Credentials
Userkey
A userkey is a constant, unique authentication key which you assign to the member through the MDX Real Time API. MX recommends the userkey be a 64 character alpha-numeric string containing no human-readable content. You may choose a different length if needed. A userkey can only ever be set or updated by you, the data provider, and cannot be updated by the user at any time.Login and Password
Login and password match a user’s online banking login and password. They can be provided by the user or assigned to the member through the MDX Real Time API during the user setup process. The login and password should become invalid if a user changes their online banking credentials. When this occurs, account synchronization will be suspended until the values are updated by the user or by you through the MDX Real Time API.Session Key
If the credentials are successfully authenticated, a session key is returned. The session key is a unique, 64-character alpha-numeric string used to identify an authenticated session, and will be passed with all future requests from MX. The key should be valid for a minimum of 10 minutes or until a full account synchronization has been completed.Multifactor Authentication
You may optionally choose to implement multifactor authentication (MFA). When MFA is implemented, the create session endpoint must return one or more challenges that must be answered before account synchronization can continue. An MFA response will contain one or morechallenges. Each challenge is made up of an id and a question and may also contain a list of options for multiple-choice answers. Once the user provides the answers to the questions, the session will be updated using the update session endpoint. You should then respond with the session key, another MFA challenge if needed, or an error.
If a response to an MFA question is incorrect, the session should be invalidated and a 401 (Unauthorized) error should be returned. This ensures correct credentials must be provided for any further communication.

