Private Key pair can be done in various ways on different platforms. One option is to use OpenSSL.

The key size should be generated with at least 2048 bits of size.

1. Create the Private Key

Command Line 
openssl genpkey -algorithm RSA -out private.pem

External Resource:

2. Create the Public Key in .PEM format

Command Line 
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

External Resource:

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Wed Dec 28 2022