Developer Programs
Vendor Integration Program (VIP)
Direct access to Jack Henry's technical integration resources.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Broker
Get deeper access to financial institution data.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and third-party applications using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and third-party applications using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Xperience
Modern UI that provides consistent visual integration across Jack Henry products.

Permissions Flow

Authentication Framework > Architecture > Permissions Flow

What is the permissions flow?

We have created a comprehensive consent flow as a way for Banno, financial institutions, and users to provide data permissions to third party applications.

Permissions are granted based on granular requests scopes and claims, which provide limited access to specific data on a per user basis.

  1. Banno Platform: At the platform level Banno restricts data based on the endpoints available on the Banno Open API as well as specify which scopes and claims are necessary on a per-endpoint basis.

  2. Financial institutions: We allow financial institutions to specify the type of data available for all customers they serve. This allows financial institutions to limit data access across the entirety of their user base.

  3. 3rd Party Developers: Permissions are also defined by the scopes and claims a developer requests on a per user basis. If the app doesn’t request specific scopes and claims then the related data will not be included in the response.

  4. End User: At the user level permission is either granted or denied based on the authentication scopes requested by the application. Users are presented with a consent screen to grant or deny the permission requests.

Warning

If consent is declined at any level, then that specific data will not be available to the 3rd party application.

Your application must be structured to handle this situation when it occurs.

Scopes

Scopes enable your application to access specific API endpoints on behalf of a user.

The set of scopes you pass in your initial authorization request determines the access permissions the user is required to grant.

The documentation for each endpoint in our Consumer API Reference specifies any required scopes.

Claims

Claims allow access to authenticated information about a user.

More information about claims is available in the Authentication Framework docs.

The consent experience has two parts:

  1. Approval flow
    • The approval flow is what a user will see when granting (or re-granting) consent.
  2. Connected apps
    • The user can view which apps have been granted consent, the kind of consent granted, and revoke consent at any time in their list of connected apps.

Approval flow

When end users authenticate with your application for the first time (or any time you update your requested scopes or claims), they will be met with an approval flow to consent to share specific data with your app.

The consent screen will list the scopes and claims that your application has requested.

It is suggested that you limit your requested access to only data elements that you specifically need.
Consumer Consent

Connected apps

Security settings

The user can find their connected apps as part of their Security settings.

Consumer Security Settings

List of connected apps

The user can view their list of connected apps at a glance.

Connected Apps List

View a connected app

The user can view the specific details for a connected app, including the kind of consent granted.

The user can also revoke consent at any time.

Credentials
Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Thu Jul 20 2023