Requirements & best practices

This document outlines the requirements needed to integrate your application with the Akoya Data Access Network.

We have a number of implementation requirements to ensure the security of our network and our end-users' financial data. Please review these requirements thoroughly before continuing.

🚧

Please don’t skip this page!

Please take the time to go over all the resources in this section before moving on to the project checklists.

Requirements

  • A consent UX in your app

  • OIDC token use with secure, encrypted storage

  • Redirect URI(s)

    • The callback resource in your application where Akoya will send the end-user and authorization code after successful authentication
  • Secure, encrypted storage for your app’s client_id, client_secret and all tokens.

    • The client_secret should NEVER be hard-coded into your application's source code.

Best practices

  • Provide a link for the end-user to revoke permission for use of their provider's accounts.

  • Build a pagination component into your app, allowing it to receive one page at a time.

  • Adhere to transaction guidelines issued by the data provider.

  • Please notify Akoya when major service disruptions occur that impact the network, such as an event that causes you to invalidate all tokens or forces re-authentication.

  • To report support issues to Akoya, track the header x-akoya-interaction-id returned with each Akoya API request.

FDX

Akoya API v1 is based on Financial Data Exchange (FDX) specifications (learn more about FDX here). The following FDX guidance is recommended while using Akoya API v1:

  • Utilize the FDX API, security, and user experience specifications.

  • Follow FDX version recommendations for API deprecation.

Recipients need not be members of FDX to integrate with the Akoya Data Access Network; however, FDX provides a variety of membership options. It also provides fee-free access to API specifications by accepting the intellectual property agreement.