Impact Finance
Glossary
Impact Finance is a B2B2C product, which sometimes makes it unclear who the "Customer" is referring to. The following terminology will be used:
- Doconomy: This is us. (Hi! 👋) The first B in B2B2C.
- Bank: This is probably you, or your organization. The customer of Doconomy, and the second B in B2B2C.
- End User: The person interacting with our services in the end. The last c in B2B2C.
Impact Finance consists of the following software:
- Doconomy Enterprise Software (DES)
- SDKs for iOS, Android and Web. Provided as open source software libraries.
DES can either be run:
- as a service (SaaS), or
- as a self-hosted container image.
DES provides the following applications:
- Impact Finance Web App: An End User-facing web application, to be embedded into your Bank's mobile user experience (see Bank App below), using the SDKs. The Web App refers to the application as a whole, consisting of a frontend running on the End User's device (embedded in your Bank App), and a backend running as SaaS or self-hosted.
- Doconomy Enterprise Portal (DEPo): A Bank employee-facing web application for managing settings, content, translations, etc. DEPo refers to the application as a whole, consisting of a frontend running in the employee's browser, and a backend running as SaaS or self-hosted.
- Impact Finance API: A Bank Backend-facing RESTful JSON API. Used by your Bank backend to manage state in DES.
DES is intended to be integrated with your Bank's systems and services. The following entities are involved in the integration:
- Bank App: The application providing your Bank's user experience to your End Users. The Impact Finance Web App frontend is embedded into your Bank App(s) with help from the SDKs.
- Bank Backend: Your Bank's systems and services responsible for opening accounts, settling transactions, etc. The exact architecture is a black box from DT's perspective. The Bank Backend is communicating with DES through the Impact Finance API.
DES Integration Overview
A DES integration consists of three main parts:
- Client-side embedding of the Impact Finance Web App into your Bank Apps.
- Client-side authentication through JSON Web Tokens (JWTs), requiring a public endpoint serving a JSON Web Key Set (JWKS).
- Server-side integration by implementing a Impact Finance API client in your Bank Backend. You may also optionally choose to register webhook endpoints to listen for events (4).
For sequence diagrams showing how these pieces fit together in common user journeys, see User Journeys.
Client-side Embedding
The Impact Finance Web App is built to be embedded into your existing Bank Apps. To make this integration as easy as possible, we provide SDKs for both Android, iOS, and web.
The SDK's are all open source (MPL2.0), allowing you complete insight into and control of what code would be pulled into and executed in your applications. To make it even easier to get started, we have included some simple example apps (Android example, iOS example) in those repositories.
Essentially, what the SDKs do is opening native WebViews (Android docs, iOS docs), or an iframe in the web case, which loads and renders the Impact Finance Web App. Although the syntax and details differ slightly depending on platform, we strive to keep the overall structure of available callbacks, events and commands consistent across all platforms.
NOTE: If you are more comfortable not using our SDKs in your applications, feel free to be inspired & guided by the code to implement your own versions.
Client-side Authentication
Since the Web App is embedded into your Bank App, and the End Users should not notice they are navigating to a different software, DES does not authenticate End Users directly. Instead, your Bank App just needs to send a proof to DES that the End User is in fact authenticated by you, including the identity of the End User. This is done through OpenID Connect ID Tokens. Two steps are needed:
- Your Bank App hands a signed JSON Web Token (JWT) to the Web App when initializing the SDK.
- Your Bank Backend exposes a JSON Web Key Set (JWKS) endpoint, where DES can fetch the public key(s) corresponding to to the private key(s) used to sign the JWT, in order to validate the signature.
See Session Handling > Authentication for a sequence diagram of this flow.
Server-side Integration through the Impact Finance API
For End Users to be able to save money, they need accounts provisioned, and transactions settled.
To be able to make things happen on your end, DES provides a JSON REST API with webhooks. This means that you don't have to add any new API endpoints to your Bank Backend, or open up any incoming connections. All you have to do is to consume the Impact Finance API.