
OAuth is an upgraded connection method that allows third-party applications to access financial data without requiring users to provide their login credentials. Instead, users are redirected to their bank's website, where they can authorise the application to access their account information. While OAuth is supported by many major banks, including Bank of America, Chase, and U.S. Bank, not all banks have implemented this feature. Some banks have limitations or specific requirements for OAuth connections, such as the inability to download pending transactions or support for investment accounts. It's important to note that the availability and functionality of OAuth connections may vary depending on the bank and the third-party application being used.
| Characteristics | Values |
|---|---|
| Banks that support OAuth | Bank of America, Charles Schwab US, Navy Federal Credit Union, TD Ameritrade, UW Credit Union, Maps Credit Union, Empower Retirement, American Express, Atlantic Union Bank, CapitalOne, Chime, Citibank, Henrico Federal CU, JPMorgan Chase Bank, Pentagon Federal CU, PNC, Robinhood, Southern Michigan Bank & Trust, U.S. Bank, UMB Bank (Fidelity), United Bay Community CU, USAA Federal Savings Bank, Wells Fargo |
| Banks that do not support OAuth | AdelFi CU, Adventure CU, Advia CU, Alliant CU, Ally Bank, American Airlines Federal CU, Andrews Federal CU, Bloom CU, Comerica, Community West CU, Consumers CU (IL), Consumers CU (MI), CU One, Discover, Fifth Third Bank, First National Bank of Michigan, Fort Sill National Bank, Frontwave CU, GR Consumers CU, Honor CU, Huntington National Bank, Independent Bank (MI) |
| Benefits of OAuth | No need to share bank login credentials with third parties, no manual download of transactions |
| Limitations of OAuth | Delayed current balance updates, no support for pending transactions, no support for crypto accounts, no support for investment accounts |
Explore related products
$14.99 $14.99
What You'll Learn

Banks that support OAuth connections
Not all banks support OAuth connections, and the list of banks that do varies depending on the platform. For example, AccountChek lists the following banks as supporting OAuth connections:
- U.S. Bank
- Bank of America
- Charles Schwab US
- Navy Federal Credit Union
- TD Ameritrade
- UW Credit Union
- Maps Credit Union
- Empower Retirement
Quicken Simplifi also supports OAuth API connections, but it is unclear which banks they work with. However, they do mention that U.S. Bank does not support Investment Accounts in their OAuth API connection, and that users of Fidelity's OAuth API connection may experience delays in balance updates and issues with ticker symbols and pending transactions. Additionally, they mention that Chase, Capital One, and PNC Bank have limited download access for pending transactions.
Repo Cars in the Philippines: Good Deal or Not?
You may want to see also
Explore related products

Banks that don't support OAuth connections
While OAuth is a standard authorisation protocol that is being adopted by many financial institutions, it is not yet supported by all banks. OAuth allows third-party applications to access a user's data without requiring their password. This is particularly useful for applications that need to access a user's financial information, such as accounting software or budgeting tools.
However, there are still some banks that do not support OAuth connections. For example, U.S. Bank does not currently support Investment Accounts in its OAuth API connection. Similarly, Chase limits download access to only the primary user, which can cause issues for authorised users trying to add or reactivate Chase accounts. Capital One and PNC Bank also do not support the download of pending transactions through their APIs.
It is worth noting that some banks may have partial OAuth implementation or may be in the process of transitioning to OAuth. For example, while Bank of America has enabled OAuth connections, it is not clear if all account types are supported. Additionally, some banks may have specific requirements or limitations for OAuth connections, such as requiring additional security measures or only allowing access to certain types of data.
In some cases, the lack of OAuth support may be due to security concerns. Traditional security advice warns against sharing passwords with any organisation, and banks are typically cautious when it comes to protecting their customers' financial data. However, with the revised Payment Services Directive (PSD2) in the EU, banks are now required to offer APIs for third parties, and OAuth is being used for such access.
It is important for customers to stay informed about their bank's policies and practices regarding OAuth connections, especially if they plan to use third-party applications that require access to their financial data. Customers should also be cautious about sharing their banking credentials with any third-party applications that are not authorised or recognised by their bank, as this could potentially lead to security risks.
The Rumored Romance of Matt Broome and Sasha Banks
You may want to see also
Explore related products
$44.79 $55.99

OAuth API connection drawbacks
OAuth API connections have several drawbacks, depending on the specific platform or service being used. Here are some examples:
Fidelity OAuth API
The Fidelity OAuth API connection has several drawbacks, including delayed current balance updates, which can take up to 48 hours. Additionally, Fidelity sends a security ID or CUSIP instead of a ticker symbol in some cases, causing quotes for symbols to update only the following day. This connection also does not support pending transactions, crypto accounts, or insurance accounts.
U.S. Bank OAuth API
The U.S. Bank OAuth API connection does not currently support investment accounts.
Chase OAuth API
Chase's implementation limits download access to only the primary user, which can cause errors for authorized users when adding or reactivating Chase accounts. This is done for security purposes to ensure that only account owners are allowing access to bank data.
Capital One and PNC Bank OAuth APIs
Both Capital One's and PNC Bank's OAuth APIs do not support the download of pending transactions.
General OAuth Considerations
OAuth is a protocol for delegated access, which means it does not provide information about the user or their presence during the authorization process. This can be a drawback in situations where user authentication is required. Additionally, OAuth relies on access tokens, which can be a security concern if not properly protected or refreshed.
While OAuth 2.0 is widely used and has recipes for creating authentication protocols with specific providers (like Facebook Connect or Sign In With Twitter), building secure and effective authentication on top of OAuth 2.0 can be challenging.
MCAT Question Banks: Are Next Step Worth It?
You may want to see also
Explore related products
$15.52 $16.99

How to set up an OAuth connection
Setting up an OAuth connection will vary depending on the application you are using. For example, to use OAuth with Microsoft Entra, you must first register your application with Microsoft Entra. Then, you can get an access token from a token server and authenticate connection requests with the access token.
If you are using OAuth 2.0 to access Google APIs, you will need to visit the Google API Console to obtain OAuth 2.0 credentials such as a client ID and client secret. You will then use the client ID and one private key to create a signed JWT and construct an access token request. Your application then sends the token request to the Google OAuth 2.0 Authorization Server, which returns an access token. The application uses the token to access a Google API. When the token expires, the process is repeated.
For financial institutions, the borrower will be redirected to the bank website, where they can give permission for the third party to retrieve account and transaction information.
Institutional Sales: A Rewarding Banking Career?
You may want to see also
Explore related products
$31.72 $44.99

OAuth security
OAuth is a popular framework that allows users to log in to websites using their social media accounts. While OAuth is used by many client applications, it has some vulnerabilities that can put users' data at risk. The OAuth specification is relatively vague and flexible by design, leaving room for optional parameters and configuration settings that can be misconfigured. This flexibility means that security relies heavily on developers making the right choices and implementing additional security measures.
One example of an OAuth token theft occurred in August 2025, impacting over 700 organizations and exposing Salesforce data. In this incident, attackers targeted Salesforce customer instances through compromised OAuth tokens associated with the Salesloft Drift third-party application. As a result, Salesloft suspended Drift and worked with cybersecurity partners to ensure the integrity and security of its systems and customers' data.
To enhance OAuth security, it is recommended that secure authorization servers require a redirect_uri parameter when exchanging codes. This allows the server to check and match the parameter with the one received in the initial authorization request, rejecting the exchange if they do not match. Additionally, it is important for developers to have a good understanding of OAuth and implement robust input validation and other security measures to protect user data effectively.
Financial institutions like U.S. Bank, Bank of America, Navy Federal Credit Union, and TD Ameritrade have also started using OAuth connections to allow borrowers to grant permission to access their account and transaction information securely. This enables a more streamlined and automated process for retrieving financial data while maintaining security. However, it is important to note that some banks may have limitations or delays in providing certain types of data, such as pending transactions or crypto account information.
Sperm Bank Purchase: What You Need to Know
You may want to see also
Frequently asked questions
No, not all banks support OAuth bank connections.
You can check online for a list of banks that support OAuth connections.
OAuth allows your bank account to be connected without sharing your login credentials with third parties. It uses a token to authorise access to your transaction data.
OAuth provides peace of mind as it does not require you to share your full login credentials with third parties. It also automates the process of accessing and retrieving your financial data.
The implementation of OAuth may vary between banks. Some banks may only support certain account types or have delays in updating certain transaction data.






























