Hi everyone,
New rules for all banks, including Monzo, mean we’ll start increasing security around third party integrations with your account. So the way you give access to your data to apps created at developers.monzo.com is changing, and we’ll ask you to regularly re-authenticate to continue sharing data with apps.
We’re doing this because of new requirements for banks called Strong Customer Authentication (SCA) which come into force on the 14th September. They aim to reduce fraud and make online payments more secure.
We’ll ask you to authenticate in the Monzo app when you first give access to a developer’s app
As well as logging in with an emailed magic link, users of your app will get a notification from Monzo on their phone asking them to authenticate using their fingerprint, Touch ID, Face ID or PIN.
Your app will receive unauthorised errors if it tries to access your data before the user authenticates in the Monzo app.
Users of your app will need to re-authenticate every 90 days to keep sharing their data
We’ll also ask them to confirm regularly that they’d like to stay connected to your app. Users can also manage connected apps by going to “Manage apps” in “Settings” inside the Monzo app.
Changes to how much data a developer’s app can access
After a user has re-authenticated, your app can fetch all of their transactions, and after 5 minutes, it will also be able to sync the last 90 days of transactions. If you need the user’s entire transaction history, you should consider fetching and storing it right after authentication.
All other permissions will stay the same.
What you’ll need to do now
Make sure your users are aware of these changes, and let them know that they will need to update their Monzo app before Thursday, 12th September to make sure they can continue using your app
You’ll be able to read more at docs.monzo.com in the coming days. In the meantime, if you have any questions, please let us know here.