Use OAuth APIs everywhere they are available (Chase, Bank of America, etc.)
I was trying to figure out why this was happening at such an alarming rate with Simplifi compared to Mint. Then I realized, Mint uses the OAuth APIs for both banks.
Bank of America: https://developer.bankofamerica.com/#/home
Chase: https://developer.chase.com/products/aggregation-fdx/guides/getting-started
I can only imagine there are other examples of this. It should be standard practice to use OAuth whenever it is available. The benefits are manifold:
- OAuth doesn’t require you to share your usernames and passwords with Simplifi.
- OAuth gives you full control and visibility into the data you choose to share. You don't have to share all of the accounts you have at an institution with Simplifi.
- OAuth allows you to track which financial aggregators have access to your account data and terminate it on a per-aggregator basis without having to change your password and reset access to all of them.
- OAuth doesn't require constant MFA re-authentication.
OAuth is the right choice for my security (and convenience) and that of all Simplifi customers. Will Simplifi commit to using OAuth for every institution that makes it available?
Comments
-
@Coach Natalie Any updates that you can share on this, specifically for implementing the OAuth for Bank of America?0 -
Hello All,
Great news! We are currently working on integrating API's for both Chase and Bank of America.
-Coach Natalie-Coach Natalie
2 -
What about CapitalOne? They also support OAuth in the same manner as JPMC and Bank of America. Will Simplifi also support CapOne?0
-
Hello @SeattleGuy,
Yes, Capital One's API is currently used for both Simplifi and Quicken and has been for a few years now.
-Coach Natalie-Coach Natalie
0 -
Hello @Coach Natalie, thanks for the quick response and the tip about Capital One. Glad to hear that this work is in progress for B of A and JPMC. I tried the process for adding a CapOne account to Simplifi. I wasn't able to take it all the way through because my new CapOne account is still incomplete. But I did get to the screen in Simplifi that said:
Sign in to Capital One through the secure browsing window.
When prompted, SELECT ALL YOUR ACCOUNTS.
You'll be able to hide accounts in Simplifi after a secure connection is established.
Question: With OAuth support for B of A, JPMC and CapOne in Simplifi, will it be possible to select only specific accounts? We have multiple accounts at one of those banks, including some accounts jointly held with other parties, and we very much do not want to import the data from those accounts into Simplifi. Just being able to hide the accounts in Simplifi isn't enough - we only want Simplifi to have access to the data for the accounts we select. The other personal finance app that we are previewing lets you select certain accounts at a given bank and exclude others. You don't have to SELECT ALL ACCOUNTS. Will Simplifi also offer that flexibility? Thanks.0 -
Great question, @SeattleGuy!
That is correct -- once you've authorized your Capital One accounts, you'll be able to select which accounts you'd like to add to Simplifi, and which accounts you'd like to ignore/not add to Simplifi. More details on adding accounts in Simplifi can be found here.
If you do accidentally add an account that you don't want or need, you can also easily delete it as opposed to hiding it. Honestly, since hiding accounts isn't currently an option in Simplifi, I believe the message is referring to deselecting accounts from being added. It is kind of confusing, though.
At any rate, I hope this helps!
-Coach Natalie-Coach Natalie
0 -
Hello again @Coach Natalie (and heads up @khad) I see that the Chase API integration is now working, that's great news. I was able to add both my Chase and Capital One credit cards to Simplifi without giving Simplifi my bank credentials. And the UI let me select which accounts to import, as you described. Do you have any estimate for when the Bank of America integration will be ready to use?0
-
Agree - would like to know when Bank of America and American Express will be updated with this OAuth. It is so painful to constantly have to do 2FA authentication when retrieving account info.. really starting to make me regret paying for this service1
-
@bbarber4 - I recently checked and found that the Bank of America OAuth support is now working.1
-
@SeattleGuy Thanks so much for the heads up about BoA, I hadnt logged in for a while because of these isses. But its definitely working and got it switched over0
-
Yes please fix the AMEX login. With Quicken I do not have to answer 2FA everytime I connect to amex. But with Simplifi, I do have to use 2FA everytime.2
-
Agree wholeheartedly with this thread. Please implement OAuth for every bank that supports it. As a new user I think the site is beautiful, responsive and full of promise. I am already a super fan. But the lack of OAuth support prevents me from adding institutions (in a way that makes me feel safe).
Sharing my login credentials to financial institutions is not something I am comfortable with at all. As a result, the reporting and value Simplifi can provide me is limited until I can safely connect my external accounts.
Please implement OAuth for the following institutions that support it:- TD Ameritrade: https://developer.tdameritrade.com/content/authentication-faq
- American Express: https://developer.americanexpress.com/products/oauth-security/overview
Much appreciated!
-Simply Mark1 - TD Ameritrade: https://developer.tdameritrade.com/content/authentication-faq
-
Hello All,
The next APIs that will be coming are for American Express and USAA. We don't have an exact date to provide, however, American Express should be happening pretty soon.
-Coach Natalie-Coach Natalie
1 -
Awesome @Coach Natalie! Glad to hear it. If you could keep pushing for OAuth integration for the institutions that support it it would be much appreciated.
1 -
U.S. Bank should be next!
-Coach Natalie
0 -
PNC Bank's API should be rolling out next month!
-Coach Natalie
0 -
Please add for Vanguard and Ally (checking and savings) if available.
1 -
Is there a list of the banks that Simplifi currently supports for oauth?
0 -
-
Thank you, @Coach Natalie
I have confirmed in a different service that it is already possible to connect using the api mechanism with the following financial institutions. It would be great if you could add them.
- Discover Card
- Citibank
- Presidential Bank
1 -
Any progress on these other institutions?
0 -
Anything?
0 -
Hello @cncb,
Thanks for reaching out!
As soon as any news becomes available on additional banks, we'll be sure to post them here accordingly. 🙂
-Coach Natalie
-Coach Natalie
0 -
Hello All!
Up next, we'll have Fidelity, Wells Fargo, TD Bank, Citibank, and Navy FCU. Some of these migrations won't occur right away, but we did receive confirmation that these are all expected to take place over the next few months or so. 🥳
-Coach Natalie
-Coach Natalie
1 -
Cool, I added my first Citibank account today (Citi Costco Visa).
—
Rob Wilkens1 -
I was just about to ask about Citibank. I had to turn off 2-factor authentication to connect to my credit card, which is a step in the wrong (security) direction. Looking forward to having this implemented.
1 -
Is this the same constant 2 factor authentication issue we see venmo where I am asked for the code every time open Simplifi?
0 -
If that is directed to me, then no. I cannot even connect to Citibank until I remove 2-factor authentication completely.
0 -
+1 for prioritizing Citibank, please. It’s not able to be onboarded at all, and removing multi-factor authentication is simply a non-starter (please do not suggest this to users as a solution - it puts them at serious security risk!).
An earlier update from August suggested the transition was expected “over the next few months or so.” Is there clarity yet on the timeline for Citibank OAuth availability?
Thanks, K.3 -
"…removing multi-factor authentication is simply a non-starter (please do not suggest this to users as a solution - it puts them at serious security risk!)."
Huge +1 to this. It's alarmingly irresponsible to instruct users to disable security features on their other accounts. What are you all thinking? That seems like a great way to get into an embarrassing and completely avoidable lawsuit.4