API-Only Implementation

Step 1

Create a User

Request

Response

Language:shell

_18

curl -i -X POST https://int-live.moneydesktop.com/:client_id/users.json \

_18

-H "Content-Type: application/vnd.moneydesktop.mdx.v5+json" \

_18

-H "Accept: application/vnd.moneydesktop.mdx.v5+json" \

_18

-H "MD-API-KEY: :api_key" \

_18

-d '{

_18

"user": {

_18

"birthdate": "1959-07-17",

_18

"credit_score": "718",

_18

"email": "example@example.com",

_18

"first_name": "John",

_18

"gender": "MALE",

_18

"id": "U-39XBF7",

_18

"last_name": "Smith",

_18

"metadata": "Additional Information",

_18

"phone": "5055551234",

_18

"zip_code": "87101"

_18

}

_18

}'

Step 2

Get an API Token

This endpoint returns an api_token which can then be used to open a Nexus session. The user_id must match the id specified when creating a the user.

Each api_token is one-time use and expires in ten minutes. A fresh api_token must be requested each time a Nexus session is initiated.

Request

Response

Language:shell

_10

curl -i https://int-sso.moneydesktop.com/:client_id/users/:user_id/api_token.xml \

_10

-H "Accept: application/vnd.moneydesktop.sso.v3+xml" \

_10

-H "MD-API-KEY: :api_key"

Step 3

Open a Nexus Session

Use this endpoint to get a session token. This session token must be sent as a header with each Nexus request. Each Nexus session is opened in the context of a single user associated with that session token.

When using the verification endpoints the create session request body should contain skip_aggregation:true, as shown in the example below. This will prevent automatic aggregation being initiated for the user's existing members when the session is opened. Partners can then choose to aggregate the existing member, or to proceed directly to the verify member endpoint.

Request

Response

Language:shell

_10

curl -i -X POST https://int-data.moneydesktop.com/sessions \

_10

-H 'MD-API-TOKEN: VVCFDQY3Iig3ODM3LTlmNDItMmY1OS03NDZhLWIwNTcwNDc2NGRiNXwzZjg1MTQ4YzAyMThkZjI2OTI2ZjFjYmJhNmY1MzU2MTI0MThiNTIyOGVjYjg4YTRjNjljODJhYTQ3MWMwMTQyZGY5ZmM1OGQ2YmU1M2ZiMjNlOWZhZTE3Y2MxNjU4YWYxYmE0NjRiMDg3Nzk4N2U0YzU5ZTE1NjM1MDUwYjEzMTkzYzYyMzhiYjY3MDhmNjEyOGIzNjIyMDIwMmMzZTIzfFlVam1oSmhaOHNMMGVlMTg0YWhBODdmZWlVRmh4YlNKVGhVZUM4RVl5QXc=' \

_10

-H 'Content-Type: application/vnd.mx.nexus.v1+json' \

_10

-H 'Accept: application/vnd.mx.nexus.v1+json' \

_10

-d '{"session":{"skip_aggregation":true}}'

Step 4

Get Institution Information

Information about available institutions can be found in several ways. This example uses the search method.

Search criteria is specified in the request body; pagination is specified by appending it to the request URL.

Either a name or url must be sent in the request body for this endpoint to work properly. An empty request body will result in a 400 error.

Request

Response

Language:shell

_10

curl -i -X POST 'https://int-data.moneydesktop.com/institutions/search?records_per_page=2&page=1' \

_10

-H 'MD-SESSION-TOKEN: YYYYY' \

_10

-H 'Content-Type: application/vnd.mx.nexus.v1+json' \

_10

-H 'Accept: application/vnd.mx.nexus.v1+json' \

_10

-d '{

_10

"institution":{

_10

"name":"MX Bank"

_10

}

_10

}'

Step 5

Get the Institution's Required Credentials Using the Institution GUID

This endpoint returns information about what type of credentials the institution requires for authentication.

Request

Response

Language:shell

_10

curl -i https://int-data.moneydesktop.com/institutions/INS-1572a04c-912b-59bf-5841-332c7dfafaef/credentials \

_10

-H 'MD-SESSION-TOKEN: CWforZl1Vn2vC_v6H4rnQRT1DoWpDouJAV-_5TBmiQRAtA8rsOG_BoajTiOSsL0A3bd-bmHXlA-eQzc9ywItKg' \

_10

-H 'Content-Type: application/vnd.mx.nexus.v1+json' \

_10

-H 'Accept: application/vnd.mx.nexus.v1+json'

Step 6

Create a Member Using Institution GUID and Required Credentials

Creating a member automatically starts a standard aggregation which is not necessary for verification. To prevent this unnecessary aggregation, set the skip_aggregation parameter to true when making your request.

Request

Response

Language:shell

_21

curl -i -X POST https://int-data.moneydesktop.com/members \

_21

-H 'MD-SESSION-TOKEN: YYYYY' \

_21

-H 'Content-Type: application/vnd.mx.nexus.v1+json' \

_21

-H 'Accept: application/vnd.mx.nexus.v1+json' \

_21

-d '{

_21

"member": {

_21

"credentials": [

_21

{

_21

"credential_guid": "CRD-af37bbfa-7fc7-f607-692c-2d2592fb25a3",

_21

"value": "Username123"

_21

},

_21

{

_21

"credential_guid": "CRD-2045d3f6-206a-b0ef-c42d-6ebc8835f898",

_21

"value": "Password123"

_21

}

_21

],

_21

"institution_guid": "INS-a4b1697f-f956-e651-5f8e-e4072166408c",

_21

"metadata": "Additional information",

_21

"skip_aggregation": true

_21

}

_21

}'

Step 7

Verify a member

The verify member endpoint begins a verification process for an already-existing member. Use this endpoint when normal aggregation does not return account and routing numbers for the member.

The verification workflow is similar to that shown above: Start the verification, poll the member, answer MFA if necessary by using the list member MFA challenges endpoint and the update member endpoint, poll the status again, then read the member's account numbers.

Request

Response

Language:shell

_10

curl -i -X POST https://int-data.moneydesktop.com/members/MBR-84ca0882-ad6c-4f10-817f-c8c0de7424fa/verify \

_10

-H 'MD-SESSION-TOKEN: :session_token' \

_10

-H 'Content-Type: application/vnd.mx.nexus.v1+json' \

_10

-H 'Accept: application/vnd.mx.nexus.v1+json'

Step 8

Check the member's verification status

Several fields on the member give important information about the state of the verification including connection_status, is_being_aggregated, successfully_aggregated_at. These fields are also used for standard aggregation jobs, hence the reference in their names.

A connection status of CONNECTED means that the member was successfully authenticated and verification has begun. The is_being_aggregated field will tell you whether the verification job has completed; the field will be true while verification is taking place and returns to false when verification is complete. The successfully_aggregated_at field will tell you the exact time that the verification job has completed.

You may need to repeatedly poll this endpoint until either an end state or an actionable state is reached.

Request

Response

Language:shell

_10

curl -i https://int-data.moneydesktop.com/members/MBR-84ca0882-ad6c-4f10-817f-c8c0de7424fa \

_10

-H 'MD-SESSION-TOKEN: CWforZl1Vn2vC_v6H4rnQRT1DoWpDouJAV-_5TBmiQRAtA8rsOG_BoajTiOSsL0A3bd-bmHXlA-eQzc9ywItKg' \

_10

-H 'Content-Type: application/vnd.mx.nexus.v1+json' \

_10

-H 'Accept: application/vnd.mx.nexus.v1+json'

Step 9

Get MFA challenges

Request

Response

Language:shell

_10

curl -i https://int-data.moneydesktop.com/members/MBR-7aa13bdb-2866-ba38-b326-d9fb32268f9b/challenges \

_10

-H 'MD-SESSION-TOKEN: CWforZl1Vn2vC_v6H4rnQRT1DoWpDouJAV-_5TBmiQRAtA8rsOG_BoajTiOSsL0A3bd-bmHXlA-eQzc9ywItKg' \

_10

-H 'Content-Type: application/vnd.mx.nexus.v1+json' \

_10

-H 'Accept: application/vnd.mx.nexus.v1+json'

Update member with answers to challenges

Updating a member will kick off an automatic standard aggregation. Set the skip_aggregation parameter to true in your request body to prevent this.

Request

Response

Language:shell

_16

curl -i -X PUT https://int-data.moneydesktop.com/members/MBR-7aa13bdb-2866-ba38-b326-d9fb32268f9b \

_16

-H 'MD-SESSION-TOKEN: CWforZl1Vn2vC_v6H4rnQRT1DoWpDouJAV-_5TBmiQRAtA8rsOG_BoajTiOSsL0A3bd-bmHXlA-eQzc9ywItKg' \

_16

-H 'Content-Type: application/vnd.mx.nexus.v1+json' \

_16

-H 'Accept: application/vnd.mx.nexus.v1+json' \

_16

-d '{

_16

"member": {

_16

"credentials": [

_16

{

_16

"credential_guid": "CRD-18cd14ce-2628-5eb6-ae17-b11f89d0b667",

_16

"value": "user-entered-value"

_16

}

_16

],

_16

"metadata": "Additional information",

_16

"skip_aggregation": true

_16

}

_16

}'

Check the member status again for completion

Request

Response

Language:shell

_10

curl -i https://int-data.moneydesktop.com/members/MBR-84ca0882-ad6c-4f10-817f-c8c0de7424fa \

_10

-H 'MD-SESSION-TOKEN: CWforZl1Vn2vC_v6H4rnQRT1DoWpDouJAV-_5TBmiQRAtA8rsOG_BoajTiOSsL0A3bd-bmHXlA-eQzc9ywItKg' \

_10

-H 'Content-Type: application/vnd.mx.nexus.v1+json' \

_10

-H 'Accept: application/vnd.mx.nexus.v1+json'

Step 10

Read the member's account numbers

Request

Response

Language:shell

_10

curl -i https://int-data.moneydesktop.com/members/MBR-84ca0882-ad6c-4f10-817f-c8c0de7424fa/account_numbers \

_10

-H 'MD-SESSION-TOKEN: :session_token' \

_10

-H 'Content-Type: application/vnd.mx.nexus.v1+json' \

_10

-H 'Accept: application/vnd.mx.nexus.v1+json'

Testing Verification

For the most robust end-to-end testing of verification, MX will need to set up test accounts for a partner. Please contact MX to perform this kind of testing.

However, MX provides simple, static-data test endpoints for verification.

In order to use these test endpoints, you must:

1. Make requests through the MX integration environment; test endpoints will not function in the production environment.
2. Use the following Nexus session token: test_session.
3. Use the following Nexus endpoint paths:
   • Get account numbers (no data exists): GET /members/unverified/account_numbers/
   • Get account numbers (data does exist): GET /members/test_nexus_member/account_numbers
   • Verify: POST /members/test_nexus_member/verify