Overview
ModernFi's approach to authentication is designed to ensure the security and safety of user data and assets. Follow these steps to get up and running with the ModernFi API.
1. Obtain Client ID and Secret
To get your Client ID and Client Secret, please contact the ModernFi team. ModernFi will onboard your bank to the network and share the corresponding Client ID and Client Secret. Then, you are ready to move onto Step 2 and request an access_token!
2. Request an Access Token
With your Client ID and Client Secret, you can make requests to the ModernFi oauth2/token endpoint. The following snippet outlines how to make a cURL request to the oauth2/token endpoint:
# export client ID / secret as env var
export MODERNFI_CLIENT_ID="my-client-id"
export MODERNFI_CLIENT_SECRET="my-client-secret"
export MODERNFI_AUDIENCE="my-audience"
curl --request POST \
--url https://auth.modernfi.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id": $MODERNFI_CLIENT_ID, "client_secret": $MODERNFI_CLIENT_SECRET, "audience": $MODERNFI_AUDIENCE, "grant_type": "client_credentials"}'
The response is of the following shape:
{
"access_token": "eyJraWQiOiI3Yll",
"expires_in": 86400,
"token_type": "Bearer"
}
3. Pass the Token in Your API Call Headers
To pass your user token to ModernFi APIs, add it as a header to your API calls in the following format:
Authorization: "Bearer {{your user_token here}}"
If, for example, your API token were eyJraWQiOiI3Yll, your authorization header will be:
Authorization: "Bearer eyJraWQiOiI3Yll"
Here is an example API call which properly sets the authorization header:
curl --request GET \
--url https://api.modernfi.com/v2/digital-banking/accounts \
--header 'accept: application/json' \
--header 'authorization: Bearer eyJraWQiOiI3Yll' \
--header 'content-type: application/json'
Token Revocation and Expiration
Access Tokens have a TTL of 86400 seconds (24 hours). If you'd like to revoke a token prior to its expiration time, please contact the ModernFi team.