Create a Client
Add a New Client
Now that you have access to the admin portal, and have the correct privileges to create our client, lets make a new client and give it the right information to get started.
On the left hand side of the admin portal go to API -> My Clients and then click the grey Add New button.
What is an API client?
The Moneyhub API uses clients as a form of identification and configuration for your specific application.
You can have multiple clients, either for testing, sandboxing or a production variant. The client will store all the information needed for you to talk to the API, such as redirect urls, keys and algorithm preferences.
Edit Your Client
You should now be presented with a form detailing all the information that the client needs.
Below is a table breaking down the preferred configuration for this guide. Required fields will be denoted with a *. Our recommended values are designed to be used with this getting started guide and can be changed once you have completed it. Many of these values are recommended for production clients also and will save a lot of time if you stick to them when developing.
Lets break it down:
| Field | Description | Recommended Value |
|---|---|---|
| API Client Name* | This is the name of your client, used for you to identify. | "business name - PROD / DEV" |
| Logo URI | If your business has a logo, you can provide a URI to its location. | |
| Business* | This ties the client to your business within the API (This is required for the client to work). | Your business name |
| Redirect URIs* | Here you will need to provide any redirect URIs you plan on using. | http://localhost:3000 |
Advanced Configuration
| Field | Description | Recommended Value |
|---|---|---|
| Grant Types* | These are the grant types your client will be capable of using. | authorization_code, refresh_token, client_credentials, implicit |
| Response Types* | These are the types of response your client will accept. | code id_token |
| Token endpoint authentication method* | This is the method that the API will expect your client to authenticate with. | private_key_jwt |
| ID token signed response algorithm* | This is the algorithm that will be used to sign the response ID token | one of the RS, ES or PS algorithms |
| Request object signing algorithm* | This is the algorithm that will be used to sign a request object | none |
| Webhook URI | This is the URI you wish to send webhooks too if you so choose. | |
| Webhook Format | The format that webhooks are sent in (JWT or JSON) | |
| Webhook Events | The specific events you would like to be notified of. | |
| JWKS URI | The URI of you public JWKS. | |
| JWKS* | Your public JWKS. (use either this or JWKS URI) | Explained below |
Redirecting To HTTP
When testing locally you may want to redirect to an unsecure URI such as
localhost. With our current configuration using the implicit grant means you wont be able to use a non HTTPS URI.To solve this you can use a site like: https://redirectmeto.com/ to create a redirect from secure to insecure and retain the code that is sent back with a redirect. In the redirect URIs section you could put something like this: https://redirectmeto.com/http://localhost:3000
Creating JWKS
There are many ways to obtain a JWKS and depending on your development environment this can change. We will outline below a method using our Node.js library that is very easy. If you don't develop with Javascript we will also link to a few commonly used packages for specific languages you can use. Further documentation on this can be found here: JWKS
Using the Node.js Moneyhub API library
Our Node.js API library can be found here: github and can be also downloaded from NPM invoking:
npm install --save @mft/moneyhub-api-client
For our purposes you can simply download the library from github and navigate to it within a terminal. From here you call this command:
cd ./moneyhub-api-client
node ./examples/jwks/create-jwks.js
Options
--key-alg string
--key-use string
--key-size number
--alg string
While you can pass in arguments to adjust the JWKS, if you run the command with no arguments present you will then be given two sets of keys that look like this:
Public keys
This can be used as the JWKS in your API client configuration in the Moneyhub Admin portal
{
"keys": [
{
"kty": "RSA",
"n": "rSyNOgrdgVbtDRWqrhMQXMDeL0R2AzBZKza2mCaC7ND3LPZObugkz1jp3dnaTFraDzxPkdpazhuTEZx8huu7NOjuwrPZtoyuDLQ0f12xaOry9bupLe38mhnmn_J27E7kplPy1zkN1L420VdY-KwhtjK26JYoWrjYvML2BNYISd-B5EC9G1S5y6YmTm2inVARPMasMYc2_T_3dK3N6mSL22jiPSCbLGmqS4id0TKv6WdB4jd4XYiQB76AoDe9YVsTcw6yo6G-EmJmv6kdyyzVpPlvdpFL3kNnnBATBu61GfHOgqUrGwWt8nsrtCOXOMsvwtfSOI6MxDeLvms_tCsY0Q",
"e": "AQAB",
"kid": "DZ76sBMR0VNfmEJ3YZ6Frn_77qtKoBIlx9JGXlctt5s",
"use": "sig",
"alg": "RS256"
}
]
}
Private keys
This can be used as the keys value when configuring the moneyhub api client
{
"keys": [
{
"kty": "RSA",
"n": "rSyNOgrdgVbtDRWqrhMQXMDeL0R2AzBZKza2mCaC7ND3LPZObugkz1jp3dnaTFraDzxPkdpazhuTEZx8huu7NOjuwrPZtoyuDLQ0f12xaOry9bupLe38mhnmn_J27E7kplPy1zkN1L420VdY-KwhtjK26JYoWrjYvML2BNYISd-B5EC9G1S5y6YmTm2inVARPMasMYc2_T_3dK3N6mSL22jiPSCbLGmqS4id0TKv6WdB4jd4XYiQB76AoDe9YVsTcw6yo6G-EmJmv6kdyyzVpPlvdpFL3kNnnBATBu61GfHOgqUrGwWt8nsrtCOXOMsvwtfSOI6MxDeLvms_tCsY0Q",
"e": "AQAB",
"d": "pVTYjGadLYO5E_nwlvr6byNvvL7m0IqTRy-YSlDSRJgItDN_lGEr643e0YDQ6n7-mvcgnIZUlVw8H99AAGwEsjIE6Xxdyewrq1NMn6Dq5NkTFsqQbZo9xT4fMeuB4IA9yhJx0UrWSptDqL904Q0trk5i1FGvu1WpDyYvTVSuWx9nDHkOEP32r4bIUDRpUNJPUplzbl9qoMdxo_npI1zAUzl1qLMs1no_8B4YeDR9xvMveeGnS7Z4roYSYn5eydDPqJquLzyCFnbj4jDhSt5fcHtXoOpIDq6m-SANwXJe6sYjlVHhBixlSfDRrqRpKp5PsGz7IvH8oXpzJzVkVdZtVQ",
"p": "2k-vobK4_elAuxEmp-SRiWwmguTLBYakiRl0CqdgxKDLay4cAwUTAsOFC1sOHh0qbjklP1dd1CoN9wPCenYR1wJWKSo9Z5-6a9O-f2Xfimh7RNMvtm_WmZCyYtltoMfXFHsWvLW5L8oytCjbCr15rB4l5VOb4Jn7ygYHgkrQASM",
"q": "yxID7q0evplelSs_ShM0UuAoZ0tsIY4I4XCbAB4MdSIqT44DoGZAvBGtBLs2GgJ4adV97BDd-uhWLn3UiNZyGZIs7rCL4F8zhdoDW6LRmVKmLDEhiBsEaX42usXMAEnJQ4e1OaslmfMNbKBI2z0Rkj82EummB0v4sdnOfh2Ij3s",
"dp": "EIhGUaV6MuhOGZyD4-UATHrfM7xlz4ZRwXwm-IOSZXGT1gsI3gWtWeE6mxCLMiadRvmW44QXO_DvW8xyFtoIIdMweS-UtNs4v9-qJnWthwrAgwbHLzaq9rgpeijjD3Dyzb9AiovseT0Dt_b8F4UfyLQDxKkfPdQLaFIqkWhe9ic",
"dq": "hlT3hva8hMb9-11tc3n6vewMrjAFarkDhOYxksVN5lpgdNnz6jJaFk73Dk8tfc0ujIwuzW9m-GijQgP5CUAaoHHDCW5-SUGQ2rWaTQ8K6grzY_5oORnuND7Kw4i-513oJqTqLCjcKdfPhJEPQQBH1F--TIqFSwRlknkLkP_Ga2s",
"qi": "n0xNWaIQaf3Ze_ymMMpjv9XkWh4MjOCvHd0zc0H1E1vYO8M5DNJ9Jd2wDnESu2tZ5qAD23BR6NHlqxPXG1ZRQ4vPlNJ0ysQvtR67ap-qkGXnPYkwZsK0X7gG5JAIJlwCDdf1bGFmH0gwuQmpyUht8ByXsS04ymiR8_Jo-DSf3mo",
"kid": "DZ76sBMR0VNfmEJ3YZ6Frn_77qtKoBIlx9JGXlctt5s",
"use": "sig",
"alg": "RS256"
}
]
}
Libraries for other languages
Its likely that you may use another language or the node.js library doesn't work for your situation. Below are a few suggestions for other libraries you can use. We don't endorse any of these suggestions and recommend that you do your own research to find the best option for you.
If you language is not listed here you can also review this list provided by OpenID: openid.net
Why do we ask for JWKS?
This getting started guide wants to set you up for success! While there are other authentication methods you can use which may be easier to setup, when you inevitably decide to go live, you will NEED to have JWKS setup. This ensures the best security when developing against our API.
How to use your JWKS
You can now paste in your public keys into the admin portal configuration or provide an endpoint to obtain them.
Your private keys should be stored safely within your environment or config and used to sign future JWTs to the Moneyhub API.
Signing JWTs should take place on your secure environment as to keep your secret keys safe. The library you have chosen to generate these keys should also provide methods to sign JWTs with them.
Updated 5 months ago