Finqware API
  • Quick start
  • Overview
    • Skills
    • Servicers
    • Tenants
    • Security model
      • Tenant-level elements
      • User-level elements
  • Dev guide
    • Intro
    • User onboarding
      • Detailed flow
    • Consuming data
      • About caching
    • Designing a tenant app
      • The back-end
      • The front-end
    • Signing API requests
      • RS256 infrastructure
      • Computing the digest
      • Signing HTTP requests
  • API
    • Sessions
    • Tokens
    • Accounts
    • Balances
    • Transactions
    • Payments
    • Consents
    • Catalogs
    • Errors
Powered by GitBook
On this page
  1. Overview
  2. Security model

User-level elements

PreviousTenant-level elementsNextIntro

Last updated 3 years ago

Taking a user through a session is about obtaining consent to access their data (eg: an existing bank account), or creating new value for that user (eg: selling a new insurance). In both cases, there is at least one target object created at the middleware level.

Finqware does not store data that identifies the owner, but we return a credentials_id that represents your acccess point to these objects.

Practical example: for an account information skill backed by PSD2 AISP, a user may give their consent to access three bank accounts. In this case, your generated credentials_id will point to these three objects.

An API call where credentials_id is specified, needs to be authorized by its respective acccess_token.

Your user may have multiple pairs of [credentials_id, access_token] depending on how many resources they decide to access through your app. Plan and design your user database considering this aspect.