Authentication

BankingBridge Embeds send API calls, which require authentication with a valid App Key.

How do I get my App Key?

BankingBridge App Keys are provided upon request. Please contact us to get your App Key.

If you have a valid App Key and want to continue adding a BankingBridge Embed to your page, see BankingBridge Embed.

If you want to learn more about how authentication is handled, see the information below.

How authentication is handled

BankingBridge API calls require authentication, but the embed traffic is anonymous, and we do not have any way to identify the users using the Embeds.

Therefore, we use a combination of factors to authenticate the Embed API calls:

• Referrer URL
• App Key
• bbToken

Continue reading to learn about these three factors.

Referrer URL

The BankingBridge team manually provides access to the BankingBridge API for each client. As part of this, we set up an App Key and Referrer URL.

The Referrer URL will be the base page of our client, or in other terms, the website where the embed will be integrated.

For example, if our client had a website at example.com and they wanted to add a BankingBridge Embed to this page, we would set up access for this Embed by adding that website address as the base URL:

Embeds must have the parent URL listed as an allowed URL for the Embed to load. If the Embed provides an App Key and bbToken, it can still be denied if the call originates from a URL that is not listed in the Embed settings as an allowed domain.

App Key

The App Key is a unique identifier that permits your app to use Embeds and make subsequent API calls. BankingBridge App Keys are provided upon request. Please contact us to get a valid App Key.

bbToken

The bbToken is a randomly generated session token used with the App Key. A bbToken expires after one hour. If the Embed is refreshed, another bbToken is generated. You do not need to provide an initial value for this. As long as your App Key is valid, each session will create a valid bbToken.