Support Sign in
← Partner integrations

Data aggregators

Our integrations with data aggregators further improve your institution’s ability to serve as the hub of end users’ financial activity in a safe and secure manner. End users securely and reliably connect their accounts to popular fintech apps by authorizing each specific app, so the data aggregator can use the Banno API to securely pull the related data. In other words, this helps your end users say goodbye to screen scraping—yay! As part of these integrations, you’ll see a new user and added external applications in Banno People. What you see configured for each data aggregator depends on how many external applications the aggregator registers:

  • A single, overall external application (e.g. Plaid)
  • An external application for every partner app (e.g. Finicity, Akoya, and Yodely)
External applications are automatically enabled. You can’t disable external applications, but you can delete them. We strongly advise not deleting an external application. If it’s deleted, all of your end users’ consents will be revoked, and they’ll have to set up new connections with the application.

Where we are headed

As the Jack Henry Banno Digital Banking Platform transitions from screen scraping to secure, API-based financial data exchange, all inbound screen scraping will cease by the end of 2023. Inbound screen scraping on the Banno Digital Banking Platform will be replaced with API connections to the five major data exchange platforms, including Finicity, Akoya, Plaid, Envestnet, Yodlee, and Intuit.

Replacing inbound screen scraping for more than 700 banks and credit unions on Jack Henry’s Banno Digital Banking Platform inaugurates a new and more secure era of financial data exchange.

Where we were before

Screen scraping, while a common practice throughout the industry, presents multiple challenges in both security and customer experience. Screen scraping is an automated process that uses bots, web crawlers, and other proprietary tools to log into websites on behalf of end users using their passwords and credentials. In addition to being a slow and unreliable means of data extraction, screen scraping makes it difficult for financial institutions to distinguish legitimate login attempts from fraudulent ones, leaving systems vulnerable to credential-stuffing attacks and other cyber threats that continue to plague the industry at large.

Why the change

With API connections, end users have more control of their financial data and financial institutions are protected from a wide range of fraud and security risks that arise from passwords shared with third parties. Unlike the indiscriminate data extraction performed by screen scraping, open-API aggregation allows end users to specify, minimize, and fully control their data and how it’s shared with third-party providers—including the ability to grant or revoke data permissions within their bank or credit union’s digital banking experience.

Ending screen scraping for 9+ million end users on the Jack Henry Banno Digital Banking Platform creates a new data security standard. Access to financial data is easy and secure so that end users feel confident using your app.

Current experience on Banno Admin

Jack Henry utilizes a proven-reliable process to grant each of our data aggregation partners the tightly restricted access required to register their respective external applications, which establish a native connection between each fintech app and Jack Henry’s Consumer API. As we establish such a connection with our carefully vetted data aggregation partners, you will notice the following changes in Banno People and Banno Users & Groups.

  • Banno People
  • Settings
  • External applications
  • Aggregator name
  • App name

Each data aggregator has their own section that lists their registered, individual external applications. You’ll see this apps list grow as the data aggregator registers each app.

  • Banno Users & Groups
  • Users

The Jack Henry Digital Banking team creates a single associated user for each data aggregator, so that all related actions are performed and logged as that lone user in Banno Admin. In accordance with the principle of least privilege, this associated user is granted very minimal permissions—their rights are restricted to viewing groups and registering their apps only.

  • Banno Users & Groups
  • Groups

We then add the data aggregator’s associated user to a dedicated user group, which again is configured with minimal access rights—restricted to the registration of their partner apps.

  • Banno Users & Groups
  • Developers
  • External apps

Each data aggregator has a new external app added. It’s only accessible by the data aggregator’s user group and its lone user.

Warning: We strongly advise not editing data aggregator’s group or or deleting their external app. If the app’s deleted, all of your end user consents will be revoked, and the data aggregator will need to re-register all of their partner applications.

Opting out of auto-enabled partner integrations

While the Jack Henry Digital Banking team clearly advises against deleting the individual external applications that are dynamically provisioned by our data aggregation partners, your financial institution certainly has the right — as well as direct access — to do so. The opt-out process involves three short sets of steps, outlined below.

Removing end-users’ access to a partner integration

After considering the impact, an authorized administrator can delete the individual external applications in Banno People that let your end users connect to our partner integrations on Banno Online and Banno Mobile.

  • Banno People
  • Settings
  • External applications
  • Aggregator name
  • App name

To delete an external app, including any provisioned by our aggregation partners, open People and follow these steps:

  1. Click the Settings dropdown.
  2. Click External applications.
  3. Locate and select the specific partner fintech app you want to permanently delete.
  4. Carefully review the name and other key details on the Edit external application screen to ensure that you have selected the intended app.
  5. Scroll to the bottom of the screen and click Delete.
  6. Consider the final warning on the Delete External Application dialog.
  7. Enter the confirmation text provided, and then click Delete.

After completing the steps above for an individual external app, the data aggregator is no longer connected to the Jack Henry Digital Banking Consumer API via that specific app; however, the connection routes could still exist via other external apps that may have been provisioned by data aggregators. To remove all connections, you must repeat the steps above for each external app that have been provisioned for the fintech you wish to disconnect from our Consumer API.

Further, to prevent a specific data aggregator from using the Admin API to dynamically register external applications on behalf of your financial institution, an authorized administrator must revoke that aggregator’s permissions via the Users & Groups area in Banno Admin™.

Revoke permissions for provisioning external apps on behalf of your institution

After once again considering the impact to your end users, an authorized administrator can prevent a specific data aggregation partner from dynamically registering external applications via the Admin API by revoking the permissions required to dynamically register external apps on behalf of your financial institution.

  • Banno Users & Groups
  • Developers
  • External apps

First, the administrator will need to delete the overarching external application that grants the data aggregator access to use the Jack Henry Digital Admin API to access your financial institution’s data.

To delete the parent-level external application, open Banno Admin and follow these steps:

  1. Click the ••• icon in the left-hand navigation and select Users & Groups.
  2. In the Developers section, click External apps.
  3. Locate and select the app you want to permanently delete.
  4. Carefully review the name and other key details on the Edit external application screen to ensure that you have selected the intended app. Note: If you plan to delete the associated user entirely, make a note of the name displayed in the Associated user field.
  5. Scroll to the bottom of the screen and click Delete.
  6. Consider the final warning on the Delete External Application dialog.
  7. Enter the confirmation text provided, and then click Delete.

After completing the steps above, the aggregator can no longer use our Admin API to connect with your financial institution.

Other precautions

As an additional precaution, the administrator may also want to delete a specific data aggregator’s associated user and related user group.

To delete the associated user who is tied to a given data aggregator:

  1. In Admin > Users & Groups, click User list.
  2. In the Search bar, enter the name of the Associated user and select the user from the result/s. Note: You may have recorded the name when deleting the parent-level external app, as recommended in step 4 of the related instructions.
  3. Make a note of the associated user’s group/s.
  4. Next to the user’s avatar and name, click the ••• icon and click Delete user.
  5. In the Confirm Delete dialog, click Delete.

To delete a group that an associated user was a member of:

  1. In Admin > Users & Groups, click Group list.
  2. Select the group you want to delete.
  3. Ensure that you have selected the intended group.
  4. In the top-right corner, click the trash icon.
  5. In the Confirm Delete dialog, click Delete.

Implementation and support

These integrations offer your institution zero-lift and zero-cost access to these networks, so there’s no support ticket needed. Once a data aggregator registers all of their external applications and the integration is fully ready, we enable it for all institutions. Interested end users will then authorize each specific app they want to use, so the data aggregator can use the Banno API to securely pull the related data.

We coordinate with these partners to enable stability of the API connection; however, we cannot provide support for specific external applications or end user issues. You’ll need to contact the specific data aggregator directly.

Data aggregator Support email
Akoya ClientSuccess@akoya.com
Finicity OB.Institutions@mastercard.com & Institutions@finicity.com
Plaid FI-Support@plaid.com

View and manage third-party apps

  • Settings
  • Security
  • Connected apps

When an end user gives a third-party app permission to access their account data, a list of the end user’s Connected apps displays in their security settings. An end user can manage their connections to third-party apps and view details when they click on a specific app.

Last used
The most recent date the connected app accessed data for the end user.
Grant access date
The date the end user gave permission to third-party app, allowing the app access to their account data.
Permissions
Information that the end user consents to giving the app access to. Permissions vary from app to app and can include access to basic account info, account details and balances, transaction details, and more.
Revoke access
When an end user removes an app’s access to their account, the app can no longer pull new data from the account, and it’s removed from the list of Connected apps.

FAQ

What is the difference between data aggregators that register a single external application and multiple ones in Banno People?
Some data aggregators, such as Plaid, opt to register a single external application in Banno People. If end users use that application, they’ll give a one-time consent to let the aggregator pull their data from our API platform.

Other data aggregators opt to register each of their partner fintech apps as individual external applications in Banno People. This approach requires an end user to consent to each specific app before the data aggregator pulls the end user’s data via our API platform.

What happens after an end user consents to a third-party app?
When they use a third-party app, they’ll use their Banno credentials to login. In Banno Apps, the third-party app displays as a connected app in their security settings where they can view and manage all apps they consented to.
What should I do if an end user wants to add an account using Finicity but their institution doesn’t appear in the list?
We can request new institutions to add to Finicity. Reach out to your support representative if an unlisted institution is needed.
What is the difference between having Finicity as a data integration partner (and utilizing external applications) and using Finicity as part of the Geezeo Personal Financial Management (PFM) experience?
Our data integration partnership with Finicity allows them to securely pull end user information from Banno Apps to display in a third-party application. The Geezeo PFM experience allows Finicity to securely pull an end user’s account information from third-party institutions to display in Banno Apps.