Getting Started - Authorization

Authorization

finAPI follows the OAuth 2.0 Standard for authorizing applications and users within them. OAuth uses the terminology of clients and users. A client represents an application that calls finAPI services. A service call might be in the context of a user of the client (e.g.: getting a user's bank connections), or outside any user context (e.g.: editing your client's configuration, or creating a new user for your client). In any case, every service call must be authorized by an access_token. The documentation below describes how to set up the client's users, or for the client itself.

To make authorization processes and user management easier finAPI offers 2 ways to use the services.

Scopes

All authorized API endpoints are restricted to a set of scopes, that represent a (set of) finAPI products. Some endpoints may expect (additionally) dedicated administrative scopes. To get access granted, one of the scopes assigned to the caller’s access_token must match the expected scopes.

Product scopes are bound to your mandator definition and are assigned by the finAPI support team based on the ordered finAPI products.

The API Reference chapter describes how to find the required scopes for an endpoint.

Administrative (User-) Scopes

The customer may (need to) create a dedicated administrative user with the reserved name client_admin, that will get access to endpoints that require the FINAPI_CLIENT_ADMIN scope.

The Getting Started - User Management | Process-Overview chapter describes how create a user. This steps apply to the creation of the client_admin user, too, that has to be created just once.

Authorization and User Management Scenarios

A finAPI customer may want to use a single finAPI Data Intelligence solution or combine/use several of them for his product flow. Moreover, such a flow may require the use of finAPI’s multi-blanking service, finAPI Access, too.

Regardless of that, use cases can be divided into two basic scenarios.