API Reference
Contact Us

Authentication

Overview

ModernFi's approach to authentication is designed to ensure the security and safety of user data and assets. Follow these steps to get up and running with the ModernFi API.

1. Obtain Client ID and Secret

To get your Client ID and Client Secret, please contact the ModernFi team. ModernFi will onboard your bank to the network and share the corresponding Client ID and Client Secret. Then, you are ready to move onto Step 2 and request an access_token!

2. Request an Access Token

With your Client ID and Client Secret, you can make requests to the ModernFi oauth2/token endpoint. The following snippet outlines how to make a cURL request to the oauth2/token endpoint:

# export client ID / secret as env var
export MODERNFI_CLIENT_ID="my-client-id"
export MODERNFI_CLIENT_SECRET="my-client-secret"
export MODERNFI_AUDIENCE="my-audience"
curl --request POST \
     --url https://auth.modernfi.com/oauth/token \
     --header 'content-type: application/json' \
     --data '{"client_id": $MODERNFI_CLIENT_ID, "client_secret": $MODERNFI_CLIENT_SECRET, "audience": $MODERNFI_AUDIENCE, "grant_type": "client_credentials"}'

import requests

# Define the client credentials and audience
client_id = "my-client-id"
client_secret = "my-client-secret"
audience = "my-audience"

# Prepare the data for the request
data = {
    "client_id": client_id,
    "client_secret": client_secret,
    "audience": audience,
    "grant_type": "client_credentials"
}

# Make the request
response = requests.post(
    "https://auth.modernfi.com/oauth/token",
    json=data,
    headers={"content-type": "application/json"}
)

The response is of the following shape:

{
  "access_token": "eyJraWQiOiI3Yll",
  "expires_in": 86400,
  "token_type": "Bearer"
}

3. Pass the Token in Your API Call Headers

To pass your user token to ModernFi APIs, add it as a header to your API calls in the following format:

Authorization: "Bearer {{your user_token here}}"

If, for example, your API token were eyJraWQiOiI3Yll, your authorization header will be:

Authorization: "Bearer eyJraWQiOiI3Yll"

Here is an example API call which properly sets the authorization header:

curl --request GET \
     --url https://api.modernfi.com/v2/digital-banking/accounts \
     --header 'accept: application/json' \
     --header 'authorization: Bearer eyJraWQiOiI3Yll' \
     --header 'content-type: application/json'

import requests

# Set the access token
access_token = "Bearer eyJraWQiOiI3Yll"

# Make the GET request
response = requests.get(
    "https://api.modernfi.com/v2/digital-banking/accounts",
    headers={
        "accept": "application/json",
        "authorization": access_token,
        "content-type": "application/json"
    }
)

Token Revocation and Expiration

Access Tokens have a TTL of 86400 seconds (24 hours). If you'd like to revoke a token prior to its expiration time, please contact the ModernFi team.