2023-11-11 18:54:06 +01:00
|
|
|
---
|
|
|
|
title: Wells Fargo Open Banking APIs integration
|
2023-11-11 19:30:04 +01:00
|
|
|
goal: Integrate the API so that customers can use their Wells Fargo credit card to put down-payments on US orders
|
|
|
|
role: Plan, design and implement the integration according to the Wells Fargo specifications
|
2023-11-11 18:54:06 +01:00
|
|
|
date: Feb, 2021 - Aug, 2021
|
2023-11-11 19:30:04 +01:00
|
|
|
z: 1
|
2023-11-16 07:35:28 +01:00
|
|
|
draft: false
|
2023-11-11 18:54:06 +01:00
|
|
|
---
|
2023-11-11 19:30:04 +01:00
|
|
|
|
2023-11-19 09:36:10 +01:00
|
|
|
[Wells Fargo](https://www.wellsfargo.com/) is a US based international financial institution operating in 35 countries
|
|
|
|
and serving over 70 million people worldwide. [Source](https://en.wikipedia.org/wiki/Wells_Fargo)
|
2023-11-11 19:30:04 +01:00
|
|
|
|
2023-11-19 09:36:10 +01:00
|
|
|
They provide an [Open Banking API](https://en.wikipedia.org/wiki/Open_banking) for usage with custom-made business
|
|
|
|
credit cards like the [Watches of Switzerland credit card](https://www.watchesofswitzerland.com/wos-credit-card).
|
2023-11-16 07:35:28 +01:00
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
### Technical overview
|
|
|
|
|
2023-11-19 09:36:10 +01:00
|
|
|
Integrating Open Banking APIs requires many security and legal precautions. There is always a double layer of encryption
|
|
|
|
for all APIs and communications (even emails).
|
2023-11-16 07:35:28 +01:00
|
|
|
|
2023-11-19 09:36:10 +01:00
|
|
|
Many of the specifications and examples are proprietary or lost in the
|
|
|
|
[mountains of documentation provided by the bank](https://developer.wellsfargo.com/guides/user-guides/open-banking-europe-api-integration/obei).
|
2023-11-16 07:35:28 +01:00
|
|
|
For that reason I will not go into too much detail about the use cases as I'm not sure what I am allowed to talk about.
|
|
|
|
|
|
|
|
One use case documented on their website is the API Keys endpoint.
|
|
|
|
|
2023-11-19 09:36:10 +01:00
|
|
|
To generate an API key you need your client credentials with a key and a secret in this format
|
|
|
|
`Authorization: Basic base64(consumerKey:consumerSecret)` as well as the scope in the form
|
|
|
|
`grant_type=client_credentials&scope=accounts`. There are hundreds of scopes to configure. This gives you an
|
|
|
|
`access_token` which is valid for 24 hours, has the scopes (permissions) you requested and is used for most API
|
|
|
|
communications.
|