Finqware API
  • Quick start
  • Overview
    • Skills
    • Servicers
    • Tenants
    • Security model
      • Tenant-level elements
      • User-level elements
  • Dev guide
    • Intro
    • User onboarding
      • Detailed flow
    • Consuming data
      • About caching
    • Designing a tenant app
      • The back-end
      • The front-end
    • Signing API requests
      • RS256 infrastructure
      • Computing the digest
      • Signing HTTP requests
  • API
    • Sessions
    • Tokens
    • Accounts
    • Balances
    • Transactions
    • Payments
    • Consents
    • Catalogs
    • Errors
Powered by GitBook
On this page
  1. Overview
  2. Security model

Tenant-level elements

Each tenant application will have three security elements associated with it:

  • client_id

  • client_secret

  • client_app_key

They do not expire, but can be refreshed using the developer's portal.

As you'll notice in the developer's guide, a user session ends with receiving a temp_token. The reason we're not sending the access_token directly is that we designed the session flow to be developed entirely in a web/mobile context. This choice also facilitates the future development of client SDKs. Hence the middleware returns a temporary token that needs to be sent to your backend first and then exchanged for the final access_token via a server-to-Finqware API call.

As a side note: we're also considering introducing a callback endpoint as an option. Following the end of a session, Finqware would call an API endpoint provided by your server for the token exchange.

PreviousSecurity modelNextUser-level elements

Last updated 3 years ago