Jack Henry Enterprise Solutions
JackHenry.dev
Learn how to develop with Jack Henry's digital banking platform to innovate faster and deliver top-notch experiences.
Digital Toolkit
Integrate with Jack Henry's plugin framework, authentication framework, admin API, and consumer API.
Enterprise Solutions
Integrate with Jack Henry's SilverLake, CIF 20/20, and Core Director banking cores.
SymXchange
Integrate with Jack Henry's Symitar credit union core.
Payments
Embed check deposits, ACH transactions, bill payments, card issuing and processing, and real-time payments.
Design Guidelines
Create stunning products with this set of visual guidelines
Light Mode
Always display this site using light mode.
Dark Mode
Always display this site using dark mode.
Device Setting
Display this site using this device's light / dark mode setting.

Getting Started

Enterprise REST API > Getting Started

Learn about our Authentication Framework

The Authentication Framework protects access to user data via modern, battle-tested, tech industry standards such as OAuth 2.0 and OpenID Connect (OIDC) (which we continue to update as those standards evolve).

See Authentication Framework for details.

Authentication framework purpose

The Authentication Framework is the underlying foundation for consuming all Jack Henry Enterprise APIs (e.g. the Wires API and EDPP AP).

The Authentication Framework does not use API keys nor does it share usernames and passwords with 3rd party developers.

Instead, it provides authorized API access via an Access Token and provides authenticated information about the user via an Identity Token.

Additional details

These are some of the things you should know about the Authentication Framework.

OAuth 2.0 and OpenID Connect

The Authentication Framework protects user data using the OAuth 2.0 industry standard. With OAuth, users can delegate scoped access to third parties who wish to act on the user’s behalf. The user’s login credentials are never shared with the third party. Instead, authorization is provided to third party apps via an access token.

The Authentication Framework provides user identity information using the OpenID Connect (OIDC) industry standard. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol. With OpenID Connect, third party apps are provided authenticated information about the user in the form of an identity token.

Tokens

OAuth 2.0 and OpenID Connect are based on the concept of tokens. There are 3 main types:

  • Access Token
  • Identity Token
  • Refresh Token

External resources for OAuth 2.0 and OpenID Connect

If you want to learn more about OAuth 2.0 and OpenID Connect, these external resources may be useful:

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Thu Jul 14 2022