OAuth is a simple, secure, and standardized way to perform authentication without actually exchanging sensitive credentials like usernames and passwords.
This guide explains how to properly deal with OAuth while coding up to the MX API whether you’re developing for the browser or a mobile app. If you’re using our MXconnect widget for creating members on the MX platform, it deals with OAuth somewhat automatically. We’ve got separate guides if you’re using MXconnect.
When working with OAuth, keep the following information in mind:
- You can’t use OAuth with all institutions — some support OAuth and some don’t. On the other hand, some institutions only support OAuth, and you won’t be able to authenticate using ordinary credentials.
- Before you can use OAuth, you must register with the financial institution. This registration process is what provides the tokens required for a successful and secure authentication. We handle all these registrations for you, but you must request production access to the Platform API first. Request production access and apply for OAuth registration on the Client Dashboard.
Using MXbank and OAuth
It’s important to note that there is only one OAuth institution available in the integrations environment:
mx_bank_oauth, which is one of our test institutions. It will behave just like any other OAuth institution, and it does not require registration. Hence, everything you’ll see in our OAuth guide only uses this test institution.
For more information about MXbank, review our guide on testing.
If you’ve registered OAuth with a financial institution, learn more about our overall workflow for OAuth aggregation.