In looking through the IAV API docs, I see that the user also has to register an account before being able to query financial data on the user. Is the user account unique to Yodlee or is it unique to each cobrand? How are other companies implementing the IAV flow? Is the cobrand creating the user account and managing it for the user? Or is there an API flow with a modal window that the user registers an account themselves?
Here is how Yodlee works in terms of IAV or Aggregation.
A cobrand is created for each company who connects with yodlee and
use it's APIs.
Now if the cobrand wants do IAV or aggregation for
their users then they have to register each and every user on Yodlee
platform.
Once registered these users can do IAV or aggregation
based on the cobrand's implementation.
Hence registration of a user is a mandetory procedure so that each user has access to only their accounts which they have linked.
Now these user accounts are unique to a cobrand. Implementing the IAV flow is completely dependent on the cobrands.
There are two types of IAV flows -
IAV data service flow - In this Yodlee returns the account level data and clients implement their own logic to match the account.
IAV matching service flow - In this Yodlee does matching using the predefined business logic of Yodlee.
For registering a user there is an API but no modal window provided by yodlee for registering a user.
Hence cobrand can choose any of the below approach -
Show user a registration window and let them register directly on
Yodlee
Let user register on your application and use the same to
register on yodlee
Let user register on your application and then you create a account for user with different login on yodlee and manage the mapping at your end.
Related
I'm working on setting up a product that can be used by multiple companies. These companies would authenticate via a Federated Identity (Google and Microsoft). Once logged in, they will be presented with a dashboard that has data tied to their account.
My current thinking is:
User enters their company email
An API is triggered that will lookup the identity provider given the company email's domain (EX: "#someCompany.com")
API will respond with a redirect URL to SSO.
Should I be making a User Pool for every company that registers with my product? Or should I be creating Groups within a single User Pool for each company?
How to verify a bank account through Yodlee IAV, without providing account number and routing number ?
Is there any means to verify by prompting for netbanking credentials?
You can use Yodlee IAV data services for the same, while you can skip the first step where you'll ask consumer to enter the RTN and directly ask them to first choose the bank site and then check if IAV is supported for that particular site or not. You can find the Yodlee IAV data services flow chart over here.
I'm trying to access public information from API's without actually having users grant access to the API in my mobile Application. Is this actually possible, or are the Oauth permissions for any sort of access to an API?
For example, I want my application to be able to pull a list of nearby restaurants for my application without asking the user if Yelp can access the application. Since the user just wants nearby food information, the request for restaurants isn't user specific, and the user shouldn't actually have to login.
Another example is if I want Eventbrite to simply give me a list of upcoming events. Is there a way to get this list without having a user authenticate Eventbrite within my application itsself?
You can call an API endpoint with your own token (between your Eventbrite account and your application key), and if the data is public (even if it's 'owned' by a different Eventbrite account) we'll return the data.
For example, if you want a list of events across our Event Directory (Event Search endpoint: http://developer.eventbrite.com/docs/event-search/) you can call this method with your own OAuth token (you can grab your OAuth token here: http://eventbrite.com/myaccount/apps).
Hope that helps!
I am new to linkedin api. I have a doubt regarding the api.
I am integrating the api in my application, so different user have to register in the linkedin to get the data using that api? Can it be pre registered and the user can get the data whatever he wants.
Suppose user wants to search about company. He will type the company name and will get the names of the company related to search. He should not log in in linked in before searching.
Is it possible?
If you are using the JavaScript API, then yes, you may need to have the user log in each time as the JavaScript API's authorization is cleared every time the user closes their browser.
If you are using the REST API, you can store the user's OAuth token and use that to make the calls on behalf of the user, saving them having to sign-in each time.
Google published that they are testing a feature that allows you to sign in simultaneously to multiple Google accounts in the same browser.
Any idea how would that be implemented ?
I don’t have any inside info on how multiple accounts are actually supported, but here’s what I presume:
Your cookie holds a security token, just like in the old days.
The security token now maps to a set of signed-in accounts on the server.
I’d guess there’s a notion of an active account among this set.
When you go to a Google service that implements multiple-account support, the service pulls down your active account and drops you into that account by default.
Then, you get presented with some UI that lets you toggle between your other signed-in accounts or lets you sign into a new account.