Kontist SDK
JavaScript SDK for connecting to Kontist using OAuth2 and GraphQL.
Add as dependency to your project:
npm install @kontist/client
You will need a valid client id and setup your redirect uri for authentication. You may request your client id in the API Console on https://kontist.dev/console/.
Usage (NodeJS / TypeScript)
import express from "express";
import { Client } from "@kontist/client";
const CALLBACK_PATH = "/auth/callback";
const clientSecret = <YOUR_CLIENT_SECRET>;
const state = (Math.random() + "").substring(2);
const app = express();
const client = new Client({
clientId: "YOUR_CLIENT_ID",
redirectUri: REDIRECT_URI,
scopes: ["transactions"],
app.get("/auth", async (req, res) => {
const uri = await client.auth.getAuthUri();
app.get(CALLBACK_PATH, async (req, res) => {
const callbackUrl = req.originalUrl;
try {
const token = await client.auth.fetchToken(callbackUrl);
res.send("Successful, your token is " + token.accessToken);
} catch (e) {
res.send("Failed: " + JSON.stringify(e));
app.listen(3000, function() {
console.log("Listening on port 3000!");
You should be able to issue new accessToken by simply calling:
await token.refresh((newToken) => { ... });
Usage (Browser)
<script src="https://cdn.kontist.com/sdk.min.js"></script>
sessionStorage.getItem("state") || (Math.random() + "").substring(2)
sessionStorage.getItem("verifier") || (Math.random() + "").substring(2)
const client = new Kontist.Client({
clientId: "<your client id>",
redirectUri: "<your base url>",
scopes: ["transactions"],
state: sessionStorage.getItem("state"),
verifier: sessionStorage.getItem("verifier")
const params = new URL(document.location).searchParams;
const code = params.get("code");
if (!code) {
client.auth.getAuthUri().then(function(url) {
window.location = url;
} else {
client.auth.fetchToken(document.location.href).then(function() {
viewer {
mainAccount {
.then(function(result) {
Password-based authentication
If you'd rather handle the authentication UI flow in your app, and when your oAuth2 client supports grant_type: password
, you could request an access token in exchange for a user's credentials in one step:
const client = new Kontist.Client({
baseUrl: "https://staging-api.konto.io",
clientId: 'YOUR_CLIENT_ID',
scopes: ["users", "subscriptions", "transfers", "accounts"]
client.auth.fetchTokenFromCredentials({ username, password })
.then((tokenData) => {
GraphQL queries
const query = `{
viewer {
mainAccount {
const result = await client.graphQL.rawQuery(query);
An example to show how to fetch all user transactions
let transactions = [];
for await (const transaction of client.models.transaction) {
transactions = transactions.concat(transaction);
To fetch up to 50 latest transactions:
const transactions = await client.models.transaction.fetch();
To create and confirm a transfer / timed order / standing order:
const confirmationId = await client.models.transfer.createOne({
amount: <amount>,
recipient: <recipent_name>,
iban: <recipent_iban>,
purpose: <optional_description>,
e2eId: <optional_e2eId>,
executeAt: <optional_order_execution_date>
lastExecutionDate: <optional_last_execution_date>
reoccurrence: <optional_order_reoccurrence>
const smsToken = ...
const result = await client.models.transfer.confirmOne(
To create and confirm multiple transfers (with only one confirmation):
const confirmationId = await client.models.transfer.createMany([{
amount: <amount>,
recipient: <recipent_name>,
iban: <recipent_iban>,
purpose: <optional_description>,
e2eId: <optional_e2eId>,
}, {
amount: <amount>,
recipient: <recipent_name>,
iban: <recipent_iban>,
purpose: <optional_description>,
e2eId: <optional_e2eId>,
const smsToken = ...
const result = await client.models.transfer.confirmMany(
MFA (Multi-Factor Authentication)
Accessing Kontist banking APIs require Multi-Factor Authentication (MFA).
MFA is available once you have installed the Kontist application and paired your device in it.
The following steps are necessary to complete the MFA procedure:
- initiate the procedure by creating a challenge (Kontist SDK exposes a method to do that)
- click the push notification you received on your phone, it will open the Kontist application
- login (if applicable) and confirm the MFA by clicking on the corresponding button
Kontist SDK exposes a method to initiate the MFA flow after you successfully received the initial access token:
const token = await client.auth.fetchToken(callbackUrl);
try {
const confirmedToken = await client.auth.getMFAConfirmedToken();
} catch (err) {
After obtaining a confirmed auth token with this method, you will have access to all banking APIs.
If you want to cancel a pending MFA confirmation, you can call the following method:
The Promise returned by getMFAConfirmedToken
will then reject with a MFAConfirmationCanceledError