logo

OAuth

OAuth
Some financial institutions are developing specialized OAuth APIs for connecting financial account data. While the number of institutions with these APIs is currently limited, Quovo is committed to being a leader in connectivity innovation; as such, we’ve implemented a specialized syncing workflow for accessing these APIs.
The major difference between an OAuth sync and a standard sync is that the authorization of account access happens at the institution-side, instead of entirely on Quovo. Our OAuth flow will direct your users to the institution to authorize access there, then automatically redirect them back to a URL of your choosing (a success page in your app, for example). Once authorization has completed successfully, you will then be able to initiate a Quovo sync that will retrieve authorized data via the institution’s API.
The Quovo OAuth workflow is in contrast to standard syncs, where authorization happens on Quovo by passing end-user credentials to /sync. Rather, credentials are passed directly to the institution.
Note that access to OAuth institutions is by default unavailable for our customers. Only a select number of institutions offer OAuth APIs. and connecting to them often requires that your firm or app complete offline onboarding and registration with each institution. For more information, contact your Quovo representative.
When to Use the OAuth Workflow
We have added a field to the responses of /institutions and /connections that denotes whether an institution requires the OAuth workflow in order to sync successfully. This field is a boolean field called   is_oauth   and will default to “false” for all institutions except the few that are enabled for our customers who have requested OAuth and undergone the onboarding process directly with the institution.
Quovo OAuth Workflow
Like all Quovo sync workflows, the OAuth flow begins with creating a connection by including the the   user_id   in the URL and passing through an   institution_id  .
The redirect to this URL indicates that you can now initiate a Quovo sync in order to retrieve account data. Think of this URL as the “done setting up API access, now get the data” trigger. The example below uses “https://www.quovo.com” as an example redirect URL, but the actual URL should be a page that you would like your users to land on for a status update on the authorization process. If the authorization is successful, you will trigger another sync for Quovo to retrieve data.
curl -X POST 
    -H "Authorization: Bearer a724809d37d0a21b7e9257f45cee416f5aec61993ab4b09e" 
    -d '{oauth_redirect_url=https://www.quovo.com}' 
    "https://api.quovo.com/v3/connections/877247/sync"
Financial Institution URLs
The response of this POST /sync described above will return an    oauth_url  . This is the URL at the financial institution where your users will register their accounts and authorize access to the data. In contrast to most connections, an OAuth connection has the user submit their credentials at the institution, instead of through Quovo, in order to grant access to the data—this URL is the site where they would do so.
{      
      "sync": {
    "connection_id": 1234567,
          "oauth_url": "https://www.bank.com/oauth/authorize?38bb14e93e81e58e2a0f07e5408c",
    "progress": null,
    "status": "oauth"
}
  }
Note that at this point, the progress for the sync is “null” because a standard Quovo sync for data retrieval has not been initiated. The connection status is also “oauth” and will remain so for the duration between the POST described above and when the end-user is sent to your redirect URL. This period lasts for a maximum of 15 minutes, after which the sync will time out and the connection will resolve to a status of “resync” in order to restart the process.
Retrieving Data with a Second Sync
Once you see the user has been redirected back to your app (i.e., they have visited the OAuth redirect URL you specified) you will know they have finished entering their credentials. You will then need to make another POST /sync request for this connection to continue syncing. At this point, sync progress will resemble that of a standard connection.