Hi,
I am in the process of trying to connect my Bank to Foundry.
1 - What I have done so far is set up my Outbound Application. In here I have provided the OAuth 2.0 Server connection details which is the base Monzo URL (https://auth.monzo.com) and the Token Endpoint URL (https://api.monzo.com/oauth2/token), and provided an egress policy to allow them to connect to Monzo.
I have then configured my OAuth 2.0 Connection details, this includes my Client_ID and Client_Secret i got from Monzo Developer Portal I set up. And I included a Scope which is:
‘third_party_developer_app.pre_verification’ (speak about this later).
3 - I then have set up a REST API data source to connect to Monzo Base URL, and set up Authorisation using my Outbound Application.
4 - I then created a webhook for the URL ‘https://api.monzo.com/accounts’. And my output is just the whole response as a string. And no input parameters are needed for this.
What I believe to be happening is, the OAuth sends a request to Monzo for an Authorisation Code, which is returns. It then uses that code with the Token URL to retrieve a token. This token is then used in my webhook.
Thus when my webhook is called, it retrives this token and then sends it to Monzo alongside my GET Request. In essence the outbound application Foundry created is doing the token/code handshake for me, meaning I don’t have manually do all this myself.
The issue I have is when I run it, I run it once and authenticate. And then I rerun it like i am told but i retireive this error:
“Access forbidden due to insufficient permissions”
I believe this is due to the scoping Issue, As in the scoping I need to have not just have the Pre_Verification scope but also the ‘accounts:read’ scope. This is important to give me permissions to do this.
So I change my Scope in my outbound application to the below:
BEFORE: ‘third_party_developer_app.pre_verification’
AFTER: '‘third_party_developer_app.pre_verification, accounts:read’
I then save and reset it and retry authentication however I retrieve this error in the picture:
Thus it is only granting me one thing, even though in my authentication outbound request i am asking for multiple. I’m not sure if my logic is wrong along the way causing me to miss something. For example in the Docs it mentions creating 2 webhooks to do the handshake, but I’m confident I don’t need to do that and can just use my authentication I set up. The only issue being the scoping which I can’t seem to fix.
Please let me know if you have any suggestions
Kind Regards
Sam