Developer Programs
Vendor Integration Program (VIP)
Direct access to Jack Henry's technical integration resources.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Developer Account
Create a developer acccount to access resources that help you integrate with Jack Henry.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Hub
Get deeper access to financial institution data.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and 3rd-party apps using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and 3rd-party apps using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Xperience
Modern UI that provides consistent visual integration across Jack Henry products.
Full List of APIs
Begin working with Jack Henry's public APIs to build financial applications today.

Authentication - Client Credentials (Command Line)

Admin API > Quickstarts > Authentication - Client Credentials (Command Line)

This Quickstart guides you through making your first Client Credentials flow authentication using our command line utility, @jack-henry/banno-client-creds-helper.

This example assumes that you have a working familiarity with the cURL command line tool.

Want to learn more about Authentication? See the Authentication topic for more details.

Prerequisites

Before you get started, you’ll need the following:

  • The back office administrator at your financial institution who has access to the Users & Groups section of Banno

If the administrator does not know where to do this, they can review the Configuration topic.

Understanding Your Development Experience
Are you a financial institution?

If you are a financial institution or working directly with a financial institution, you should work with the back office administrator at your institution to get appropriate access to the Admin API.

Are you a fintech or independent developer?

If you are a fintech or other developer working without a financial institution, you are likely using the JackHenry.Dev developer portal. In this case, you will not have access to the Banno Back Office.

Software requirements

OpenSSL

This Quickstart uses OpenSSL commands to generate a Public Key + Private Key pair.

Node.js, npm, nvm

The @jack-henry/banno-client-creds-helper utility is built for Node.js and npm.

If you don’t have these installed on your system already, you may want to install a Node Version Manager such as nvm.

The utility requires Node.js version 14.0.0 or later.

Check your current version with node --version.

Generating a public key + private key pair

For more details, see the Public Key + Private Key topic.

Step 1. Create the private Key

Command Line
openssl genpkey -algorithm RSA -out private.pem

Step 2. Create the public key in .PEM format

Command Line
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

Configuration in Users & Groups section of Banno

For more details, see the Configuration topic.

These steps will need to be performed by the back office administrator at your financial institution.

Step 1. Enter a name for the application

Enter a name of Test Application.

Step 2. Select an application type

  • Select Service account
  • Select Signed JWT

Step 3. Copy-and-paste the public key

Copy the contents of the public.pem Public Key file created in the earlier steps.

Paste the contents into the text field.

The Public Key, in .pem format, is a text file and can be viewed with a text editor.

  • You may need to configure your text editor to open .pem formatted files.

Shortcut to copy the contents of the public.pem file

You can use the command below to put the public key directly into your clipboard.

  • This shortcut command works on macOS, Linux, or Unix.
Command Line
pbcopy < public.pem

Step 4. Select the associated user

For more details, see the Associated User topic.

Select the Associated User for this application. The Associated User should have only the privileges/permissions that are specifically necessary for the application to function.

If this user does not exist, then it will have to be created by the back office administrator at your financial institution.

Step 5. Press save

Press the Save button to create the configuration of the API credentials.

This will generate the Client ID necessary for the next step.

Obtain an access token

For more details, see the Client Credentials Flow topic.

You’ll need the following from the previous steps to run the @jack-henry/banno-client-creds-helper utility:

  • Client ID
  • private.pem Private Key file
Command Line
npx @jack-henry/banno-client-creds-helper client-assertion --client-id=[CLIENT_ID] --private-key=./private.pem

The npx command automatically downloads and executes the latest version of the utility on-demand.

The terminal will output the various steps that the @jack-henry/banno-client-creds-helper performs:

  • Creating the JWT payload
  • Signing the JWT
  • Sending the Token Request

You’ll know that you have successfully authenticated based on this part of the terminal output:

Example success response
[content omitted]
Token POST response: {
  "access_token": "<lengthy-json-web-token-string>",
  "expires_in": 600,
  "token_type": "Bearer",
  "scope": "openid full"
}

When decoded, the Access Token will look similar to the form below:

Decoded Access Token
{
  "authType": "e",
  "v": "0",
  "clientName": "Test Application",
  "institutionId": "[INSTITUTION_ID]",
  "accountId": "[ACCOUNT_ID]",
  "jti": "7ZGJ4E2HBgXlVrA2jhoMo",
  "iat": 1624985060,
  "exp": 1624985660,
  "scope": "openid full",
  "iss": "https://www.banno.com/a/oidc-provider/api/v0",
  "aud": "[CLIENT_ID]"
}

The Access Token can be used to make API calls.

The Authentication Framework - Tokens article has information on the various Tokens.

Next steps

Congratulations! Continue your learning journey:

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Did this page help you?
Last updated Tue Jul 18 2023