API Reference
Introduction
The Consumer API
is based on REST and has predictable resource-oriented URLs. The Consumer API
uses standard HTTP verbs and status codes and returns
JSON-encoded responses.
The Consumer API
protects access to user data using OAuth 2.0. The user’s login credentials are never shared with third party apps. Authorization is provided to third party applications via an access_token
.
The Consumer API
provides authenticated user identity information using OpenID Connect (OIDC)
. With OpenID Connect, third party apps are provided authenticated information about the user in the form of an identity_token
.
Both the access_token
and identity_token
are encrypted in JSON Web Token format.
Base URL
See the Base URL topic.
Versioning
See the Versioning topic.
Currency
See Currency.
Date and Time
See Date and Time.
Authentication
-
API endpoints are protected by an OAuth / OpenID Connect
scope
as part of the Permissions Flow. -
The OAuth / OpenID Connect
scope
required for a specific API endpoint can be found in the endpoint’s definition in the API Reference.
See the Authentication topic for more details.
API Credentials
Before you get started, you’ll need to get these from the back office administrator at your financial institution who has access to Banno People.
If the administrator does not know where to do this, they can review the External application configuration article on the Banno Knowledge site.
If you are developing using a Jack Henry test environment, you will not have access to Banno People. In this case, Jack Henry is the acting administrator of the financial institute and you will have to contact us for any Banno People operations.
You’ll need these credentials:
client_id
client_secret
<— Keep this secret!
Do not share credentials via unsecured channels (e.g. email or instant messaging)
Similarly, do not commit credentials to your source code repository.
It is important to keep the client_secret
value secret and not leak it through some kind of frontend, client-accessible JavaScript call.