What is Mono Connect?
Mono Connect is a product that allows businesses to reliably access customer financial data with their users’ consent.
What is the Connect Widget?
The Mono Connect widget is our user interface component that is used during the account linking process on Mono.
It allows you to safely authenticate a user's financial account and return the user's authentication code. This code is then swapped for an Account ID representing the user - through the Exchange Token endpoint.
You can then use this Account ID with the secret key generated from the app on your Mono dashboard to access Mono financial data APIs such as bank statements, transactions, income, identity, and more.
White Labelling: Using Mono Connect without the pre-built widget
Although the Mono Connect widget comes pre-built by Mono, we also provide access to the API that powers it to generate the same authentication code the widget returns which you can then use to retrieve an Account ID and interact with Mono APIs, this is called white labelling.
To use Mono without the Connect Widget, you need to implement our Mono Connect White Labelling API to your product. This gives you the ability to create an entirely unique and new experience tailored to your specific needs, from simple use cases such as finer control over UI and styling or an extra verification step before final login during onboarding to more complex use cases such as using Mono APIs in building a USSD solution.
User safety considerations for White Labelling
The Mono Connect White Labelling API is available to select partners only. As a business you have to meet certain requirements to be considered eligible for the White Labelling API, they are:
You have to be a registered business in your country of operation.
The business should have a government-issued Operation License or a partnership with a Licensed Partner i.e MFB license, PSSP license, etc if this is required for their business operations.
The business should have been in full business operations for at least 6 months.
The business will have to sign our Data Privacy Agreement document.
Data Encryption Process
We also implement some data privacy measures to ensure that all users’ data are encrypted when a business access users’ financial data via the Mono Connect White Labelling API. Here’s how we do that:
Using the standard AES 256-bit encryption, we ensure that all account information and login details are encrypted on our database servers.
We require HTTPS for all connections to our API server to ensure that data is always encrypted as it travels from our server to the Provider's App. We also encourage Providers to employ the same techniques to ensure that information is encrypted all the way.
Benefits of White Labelling
Absolute control of your customer experience: Our White Labelling APIs expand the possibilities for creating unique financial experiences for your customers. You get the freedom and control to design the workflow and user interface best suited to your business needs.
Product Focus and Loyalty: Your brand stays front and centre with our White Labelling API service, you have the opportunity to continue to offer innovative, personalised services to users without any third-party interference. Whether it is on your mobile or web app, your brand remains prominent and consistent throughout the user experience of your product.
How to implement White Labelling for Mono Connect
We’ve outlined the process for implementing the Mono Connect White Labelling API below:
Fetch available financial institutions
Create a Mono Connect session
Login user to the financial institution
Understand the next steps for the returned response
Re-commit session again if required
Fetch available financial institutions
The first step in implementing the Mono Connect White Labelling API is to get the list of all the supported financial institutions. Here’s how to do this.
Make a Get request to this endpoint
Response
From the response above, _id refers to the institution ID, while the auth_methods array contains the different authentication method types and the UI object available for a financial institution. These two parameters, alongside the app ID which you can find on the Apps page on your Mono dashboard, will be used in the next step to create a Mono-Connect session.
2. Create a Mono-Connect session
The next step is to create a Mono-Connect session by making a POST request to the endpoint below with the institution ID, auth_method, and app ID.
Endpoint
Ensure that you pass the mono-sec-key (secret key) in the headers for a successful request to be made. Here is a guide on how to generate your secret key on the Mono dashboard.
Body Parameters
Response
3. Login user to a financial institution
To log in, you need to get the x-session-id returned from the response above in step two and pass it in the headers along with the mono-sec-key. Afterward, make a POST request to the login endpoint with the user’s credentials.
Endpoint
Body Parameters
Response
4. Understand the next steps for the returned response
It is important to note that an institution might need multiple levels of authorization flow before granting user access. For this reason, the next steps for the authorization flow are determined by the responseCode received from the login response above in step three.
If the status returned is 200, you will obtain a response code of either 99, 101, or 102.
'99' indicates that the user has successfully signed in. You will be given a temporary authorization code which you can use to access your Account ID through our Exchange token endpoint.
'101' indicates that your user has several accounts. The user would be required to pick the desired account to be enrolled. An array containing all of the discovered accounts will be returned in this response.
'102' indicates that an input is required from the user to proceed, this may be a security question, OTP, token, etc.
5. Re-commit session again if required
This is the final step in the authorization flow if a user’s input is required during the process (e.g account selection, OTP, security answer).
Also, before you make a POST request to the endpoint, ensure you pass the x-session-id and mono-sec-key in the headers.
Endpoint
Body Parameters
The body parameter could be either one of the following (account, answer, OTP) depending on the response code received after a successful login attempt.
Response
Once the code has been retrieved in the authorization flow, proceed to the Exchange token endpoint to request an Account ID that will be used in making requests to Mono financial data endpoints.
You can also watch this short tutorial video to see how to implement the Mono Connect White Labelling API via Postman.
