Use OAuth APIs everywhere they are available (Chase, Bank of America, etc.)

khad
khad Member ✭✭
edited July 1 in Feature Requests
I'm trying Simplifi, and one thing that is extremely frustrating is that I am getting prompted for MFA codes *constantly*. The Bank of America one comes up every time I sign in to Simplifi. The Chase one every few days.

I was trying to figure out why this was happening at such an alarming rate with Simplifi compared to Mint. Then I realized, Mint uses the OAuth APIs for both banks.

Bank of America: https://developer.bankofamerica.com/#/home

Chase: https://developer.chase.com/products/aggregation-fdx/guides/getting-started

I can only imagine there are other examples of this. It should be standard practice to use OAuth whenever it is available. The benefits are manifold:
  • OAuth doesn’t require you to share your usernames and passwords with Simplifi.
  • OAuth gives you full control and visibility into the data you choose to share. You don't have to share all of the accounts you have at an institution with Simplifi.
  • OAuth allows you to track which financial aggregators have access to your account data and terminate it on a per-aggregator basis without having to change your password and reset access to all of them.
  • OAuth doesn't require constant MFA re-authentication.

OAuth is the right choice for my security (and convenience) and that of all Simplifi customers. Will Simplifi commit to using OAuth for every institution that makes it available? 
2
2 votes

In Progress · Last Updated

We are currently working on improving connections wherever possible!

Comments

  • bbarber4
    bbarber4 Member

    @Coach Natalie Any updates that you can share on this, specifically for implementing the OAuth for Bank of America?
  • Coach Natalie
    Coach Natalie Administrator, Moderator admin
    Hello All,

    Great news! We are currently working on integrating API's for both Chase and Bank of America. :blush:

    -Coach Natalie
  • SeattleGuy
    SeattleGuy Member
    What about CapitalOne? They also support OAuth in the same manner as JPMC and Bank of America. Will Simplifi also support CapOne? 
  • Coach Natalie
    Coach Natalie Administrator, Moderator admin
    Hello @SeattleGuy,

    Yes, Capital One's API is currently used for both Simplifi and Quicken and has been for a few years now. :smile:

    -Coach Natalie
  • SeattleGuy
    SeattleGuy Member
    Hello @Coach Natalie, thanks for the quick response and the tip about Capital One. Glad to hear that this work is in progress for B of A and JPMC. I tried the process for adding a CapOne account to Simplifi. I wasn't able to take it all the way through because my new CapOne account is still incomplete. But I did get to the screen in Simplifi that said:
    • Sign in to Capital One through the secure browsing window.

    • When prompted, SELECT ALL YOUR ACCOUNTS.

    • You'll be able to hide accounts in Simplifi after a secure connection is established.

    Question: With OAuth support for B of A, JPMC and CapOne in Simplifi, will it be possible to select only specific accounts? We have multiple accounts at one of those banks, including some accounts jointly held with other parties, and we very much do not want to import the data from those accounts into Simplifi. Just being able to hide the accounts in Simplifi isn't enough - we only want Simplifi to have access to the data for the accounts we select. The other personal finance app that we are previewing lets you select certain accounts at a given bank and exclude others. You don't have to SELECT ALL ACCOUNTS. Will Simplifi also offer that flexibility?  Thanks. 
  • Coach Natalie
    Coach Natalie Administrator, Moderator admin
    edited July 26
    Great question, @SeattleGuy!

    That is correct -- once you've authorized your Capital One accounts, you'll be able to select which accounts you'd like to add to Simplifi, and which accounts you'd like to ignore/not add to Simplifi. More details on adding accounts in Simplifi can be found here

    If you do accidentally add an account that you don't want or need, you can also easily delete it as opposed to hiding it. Honestly, since hiding accounts isn't currently an option in Simplifi, I believe the message is referring to deselecting accounts from being added. It is kind of confusing, though. 

    At any rate, I hope this helps!

    -Coach Natalie
  • SeattleGuy
    SeattleGuy Member
    Hello again @Coach Natalie (and heads up @khad) I see that the Chase API integration is now working, that's great news. I was able to add both my Chase and Capital One credit cards to Simplifi without giving Simplifi my bank credentials. And the UI let me select which accounts to import, as you described. Do you have any estimate for when the Bank of America integration will be ready to use? 
  • bbarber4
    bbarber4 Member
    Agree - would like to know when Bank of America and American Express will be updated with this OAuth.  It is so painful to constantly have to do 2FA authentication when retrieving account info.. really starting to make me regret paying for this service
  • SeattleGuy
    SeattleGuy Member
    @bbarber4 - I recently checked and found that the Bank of America OAuth support is now working. 
  • bbarber4
    bbarber4 Member
    @SeattleGuy Thanks so much for the heads up about BoA, I hadnt logged in for a while because of these isses.  But its definitely working and got it switched over
  • smrtrich
    smrtrich Member
    Yes please fix the AMEX login.   With Quicken I do not have to answer 2FA everytime I connect to amex.  But with Simplifi, I do have to use 2FA everytime.