This tutorial shows how re-authorisation works alongside with a minified code implementation in NodeJS and MongoDB.
To have a clear understanding on how re-authorization works, it is important that you go through Part 1 first, before moving on to this chapter.
This is basically required for accounts that has Multi-factor Authentication (MFA) enabled.
How does it work?
When the event response received is
mono.events.reauthorisation_required, you'll receive an event with an ID which you will need to request for re-auth code for the widget.
Recommended Work Flow
1. It is recommended that you create two columns first (e.g reauthRequired and reauthCode) and set reauthRequired to False by default and reauthCode to null, in your DB table where you store the connected user data.
2. With the above set, any time your backend has the webhook event: mono.events.reauthorisation_required detected, you will have two recommended operations to perform.
i. Retrieve the re-auth code from the Re-auth endpoint by passing in the connected account ID.
ii. Update the reauthCode in the db with the retrieved reauth code/token and set reauthRequired column in the db to True.
3. With this you could ensure that your system workflow is structured in such a way that when reauthRequired is True, it redirects your users to Mono's re-authentication widget to re-authorise their account with their bank credentials.
Right now, on Mono's widget you would need to make a slight change, which is replacing this:
as it is seen here.
So once your user has re-authenticated successfully, two things will happen: mono.events.account_reauthorized event will be sent to your webhook, and mono.events.account_updated will sync the data is available. Also, don't forget to reset reauthRequired to false.
You can take a look at a minified code implementation in NodeJS:
a. Webhook middleware and the webhook route [app.js]
b. Re-authorise Endpoint and Webhook Controller
Note: The reason why we suggest having monoStatus set in your DB is that when true, you can redirect your user to Mono's re-authentication widget when they sign in, and when they have re-authenticated successfully, you can then reset monoStatus to False back.
Also, this feature is only available to select partners. Reach out to us on slack about your product feature and why this should be enabled for your business.
We have covered a lot with this tutorial, from understanding Mono's webhooks, webhooks events, data sync, and finally re-authorisation. You can take a look at our docs for further implementation.