Restrictions
The Consumer API is specifically designed to protect the security of the user and protect the user experience.
As such, these are some restrictions to keep in mind as you build your app.
Permissions and scope enforcement
The Consumer API protects access to user data via OAuth / OpenID Connect scopes.
The OAuth / OpenID Connect scope required for a specific Consumer API endpoint can be found in the endpoint’s definition in the API Reference.
See the Authentication topic for more details.
Permissions flow
The Consumer API data permissions are granted based on granular request scopes and claims, which provide limited access to specific data on a per user basis.
See the Permissions Flow topic for more details.
Modifying data on the core platforms
The Consumer API works with data from these core platforms offered by Jack Henry:
Banking Core Platforms
- SilverLake
- CIF 20/20
- Core Director
Credit Union Core Platform
- Symitar
Although the Consumer API may modify data on the core as part of its operations, it is not intended to be used as a generic ‘pass through’ for modifying data on the core.
If you need such a solution, we recommend looking into integrating with jXchange (for banks) or SymXchange (for credit unions).