Webview
Our webview complements REST API endpoints with web-based services to handle sensitive or complex operations:
add a connection (to a bank or a provider), or edit/repare access to a connection;
manage connections (add/remove/edit);
edit and validate bank transfers.
Usage of the webview is mandatory if you don't hold an Agent status, since you are not allowed to use API endpoints carrying user credentials, and optional otherwise.
You can use our integration demos to experiment with the different Webview flows described below.
Webview protocol
Services available as part of the webview are designed as parameterized URLs intended to be opened in a web browser. A callback URI must be specified by callers to be notified at the end of the operation flow, similar to OAuth 2 specification.
Base URL
The base URL of all services must be customized:
https://{domain}.biapi.pro/2.0/auth/webview/
https://{domain}.biapi.pro/2.0/auth/webview/{lang}/
{domain}: substitute with your API domain;{lang}: optionally specify the language of the webview (possible values:en,fr,de,nl,it,es; if not specified, an automatic redirection will be performed following the language of the browser).
Callback handling
Most flows redirect to a callback URI at the end of the process. Query parameters are added to the URI to identify successful or failed operations.
Successful parameters are specific to each flow. In case of an error, the following parameters are added:
Common error codes include:
Forward compatibility requirement: additional error codes may be added in the future to describe specific cases. When implementing error codes handling, always fallback to a generic case for unknown codes.
Browser compatibility
The webview is designed and tested to work with browsers supported by the Angular framework: https://angular.io/guide/browser-support
Privacy / GDPR status
The webview itself does not use any kind of long-term data persistence mechanism such as cookies or local storage, but some authentication or authorization steps may delegate to third-party web services that may implement them. Analytics performed on the webview use anonymous data only.
Integration guidelines
Presenting the webview URL in a browser requires special care about the technical components involved, in order to optimize UX and conversion rate by allowing app-to-app experiences.
The recommended components vary by platform:
Web
In a web environment (i.e. when your own app is already running in a browser, as a standard HTML/JS app, PWA, etc.), you should present the webview either using a full-page redirect (recommended), or optionally using a popup window.
The later requires special care on mobile as popups are usually presented as new tabs, and can be subject to blocking policies. Such integrations also require proper cross-window communication to dismiss the extra window after the flow has ended.
Integration of our webview in an <iframe> tag is discouraged as it can yield to a mixed user experience (our webiew provides its own UI context and navigation).
Iframe integration can also prevent app-to-app support for some connectors. When our webview is embedded in an iframe and it needs to present a third-party connection flow (connector webview with potential app-to-app support), it will itself open a popup (or new tab) to maximize the chance of app-to-app support.
When using the redirection technique, make use of the state parameter, optionally in conjunction with session storage, to restore context in your app at the end of the webview flow.
Android
In a native Android environment (or when your app is compiled to an Android app using a multi-platform framework), you should present our webview using the Chrome Custom Tabs library, rather than using a WebView component.
Chrome Custom Tabs allow good support for app-to-app experiences and let the end-user benefit from a navigation context shared with the browser app (cookies, saved credentials, etc.). Although they represent a slightly less integrated visual experience, the library does support customization and theming.
WebView component should be avoided as it can prevent app-to-app support for some connectors.
Callback handling with Chrome Custom Tabs usually rely on declaring an intent filter (with custom scheme) handled by the calling Activity, which is brought to foreground after the flow.
iOS
In a native iOS environment (or when your app is compiled to an iOS app using a multi-platform framework), you should present our webview using the SFSafariViewController component, rather than using a WKWebView component.
SFSafariViewController allows good support for app-to-app experiences and let the end-user benefit from a navigation context shared with the browser app (cookies, saved credentials, etc.). Although they represent a slightly less integrated visual experience, the component does support customization and theming.
WKWebView component should be avoided as it can prevent app-to-app support for some connectors.
Callback handling with SFSafariViewController usually rely on defining a custom URL scheme and dismissing the controller in the handler.
Multi-platform frameworks
When using Flutter, use the flutter_custom_tabs package, that implement the above recommended components.
When using React Native, you can rely on some (non official) third-party packages to implement usage of Chrome Custom Tabs and SFSafariViewController, or provide your own native module.
Endpoints reference
Add connection flow
This flow allows an end-user to add a new connection to the API. The flow handles the following steps:
selecting a connector;
authenticating & authorizing with the connector, by collecting credentials or delegating;
managing consent to aggregate accounts/subscriptions;
collecting required information for professional accounts.
You can try it out here.
Query parameters
Successful callback parameters
Additional error codes
Re-auth / edit connection credentials flow
This flow allows an end-user to re-authenticate against a bank or a provider in order to recover an existing connection, or to completely reset credentials associated with a connection.
You can try it out here.
Query parameters
Successful callback parameters
This flow adds no parameter to the callback URI in case of success, except from state.
Manage connections
This flow allows an end-user to manage the connections associated with his account in the API. The user can add new connections, remove existing ones, fix connection errors, reset credentials or activate/deactivate bank accounts.
Support of redirect_uri in this flow is optional, as it can be integrated or presented as a terminal step, without relying on a final redirection.
You can try it out here.
Query parameters
Callback parameters
This flow adds no parameter to the callback URI, except from state.
Validate a payment
This flow allows an end-user to validate a payment request. The flow handles the following steps:
present a list of supported emitter banks;
validate the payment request and redirect the user to the validation webview of the bank.
Query parameters
Successful behavior
Unlike other webview endpoints, the user will be redirected to the callback URL provided at the creation of the payment request (using client_redirect_uri) after the bank webview. The redirect_uri provided as a webview parameter is only used for the error or cancellation cases.
(Deprecated) Execute a bank transfer
This flow allows an end-user to execute a bank transfer. The flow handles the following steps:
if the transfer is not already created, all steps to authenticate with a bank, select the recipient, the emitter account, the amount and label;
executing the transfer, including managing SCAs for recipient registration and/or transfer validation.
Query parameters
Successful callback parameters
Last updated
