Creating a Test App
The following steps will guide you through creation of a test app in the sandbox.
Authenticate & select accounts
Task | Description |
Review technical requirements. | See: Requirements. |
Register for sandbox access. | To register, you must provide Akoya with a redirect URI for your use with your sandbox test app. Akoya will provide you with a client Id and secret for your app. |
Securely store client_id and secret | Every app has a unique client Id and secret. They must be treated as secure information and stored securely. |
UX - Provider popup or redirect | Integrate into your existing provider selection UI or build popup/ redirect flow for the consumer to select the data provider(s) they'd like to connect with your app. Upon consumer selection, initiate consent and authentication with Mikomo. See: Native app integrations. |
Use sandbox data for implementation and testing | The sandbox includes Mikomo with several test users that may be used for end-to-end implementation and testing. Use these test accounts for the remaining implementation steps. See: Introduction to sandbox. |
Authorization grant | After authentication and authorization, Akoya will return the consumer to your redirect URI with an authorization grant code in the URL with the parameter “code=”. Use this authorization code to request a set of tokens for this consumer. See: Authorization code. |
Store | Akoya returns an interaction id in every response header. Retain the id with logs for support and error tracking. |
Id and refresh token generation | Exchange authorization code for ID and Refresh token See: Token API reference and the token overview explainer. |
Store token | Use your current secure token storage or implement a way to store each consumer's unique tokens. |
Token revocation | Implement a way for the consumer to remove access to their data provider account(s). See Revoke token. |
Error cases | Code for Authorization or Token errors. Develop UX for errors, timeouts, and reauthentication. See Authentication errors and Token API errors. |
Validate authentication | Validate UX for account selection, consent, ID/Refresh Token for new and existing users. |
Obtain data
Task | Description |
Store | Every returned response header contains an interaction id. Retain the id with logs for support and error tracking. |
Accounts | Using the id_token retrieved in the Id and refresh token step above for a test user, make a call for data. |
Transactions | Using the id_token retrieved in the Id and refresh token step above for a test user, and the account Id retrieved in the Accounts step above, make a call for transaction data. |
Error cases | Develop UX for errors, timeouts, and reauthentication for API errors. For more information, see Errors. |
Validate data | Validate use and display of data in your own systems and UI. |
Changelog
Date | Update |
2025-May-22 | Implemented UAT changes |
2025-Jan-02 | Original |