FAQ

General

What is an Aspect?

An Aspect is a JavaScript file that Candescent dynamically injects into the Digital Banking platform at runtime. It can modify the page, add widgets, or integrate third-party services.
Do Aspects work on mobile?

On mobile (native or React Native), Aspects run inside a WebView and function as overlays. They do not have direct DOM-level access like they do on the web. For details on the differences, see the Mobile Technical Reference.
What does Candescent expect from the FI?

The FI must provide the JavaScript file (or a URL to it) along with any vendor-specific URLs and configuration details. This includes the JS file URL and domain information for whitelisting.
How do I submit an Aspect for review?

Use the Submissions feature in the Developer Console. See Submissions for the full workflow.

Do we need to write custom JavaScript?

Yes. Use the examples from the Web Examples or Mobile Examples as a starting point and replace placeholders with your actual URLs and configuration values.
Do we need to create custom HTML?

For web, no — the HTML wrapper is handled by the platform. For mobile, yes — mobile Aspects are delivered as full HTML documents. See the Mobile Technical Reference for the required structure.
How do I choose between context-less and context-aware?

If your integration does not need to know who the user is (e.g., anonymous chat, styling changes), use a context-less Aspect. If it needs user identity (e.g., personalized chat, account-specific features), use a context-aware Aspect.
When should I use global variables vs. OIDC?

Use global variables (dbk.sessionInfo()) for quick, non-security-critical access to user info like name or GUID. Use the OIDC method when your integration requires verified, trusted user identity — for example, when your backend needs to confirm who the user is before performing an action.
I need to support both web and mobile. Do I need two separate Aspects?

Yes. Web and mobile use fundamentally different execution models, authentication patterns, and layout management. See the side-by-side comparison for a step-by-step mapping.

How is the Aspects OIDC flow different from the standard OIDC integration?

The Aspects flow uses a dedicated endpoint (/feng-bff/beta/v1/aspect/token) that returns an authorization code directly to the in-page script, since Aspects cannot handle browser redirects. Your backend then exchanges this code using the same centralized token endpoint as the standard OIDC flow.
Can I call the Candescent API gateway directly from the Aspect (front-end)?

No. The Aspect should only obtain the authorization code. All token exchange and API calls must happen on your backend server.
Where can I find the full OIDC specification (token exchange, claims, validation)?

See the OIDC Integration Technical Reference. The token exchange, ID token validation, supported claims, and security requirements documented there apply to the Aspects OIDC flow as well.

My Aspect script is not loading.

Verify that the script URL is accessible and that the domain is whitelisted in the platform configuration.
dbk.sessionInfo() returns undefined.

The user may not be logged in, or the session data has not yet been initialized. Ensure your script runs after the platform has fully loaded and the user is authenticated.
The authorization code request fails.

Check that your clientId is correct, the FI domain in the URL matches the environment, and the user has an active session (the request relies on the session cookie).
My mobile Aspect's WebView is the wrong size.

Verify that you are calling resizeWindow() via the sizeAndLocation bridge with correct aspectLocations coordinates. Make sure condenseWindow() is called on initialization and expandWindow() is called when the widget opens. See the Window Size Negotiation section.

For questions or support, reach out to your assigned Candescent Integration PM via Marketplace.