Guides
Start typing to search…

Connection Management

ℹ️

This guide is relevant for customers of both our one-off or enduring account connectivity APIs.

Limiting accounts that can be connected

For a small subset of Akahu customers, we have historically supported the ability to place constraints on the type and number of accounts that users can select. For example, some applications are configured to only allow the user to connect a single account, or only accounts which can be used to make payments.

These same controls are not available with official open banking APIs. The selection of which accounts to share with your application occurs in an interface hosted by the user's bank, and the open banking standards don't provide a way for developers to apply constraints to this process.

Because of this, we have decided to drop support for this feature for all connection types. If your application prefers that only a single account is connected, we recommend:

  • Communicating this clearly to the user before sending them to Akahu.
  • Providing a way for the user to choose an "active" or "default" account within your application in the event that they connect multiple. It is also important to consider how the user might update this choice in the future.

Managing connected accounts via API (enduring access)

Open banking authorisations can only be modified by the user directly with their bank. There is no way to remove accounts from an open banking authorisation programmatically.

Because of this, we are unable to support the DELETE /accounts/{id} API endpoint for accounts connected using official connections. This endpoint will continue to work for accounts connected via classic connections, but will return a 400 error response for accounts connected via official connections.

If you currently provide a way for your users to remove individual accounts in your app using this endpoint, we recommend making the following changes for all connection types for consistency:

  • Remove the ability for the user to revoke your app's access to individual accounts.
  • Provide a "manage accounts" option which sends the user to the Akahu OAuth flow. We will send them on to their bank if they choose to add or remove accounts from an official connection.
  • Provide an option for the user to revoke your app's access to each authorisation using the DELETE /authorisations/{id} endpoint. There may be multiple accounts connected using a single authorisation. Use the _authorisation attribute to group accounts by authorisation.

Updated 3 days ago