Online Banking APIs: Start Developing!

Below is a list of areas that will help you understand our API system and how it works. Read each section carefully to help you get started quickly!

  1. Get your keys
  2. See how our APIs work
  3. Check out the docs
  4. Try out our Swagger site
  5. Get the Credit Union Options
  6. The Authentication Process
  7. Get Member Information

Get your keys

If you haven’t already done so, go through the DHD store and order your APP Key, this will be used in all API calls, in the “CU*Answers-AppKey” Header. You will need this in order to proceed further.

How our APIs work

Read up on our API process and how it’s all tied together here. This will inform you on what Session and User tokens are, the different types of APIs, and how your APP Key permissions work.

Check out the docs

We have each API call documented here. You should definitely look around and see what’s available.

Try out our Swagger site

In addition to the API documenation, we have a Swagger site that allows you to make the API calls and see precisely how each one is used. Below are links to each API version we offer and the Swagger site it uses

Get the Credit Union Options

The first thing you need to do is get information about the Credit Union the member is logging into. The Credit Union Features and Settings endpoint will give you information about the Credit Union and the features or authentication settings they use.

Some information from this endpoint you may not use in your application, but some things are very important to the authentication process. Fields to pay attention to are the Complex Password flag, and the Minimum Password Length. When a member needs to change their password during authentication or anytime in your application, these flags need to be adhered to or the member will receive an error back during Authentication.

The Authentication Process

The It’s Me 247 Online Banking authentication process can be quite intimidating, this section will walk you through how it works and try to put you at ease when developing your application solution.

You will always start with the Credentials endpoint. Here, you will ask the member for a username and password, and pass that to our Credentials endpoint. You will receive back either a Next Step Code along with a Session and User Token, or an Error. More information on Error Handling can be found here.

Upon receiving an error, you can do one of two things. Display the message we send in the response under “DisplayMessage”, or, like our own Mobile Application Development team does, map your own error messsage to the error code we send you. The error codes will not change without advanced notice, neither will the meaning behind them. However, it’s possible that we change the Display Message as we progress in development. Since display’s between mobile phones and desktop are much different, it’s difficult to get a message that suits the purpose of each application, therefore, we suggest mapping your own error messages as you see fit.

The Session and User tokens you receive will be good for 5 minutes during the authentication process. These tokens will be used in every API call that requires Authentication. You can read more on the Session and User Tokens in our How our APIs work section.

If you receive a Next Step Code, then you move on to that codes API endpoint. These are detailed in the Next Step Code page, but as an example, if you receive a Next Step Code of ANCQ, then the next screen you should display to the member, is where they need to answer their security question. In that case, it’s a two step process, one to get the question, and one to display it to the member.

From there, follow the Next Step Codes until you receive a GOOD Code. Once you receive a Next Step of GOOD, then the member is fully authenticated, and the Session and User tokens are upgrade to full tokens and are valid for 15 minutes. Any further API call you make will reset the timeout timer back to 15 minutes, however, if you wish to extend that at any time, you may call the Refresh Tokens endpoint.

After the member is fully authenticated, you can call any API endpoint you have access to.

Get Member Information

After a member is authenticated, you can call any API endpoint you have access to, but the first thing you should do is get information about the member. Calling the Member Demographics endpoint will give you the members name, contact information, and other data about the member.