SignIn Flow
Summary
In order to use our Account Information Service, the end-user has to first log in to their bank and authorize the data access. This process can be done through our the SignIn Flow that allows the users to choose their bank, accept the mandatory consents and go through the authorization process.
The SignIn Flow is available in two versions:
This article will shortly describe both of them and highlight the differences. For details on integration, please refer to the individual articles linked above.
SignIn Widget
- SignIn Widget is an HTML5 iframe element that you can embed on your website by calling our JavaScript.
- After the user chooses their bank and grants necessary consents, the Widget will open a new window with the bank’s website, where the user will have to go through the log in process and confirm the data access.
- During the process you will also receive multiple JavaScript callbacks that will inform you about the user activities and when the log in process is finished.
- After the user comes back from the bank website, you will have to handle a final callback, pass the parameters to your backend and perform Default Import if the authorization was successful.
- The Widget can be adjusted to your needs, including process-related parameters, as well as its styling.
SignIn Redirection
- The SignIn Redirection requires an API integration - on your backend you can request a link to a Kontomatik website where a modified of the SignIn Widget is embedded.
- Once you receive the link, you have to redirect the user to it, and then they go through the log in process.
- The user will have to choose their bank, grant consents and then gets redirected to the bank. Everything here happens within the same browser window.
- After the authorization is finished, the user gets redirected back to you, you can then check the process status via our API and perform Default Import if the authorization was successful.
Pros and cons
Before you decide on either of the versions, here are some advantages and disadvantages of each of them:
- SignIn Widget
- Requires the user to have popups enabled
- Won’t work in other mobile apps where you have no control over the popups (e.g. via Facebook or Instagram in-app browsers)
- You can track Widget events through the callbacks
- You have to pass data between frontend and backend
- If the user has any issue logging in, they are still present on your website so you can provide other authorization options easier
- You can apply some custom styling to match your website
- SignIn Redirection
- Doesn’t require popups enabled, however may have to open a new tab or a native browser on mobile devices
- Is suitable to use when showing your website in 3rd party in-app browsers like Facebook or Instagram
- You can’t track the Widget events, you will only get the final callback and status
- Most of the data exchange happens on the backend
- If the user abandons the authorization process, you can only find out about it asynchronously after a while
- You can’t change the styling of the SignIn Redirection website
