Finicity Setup

To access Finicity's API, the machine connecting to the API must be located inside the United States or Canada. TLS 1.2 or higher is required for all requests to the API.

Perform the following configuration steps to allow your existing app to connect to the Financial Data API Facade via Finicity, instead of the deprecated Intuit API.

Upload Your Public Certificate

This can be the same public certificate file that you have used to configure your app with Intuit. (See Creating X.509 Keys to generate a new certificate, if desired.)

  1. Open your public certificate file in a text editor, or use the command cat (Linux) or type (Windows) from a console window to show the contents of the certificate file.
  2. Copy the certificate's contents into your system clipboard. The copied text should start from the line "-----BEGIN CERTIFICATE-----" and include everything through the line "-----END CERTIFICATE-----"
  3. Login to https://developer.finicity.com/admin
  4. Find the application assigned to the service "Financial Data API Facade via Finicity."
  5. Click on "App Detail."
  6. Click on "Manage Certificate."
  7. Paste the certificate text into the field labeled "X509 Certificate (required)."
  8. Click the button "Update Application."
  9. Leave the Dashboard showing the Application Details page. You will use this information in the next steps, to update your app's configuration.

Modify Your App's Configuration

Intuit provides some SDKs to facilitate operations with the Financial Data API. Finicity supports the official SDKs (Java and .Net) and unofficially supports the third-party Ruby gem also.

Java Configuration

  1. Change the following values in your app's configuration file, intuit-aggcat-config.xml:
    • Host URL: https://api.finicity.com/financialdatafeed/v1
    • OAuth URL: https://api.finicity.com/oauth/v1/get_access_token_by_saml
  2. Update the following values as appropriate for the certificate that was used or generated above:
    • keystoreFile
    • keystorePassword
    • keyPassword
    • certAlias 
  3. In your app's properties, replace the values for the following properties to use the values shown in Finicity's Application Details page:
    • OAuth Consumer Key
    • OAuth Consumer Secret
    • SAML Identity Provider ID 
  4. Reload or restart the app service after the configuration has been updated.

When finished, intuit-aggcat-config.xml should look something like this:

<intuit-config>
<baseURL>
<aggcat>https://api.finicity.com/financialdatafeed/v1</aggcat>
</baseURL>
<saml>
<oAuthUrl>https://api.finicity.com/oauth/v1/get_access_token_by_saml</oAuthUrl>
<keystoreFile>KEYSTORE</keystoreFile>
<keystorePassword>PASSWORD</keystorePassword>
<keyPassword>PASSWORD</keyPassword>
<certAlias>ALIAS</certAlias>
</saml>
</intuit-config>

.Net Configuration

Download and install FinicityFacadeDotNetPatch, following the instructions on this page.

PHP Configuration

  1. Change the following values in your local configuration file, config.php:
    • OAUTH_SAML_URL: https://api.finicity.com/oauth/v1/get_access_token_by_saml
    • FINANCIAL_FEED_HOST: api.finicity.com
    • FINANCIAL_FEED_URL: https://'.FINANCIAL_FEED_HOST.'/financialdatafeed/
  2. Update the following values as appropriate for the certificate that was used or generated above:
    • SAML_X509_CERT_PATH
    • SAML_X509_PRIVATE_KEY_PATH
  3. Replace the values for the following properties to use the values shown in Finicity's Application Details page:
    • OAUTH_CONSUMER_KEY
    • OAUTH_SHARED_SECRET
    • SAML_IDENTITY_PROVIDER_ID

Make these changes to your local copy of the files from the PHP authentication example:

Version 1.3.*:

  1. Open the file xmlseclibs.php.
  2. Find the class XMLSecurityDSig.
  3. Change the following lines from this:
const template = '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:SignatureMethod />
</ds:SignedInfo>
</ds:Signature>';

...to this:

const template = '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo<ds:SignatureMethod /></ds:SignedInfo></ds:Signature>';

Version 1.4.*:

  1. Open the file xmlseclibs/src/XMLSecurityDSig.php.
  2. Change the following lines from this:
const template = '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:SignatureMethod />
</ds:SignedInfo>
</ds:Signature>';

...to this:

const template = '<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo<ds:SignatureMethod /></ds:SignedInfo></ds:Signature>';
  1. Change the following lines from this:
const BASE_TEMPLATE = '<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<SignatureMethod />
</SignedInfo>
</Signature>';

...to this:

const BASE_TEMPLATE = '<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><SignatureMethod /></SignedInfo></Signature>';

Ruby Configuration

(Note that the Ruby client is not officially supported for the Facade API.)

  1. Update the aggcat Ruby Gem (https://rubygems.org/gems/aggcat) to the latest version.
  2. Add the following configuration parameters to the client configuration.
    • oauth_url: 'https://api.finicity.com/oauth/v1/get_access_token_by_saml'
    • base_url: 'https://api.finicity.com/financialdatafeed/v1'
  3. Change the following configuration parameters to use the appropriate values (see Finicity's Application Details page for the first three):
    • issuer_id (SAML Identity Provider ID)
    • consumer_key
    • consumer_secret
    • certificate_path (path to your certificate key)
Have more questions? Submit a request

Comments

  • Avatar
    Matthew Kyle

    The above setup does not work for the Intuit C# SDK.
    I had to remove the hardcoded path to OAuth in the SDK.
    See Github for more info:
    https://github.com/Docitt-inc/Intuit-SDK-Fix

  • Avatar
    Chip Whitmer

    The instructions for .Net / C# and Ruby have been updated.

Powered by Zendesk