What is it?
Consumer API is how you can access user data using the same API that powers Banno’s own Banno Online and Banno Mobile experiences.
Consumer API is how you can embed financial capabilities into app experiences outside of Banno (or use when building custom Banno dashboard cards with the
What is its purpose?
is intended to be used when an
External Application wants to call API endpoints with direct user interaction. This means that authentication is on the user’s behalf.
Have you completed the Authentication (Node.js Example) Quickstart?
Have you completed the Authentication (Command Line) Quickstart?
How do I use it?
These are some of the things you should know about the
OAuth 2.0 and OpenID Connect
Consumer API uses the OAuth 2.0 Authorization Code Grant flow to obtain an
Access Token. An
External Application can use its credentials to obtain an
Access Token after the user has logged in and consented to link their data with the 3rd party app. Once the
Access Token expires, the
External Application can exchange a
Refresh Token for a new
Access Token when necessary.
Consumer API uses the
OpenID Connect identity layer on top of OAuth to provide authenticated information about the user via an
Identity Token. The
Identity Token is encoded as a JSON Web Token (JWT).
Have you read the OpenID Connect and OAuth 2.0 topic?
Permissions and Scope Enforcement
Consumer API protects access to user data via OAuth / OpenID Connect scopes.
The OAuth / OpenID Connect scope required for a specific
Consumer API endpoint can be found in the endpoint’s definition in the API Reference.
Have you read the Authentication topic?
Consumer API data permissions are granted based on granular request scopes and claims, which provide limited access to specific data on a per user basis.
Have you read the Permissions Flow topic?
Authenticating to the
Consumer API requires an
External Application configuration to be created within Banno.
The back office administrator at your financial institution can do this for you in Banno People.
If the back office administrator does not know where to do this, they can review the External application configuration article on the Banno Knowledge site.
Consumer API protects access to user data using OAuth 2.0. The user’s login credentials are never shared with third party apps. Authorization is provided to third party applications via an
provides authenticated user identity information using OpenID Connect (OIDC). With OpenID Connect, third party apps are provided authenticated information about the user in the form of an
Have you reviewed the API Reference?
How have others used it?
These are some of the ways that 3rd party developers have used the
- Build a personal financial management (PFM) dashboard that pulls account information from different financial institutions into a unified view of a user’s complete financial life
- Simplify and prefill a loan application form
- Enable developers to securely access and share financial data via a secure data access network
These are some additional details that you may find useful as you build your apps.
Guides are designed to provide you with bite-sized introductions to our API. Each guide showcases a part of our API and how to use it in the simplest way.
We recommend reading these guides:
Do you have code that uses our deprecated and unversioned authentication endpoints?
If so, you’ll want to upgrade to use the v0 authentication endpoints.
We recommend reading the Guide on Migrating to the V0 OpenID Connect Endpoints.
Other “Getting Started” pages
These pages will help you get started with other parts of the Banno Digital Toolkit: