Jack Henry Digital Toolkit
JackHenry.dev
Learn how to develop with Jack Henry's digital banking platform to innovate faster and deliver top-notch experiences.
Digital Toolkit
Integrate with Jack Henry's plugin framework, authentication framework, admin API, and consumer API.
Enterprise Solutions
Integrate with Jack Henry's SilverLake, CIF 20/20, and Core Director banking cores.
SymXchange
Integrate with Jack Henry's Symitar credit union core.
Payments
Embed check deposits, ACH transactions, bill payments, card issuing and processing, and real-time payments.
Design Guidelines
Create stunning products with this set of visual guidelines
Light Mode
Always display this site using light mode.
Dark Mode
Always display this site using dark mode.
Device Setting
Display this site using this device's light / dark mode setting.

Restrictions

Plugin Framework > Architecture > Restrictions

The Plugin Framework is specifically designed to protect the security of the user and protect the user experience. While plugins are based on standard HTML, CSS and Javascript, the full complexity of a modern browser is not supported.

As such, these are some restrictions to keep in mind as you build your plugin’s user interface.

Modifying the Banno UI/UX

Plugins are rendered as UI summary cards on the Dashboard of our apps. An optional primary action button leads users to a full-screen view of content.

Plugins cannot modify any part of Banno’s UI beyond the designated area of their Dashboard card. See the User Interface topic for more details.

Opening New Windows

The Plugin Framework does not support opening new windows for Banno Mobile and Banno Online.

Instead, plugins should make use of the primary action button. This natively-drawn button can be used as a call-to-action that leads to a full-screen view of your plugin content. See the User Interface topic for more details.

For Banno Online, the full-screen view of your plugin content is displayed in the user’s browser as a complete web page. It is highly recommended to provide a link back to the Dashboard from the full screen view.

For Banno Mobile, the full-screen view of your plugin content is displayed in a full screen web view with a “Done” button. Users can navigate from your plugin content back to online banking by tapping the “Done” button. The full-screen view will be closed and the user will be returned to the Dashboard. See the User Interface topic for more details.

Suppressing Plugins for a Single Channel

Plugins are displayed for both Banno Mobile and Banno Online. There is no way to suppress a plugin from appearing in a single channel.

Plugins should be designed to be responsive and adapt to a variety of screen sizes to accommodate a great user experience for both Banno Mobile and Banno Online users.

Rendering PDFs

PDFs are potentially challenging for plugins.

The iOS operating system includes a built-in PDF renderer. However, you may find multi-page PDFs unscrollable.

The Android operating system does not include a built-in PDF renderer. The operating system relegates PDF rendering to an external app and not all devices have one installed.

Sandboxing

In Banno Online, plugins are loaded in a sandboxed iframe. The sandboxed iframe allows 3rd party content to be loaded without compromising the security of Banno Online. Since plugins load in both Banno Online and Banno Mobile, some of the sandbox restrictions prevent developers from attempting actions that will not work in a native mobile application.

These are the iframe sandbox attributes which are enabled:

  • allow-downloads
  • allow-forms
  • allow-modals
  • allow-same-origin
  • allow-scripts
  • allow-top-navigation-by-user-activation

Learn more about operating safely within sandboxed iframes.

Content Security Policy (CSP)

Banno Online applies a Content Security Policy (CSP) for enhanced security. The implication for plugins is that JavaScript and CSS handling are limited by what is allowed in the CSP.

The CSP is dynamically updated when Redirect URIs are added to an External Application.

If your JavaScript or CSS is denied by the CSP (e.g. because they are hosted by a different domain than what is configured for the plugin’s Card Face or Expanded View):

  • Update the appropriate External Application with an additional Redirect URI which points to the domain where the JavaScript or CSS is hosted.

Native APIs / Operating System APIs

The Plugin Framework does not support accessing native APIs or operating system APIs.

This includes, but is not limited to, the APIs below.

Geolocation

The Plugin Framework does not support geolocation.

Camera Access

The Plugin Framework does not support accessing the user’s camera.

Microphone

The Plugin Framework does not support accessing the user’s microphone.

Address Book / Contacts

The Plugin Framework does not support retrieving the user’s address book / contacts.

Apple Wallet / Google Wallet

The Plugin Framework does not support integrating with Apple Wallet or Google Wallet.

Apple Pay / Google Pay

The Plugin Framework does not support integrating with Apple Pay or Google Pay.

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Tue May 9 2023