Create a Client

Add a New Client

Now that you have access to the admin portal, and have the correct privileges to create our client, lets make a new client and give it the right information to get started.

On the left hand side of the admin portal go to API -> My Clients and then click the grey Add New button.

📘

What is an API client?

The Moneyhub API uses clients as a form of identification and configuration for your specific application.

You can have multiple clients, either for testing, sandboxing or a production variant. The client will store all the information needed for you to talk to the API, such as redirect urls, keys and algorithm preferences.

Edit Your Client

You should now be presented with a form detailing all the information that the client needs.

Below is a table breaking down the preferred configuration for this guide. Required fields will be denoted with a *. Our recommended values are designed to be used with this getting started guide and can be changed once you have completed it. Many of these values are recommended for production clients also and will save a lot of time if you stick to them when developing.

Lets break it down:

FieldDescriptionRecommended Value
API Client Name*This is the name of your client, used for you to identify."business name - PROD / DEV"
Logo URIIf your business has a logo, you can provide a URI to its location.
Business*This ties the client to your business within the API (This is required for the client to work).Your business name
Redirect URIs*Here you will need to provide any redirect URIs you plan on using.http://localhost:3000

Advanced Configuration

FieldDescriptionRecommended Value
Grant Types*These are the grant types your client will be capable of using.authorization_code, refresh_token, client_credentials, implicit
Response Types*These are the types of response your client will accept.code id_token
Token endpoint authentication method*This is the method that the API will expect your client to authenticate with.private_key_jwt
ID token signed response algorithm*This is the algorithm that will be used to sign the response ID tokenone of the RS, ES or PS algorithms
Request object signing algorithm*This is the algorithm that will be used to sign a request objectnone
Webhook URIThis is the URI you wish to send webhooks too if you so choose.
Webhook FormatThe format that webhooks are sent in (JWT or JSON)
Webhook EventsThe specific events you would like to be notified of.
JWKS URIThe URI of you public JWKS.
JWKS*Your public JWKS. (use either this or JWKS URI)Explained below

🚧

Redirecting To HTTP

When testing locally you may want to redirect to an unsecure URI such as localhost. With our current configuration using the implicit grant means you wont be able to use a non HTTPS URI.

To solve this you can use a site like: https://redirectmeto.com/ to create a redirect from secure to insecure and retain the code that is sent back with a redirect. In the redirect URIs section you could put something like this: https://redirectmeto.com/http://localhost:3000

Creating JWKS

There are many ways to obtain a JWKS and depending on your development environment this can change. We will outline below a method using our Node.js library that is very easy. If you don't develop with Javascript we will also link to a few commonly used packages for specific languages you can use. Further documentation on this can be found here: JWKS

Using the Node.js Moneyhub API library

Our Node.js API library can be found here: github and can be also downloaded from NPM invoking:
npm install --save @mft/moneyhub-api-client

For our purposes you can simply download the library from github and navigate to it within a terminal. From here you call this command:

cd ./moneyhub-api-client
node ./examples/jwks/create-jwks.js

Options

  --key-alg string
  --key-use string
  --key-size number
  --alg string

While you can pass in arguments to adjust the JWKS, if you run the command with no arguments present you will then be given two sets of keys that look like this:

Public keys
This can be used as the JWKS in your API client configuration in the Moneyhub Admin portal
{
    "keys": [
        {
            "kty": "RSA",
            "n": "rSyNOgrdgVbtDRWqrhMQXMDeL0R2AzBZKza2mCaC7ND3LPZObugkz1jp3dnaTFraDzxPkdpazhuTEZx8huu7NOjuwrPZtoyuDLQ0f12xaOry9bupLe38mhnmn_J27E7kplPy1zkN1L420VdY-KwhtjK26JYoWrjYvML2BNYISd-B5EC9G1S5y6YmTm2inVARPMasMYc2_T_3dK3N6mSL22jiPSCbLGmqS4id0TKv6WdB4jd4XYiQB76AoDe9YVsTcw6yo6G-EmJmv6kdyyzVpPlvdpFL3kNnnBATBu61GfHOgqUrGwWt8nsrtCOXOMsvwtfSOI6MxDeLvms_tCsY0Q",
            "e": "AQAB",
            "kid": "DZ76sBMR0VNfmEJ3YZ6Frn_77qtKoBIlx9JGXlctt5s",
            "use": "sig",
            "alg": "RS256"
        }
    ]
}


Private keys
This can be used as the keys value when configuring the moneyhub api client
{
    "keys": [
        {
            "kty": "RSA",
            "n": "rSyNOgrdgVbtDRWqrhMQXMDeL0R2AzBZKza2mCaC7ND3LPZObugkz1jp3dnaTFraDzxPkdpazhuTEZx8huu7NOjuwrPZtoyuDLQ0f12xaOry9bupLe38mhnmn_J27E7kplPy1zkN1L420VdY-KwhtjK26JYoWrjYvML2BNYISd-B5EC9G1S5y6YmTm2inVARPMasMYc2_T_3dK3N6mSL22jiPSCbLGmqS4id0TKv6WdB4jd4XYiQB76AoDe9YVsTcw6yo6G-EmJmv6kdyyzVpPlvdpFL3kNnnBATBu61GfHOgqUrGwWt8nsrtCOXOMsvwtfSOI6MxDeLvms_tCsY0Q",
            "e": "AQAB",
            "d": "pVTYjGadLYO5E_nwlvr6byNvvL7m0IqTRy-YSlDSRJgItDN_lGEr643e0YDQ6n7-mvcgnIZUlVw8H99AAGwEsjIE6Xxdyewrq1NMn6Dq5NkTFsqQbZo9xT4fMeuB4IA9yhJx0UrWSptDqL904Q0trk5i1FGvu1WpDyYvTVSuWx9nDHkOEP32r4bIUDRpUNJPUplzbl9qoMdxo_npI1zAUzl1qLMs1no_8B4YeDR9xvMveeGnS7Z4roYSYn5eydDPqJquLzyCFnbj4jDhSt5fcHtXoOpIDq6m-SANwXJe6sYjlVHhBixlSfDRrqRpKp5PsGz7IvH8oXpzJzVkVdZtVQ",
            "p": "2k-vobK4_elAuxEmp-SRiWwmguTLBYakiRl0CqdgxKDLay4cAwUTAsOFC1sOHh0qbjklP1dd1CoN9wPCenYR1wJWKSo9Z5-6a9O-f2Xfimh7RNMvtm_WmZCyYtltoMfXFHsWvLW5L8oytCjbCr15rB4l5VOb4Jn7ygYHgkrQASM",
            "q": "yxID7q0evplelSs_ShM0UuAoZ0tsIY4I4XCbAB4MdSIqT44DoGZAvBGtBLs2GgJ4adV97BDd-uhWLn3UiNZyGZIs7rCL4F8zhdoDW6LRmVKmLDEhiBsEaX42usXMAEnJQ4e1OaslmfMNbKBI2z0Rkj82EummB0v4sdnOfh2Ij3s",
            "dp": "EIhGUaV6MuhOGZyD4-UATHrfM7xlz4ZRwXwm-IOSZXGT1gsI3gWtWeE6mxCLMiadRvmW44QXO_DvW8xyFtoIIdMweS-UtNs4v9-qJnWthwrAgwbHLzaq9rgpeijjD3Dyzb9AiovseT0Dt_b8F4UfyLQDxKkfPdQLaFIqkWhe9ic",
            "dq": "hlT3hva8hMb9-11tc3n6vewMrjAFarkDhOYxksVN5lpgdNnz6jJaFk73Dk8tfc0ujIwuzW9m-GijQgP5CUAaoHHDCW5-SUGQ2rWaTQ8K6grzY_5oORnuND7Kw4i-513oJqTqLCjcKdfPhJEPQQBH1F--TIqFSwRlknkLkP_Ga2s",
            "qi": "n0xNWaIQaf3Ze_ymMMpjv9XkWh4MjOCvHd0zc0H1E1vYO8M5DNJ9Jd2wDnESu2tZ5qAD23BR6NHlqxPXG1ZRQ4vPlNJ0ysQvtR67ap-qkGXnPYkwZsK0X7gG5JAIJlwCDdf1bGFmH0gwuQmpyUht8ByXsS04ymiR8_Jo-DSf3mo",
            "kid": "DZ76sBMR0VNfmEJ3YZ6Frn_77qtKoBIlx9JGXlctt5s",
            "use": "sig",
            "alg": "RS256"
        }
    ]
}

Libraries for other languages

Its likely that you may use another language or the node.js library doesn't work for your situation. Below are a few suggestions for other libraries you can use. We don't endorse any of these suggestions and recommend that you do your own research to find the best option for you.

LanguageLibrary NameURL
PythonjwcryptoPypi
C#.NETDocs
Javajose4jjose4j
PHPphpOIDCphpOIDC
RustjsonwebkeyDocs
Gojwkpkg
Haskelljose-jwtHackage

If you language is not listed here you can also review this list provided by OpenID: openid.net

🚧

Why do we ask for JWKS?

This getting started guide wants to set you up for success! While there are other authentication methods you can use which may be easier to setup, when you inevitably decide to go live, you will NEED to have JWKS setup. This ensures the best security when developing against our API.

How to use your JWKS

You can now paste in your public keys into the admin portal configuration or provide an endpoint to obtain them.

Your private keys should be stored safely within your environment or config and used to sign future JWTs to the Moneyhub API.

Signing JWTs should take place on your secure environment as to keep your secret keys safe. The library you have chosen to generate these keys should also provide methods to sign JWTs with them.


What’s Next

Time to choose!