Clients and how to create one
This page covers why Moneyhub has clients, what they are and how to create one.
Why Moneyhub has clients and what are they?
Moneyhub operates Financial-grade APIs (FAPIs). To do this, we use OpenID Connect (OIDC), which is an extension of (OAuth2.0), to authenticate and authorise requests coming into Moneyhub's APIs.
In OAuth 2.0, a client is an application that requests access to protected resources on behalf of a resource owner (usually a user). It's the entity initiating the authorisation flow and interacting with the authorisation server and resource server.
So when we refer to an API client or a client in the context of the APIs, then we are referring to the entity in our system that reflects your application.
You can have multiple clients; likely one for each environment such as testing, sandboxing and production.
Each client will store a version of all the information needed, such as redirect urls, keys and algorithm preferences. If you have reasons to have multiple values for each of these data items then it is likely you will need multiple clients.
N.B. There is a similar use of the term API client, which is "a development tool that makes it easier for producers and consumers to explore, test, and debug APIs"; a well-known example of this is Postman.
Add a New API client record
On the left-hand side of the admin portal, go to API -> My Clients and then click the grey Add New button.
Edit Your Client
You should now be presented with a form detailing all the information that the client needs.
Below is a table breaking down the preferred configuration for this guide. Required fields will be denoted with a *. Our recommended values are designed to be used with this getting-started guide and can be changed once you have completed it. Many of these values are recommended for production clients, and sticking to them during development will save a lot of time.
Let's break it down:
| Field | Description | Recommended Value |
|---|---|---|
| API Client Name* | This is the name of your client, used for you to identify. | "business name - PROD / DEV" |
| Logo URI | If your business has a logo, you can provide a URI to its location. | |
| Business* | This ties the client to your business within the API (This is required for the client to work). | Your business name |
| Redirect URIs* | Here you will need to provide any redirect URIs you plan on using. | <http://localhost:3000> |
Advanced Configuration
| Field | Description | Recommended Value |
|---|---|---|
| Grant Types* | These are the grant types your client will be capable of using. | authorization_code, refresh_token, client_credentials, implicit |
| Response Types* | These are the types of response your client will accept. | code id_token |
| Token endpoint authentication method* | This is the method that the API will expect your client to authenticate with. | private_key_jwt |
| ID token signed response algorithm* | This is the algorithm that will be used to sign the response ID token | one of the RS, ES or PS algorithms |
| Request object signing algorithm* | This is the algorithm that will be used to sign a request object | none |
| Webhook URI | This is the URI you wish to send webhooks too if you so choose. | |
| Webhook Format | The format that webhooks are sent in (JWT or JSON) | |
| Webhook Events | The specific events you would like to be notified of. | |
| JWKS URI | The URI of you public JWKS. | |
| JWKS* | Your public JWKS. (use either this or JWKS URI) | Explained below |
Redirecting To HTTPWhen testing locally you may want to redirect to an unsecure URI such as
localhost. With our current configuration using the implicit grant means you wont be able to use a non HTTPS URI.To solve this you can use a site like: <https://redirectmeto.com/> to create a redirect from secure to insecure and retain the code that is sent back with a redirect. In the redirect URIs section you could put something like this: <https://redirectmeto.com/http://localhost:3000>
Updated about 2 months ago