Use OAuth APIs everywhere they are available (Chase, Bank of America, etc.)

khad
khad Member ✭✭✭
edited July 2022 in Feature Requests
I'm trying Simplifi, and one thing that is extremely frustrating is that I am getting prompted for MFA codes *constantly*. The Bank of America one comes up every time I sign in to Simplifi. The Chase one every few days.

I was trying to figure out why this was happening at such an alarming rate with Simplifi compared to Mint. Then I realized, Mint uses the OAuth APIs for both banks.

Bank of America: https://developer.bankofamerica.com/#/home

Chase: https://developer.chase.com/products/aggregation-fdx/guides/getting-started

I can only imagine there are other examples of this. It should be standard practice to use OAuth whenever it is available. The benefits are manifold:
  • OAuth doesn’t require you to share your usernames and passwords with Simplifi.
  • OAuth gives you full control and visibility into the data you choose to share. You don't have to share all of the accounts you have at an institution with Simplifi.
  • OAuth allows you to track which financial aggregators have access to your account data and terminate it on a per-aggregator basis without having to change your password and reset access to all of them.
  • OAuth doesn't require constant MFA re-authentication.

OAuth is the right choice for my security (and convenience) and that of all Simplifi customers. Will Simplifi commit to using OAuth for every institution that makes it available? 
3
3 votes

In Progress · Last Updated

We are currently working on improving connections wherever possible!

«13

Comments

  • bbarber4
    bbarber4 Member

    @Coach Natalie Any updates that you can share on this, specifically for implementing the OAuth for Bank of America?
  • Coach Natalie
    Coach Natalie Administrator, Moderator admin
    Hello All,

    Great news! We are currently working on integrating API's for both Chase and Bank of America. :blush:

    -Coach Natalie
  • SeattleGuy
    SeattleGuy Member ✭✭
    What about CapitalOne? They also support OAuth in the same manner as JPMC and Bank of America. Will Simplifi also support CapOne? 
  • Coach Natalie
    Coach Natalie Administrator, Moderator admin
    Hello @SeattleGuy,

    Yes, Capital One's API is currently used for both Simplifi and Quicken and has been for a few years now. :smile:

    -Coach Natalie
  • SeattleGuy
    SeattleGuy Member ✭✭
    Hello @Coach Natalie, thanks for the quick response and the tip about Capital One. Glad to hear that this work is in progress for B of A and JPMC. I tried the process for adding a CapOne account to Simplifi. I wasn't able to take it all the way through because my new CapOne account is still incomplete. But I did get to the screen in Simplifi that said:
    • Sign in to Capital One through the secure browsing window.

    • When prompted, SELECT ALL YOUR ACCOUNTS.

    • You'll be able to hide accounts in Simplifi after a secure connection is established.

    Question: With OAuth support for B of A, JPMC and CapOne in Simplifi, will it be possible to select only specific accounts? We have multiple accounts at one of those banks, including some accounts jointly held with other parties, and we very much do not want to import the data from those accounts into Simplifi. Just being able to hide the accounts in Simplifi isn't enough - we only want Simplifi to have access to the data for the accounts we select. The other personal finance app that we are previewing lets you select certain accounts at a given bank and exclude others. You don't have to SELECT ALL ACCOUNTS. Will Simplifi also offer that flexibility?  Thanks. 
  • Coach Natalie
    Coach Natalie Administrator, Moderator admin
    edited July 2022
    Great question, @SeattleGuy!

    That is correct -- once you've authorized your Capital One accounts, you'll be able to select which accounts you'd like to add to Simplifi, and which accounts you'd like to ignore/not add to Simplifi. More details on adding accounts in Simplifi can be found here

    If you do accidentally add an account that you don't want or need, you can also easily delete it as opposed to hiding it. Honestly, since hiding accounts isn't currently an option in Simplifi, I believe the message is referring to deselecting accounts from being added. It is kind of confusing, though. 

    At any rate, I hope this helps!

    -Coach Natalie
  • SeattleGuy
    SeattleGuy Member ✭✭
    Hello again @Coach Natalie (and heads up @khad) I see that the Chase API integration is now working, that's great news. I was able to add both my Chase and Capital One credit cards to Simplifi without giving Simplifi my bank credentials. And the UI let me select which accounts to import, as you described. Do you have any estimate for when the Bank of America integration will be ready to use? 
  • bbarber4
    bbarber4 Member
    Agree - would like to know when Bank of America and American Express will be updated with this OAuth.  It is so painful to constantly have to do 2FA authentication when retrieving account info.. really starting to make me regret paying for this service
  • SeattleGuy
    SeattleGuy Member ✭✭
    @bbarber4 - I recently checked and found that the Bank of America OAuth support is now working. 
  • bbarber4
    bbarber4 Member
    @SeattleGuy Thanks so much for the heads up about BoA, I hadnt logged in for a while because of these isses.  But its definitely working and got it switched over
  • smrtrich
    smrtrich Member ✭✭
    Yes please fix the AMEX login.   With Quicken I do not have to answer 2FA everytime I connect to amex.  But with Simplifi, I do have to use 2FA everytime.   
  • Agree wholeheartedly with this thread. Please implement OAuth for every bank that supports it. As a new user I think the site is beautiful, responsive and full of promise. I am already a super fan. But the lack of OAuth support prevents me from adding institutions (in a way that makes me feel safe).

    Sharing my login credentials to financial institutions is not something I am comfortable with at all. As a result, the reporting and value Simplifi can provide me is limited until I can safely connect my external accounts. 

    Please implement OAuth for the following institutions that support it:


    Much appreciated!

    -Simply Mark
  • Coach Natalie
    Coach Natalie Administrator, Moderator admin
    Hello All,

    The next APIs that will be coming are for American Express and USAA. We don't have an exact date to provide, however, American Express should be happening pretty soon. :smile:

    -Coach Natalie
  • Awesome @Coach Natalie! Glad to hear it. If you could keep pushing for OAuth integration for the institutions that support it it would be much appreciated. 

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin
    edited April 2023

    U.S. Bank should be next!

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin

    PNC Bank's API should be rolling out next month!

  • cncb
    cncb Member ✭✭

    Please add for Vanguard and Ally (checking and savings) if available.

  • cncb
    cncb Member ✭✭

    Is there a list of the banks that Simplifi currently supports for oauth?

  • cncb
    cncb Member ✭✭

    Thank you, @Coach Natalie

    I have confirmed in a different service that it is already possible to connect using the api mechanism with the following financial institutions. It would be great if you could add them.

    • Discover Card
    • Citibank
    • Presidential Bank

  • cncb
    cncb Member ✭✭

    @Coach Natalie

    Any progress on these other institutions?

  • cncb
    cncb Member ✭✭

    @Coach Natalie

    Anything?

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin

    Hello @cncb,

    Thanks for reaching out!

    As soon as any news becomes available on additional banks, we'll be sure to post them here accordingly. 🙂

    -Coach Natalie

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin
    edited August 2023

    Hello All!

    Up next, we'll have Fidelity, Wells Fargo, TD Bank, Citibank, and Navy FCU. Some of these migrations won't occur right away, but we did receive confirmation that these are all expected to take place over the next few months or so. 🥳

    -Coach Natalie

  • RobWilk
    RobWilk Superuser ✭✭✭✭✭

    Cool, I added my first Citibank account today (Citi Costco Visa).


    Rob Wilkens

  • cncb
    cncb Member ✭✭
    edited August 2023

    I was just about to ask about Citibank. I had to turn off 2-factor authentication to connect to my credit card, which is a step in the wrong (security) direction. Looking forward to having this implemented.

  • FinTechMan
    FinTechMan Member ✭✭

    Is this the same constant 2 factor authentication issue we see venmo where I am asked for the code every time open Simplifi?

  • cncb
    cncb Member ✭✭

    If that is directed to me, then no. I cannot even connect to Citibank until I remove 2-factor authentication completely.

  • KP_9
    KP_9 Member ✭✭

    +1 for prioritizing Citibank, please. It’s not able to be onboarded at all, and removing multi-factor authentication is simply a non-starter (please do not suggest this to users as a solution - it puts them at serious security risk!).

    An earlier update from August suggested the transition was expected “over the next few months or so.” Is there clarity yet on the timeline for Citibank OAuth availability?

    Thanks, K.

  • lemur
    lemur Member

    "…removing multi-factor authentication is simply a non-starter (please do not suggest this to users as a solution - it puts them at serious security risk!)."

    Huge +1 to this. It's alarmingly irresponsible to instruct users to disable security features on their other accounts. What are you all thinking? That seems like a great way to get into an embarrassing and completely avoidable lawsuit.