Authentication

Hoseki Connect Authentication Flow

Hoseki Connect is purpose-built to facilitate two primary functionalities: authentication of end-user accounts and data retrieval from these accounts. This section provides a detailed guide on initiating and completing the Hoseki Connect authentication process to access account data.

1. Initiation by Client Application: The end-user initiates the account connection process within your client application.

2. Session Creation: Generate a session on your server to manage the authentication flow. This session acts as a bridge between your client and Hoseki's services.

3. Client Secret Transmission: Transmit the session’s client_secret back to your client application to proceed with the authentication.

4. Authentication by Client User: To continue the authentication process, you will need to integrate Hoseki Connect on your client. To do so, follow our Integrating Hoseki Connect guide.

5. Completion of Account Linking: The user completes the flow on their device, which results in their accounts being associated with the session.

Client-Side User Interface

The authentication process involves a client-side user interface that allows users to approve data sharing and link their accounts with your application and Hoseki. This interface should be embedded within your client-side user flows. It is designed to be compatible with all major web browsers and mobile web views.

API Authentication

Access to the Hoseki API requires API keys that authenticate requests. These keys are highly sensitive and should be safeguarded; exposure in public repositories (such as GitHub) or client-side code should be avoided.

Bearer Authentication: To authenticate API requests, include the header 

-H "Authorization: Bearer <your API key>" 

in your HTTP requests.

Secure Communication: All API requests must be transmitted over HTTPS. Requests made over HTTP or without proper authentication headers will be rejected.

Following these guidelines, you can securely integrate Hoseki's functionalities into your application, ensuring robust data security and a seamless user experience.