# OAuth Connections source: https://developer.mastercard.com/open-finance-us/documentation/financial-institution/oauth-connections/index.md ## What is an OAuth Connection vs a Legacy Connection? {#what-is-an-oauth-connection-vs-a-legacy-connection} An OAuth connection is a direct integration with an institution where the customer can directly log in to their financial institution (FI) and the customer's login credentials are handled entirely by their FI. Information is obtained through direct API integrations with the banking institution, which enforces the accuracy and security of the data being received. Legacy connections require credentials to be captured and utilized by Mastercard in order to obtain financial data. When a new OAuth connection to an institution is announced, it is important to begin working through the migration process so that you can migrate to the new connection type and leverage the enhanced features and connectivity. If you need assistance with this process, please contact Mastercard for support. ## What are the benefits of moving from a Legacy Connection to an OAuth Connection? {#what-are-the-benefits-of-moving-from-a-legacy-connection-to-an-oauth-connection} One of the driving factors for moving from the legacy connection to an OAuth connection is the ability to authorize and authenticate accounts using access tokens. This eliminates the need for FIs to pass or store usernames or passwords when sending or receiving account information. Other benefits include: * Increased connection speeds to access and retrieve more real-time consumer data. * Improved security access to our APIs as you develop your own applications. * Customers manage their own accounts to grant permissions (access) to only the accounts they want to share. * Customers can disconnect from the FI at any time. * Customers can easily access their accounts in your application even when they change their sign-in credentials. **Example**: Currently, if a user changes the username or password on their account, they would also have to update their credentials in your application, to reflect the change and not break the connection. If the FI was using an OAuth connection and the user changed their credentials, they'd still have access to their accounts in your application as long as the access token was valid. ## Migrate to OAuth {#migrate-to-oauth} Every time a new FI contract with an OAuth connection is announced as available, you should begin the process of migrating to the new connection. Whenever you migrate from an FI with a legacy connection type to its new OAuth connection type, the primary expected impact to your customers is that they will have to sign-on and re-authorize their accounts in order to engage the new connection. Throughout the entire migration process, you can also expect the following: * We work with you throughout each migration milestone. * We coordinate our efforts with yours to transition your customers from the old to the new OAuth connection. * We ensure original account data from the old connection isn't omitted or duplicated. ## Notify Your Customers {#notify-your-customers} When OAuth is close to going live, we'll send approved messages for you to pass on to your customers. There are many media outlets you can use to keep customers updated when they should expect to re-authenticate their accounts. Notification options include: * Your websites. * Login screens. * In your mobile application on the Add Account or Refresh Account screens. * The screen before Mastercard Data Connect starts from your mobile application. * Broadcast emails. ## Migration process {#migration-process} 1. A new FI contract with an OAuth connection is announced in our monthly newsletter 2. The OAuth connection is active and available for use. OAuth connections have different statuses for you to verify which institutions are ready: * Beta: No clients outside of our beta users have access to this OAuth connection * Validated: All new user traffic is directed to the connection * Migrating: All customer traffic is in the process of being migrated to the new OAuth connection. Note: Customers lose connection to their accounts as part of the migration process and need to reauthenticate to re-engage the connection. * Online: The migration is complete. The OAuth connection is live, and the legacy connection is retired. 3. Migrate your customer accounts to the new OAuth connection. 4. The previous Legacy connection retires. Note: You only have to register your applications one time, and for all future FIs announced with OAuth connections, you do not need to register again. Otherwise, if you are a new client, see our documentation on [registering an application](https://developer.mastercard.com/open-finance-us/documentation/financial-institution/oauth-connections/register-your-applications/index.md). ## OAuth FI Connections {#oauth-fi-connections} Use the Get Institutions endpoint to find a list of all of our currently supported OAuth institutions. NOTICE TO FINICITY CLIENTS/PARTNERS UTILIZING FIDELITY OAuth CONNECTION: In accordance with its agreement with Fidelity, Finicity notifies you that Third Party Data Providers (described below) may require you to enter into a separate license agreement to receive "market data" including but not limited to Holdings, Marketvalue Transactions, Vestings, and/or Symbol Statement PDF API data. Third Party Data Providers include, but are not limited to, stock exchanges, bond ratings, credit ratings, and financial instrument reference data companies, who may have a proprietary interest in information embedded in Fidelity customers' data. A Third Party Data Provider may contact Finicity or may contact you directly regarding the use of such market data and a separate license agreement. **See also**: * [Register Applications](https://developer.mastercard.com/open-finance-us/documentation/financial-institution/oauth-connections/register-your-applications/index.md) * [Migrate Customers](https://developer.mastercard.com/open-finance-us/documentation/financial-institution/oauth-connections/migration-customers/index.md)