OAuth Connections Guide

What’s New

  • We are establishing new direct data connections with major financial institutions.
  • These new connections will support OAuth standards to streamline access and management of permissioned financial accounts.

What’s happening?

Finicity has taken a market leadership role in establishing direct data access agreements with many of the largest financial institutions in the U.S. As a result, Finicity is connecting to these banks using OAuth (an open standard for authentication) to streamline access to permissioned consumer financial accounts.

OAuth is a protocol or framework that provides applications or organizations the ability to securely designate access. For example, a consumer can tell their financial institution that it’s okay for a fintech application to access account data without exposing login information to the app.

Consumers that want to use an app will be able to share their login information directly with their financial institution rather than with the app.

Finicity facilitates consumer financial data access through the use of tokens that prove the identity between consumers and third parties.

Why the change?

In order to change the way we connect with large financial institutions, we have signed data access agreements with banks like JPMorgan Chase, USAA, Wells Fargo, Capital One, Fidelity and several more yet to be announced. Currently, we have agreements that cover more than 40 percent of the deposit market and investment market.

As Finicity continues to push the industry forward in providing and protecting consumer-permissioned data through cooperation between financial institutions and third-party application providers, we have reached a point where we need to migrate our connections to remove credential passing and holding from our connected applications and consolidate them  with Finicity and the financial institutions.

What is the advantage of a direct connection for my application and my customers?

A direct connection to financial institutions primarily means that instead of using credentialed access it will use tokenized access to customers’ accounts. The connection to their accounts will be more consistent and reliable. For instance, currently when a user changes their username and password they need to update their credentials in your application. With tokenized access, as long as the token is still valid, the customer will still have access to their data in your app even though they changed their password.

Other benefits include the opportunity for faster connection speeds, more real-time data access, and the removal of credential sharing. This all provides your customers with an easy way to manage how they share their data.

Consumers can remove, and manage access tokens at any time by logging into their financial institution.

We anticipate this should keep your customers engaged in your app rather than trying to  manage their connections to their Financial Institutions. Tokenized access translates into greater consistency for your clients.

How do you transition current customers from the old to the new connections?

We have prepared API services to transition your customers’ accounts from the old connection to the new connection. This will require that the customer re-authenticate, but Finicity will match data from the old connection up to the new connection so there won’t be any duplicated or missing data.

As we add new connections, you will be able to use the same migration process with each financial institution. Only the IDs will be different. Establishing an effective process for your organization will be beneficial going forward as we transition to these connections with many different FIs. Establishing a foundation for these migrations will provide your company a leg up in innovating and iterating your technology so that you can keep up with the accelerated pace of change in the financial services industry.

As we onboard each new institution, we’ll inform you before each connection goes live with timing for launch and migration. When a new connection is live, you’ll have a period of 90 days for your customers to re-authenticate their accounts without interrupting service.

If you do not migrate your customers using the given migration services, the customer accounts will be migrated for you at the end of the 90 day period.

See details on the migration services and best practices on managing the migration here in the Customer Financial Institution Migration Guide

How do I take advantage of these new connections?

The short answer: You will need to implement Finicity Connect and register your application with Finicity.

  1. Connect implementation is required for the OAuth handling between Finicity and the Financial Institution. Once you have implemented Connect, all of the direct data connections will be supported. Many of our partners are already using some version of Finicity Connect. We provide a few different implementation choices for Connect: Connect or Connect Lite. You can choose the one that is the best fit for your application. You can see the details of these two implementations in our documentation. If you need more information on this process, please contact your Systems Engineer or email us at support@finicity.com.
  2. You will also need to register your application with Finicity. With new direct connections, customers will be granting explicit permission to your app in order to share their data. That permission requires them to identify your correct name, logo, and other information.
  3. By registering, your app name and logo will be consistent across all FIs and use cases. It will be easily identifiable to your customers when they permission their data and when they manage their data access. To register your app, contact your Account Manager.
  4. Enable OAuth Institutions. As we launch OAuth institutions you have the ability to replace the old institution with the new one in Connect Full by using the following instructions in this article. If you are using Connect Lite you would replace the old institution with the new institution in your list as given in the institution details from the FI list.

Testing OAuth Institutions

Once you have registered your app you will have access to Finbank OAuth in the list of financial institutions. If you follow the instructions above on enabling OAuth FI’s in your connect flow you will see Finbank OAuth in the list of FI’s to test from test customer records.

Technical Articles

How should I communicate with my end users about re-authenticating their connection to their FI?

You should think about where your users would see this messaging and how to best present it. Common options include: on your website, on login screens, in your mobile app, on your add account or refresh account pages, prior to accessing the Finicity Connect widget, or in an email or other type of customer communication segmented by users of that connection.

Approved messaging for each financial institution will be provided when the connection is close to being live. Since this will happen multiple times in the course of a year, pay attention to customer response so that you can create a smooth process tailored to your customers when it comes time for re-authentication of new connections.

Quick Scan List Of Actions

  • Make sure you have implemented Connect in your app.
  • Register your application.
  • Be prepared to migrate users with migration services (if you choose).
  • Prepare any in-app or email communication you would like to send to your customers.
  • Good to go!