Developer Programs
Getting Started
Get started working with Jack Henry's developer programs today.
Fintech Integration Network (FIN)
Jack Henry's Integration Program for Fintechs.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Developer Account
Create a developer acccount to access resources that help you integrate with Jack Henry.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Hub
Get deeper access to financial institution data.
Digital Core
Modernize with cloud-native core banking technology.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and 3rd-party apps using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and 3rd-party apps using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Payments Orchestrator
Embed multiple payment rails and virtual accounts into your solution.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Full List of APIs
Begin working with Jack Henry's public APIs to build financial applications today.

Identity

Identity
An identity is useful for a variety of uses where it is necessary to use authenticated information about the user

What is this use case?

In this use case, an Identity answers the question, “who is the person using this application?”

Typically, the answer to that question is a specific account holder at a bank or credit union

How have others used it?

An Identity is commonly useful for a variety of uses where it is necessary to know authenticated information about the user:

  • Simplify and prefill a loan application form
  • Cross reference users with an existing ad targeting system to provide offers tailored to individual users
  • Enable account holders to securely access and share financial data via a secure data access network
  • Single Sign-On (SSO) for financial institution employees
  • Single Sign-On (SSO) across multiple consumer applications

How do I use it?

You may have one option to retrieve identity information, depending upon which Jack Henry products and services are being used at your financial institution.

These are your likely options:

  • Banno
  • Jack Henry Identity
  • Unified Identity Service

Banno Digital Toolkit

If your institution has the Banno digital banking platform, then you might want to use the Banno Digital Toolkit.

The Authentication Framework, from the Digital Toolkit, protects access to user data via modern, battle-tested, tech industry standards such as OAuth and OpenID Connect, which we continue to update as those standards evolve.

With OAuth, users can delegate scoped access to third parties who wish to act on the user’s behalf. The user’s login credentials are never shared with the third party. Instead, authorization is provided to third party apps via an Access Token.

With OpenID Connect, third party apps are provided authenticated information about the user in the form of an Identity Token.

That’s how the major data aggregators are able to connect an account holder’s favorite fintech apps to their identity at your institution.

However, the Authentication Framework should not be confused with an account opening system nor with a Know Your Client (KYC) / Anti-Money Laundering (AML) system. For that kind of capability, you’ll need to look at JHA OpenAnywhere as a potential option.

Example: prefill a loan application form

Let’s say your solution requires you to prefill a loan application form.

The Authentication Framework is an ideal way to reduce manual data entry by the user, as it can provide information which the financial institution already knows about the account holder such as name, address, email, phone_number, or SSN (Social Security Number) / Tax ID.

  • Note: that SSN (Social Security Number) / Tax ID is a potentially sensitive bit of data, so the financial institution must enable that information for a given connected app to use.

Example: cross reference users with an existing ad targeting system to provide offers tailored to individual users

Let’s say your solution requires you to cross reference users from an existing database so that you can provide them with offers tailored to their individual needs.

The Authentication Framework is an ideal way to perform that sort of cross referencing, as it can provide a unique customer identifier for the user (CIF for banks and Member Number for credit unions) which is typically found in other databases of customer information.

  • Note: that unique customer identifier is a potentially sensitive bit of data, so the financial institution must enable that information for a given connected app to use.

Example: enrolling a new user into Banno

Let’s say your solution requires you to enroll a new user into the Banno digital banking platform.

The Authentication Framework is not ideal for this example, since it only works with users which currently exist in Banno and it cannot create a new enrollment.

Additionally, the Authentication Framework should not be confused with an account opening system nor with a Know Your Client (KYC) / Anti-Money Laundering (AML) system.

Jack Henry Identity

If you are building an application for enterprise users, such as financial institution employees or internal Jack Henry users, then you might want to use Jack Henry Identity.

Jack Henry Identity is a cloud-hosted and OAuth 2.1 compliant identity provider and authentication system. It protects access to enterprise applications and data using modern, battle-tested, tech industry standards such as OAuth and OpenID Connect. It replaces the need for applications to store or manage passwords and multifactor authentication (MFA), enhancing security and reducing credential-based data breaches.

With OAuth, users can delegate scoped access to enterprise applications. Much like the consumer-facing framework, login credentials are never shared with the third party. Instead, authorization is provided via an Access Token. With OpenID Connect, applications are provided authenticated information about the employee or service in the form of an Identity Token.

However, Jack Henry Identity should not be confused with a system for managing granular permissions or roles. While it handles authentication (verifying who a user is), the assignment of specific permissions is managed by a distinct platform service called the Authorization Management System (AMS).

Example: Single Sign-On (SSO) for financial institution employees

Let’s say your solution requires providing a unified login experience for employees across multiple internal tools. Jack Henry Identity is an ideal way to provide Single Sign-On (SSO) with Two-Factor Authentication (2FA), as it standardizes the login experience and security requirements (such as SMS, authenticator apps, or FIDO security keys) across the Jack Henry ecosystem.

Example: server-to-server authentication for Jack Henry enterprise APIs

Let’s say your solution requires a backend service to securely access Jack Henry enterprise APIs without a “person at the keyboard.” Jack Henry Identity is an ideal way to facilitate server-to-server authentication using the Client Credentials Flow, providing secure Access Tokens for authorized access to resources without the need for static API keys.

Example: managing granular user permissions

Let’s say your solution requires assigning specific roles or permissions to a user, such as “Administrator” or “Read-Only.” Jack Henry Identity is not ideal for this example, as its primary role is to verify the identity of the user. For role-based access control (RBAC) and permission management, you’ll need to look at the Authorization Management System (AMS) as the appropriate service.

Unified Identity Service

If you are building an application for consumers (such as members of a credit union, or customers of a bank) within the broader Jack Henry ecosystem, then you might want to use the Unified Identity Service (UIS).

The Unified Identity Service is a cloud-hosted, OAuth 2.1 compliant identity provider. While similar in technical standard to the Banno Digital Toolkit, UIS is designed to provide a unified login experience for consumers across a diverse range of Jack Henry products and cloud-native applications. It centralizes consumer identity management, allowing institutions to outsource password resets and credential handling while ensuring a consistent security posture.

Like the other frameworks, UIS uses Access Tokens for authorization (via OAuth) and Identity Tokens (via OpenID Connect) to provide authenticated information about the consumer. It is particularly powerful for institutions that require flexible security levels, as it standardizes multifactor authentication (MFA) across different risk profiles.

If you’re looking to have your experience embedded within digital banking, then you probably want to integrate with the Banno Digital Toolkit. However, if you want your experience to be related to credentials at the bank or credit union, but kept as a separate experience, then you should integrate with the Unified Identity Service. Consider, for example, a wealth management app where you want the user to log in with the credentials they already have at the bank or credit union, but also want to keep the user experience as a distinct and separate experience from the digital banking experience.

Example: Single Sign-On (SSO) across multiple consumer applications

Let’s say your solution requires a consumer to move seamlessly between a custom-built financial wellness app and other Jack Henry-integrated services. The Unified Identity Service is an ideal way to provide a single set of credentials and a unified login experience, ensuring the user doesn’t have to manage multiple passwords for different parts of their digital financial journey.

Example: enforcing tiered security levels for users

Let’s say your solution requires different levels of user authentication based on the risk level of the user. UIS is an ideal way to manage this, as it allows for standardized security levels (Standard, Enhanced, or High) and supports a wide array of MFA methods, including FIDO security keys and passkeys, to meet those requirements.

Example: managing employee access to back-office tools

Let’s say your solution requires authenticating a financial institution employee to access an internal administrative tool. The Unified Identity Service is not ideal for this example, as it is purpose-built for consumer identities. For employee and server-to-server authentication, you should use Jack Henry Identity.

Next steps

Read the developer docs for the API which makes the most sense for your solution:

Did this page help you?
Last updated Thu Apr 16 2026