Use OAuth APIs everywhere they are available (Chase, Bank of America, etc.)

24

Comments

  • khad
    khad Member ✭✭✭

    I will give credit where it's due. After leaving Simplifi last year and now returning (thanks to the impending Mint shutdown), the banks I was personally having trouble with are all using OAuth in Simplifi now (Chase, Bank of America, and Amex, though that might have been OAuth even back then).

    Thank you!

  • New to Simplifi, refugee from Mint. I was able to add my Citibank accounts to Simplifi BUT no transactions show up. Help please!

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin

    Hey everyone, just a little update — the migration for both Fidelity and Wells Fargo is about to begin and should be rolled out by the end of December. 😀

    -Coach Natalie

    -Coach Natalie

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin

    I almost forgot! Here's a new article regarding Fidelity: https://help.simplifimoney.com/en/articles/8649018-important-update-fidelity-investments-connection-update

    -Coach Natalie

    -Coach Natalie

  • cncb
    cncb Member ✭✭

    Is Citibank working yet?

  • SimplyManaged
    SimplyManaged Member
    edited December 2023

    I keep get prompted for treasurydirect.gov and for NYSaves.org. Still trialing out but I don’t see these issues with [removed].

  • KP_9
    KP_9 Member ✭✭✭

    Hi @Coach Natalie, can you provide insight into the reasons behind Simplifi's OAuth rollout order? It seems strange that Quicken would prioritize refreshing connections that were already working for users with multi-factor authentication (MFA) enabled, like Fidelity, over one to a major institution like Citibank that is not accessible at all for MFA-enabled accounts. Are there other technical constraints/reasons driving the prioritization?

    MFA is basic cyber hygiene and is increasingly required at many US financial institutions, so I'm surprised Quicken isn't first updating its major bank connections that don't support it. And to any fellow users who are considering disabling MFA as a workaround, please do not do this; Microsoft's 2023 Digital Defense Report reported that having MFA enabled reduces the risk of compromise by 99.2%. It's highly effective protection and considered a must-have in today's threat landscape, so disabling it on something as important as one of your financial accounts just to connect to Simplifi would be very ill-advised. Better to wait for the OAuth connection! https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023#modal2

    There are comments in threads all across the Community from users frustrated by the longstanding lack of Citibank support. Please prioritize getting a working connection for MFA-protected Citibank accounts before other institutions whose current connections already work with MFA (even those requiring manual MFA token input at each data sync, like TD Bank).

  • Agreed. Never ever tell users to disable security. Take to your lawyers and risk management staff, lol.

  • Agreed. Screen scraping and asking users to hand out passwords to mysterious third parties is just insane. I get that the banking industry is way behind on Oauth (and general modern life), but getting Oauth up for organizations that do have it should be priority one.


    Simplifi should support the main crypto wallets as well, speaking of modern life.

  • Matt Anfang
    Matt Anfang Member ✭✭✭

    Is this the same thing as an aggregator? Where like the institute gives you a unique website and unique code so you can get your data as opposed to the normal username and password?

  • Any update on Citibank?

  • It's good to hear that Oauth integration for Citibank is in the works. I'm a recent Mint.com convert to Simplifi and was surprised that the Citibank connection didn't use Oauth because I was certain that Mint did. Keep up the good work!

  • Matt Anfang
    Matt Anfang Member ✭✭✭

    @Coach Natalie Could you please help answer this question. Is O-authorization API's the same as using an aggregator? I guess I don't quite know the lingo :-)

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin

    @Matt Anfang, great question!

    I'm honestly not too familiar with the aggregator links, but I think the bank uses a separate website and login credentials from the normal site and credentials. The bank requests that are looking for an aggregator link would see the aggregator option listed as an additional option in Quicken Simplifi separate from the normal option I do believe.

    For the OAuth API banks, these connections use APIs that are developed and managed by the banks to allow third-party access directly through them. For these connections, we don't use our service provider to aggregate the data; we instead use the bank's authorization process directly. When available, these connections must be used, so it wouldn't be an additional option in Quicken Simplifi like the aggregator links are.

    https://help.simplifimoney.com/en/articles/6997452-new-and-improved-way-to-connect-to-your-financial-institution-oauth-api

    I most likely didn't answer your question very well, but I hope this at least helps! Maybe some other users will come along who know more about the aggregator links than me. 🙂

    -Coach Natalie

    -Coach Natalie

  • idkmanm
    idkmanm Member

    Hi @Coach Natalie I'm also moving from Mint. Discover API connection works with Mint, but not with Simplifi. When will Discover integration be implemented? Thanks.

  • Coach Kristina
    Coach Kristina Moderator admin

    Hello @idkmanm,

    Could you please provide more information about what issue(s) you're running into? Connections with Discover are already available in Quicken Simplifi. Are you getting error messages/codes when trying to connect or update accounts? If not, then what is happening, or what functionality are you looking for that isn't working/supported?

    Thank you!

    -Coach Kristina

  • idkmanm
    idkmanm Member

    @Coach Kristina With Mint, Discover connections takes me to Discovers website to login. On Simplifi it asks me to enter my username and password on Simplifi's website which I'd rather not do.

    The first picture is form Simplifi, it asks to enter userid and password directly on Simplifi.

    The second picture is Mint, it takes me to Discover's website to login.

    Other institutions like CapitalOne and Chase do work like Mint where it goes to their website to login.

  • UrsulaA
    UrsulaA Superuser ✭✭✭✭

    I had the same question.

    From the replies on this thread and the example provided earlier, it looks like an aggregator is a third party that accesses our bank data via our credentials (Plaid, Intuit, etc.). The OAuth API provides access to our data directly from the bank without a third party in the middle.

    Also, I saw your comment on the other thread. The "questionable" Excel was mostly because I update the file once a month or less often and then I got sick of catching up with entering transactions manually and tracking. The data became questionable, I used the file a year at most. I stuck with Mint for 9 years, 2014-2023.

    Simplifi and Mint before it helped me keep everything in one place and monitor if I am meeting my goal of saving less than I earn. Things happen quickly indeed.

    Simplifi User Since Nov 2023

    Minter 2014-2023

    Questionable Excel before 2014 to present

  • Coach Kristina
    Coach Kristina Moderator admin

    @UrsulaA and @Matt Anfang,

    The OAuth API is not the same as the aggregator. We don't have all the in-depth technical details, but here's a general overview: An API is a software interface that allows programs to communicate with each other. An aggregator (in this context, anyway) is used to gather information from multiple financial institutions in order to update your connected accounts. The aggregator is able to communicate with multiple different APIs, including the OAuth API. When you authorize your accounts through the OAuth API, you authenticate through the financial institution website, and it issues an authentication token. Then, when the aggregation service reaches out to get updated account information to send to Quicken Simplifi, it uses that authentication token instead of using login credentials to authenticate with the financial institution.

    I hope this helps!

    -Coach Kristina

  • Matt Anfang
    Matt Anfang Member ✭✭✭

    Thanks @Coach Kristina! All I know is that I needed an aggregator to get our one Edvest account to work. So if they are different and if this OAuth API thing helps then I'm all for it. Appreciate the response back

  • KFH
    KFH Member

    Hi, any update on getting the Citibank OAuth implemented?

    We just switched from Mint and having to turn off the MFA to connect our main credit card (citibank) is making us consider we need to try a different budgeting app altogether.

    Thanks

  • Mercs
    Mercs Member ✭✭

    I'm having this same issue with Discover as well as Schwab/Ally/Synchrony, also happening with American Express credit cards which is actually on the list of OAuth implementations. Still brings me to the Simplifi login page and not the Amex site.

  • I'm trying Simplifi out and when I joined I added a handful of my accounts, but I didn't take notice of what authentication method was being used. Is there any way for me to check each account and see what authorization method is being utilized?

  • Coach Natalie
    Coach Natalie Administrator, Moderator admin

    @BlueWRXPride, are you asking which banks are on the OAuth API connection versus the normal connection in Quicken Simplifi? If so, our OAuth API banks are all listed here: https://help.simplifimoney.com/en/articles/6997452-new-and-improved-way-to-connect-to-your-financial-institution-oauth-api

    If you're asking about MFA or something else, please create a new post to outline your question to the Community.

    Thanks!

    -Coach Natalie

    -Coach Natalie

  • Dognose
    Dognose Member ✭✭

    Most banks will have a listing of which services you've granted access to. Look in the Security and Privacy section of the bank's website.

    Although, I agree, it should also be available to Simplifi customers either through the settings webpage or a journal file.

  • KP_9
    KP_9 Member ✭✭✭

    @Coach Natalie, can you please speak to this question? Looking to understand the OAuth rollout order priorities and whether Citibank is being done next, given how many people on these boards are asking for it specifically.

  • Coach Kristina
    Coach Kristina Moderator admin

    Hello @KFH and @KP_9,

    Citibank OAuth should be coming soon, but we have not been provided with an exact date, so we are not yet able to say when.

    I'm sorry I'm not able to give you a better answer, but that's all the information available at this time.

    -Coach Kristina

  • DannyB
    DannyB Superuser ✭✭✭✭✭
    edited January 14

    I only have a credit card with Citi Bank but in the two years I've been using Simplifi have never had any problems with my Citi Bank connection.

    Danny
    Simplifi user since 01/22
    Budget: a mathematical confirmation of your suspicions.” ~A.A. Latimer