Configuration

Authenticating to the Consumer API requires an External Application configuration to be created within Banno.

The back office administrator at your financial institution can do this for you in Banno People.

If the back office administrator does not know where to do this, they can review the External application configuration article on the Banno Knowledge site.

If you are developing using a Jack Henry test environment, you will not have access to Banno People. In this case, Jack Henry is the acting administrator of the financial institution and you will have to contact us for any Banno People operations.

Consumer API - Setup a new external application

Requirements

Name

The name of the External Application.

Client Type

Confidential

This client type requires both a Client ID and a Client Secret for authentication to the token endpoint. This is the recommended option for clients which can keep secrets secure i.e. backend services.

Public

This client type uses only a Client ID for authentication, but requires the use of Proof Key for Code Exchange (PKCE). More details about PKCE can be found here: https://auth0.com/docs/flows/authorization-code-flow-with-proof-key-for-code-exchange-pkce. This should only be used for clients which cannot keep secrets secure i.e. native mobile apps or OAuth performed from JavaScript in a single page application.

This option determines whether or not a user will see the Consent Experience as described in the Permissions Flow.

Trusted integrations (full vendor partners) should not require the user to give consent. Third party integrations should prompt the user to provide consent.

Redirect URIs

These are the Redirect URIs that the Consumer API uses to return users to your client as part of the Authorization Code Flow.

Order of Redirect URIs

  • For generic usage of the Consumer API, the order of the Redirect URIs is not important.
  • In the specific context of using an External Application as a part of a Plugin, the order becomes important. See the Plugins - External Applications topic for more details.

Claims

The Restricted Claims contain potentially sensitive data about the user. To request and obtain these claims, the External Application must be specifically configured to allow them. See the Authentication Framework - OpenID Connect and OAuth 2.0 topic for more details.

The back office administrator at your financial institution can do this for you in the External applications section of Banno People.

If you are developing using a Jack Henry test environment, you will not have access to Banno People. In this case, Jack Henry is the acting administrator of the financial institution and you will have to contact us for any Banno People operations.

Output

Client ID

This is the Client ID that you’ll use in the Authorization Code Flow.

See the Authentication topic.

Client Secret

This is the Client Secret that you’ll use in the Authorization Code Flow.

See the Authentication topic.