Re: Yodlee site-based API
a) I know that when adding an MFA account you are supposed to trigger /jsonsdk/Refresh/startSiteRefresh. But if an account is already added and already active, and I want to trigger a manual refresh to get new data, is /jsonsdk/Refresh/startSiteRefresh the correct API to use?
b) When I do use /jsonsdk/Refresh/startSiteRefresh for a manual refresh, I do not want to trigger the whole MFA flow, I simply want to pull new data if possible. So which refreshMode do I specify "MFA" or "NORMAL"?
I ask this, because I used "MFA" mode and it failed with a 522 (timeout) error due to a new security question. But when Yodlee runs the nightly refresh, the same condition will result in a 506 or 518; not a 522. Maybe I am supposed to specify "NORMAL" even for "MFA" accounts for a manual refresh?
You need not pass the refresh mode in the startSiteRefresh API. When you call this API for a siteAccountID the response will tell you if the MFA is required or not. Below fields can be used from the response.
"siteRefreshMode":{
"refreshModeId":1,
"refreshMode":"MFA"
}
Depending on the refreshMode you can follow the MFA flow or Normal flow.
When you trigger this API you will have to flow the complete flow to get the latest data or else the refresh will fail and data will not be updated.
Refer - startSiteRefresh for the API and Refresh Flow for refreshing an account.
I ask this, because I used "MFA" mode and it failed with a 522 (timeout) error due to a new security question. But when Yodlee runs the nightly refresh, the same condition will result in a 506 or 518; not a 522
This is because in case of manual refresh you as a user is not answering the question asked at the end site and hence our server identifies it as no response from the user and hence 522 error code. When it's automatic refresh from Yodlee's end and a new question is encountered the error code is 518.
Related
I'm trying to test the MFA in Yodlee with the dummy account DagBankTokenFMPA. I let the MFA timed out and now everytime, I try to refresh I got the same error :
{"siteRefreshStatus":{"siteRefreshStatusId":10,"siteRefreshStatus":"SITE_CANNOT_BE_REFRESHED"},"siteRefreshMode":{"refreshModeId":1,"refreshMode":"MFA"},"updateInitTime":0,"nextUpdate":2047149073,"code":522,"suggestedFlowReason":{"suggestedFlowReasonId":2,"suggestedFlowReason":"ACCOUNT_IN_ERROR"},"suggestedFlow":{"suggestedFlowId":3,"suggestedFlow":"EDIT"},"itemRefreshInfo":[{"memItemId":10088102,"itemSuggestedFlow":{"suggestedFlowId":3,"suggestedFlow":"EDIT"},"itemSuggestedFlowReason":{"suggestedFlowReasonId":2,"suggestedFlowReason":"ACCOUNT_IN_ERROR"},"errorCode":522,"retryCount":1}],"noOfRetry":1,"isMFAInputRequired":true}
How can I prevent that ? Do I need to stop the refresh with stopRefresh and start over ?
In this case you need to call updateSiteAccountCredentials API and just pass the details again, this will trigger a refresh and then you need to call getMFAResponseForSite to see what MFA information is required by the bank.
To add more, it seems like you are mixing two sets of APIs here. We recommend to either use container based APIs or Site Based set of APIs, in conjunction with Core APIs which are common to both.
I need your help regarding MFA flow. Could you tell me please if there is a list of institutions, that use MFA, or if it is possible to get it?
I have found site, that looks like it had MFA, at least it has such data within response (siteSearchString)
"mfaType":{"typeId":4,"typeName":"SECURITY_QUESTION"},"mfaCoverage":"FMPA"
But when I'm getting site login form with this siteID, I'm getting simple login form with
"isMFA": false
When I try to addSiteAccount using this siteId, I'm getting this error:
{
"errorOccurred": "true",
"exceptionType": "com.yodlee.core.IllegalArgumentValueException",
"referenceCode": "_23e71a23-4298-4d86-9271-be9ada8892b0",
"message": "Multiple exceptions encapsulated within: invoke getWrappedExceptions for details"
}
Looks like, that this call requires real credentials for this institution. Am I right? If so, is there any test banks or other financial institution, that use MFA? So we can use them in development mode and not to interact with real ones?
I have found useful generator. So question with test accounts is solved.
Please correct me if I miss something in MFA flow.
Thanks!
The isMFA: false value present in the login form does not make a site MFA.
"mfaType":{"typeId":4,"typeName":"SECURITY_QUESTION"},"mfaCoverage":"FMPA" this value represents if a site is MFA or not.
The exception which you are getting is coming because the login form parameters are not passed correctly in the addSiteAccount API.
You should use getSiteLoginForm API to get the login form for a site and then construct the request of addSiteAccount
Also I would suggest you to go through the API flow to understand the sequence of API to be used correctly.
I would like to differentiate between two scenarios: addSiteAccount API with incorrect credentials and addSiteAccount API with right set of credentials. What I am noticing is that both cases return a siteAccountId with RefreshStatus=Triggered. But when I invoke the same API again or any other API then I get a Login error message.
How can I distinguish between the two cases in a single execution of addSiteAccount ?
So that I could pass the error to end users about incorrect credentials. Thanks.
addSiteAccount1 is the API which will create a siteaccountID i.e. an identifier for that particular account linked.
It will not return any error until you are trying to add same credentials i.e. in that case it will check if you already have added those credentials and will return the response for those credentials.
For understanding how it works:
After calling addSiteAccount1 a siteAccountId willbe created and a refresh would be initiated for that. This will go ahead and validate the credentials passed with the Bank web site and will return the response(success or failure depending upon the credentials passed).
For checking status you need to call getSiteRefreshInfo in loop, I am mentioning the flow for your reference.
(Applicable only for NON- MFA sites)
CobLogin
Register3
Login
AddSiteAccount1 – (this will trigger a refresh request,no need to call startSiteRefresh)
Check for siteRefreshStatus field’s value returned from #4 and if it says “REFRESH_TRIGGERED” , then you can go to #6
Call getSiteRefreshInfo in loop till you get SiteRefreshStatus as either of the following status is received
PARTIAL_COMPLETE– This means that the account level data has been aggregated
REFRESH_COMPLETED– The refresh has been completed.
LOGIN_FAILURE– Login credentials provided was wrong.
REFRESH_CANCELLED– Refresh cancelled by User.
REFRESH_TIMED_OUT– Refresh is taking more time.
7 From #6 you also get a “code” and if the code is 402 then that means credentials were wrong and if it's 0(zero) that means the credentials were correct and the gathering of data was successful. Then you can go to #8 and grab transactions.
Also to know more about error_code see ErrorCode document.
8 ExecuteUserSearchRequest or call any other API depending upon your implementation.
I've noticed some institutions have a multi-step MFA, for example the first MFA question will be a "token style" request for a phone number, which after submitting, the user gets a text and needs to respond with a token. How does one detect this situation and submit the final step to Yodlee?
Ok this is what Yodlee calls a "Multi level" MFA. You can use DagMultilevel to test this. When checking for an MFA request, this must be in a loop, such that you keep checking after each MFA response to see if "isMessageAvailable" is true.
Along with "isMessageAvailable" you should be checking the error code too, if error code is not null then there is no more MFA present.
If error code is 0 then the request was successful or else it failed with an error.
You can check for those error codes in this page https://developer.yodlee.com/FAQs/Error_Codes
Using the Yodlee API, if I have a successfully connected site_account, and then something changes (say the user updates the answers to their MFA questions) causing refresh to give Yodlee an error, how do I force it to refresh so that I can retry entering MFA information? Using startSiteRefresh I can't get it to force refresh, even with forceRefresh on RefreshParameters set to True. All I get back is SiteRefreshStatus=None with the previous error code, and it doesn't let me ask for new mfa questions at all.
To update the credentials you should use updateSiteAccountCredentials.
But to refresh you should be using startSiteRefresh and check for refresh mode
(siteRefreshInfo.getSiteRefreshMode()) if the refresh mode is MFA_REFRESH_MODE then you should start the MFA flow.
Based on the error, if you want to change the values like username, password, Q&A for MFA, you can use the updateCredentialsForItem call to edit the item. You can then refresh the account.
More details on this page.
You are correct, for site the API is different.
First you would need to call getSiteAccountCredentials or getSiteAccountMfaQuestionsAndAnswers to get login form or MFA QnA as needed, and then updateSiteAccountCredentials.
If the changes worked, refresh would be triggered.