[GNC-dev] New OFX Requirements For USAA FSB

John Ralls jralls at ceridwen.us
Sat Jan 30 12:06:26 EST 2021 


> On Jan 30, 2021, at 6:50 AM, Bob White <white.b at me.com> wrote:
> 
>>  
>>> 
>>> The Quicken web interface is I think different from OFX Direct Connect. If it's OFX Web Connect then it handles authentication differently and that's probably at least part of the problem. 
>>> 
>>> I found a quicken community discussion that suggests that Quicken for Windows used IE to connect, so I'd imagine that Quicken for Mac would use WebKit. I don't know if Apple's installed WebKit uses openssl, but it might, in which case it might be possible to get a key log for the Quicken session. Total speculation, I've never done anything remotely like this.
> 
> I did capture and decrypt enough to see that a REST API is in use for Quicken for Web so that's no help.
> 
> I have an OFX log file contenting a small number of sessions from Quicken for Mac containing initial setup, successful accounts download, successful and unsuccessful account update requests.
> 
> Many of the OFX interaction are with an Intuit URL, but the USAA account interactions are clearly independent to a new URL:
> 
> https://df3cx-services.1fsapi.com/casm/usaa/access.ofx
> 
> Are the OFX interactions with USAA enough to update aqbanking or do we need the HTTP interactions as well?

https://www.usaa.com/inet/wc/faq_BankWS_Quicken_and_Microsoft_Money_BankFaqL1_index has some distressing info under the heading What credentials do I provide to access my USAA accounts in Quicken?:

"The credentials that Quicken prompts you for will vary based on your software version and the type of account you want to download. With the recommended Direct Connect method in Quicken follows these steps:

	• You'll select "Get Access ID and PIN" and we'll direct you to usaa.com to log on.
	• USAA will provide a unique ID and PIN that you'll use only in Quicken.
	• To add your accounts in Quicken, you'll connect using these credentials.
	• If you forget your Access ID and PIN, you can get new ones at any time using the same process"

Not good news.

Regards,
John Ralls

More information about the gnucash-devel mailing list