For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Contact SupportGet Started
  • Modernfi Developer Hub
    • Overview for Developers
    • Getting Started
  • Topics
    • Using the Sandbox
    • Authentication
    • Account Structure
    • Idempotency
    • Transaction Records and Sweeps
    • Balance Fields
    • Interest
    • Reports
    • Versioning
    • Changelog
  • API Reference
LogoLogo
Contact SupportGet Started
On this page
  • 1. Obtain Client ID and Secret
  • 2. Request an Access Token
  • 3. Pass the Token in Your API Call Headers
  • Token Expiration and Caching
Topics

Authentication

Was this page helpful?
Previous

Account Structure

Next
Built with

ModernFi’s approach to authentication is designed to ensure the security and safety of user data and assets. Follow these steps to get up and running with the ModernFi API.

1. Obtain Client ID and Secret

To get your Client ID and Client Secret, contactthe ModernFi team. When reaching out, let your representative know whether you need read-only or read+write access:

  • Read-only: retrieve accounts, depositors, transactions, and statements without the ability to modify records.
  • Read+write: full access to retrieve and create or modify records.

ModernFi will onboard your institution and share the corresponding credentials via SendSafely.

2. Request an Access Token

With your Client ID and Client Secret, make a request to the oauth2/token endpoint to receive an access_token.

$# export client ID / secret as env var
$export MODERNFI_CLIENT_ID="my-client-id"
$export MODERNFI_CLIENT_SECRET="my-client-secret"
$export MODERNFI_AUDIENCE="https://api.modernfi.com"
$curl --request POST \
>     --url https://auth.modernfi.com/oauth/token \
>     --header 'content-type: application/json' \
>     --data '{"client_id": $MODERNFI_CLIENT_ID, "client_secret": $MODERNFI_CLIENT_SECRET, "audience": $MODERNFI_AUDIENCE, "grant_type": "client_credentials"}'
python
1import requests
2
3# Define the client credentials and audience
4client_id = "my-client-id"
5client_secret = "my-client-secret"
6
7# Prepare the data for the request
8data = {
9    "client_id": client_id,
10    "client_secret": client_secret,
11    "audience": "https://api.modernfi.com",
12    "grant_type": "client_credentials"
13}
14
15# Make the request
16response = requests.post(
17    "https://auth.modernfi.com/oauth/token",
18    json=data,
19    headers={"content-type": "application/json"}
20)

The response is of the following shape:

1{
2  "access_token": "eyJraWQiOiI3Yll...",
3  "expires_in": 86400,
4  "token_type": "Bearer"
5}

3. Pass the Token in Your API Call Headers

To pass your user token to ModernFi APIs, add it as a header to your API calls in the following format:

Authorization: "Bearer {{your user_token here}}"

If, for example, your API token were eyJraWQiOiI3Yll, your authorization header will be:

Authorization: "Bearer eyJraWQiOiI3Yll"

Here is an example API call that properly sets the authorization header:

$curl --request GET \
>     --url https://api.modernfi.com/digital-banking/v1/accounts \
>     --header 'accept: application/json' \
>     --header 'authorization: Bearer eyJraWQiOiI3Yll' \
>     --header 'content-type: application/json'
1import requests
2
3# Set the access token
4access_token = "Bearer eyJraWQiOiI3Yll"
5
6# Make the GET request
7response = requests.get(
8    "https://api.modernfi.com/v2/digital-banking/accounts",
9    headers={
10        "accept": "application/json",
11        "authorization": access_token,
12        "content-type": "application/json"
13    }
14)

Token Expiration and Caching

Access tokens have a TTL of 86400 seconds (24 hours). We recommend caching your token and reusing it across API calls rather than requesting a new token on each request. When the token expires, simply request a new one using the same credentials.

If you need to revoke a token before it expires, contactyour ModernFi representative.