Skip to main content

Partner settings

Name

Example: ACME Bank Corp.inc

Name of the partner

Organization

Example: acme

That's an unused concept we've had. A partner has to belong to an organization however.

Subdomain

Example: acme

Subdomain by which we'll be able to identify later on requests coming from a specific partner. If the subdomain is acme then the the full domain will be: acme.{domain-name}. It's created by joining the subdomain and the env var ROOT_DOMAIN.

Api Endpoint

Example: https://acme-partner-api.demo-bank.io/partner_api

Endpoint which the partner has available for us to make calls to. It was heavily used in the initial iterations of the product (e.g. to make transactions). It's can be left blank

App Views Version

Example: 3

We version our frontend component, because sometimes new features require us to enable them gradually. That way we can make continous improvements to the product and deploy daily without breaking things for our clients.

Enabled

Example: true

Whether the partner is enabled.

Locales

Example: ["sv"]

List of locales that the partner supports. Each locale means a new localization. Current list of supported locales:

  • sv: Swedish
  • en: English
  • uk: Ukrainian
  • ru: Russian
  • tr: Turkish
  • nb: Norwegian Bokmal
  • pl: Polish
  • nl: Dutch
  • fr: French
  • de: German

Currency

Example: PLN

Currency that the partner uses. We only support one currency per partner. This however can be expanded easily. The list of supported currencies:

  • EUR
  • SEK
  • UAH
  • USD
  • TRY
  • NOK
  • GBP
  • ZAR
  • PLN
  • THB.

Jwt Jwks Uri

Example: https://acme.demo-bank.io/.well-known/jwks.json

JWKS endpoint from which we can get public keys and validate the JWT (Access / Atuh tokent) supplied by the bank mobile app when launching the DES experience.

Jwt Issuer

Example: acme.demo-bank.io

We validate if the JWT token (Access / Atuh token in OpenId Connect flow) to be used in relation to the partner were created by the issuer specified here.

Jwt Audience

Example: doconomy

Intended audience of the JWT token (Access / Atuh token in OpenId Connect flow). We validate that during authentication.

Allowed Frame Domains

Example: ["https://acme.demo-bank.io"]

Allows you to specify what parent window domain may embed the DES experience when using an iframe for the web. You can read more about frame ancestors here.

NOTE: Although the Content-Security-Policy HTTP header can take a <space separated list of sources>; as value for frame-ancestors, more restrictions apply for this partner setting. The value must be a single entry, including protocol, exactly matching your parent window's domain, without wildcards. I.e. https://app.your-bank.com would be allowed, whereas *, self, *, https://app.your-bank.com, your-bank.com and similar are not allowed values.

External Domain

Example: acme-doconomy-app.demo-bank.io

external_domain allows a partner to serve the web app, depo & api from their own domain. This is necessary to circumvent third-party cookie restrictions in some browsers.

Cookies Same Site Protection

Example: none, lax, strict

It sets the same site protection on the cookies created by des. Default is lax.

Lower Balance Bucket Size Cents

Example: 100000

Dashboard KPI will show number of users with less than 100000 cents.

Upper Balance Bucket Size Cents

Example: 1000000

Dashboard KPI will show number of users with less than 1000000 cents.

Cert Common Name

Example: bank.common.name

Common name for the certificate the bank is issuing. We do verify if the cert common name matches for the partner.

Jwk Cache Expiry Time

Example: 43200

The value is in seconds. We cache the JWK to not make requests to JWKS endpoint too often. This is how often we fetch the keysets.

Transaction Webhook Url

Example: — If you want to be notified about new transactions instead of polling the transactions endpoint then add the url that will serve as a webhook.

Message Webhook Url

Example:

If you want to be notified about new messages instead of polling the transactions endpoint then add the url that will serve as a webhook.

Token Validator

Example: Authentication::Jwt, VerifyViaUrl

To validate the authentication token supplied during launching DES app we can assume that user information is already in the token. This is the case for the JWT option and it's the default approach that we suggest to use. The other option is to get the user info from an endpoint exposed by the bank after validating the auth token. Both scenarios are valid flows in OpenID Connect.