Overview
This tutorial shows how re-authorisation works alongside with a minified code implementation in NodeJS and MongoDB.
To have a clear understanding on how re-authorization works, it is important that you go through Part 1 first, before moving on to this chapter.
Re-authorisation
This is basically required for accounts that has Multi-factor Authentication (MFA) enabled.
How does it work?
When the event response received is mono.events.reauthorisation_required, you'll receive an event with an ID which you will need to request for re-auth code for the widget.
Recommended Work Flow
1. It is recommended that you create two columns first (e.g reauthRequired and reauthCode) and set reauthRequired to False by default and reauthCode to null, in your DB table where you store the connected user data.
2. With the above set, any time your backend has the webhook event: mono.events.reauthorisation_required detected, you will have two recommended operations to perform.
i. Retrieve the re-auth code from the Re-auth endpoint by passing in the connected account ID.
ii. Update the reauthCode in the db with the retrieved reauth code/token and set reauthRequired column in the db to True.
3. With this you could ensure that your system workflow is structured in such a way that when reauthRequired is True, it redirects your users to Mono's re-authentication widget to re-authorise their account with their bank credentials.
Right now, on Mono's widget you would need to make a slight change, which is replacing this:
with
as it is seen here.
So once your user has re-authenticated successfully, two things will happen: mono.events.account_reauthorized event will be sent to your webhook, and mono.events.account_updated will sync the data is available. Also, don't forget to reset reauthRequired to false.
You can take a look at a minified code implementation in NodeJS:
a. Webhook middleware and the webhook route [app.js]
b. Re-authorise Endpoint and Webhook Controller
Flowchart Diagram
Note: The reason why we suggest having monoStatus set in your DB is that when true, you can redirect your user to Mono's re-authentication widget when they sign in, and when they have re-authenticated successfully, you can then reset monoStatus to False back.
Also, this feature is only available to select partners. Reach out to us on slack about your product feature and why this should be enabled for your business.
Conclusion
We have covered a lot with this tutorial, from understanding Mono's webhooks, webhooks events, data sync, and finally re-authorisation. You can take a look at our docs for further implementation.
Interested in using Mono?
Request access to get started with a N2000 free API call credit or reach out to us at hi@mono.co. Make sure to follow us on Twitter to stay in the loop of our latest announcements.
