Personal Apps - Advanced
Learn more about the settings and security features of personal apps
By default, your personal app has very broad permissions over your data. This is suitable for testing different API endpoints and getting to know our API, however if you plan on using our personal apps longer term, you may want to lock down the permissions it is allowed to use.
All of the following settings can be found on the "Developers" page at my.akahu.io.
Limiting Account Access
Perhaps the easiest permission to manage is which accounts your personal app can access. By default, your app can access all of your connected accounts when it is created. We allow you to update these, either granting access to accounts that you've just connected, or denying access to accounts that your personal app doesn't need.
Scroll down to the "Accounts" section of the page and press the "Edit" button. You can now select or deselect the accounts you want to grant access for, before pressing the "Submit" button.
You can adjust the permissions your personal app can use, which has the effect of allowing or disallowing access to the relevant API endpoints. For example, your personal app may never need to make transfers, so you may want to disallow that permission.
Scroll down to the "Permissions" section and press the "Edit" button. You can now select or deselect the permissions that your app requires. We recommend only giving your app access to the permissions it needs. Save your permissions by pressing the "Submit" button.
Limiting IP Addresses
By default we allow any IP address to use your Personal App credentials, however if your personal app will be running from only a few machines, you can restrict the IP addresses to prevent misuse of your access token.
We use CIDR notation to specify IP addresses. For help turning your IP (or IP ranges) into this format, you can use this tool. We currently only support IPv4 address ranges for this setting.
Scroll down to the "IP Address Ranges" section and press the "Edit" button. You can now add, remove, or edit the IP ranges allowed to access your app. Save your changes by pressing the "Submit" button.
What To Do If You Think Your Credentials Have Been Exposed
Akahu makes it easy to rotate your app credentials in the event of exposure. We recommend you do this as soon as you realise that your token may have become public.
Scroll down to the "Danger Zone" section and press the "Regenerate" button next to "Regenerate User Access Token". Confirm that you want to do this, then take note of the new User Access Token. This token should now be used in place of the exposed token.
Changes take effect immediately. Usage of an old token will result in a 403 Forbidden response.
How To Delete Your App
Scroll down to the "Danger Zone" section and press the "Delete" button next to "Delete Personal App". Confirm that you want to do this, and your app will be deleted and all access revoked. Usage of your Personal App credentials will now result in a 403 Forbidden response.
Changes take effect immediately. Usage of your token will result in a 403 Forbidden response.
Updated 3 months ago