JavaScript SDK for connecting to Kontist using OAuth2 and GraphQL.
Add as dependency to your project:
npm install @kontist/client
You will need a valid client id and setup your redirect uri for authentication. You may request your client id in the API Console on https://kontist.dev/console/.
import express from "express";
import { Client } from "@kontist/client";
const CALLBACK_PATH = "/auth/callback";
const REDIRECT_URI = <YOUR_BASE_URL> + CALLBACK_PATH;
const clientSecret = <YOUR_CLIENT_SECRET>;
const state = (Math.random() + "").substring(2);
const app = express();
// create a client
const client = new Client({
clientId: "YOUR_CLIENT_ID",
redirectUri: REDIRECT_URI,
scopes: ["transactions"],
clientSecret,
state
});
// redirect not authenticated user to Kontist form
app.get("/auth", async (req, res) => {
const uri = await client.auth.getAuthUri();
res.redirect(uri);
});
// get user token data
app.get(CALLBACK_PATH, async (req, res) => {
const callbackUrl = req.originalUrl;
try {
const token = await client.auth.fetchToken(callbackUrl);
/* got access token, login successful */
res.send("Successful, your token is " + token.accessToken);
} catch (e) {
/* handle error */
res.send("Failed: " + JSON.stringify(e));
}
});
app.listen(3000, function() {
console.log("Listening on port 3000!");
});
You should be able to issue new accessToken by simply calling:
const token = await client.auth.refresh();
Optionally, this method accepts a number as an argument to specify after how many milliseconds the refresh request should timeout (default is 10000):
// abort after 20 seconds
const token = await client.auth.refresh(20000);
<html>
<body>
<script src="https://cdn.kontist.com/sdk.min.js"></script>
<script>
// persist a random value
sessionStorage.setItem(
"state",
sessionStorage.getItem("state") || (Math.random() + "").substring(2)
);
sessionStorage.setItem(
"verifier",
sessionStorage.getItem("verifier") || (Math.random() + "").substring(2)
);
// initialize Kontist client
const client = new Kontist.Client({
clientId: "<your client id>",
redirectUri: "<your base url>",
scopes: ["transactions"],
state: sessionStorage.getItem("state"),
verifier: sessionStorage.getItem("verifier")
});
const params = new URL(document.location).searchParams;
const code = params.get("code");
if (!code) {
// page not called with "code" query parameter, let's redirect the user to the login
client.auth.getAuthUri().then(function(url) {
window.location = url;
});
} else {
// we have a code, the client now can fetch a token
client.auth.fetchToken(document.location.href).then(function() {
// do a simple graphql query and output the account id
client.graphQL
.rawQuery(
`{
viewer {
mainAccount {
iban
balance
}
}
}`
)
.then(function(result) {
console.log(result);
});
});
}
</script>
</body>
</html>
Kontist SDK allows renewing access tokens in browser environments using this simple method:
const token = await client.auth.refresh();
Optionally, this method accepts a number as an argument to specify after how many milliseconds the refresh request should timeout (default is 10000):
// abort after 20 seconds
const token = await client.auth.refresh(20000);
If you'd rather handle the authentication UI flow in your app, and when your oAuth2 client supports grant_type: password, you could request an access token in exchange for a user's credentials in one step:
const client = new Kontist.Client({
baseUrl: "https://staging-api.konto.io",
clientId: 'YOUR_CLIENT_ID',
scopes: ["users", "subscriptions", "transfers", "accounts"]
});
client.auth.fetchTokenFromCredentials({ username, password })
.then((tokenData) => {
// do something with tokenData.accessToken
//
// or start using client to make authenticated requests
});
const query = `{
viewer {
mainAccount {
id
}
}
}`;
const result = await client.graphQL.rawQuery(query);
An example to show how to fetch all user transactions
let transactions = [];
for await (const transaction of client.models.transaction) {
transactions = transactions.concat(transaction);
}
To fetch up to 50 latest transactions:
const transactions = await client.models.transaction.fetch();
To create and confirm a transfer / timed order / standing order:
const confirmationId = await client.models.transfer.createOne({
amount: <amount>,
recipient: <recipent_name>,
iban: <recipent_iban>,
purpose: <optional_description>,
e2eId: <optional_e2eId>,
executeAt: <optional_order_execution_date> // mandatory for timed and standing order
lastExecutionDate: <optional_last_execution_date> // optional for standing order
reoccurrence: <optional_order_reoccurrence> // mandatory for standing order
});
// wait for sms
const smsToken = ...
const result = await client.models.transfer.confirmOne(
confirmationId,
smsToken
);
To create and confirm multiple transfers (with only one confirmation):
const confirmationId = await client.models.transfer.createMany([{
amount: <amount>,
recipient: <recipent_name>,
iban: <recipent_iban>,
purpose: <optional_description>,
e2eId: <optional_e2eId>,
}, {
amount: <amount>,
recipient: <recipent_name>,
iban: <recipent_iban>,
purpose: <optional_description>,
e2eId: <optional_e2eId>,
}]);
// wait for sms
const smsToken = ...
const result = await client.models.transfer.confirmMany(
confirmationId,
smsToken
);
Accessing Kontist banking APIs require Multi-Factor Authentication (MFA).
MFA is available once you have installed the Kontist application and paired your device in it.
The following steps are necessary to complete the MFA procedure:
Kontist SDK exposes a method to initiate the MFA flow after you successfully received the initial access token:
// fetch a regular access token
const token = await client.auth.fetchToken(callbackUrl);
try {
// create an MFA challenge and wait for confirmation
const confirmedToken = await client.auth.getMFAConfirmedToken();
// once it has been verified, your `client` instance will have a confirmed access token
// the confirmed token is also returned in case you want to store it
} catch (err) {
// if the challenge expires, a `ChallengeExpiredError` will be thrown
// if the challenge is denied, a `ChallengeDeniedError` will be thrown
console.log(err);
}
After obtaining a confirmed auth token with this method, you will have access to all banking APIs.
If you want to cancel a pending MFA confirmation, you can call the following method:
client.auth.cancelMFAConfirmation();
The Promise returned by getMFAConfirmedToken will then reject with a MFAConfirmationCanceledError.
FAQs
Kontist client SDK
The npm package kontist receives a total of 95 weekly downloads. As such, kontist popularity was classified as not popular.
We found that kontist demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.