Partner settings

Name

Example: ACME Bank Corp.inc

Name of the partner

Organization

Example: acme

That's an unused concept we've had. A partner has to belong to an organization however.

Subdomain

Example: acme

Subdomain by which we'll be able to identify later on requests coming from a specific partner. If the subdomain is acme then the the full domain will be: acme.{domain-name}. It's created by joining the subdomain and the env var ROOT_DOMAIN.

Api Endpoint

Example: https://acme-partner-api.demo-bank.io/partner_api

Endpoint which the partner has available for us to make calls to. It was heavily used in the initial iterations of the product (e.g. to make transactions). It's can be left blank

App Views Version

Example: 3

We version our frontend component, because sometimes new features require us to enable them gradually. That way we can make continous improvements to the product and deploy daily without breaking things for our clients.

Enabled

Example: true

Whether the partner is enabled.

Locales

Example: ["sv"]

List of locales that the partner supports. Each locale means a new localization. Current list of supported locales (extended on demand):

sv: Swedish
en: English
uk: Ukrainian
ru: Russian
tr: Turkish
nb: Norwegian Bokmal
pl: Polish
nl: Dutch
fr: French
de: German

Currency

Example: PLN

Currency that the partner uses. We only support one currency per partner. Current list of supported currencies (extended on demand):

Jwt Jwks Uri

Example: https://acme.demo-bank.io/.well-known/jwks.json

JWKS endpoint from which we can get public keys and validate the JWT (Access / Atuh tokent) supplied by the bank mobile app when launching the DES experience.

Jwt Issuer

Example: acme.demo-bank.io

We validate if the JWT token (Access / Atuh token in OpenId Connect flow) to be used in relation to the partner were created by the issuer specified here.

Jwt Audience

Example: doconomy

Intended audience of the JWT token (Access / Atuh token in OpenId Connect flow). We validate that during authentication.

Allowed Frame Domains

Example: ["https://acme.demo-bank.io"]

Allows you to specify what parent window domain may embed the DES experience when using an iframe for the web. You can read more about frame ancestors here.

NOTE: Although the Content-Security-Policy HTTP header can take a <space separated list of sources>; as value for frame-ancestors, more restrictions apply for this partner setting. The value must be a single entry, including protocol, exactly matching your parent window's domain, without wildcards. I.e. https://app.your-bank.com would be allowed, whereas *, self, *, https://app.your-bank.com, your-bank.com and similar are not allowed values.

External Domain

Example: acme-doconomy-app.demo-bank.io

external_domain allows a partner to serve the web app, depo & api from your own domain. This is necessary to circumvent third-party cookie restrictions in some browsers.

Asset Host

Example: https://assets.demo-bank.io

When configured, static assets (JS, CSS, fonts, etc.) as well as uploaded content such as images are loaded from this host.

For SaaS, this is useful if you are using the External Domain and want to cloak assets too.
- NOTE 1: for best performance, this should point to your own CDN, loading assets from DES behind the scenes and caching them.
- NOTE 2: in the end, all assets are served as redirect links to our AWS S3 storage. Please consult with our Customer Success team if this does not provide sufficient domain cloaking for you, or if you want to discuss alternatives.
For self-hosted, this setting is an optional partner-level override of the CDN_HOST.

Cookies Same Site Protection

Example: none, lax, strict

It sets the same site protection on the cookies created by des. Default is lax.

Lower Balance Bucket Size Cents

Example: 100000

Dashboard KPI will show number of users with less than 100000 cents.

Upper Balance Bucket Size Cents

Example: 1000000

Dashboard KPI will show number of users with less than 1000000 cents.

Cert Common Name

Example: bank.common.name

Common name for the certificate the bank is issuing. We do verify if the cert common name matches for the partner.

Jwk Cache Expiry Time

Example: 43200

The value is in seconds. We cache the JWK to not make requests to JWKS endpoint too often. This is how often we fetch the keysets.

Transaction Webhook Url

Example: — If you want to be notified about new transactions instead of polling the transactions endpoint then add the url that will serve as a webhook.

Message Webhook Url

Example: —

If you want to be notified about new messages instead of polling the transactions endpoint then add the url that will serve as a webhook.

Token Validator

Example: Authentication::Jwt, VerifyViaUrl

To validate the authentication token supplied during launching DES app we can assume that user information is already in the token. This is the case for the JWT option and it's the default approach that we suggest to use. The other option is to get the user info from an endpoint exposed by the bank after validating the auth token. Both scenarios are valid flows in OpenID Connect.

Max Dream Target Cents

The maximum allowed amount to have as a Dream Target, in cents of the Partner currency.

Max Transaction Cents

The maximum allowed amount in Transactions created by DES. This will limit Savehack Launch parameters, Internal Transactions and Withdrawals.

Name​

Organization​

Subdomain​

Api Endpoint​

App Views Version​

Enabled​

Locales​

Currency​

Jwt Jwks Uri​

Jwt Issuer​

Jwt Audience​

Allowed Frame Domains​

External Domain​

Asset Host​

Cookies Same Site Protection​

Lower Balance Bucket Size Cents​

Upper Balance Bucket Size Cents​

Cert Common Name​

Jwk Cache Expiry Time​

Transaction Webhook Url​

Message Webhook Url​

Token Validator​

Max Dream Target Cents​

Max Transaction Cents​