Prerequisites

API Access

The nrich API uses HTTP Basic Authentication with two credentials:

Client ID (username) and
Client Secret (password)

Each set of credentials is associated with specific access scopes that define your permissions on the nrich platform. Contact us to obtain your dedicated credentials.

Postman Collections

We recommend downloading our Postman Collections to simplify your integration through our pre-configured API requests, allowing you to test endpoints instantly without any manual setup.

Getting Started

Before implementation, review our Widget Integration Guide for best practices and setup instructions.

Overview

Risk Insights offers a concise approach to understanding and mitigating financial risks. By providing real-time access to an end user's transactional data, it delivers critical insights into their finances and stability. This product is essential for organizations looking to automate credit scoring, enhance fraud detection capabilities, and offer personalized financial advice. Risk Insights analyzes transaction histories and aggregated financial behaviour to help assess risk. It provides a multi-dimensional risk assessment that accounts for various factors, including income stability, spending behaviour, and financial commitments.

Data-Access Types

Onetime Account Access

The one-time account access is used by customers who want to verify or access certain information only once at one point in time.

For this use-case, Qwist will store the financial data of an end user for one hour. During this time the customer can fetch the financial data from Qwist’s database as often as needed, but after one hour the financial data will be automatically deleted.

Ongoing Account Access

Ongoing account access is used whenever customers want to access information over a longer period of time.

For this use-case, Qwist automatically adds new connected bank accounts to a background service that runs an automatic transaction synchronization process (“autosync”) up to 4 times a day until the consent of the user expires (usually after 180 days). This allows the customer to fetch updated financial data for its users up to 4 times a day from Qwist’s database without any additional interaction on their side. After a maximum of 180 days, the user's consent expires and they need to renew it by providing a second factor for Strong Customer Authentication (SCA), e.g. a TAN.

In order to activate autosync, users must save their credentials during the login process. This is done via a checkbox in the Widget UI or by setting the save_secrets parameter to true in the Ongoing access API call. The credentials are stored in an encrypted database that can only be accessed and decrypted by the finX API when communicating with banks.

Qwist will not delete any financial data of the end user until the customer explicitly uses the Delete user endpoint to delete a user and all their financial data.