Link Money API (1.0.0)

Download OpenAPI specification:Download

The Link Money API is an authentication portal that allows multiple developers to access the same financial data from an aggregation API.

Quickstart

This quickstart serves as a guide for developers who are new to aggregation in general. In this quickstart, we will:

  1. Apply for credentials to access the Link Money API.
  2. Use the credentials to generate JWTs.
  3. Open the linking widget in our frontend and link test accounts.
  4. Use the credentials to make manual API requests.
  5. Configure and test webhooks.

To apply for a Link Monet account, submit a request for access. Your request will be reviewed by our team, and you will receive an email with a secure link to your client credentials. These credentials will be used to authenticate your requests to the Link Money API.

To generate an authentication token, you will need to use your client credentials to generate a JWT. This JWT will be used to authenticate your requests to the Link Money API.

You will additionally need to provide a tenant ID, which is a unique identifier for the bank or FI that you are working with. All link money developers are given access to a development environment tenant ID. If you are working with a bank or credit union and need access to their tenant environment, please contact support@fingoal.com with your request.

To get a JWT token from the API, use the oauth endpoint.

const axios = require('axios'); 

const clientId = 'your_client_id';
const clientSecret = 'your_client_secret';
const tenantId = 'your_tenant_id';

const url = 'https://api.linkmoney.com/oauth/token';
try {
  const response = await axios.post(url, {
    clientId,
    clientSecret,
    tenantId,
  });
  const token = response.data.token;
  console.log(token);
} catch (error) {
  console.error(error);
}

The Link Money JWT is valid for 1 hour and grants access to a single tenant in the Link Money API. If you need to access multiple tenants, you will need to generate a new JWT for each tenant.

To generate a Fastlink token, you will need to use your client credentials to generate a JWT. This JWT will be used to authenticate your requests to the Link Money API.

To get a Fastlink token from the API, use the fastlink endpoint.

const axios = require('axios');
const jwt = 'your_jwt_token'; // see step 2 
const url = 'https://api.linkmoney.com/fastlink/token';

try {
  const response = await axios.post(url, { loginName: "test_user_1" }, 
    { headers: { Authorization: `Bearer ${jwt}` } }
  );
  const fastlink_token = response.data.fastlink_token;
  console.log(fastlink_token);
} catch (error) {
  console.error(error);
}

The Fastlink response payload contains two parameters:

  • accessToken: A user-specific Yodlee access token that can be used to authenticate the Fastlink 4 session.
  • fastLinkURL: A tenant-specific URL that can be used to open the Fastlink 4 widget in an iframe.

Once you have the Fastlink 4 response from step 3, you can open the Fastlink 4 widget in your frontend. The following code snippet replicates the default Fastlink 4 configuration code from the Yodlee documentation, with an added fastlinkFourDetails that includes the data from step 3.

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>FL4 Field Test</title>
</head>
<body>
  <div id="container-fastlink">
    <div style="text-align: center;">
     <input type="submit" id="btn-fastlink" value="Link an Account">
  </div>
  </div>
<script type='text/javascript' src='https://cdn.yodlee.com/fastlink/v4/initialize.js'></script>
<script>
  const fastlinkFourDetails = {
    "accessToken": "your_user_access_token",
    "fastLinkURL": "tenant_fastlink_url"
  };

  (function (window) {
    //Open FastLink
    var fastlinkBtn = document.getElementById('btn-fastlink');
    fastlinkBtn.addEventListener(
      'click', 
      function() {
          window.fastlink.open({
            fastLinkURL: fastlinkFourDetails.fastLinkURL,
            accessToken: 'Bearer ' + fastlinkFourDetails.accessToken,
            params: {
              configName : 'aggregation'
            },
            onSuccess: function (data) {
              // will be called on success. For list of possible message, refer to onSuccess(data) Method.
              console.log(data);
            },
            onError: function (data) {
              // will be called on error. For list of possible message, refer to onError(data) Method.
              console.log(data);
            },
            onClose: function (data) {
              // will be called called to close FastLink. For list of possible message, refer to onClose(data) Method.
              console.log(data);
            },
            onEvent: function (data) {
              // will be called on intermittent status update.
              console.log(data);
            }
          },
          'container-fastlink');
        },
    false);
  }(window));
</script>
</body>
</html>

Link Money supports 4 configNames for each tenant by default:

  • aggregation, for mandatory account aggregation.
  • verification, for mandatory account verification.
  • aggregation_and_verification, for mandatory account aggregation and optional account verification.
  • verification_and_aggregation, for mandatory account verification and optional account aggregation.

For more information on using the Yodlee Fastlink, see the Yodlee Fastlink 4 documentation. Some functionality, like Fastlink Congifuration, may not be available to you through Link Money. Reach out to Link Money support for more information on what is available to you if you need more advanced Fastlink functionality.

5. Make Yodlee API Requests

The Link Money API uses a direct proxy to request the Yodlee API. For the most part, you can refer to the Yodlee Core API documentation for the endpoints and payloads you need to use.

There is one key difference: Link Money's API requires that you include the loginName for the user you are trying to request in the headers, rather than the authorization payload.

An example GET accounts request to Yodlee through Link Money looks like:

const axios = require('axios');
const jwt = "your_jwt_token"; // see step 2
const url = 'https://api.linkmoney.com/yodlee/v1/accounts';

try {
  const response = await axios.get(url, {
    headers: {
      Authorization: `Bearer ${jwt}`,
      loginName: 'test_user_1'
    }
  });
  console.log(response.data);
} catch (error) {
  console.error(error);
}

Client Management

There are three kinds of people who interact with Link Money:

  • Users are the people who use the Link Money application. They are the people who log in, view their accounts, and make transactions.
  • Clients are the people who use the Link Money API. They are the people who build applications that interact with the Link Money API.
  • Tenants are the organizations that use Link Money. They are the people who manage the users and clients who interact with Link Money. Generally speaking, the user is an end user of the tenant's application, and the client is a developer who is building the tenant's application.

Every developer must have a client configuration in order to access Link Money. This includes developers who are operating within a tenant environment that they themselves manage.

Webhooks

Link Money supports all available Yodlee webhooks, which are documented in the Yodlee API documentation. Developers can subscribe to webhooks by sending requests to the Link Money API webhook management endpoints.

As each Link Money tenant is a separate environment, each tenant requires its own webhook subscription. Make sure you authenticate with a token that has the proper tenant ID to ensure tha the webhook subscription is created in the correct tenant environment.

Link Money tenants are shared by multiple clients, so it is possible to receive webhook notifications from customers who are not specifically accessing your application. Make sure that your application logic accounts for events that are related to users who other clients may have registered.

View your Client Configuration.

This endpoint returns details about your client's current configuration.

SecurityBearerAuth
Responses
200

Client Configuration

401

Unauthorized

get/client
Response samples
application/json
{
  • "client": {
    }
}

View a list of your currently-configured webhooks.

This endpoint returns the full list of webhooks currently configured for your client.

The list has a default length of 10 items. For additional webhooks, use the limit and offset parameters to paginate the query.

SecurityBearerAuth
Request
query Parameters
limit
integer

The maximum number of webhooks to return.

Example: limit=10
offset
integer

The number of webhooks to skip before returning results.

Example: offset=0
Responses
200

Webhook List

401

Unauthorized

get/client/webhooks
Response samples
application/json
{
  • "webhooks": [
    ]
}

Enable a new webhook.

Allows clients to create a new webhook configuration by specifying the URI. The system generates all other fields.

SecurityBearerAuth
Request
Request Body schema: application/json
required
uri
string <uri> ^https:\/\/

The HTTPS URI where the webhook will be sent. Must be a valid HTTPS URL.

webhookTypes
Array of strings

The types of webhooks that you want sent to the specified URI.

Items Enum: "DATA_UPDATES" "REFRESH" "AUTO_REFRESH_UPDATES" "LATEST_BALANCE_UPDATES" "CDV_STATUS_UPDATES" "OB_CONSENT" "OB_ACTIVE_CONSENT_REMINDER"
webhookDisabled
boolean

A boolean indicating whether the webhook is disabled.

Responses
201

Webhook configuration created successfully.

400

Bad Request

post/client/webhooks
Request samples
application/json
{}
Response samples
application/json
{
  • "webhook": {
    }
}

Retrieve a specific webhook

Fetches the details of a specific webhook configuration using its unique identifier.

SecurityBearerAuth
Request
path Parameters
webhookId
required
string <uuid>

The UUID of the webhook to retrieve.

Responses
200

Webhook configuration retrieved successfully.

404

Webhook with specified ID not found.

get/client/webhooks/{webhookId}
Response samples
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "webhookTypes": [
    ],
  • "webhookDisabled": true,
  • "status": "HEALTHY",
  • "lastAttempt": "2019-08-24T14:15:22Z",
  • "lastAttemptStatus": 200,
  • "lastSuccess": "2019-08-24T14:15:22Z"
}

Update a webhook configuration

Use the update webhook endpoint to change details of one of your webhook configurations. Using this endpoint, you can:

  • Change the URI where the webhook sends data.
  • Update the types of webhooks you receive.
  • Temporarily disable the webhook.
  • Re-enable a disabled webhook.
SecurityBearerAuth
Request
path Parameters
webhookId
required
string <uuid>

The unique identifier of the webhook to update.

Request Body schema: application/json
required
uri
string <uri>

The new URI where the webhook will send data.

webhookTypes
Array of strings

The types of webhooks the developer wishes to receive.

Items Enum: "DATA_UPDATES" "REFRESH" "AUTO_REFRESH_UPDATES" "LATEST_BALANCE_UPDATES" "CDV_STATUS_UPDATES" "OB_CONSENT" "OB_ACTIVE_CONSENT_REMINDER"
webhookDisabled
boolean

Flag to disable the webhook temporarily.

Responses
200

Webhook configuration updated successfully.

400

Invalid input, e.g., invalid URI format or invalid enum value for webhookTypes.

404

Webhook with specified ID not found.

patch/client/webhooks/{webhookId}
Request samples
application/json
{}
Response samples
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "webhookTypes": [
    ],
  • "webhookDisabled": true,
  • "status": "HEALTHY",
  • "lastAttempt": "2019-08-24T14:15:22Z",
  • "lastAttemptStatus": 200,
  • "lastSuccess": "2019-08-24T14:15:22Z"
}

Delete a webhook configuration

Deletes a specific webhook configuration and returns the deleted webhook's data.

SecurityBearerAuth
Request
path Parameters
webhookId
required
string <uuid>

The unique identifier of the webhook to delete.

Responses
200

Webhook configuration deleted successfully. Returns the original webhook data.

404

Webhook with specified ID not found.

delete/client/webhooks/{webhookId}
Response samples
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "webhookTypes": [
    ],
  • "webhookDisabled": true,
  • "status": "HEALTHY",
  • "lastAttempt": "2019-08-24T14:15:22Z",
  • "lastAttemptStatus": 200,
  • "lastSuccess": "2019-08-24T14:15:22Z"
}

Trigger a test webhook

Allows developers to trigger a test webhook event. This sends a dummy payload to the configured URI of the webhook identified by {webhookId}. This helps in verifying the webhook setup.

SecurityBearerAuth
Request
path Parameters
webhookId
required
string <uuid>

The unique identifier of the webhook to test.

Responses
200

Webhook test initiated and response received.

401

Unauthorized

404

Webhook not found.

post/client/webhooks/{webhookId}/fire_test_webhook
Response samples
application/json
{
  • "receivedResponse": true,
  • "responseCode": 0,
  • "firedAt": "2019-08-24T14:15:22Z",
  • "receivedAt": "2019-08-24T14:15:22Z",
  • "processingDuration": 0
}

Retrieve FastLink details

Provides necessary details for developers to integrate FastLink4 into their applications without exposing sensitive credentials. Requires user-level authentication.

SecurityBearerAuth
Responses
200

FastLink4 details retrieved successfully.

401

Unauthorized. The user or tenant details are incorrect or do not have the necessary permissions.

403

Forbidden. Access is denied due to invalid credentials or access rights.

post/yodlee/fastlink/get
Response samples
application/json
{}

Obtain an access token

Obtain an access token using client credentials. The request must include clientId, clientSecret, and the custom claims tenantId and userId to specify the tenant and end user the token will represent. tenantId is only required in cases where you are trying to access a tenant-specific resource. Some routes, like those that let you view and alter your client configuration, do not require a token with this claim. userId is only required in cases where you are trying to access a user-specific and tenant-specific resource. Some routes, like those that let you generate new users, do not require a token with this claim, even if they do require a token with a tenant claim.

SecurityBearerAuth
Request
Request Body schema: application/json
required
clientId
required
string
clientSecret
required
string
tenantId
required
string

The ID of the tenant the developer wishes to access.

userId
string

The ID of the end user the developer is acting on behalf of.

Responses
200

A JSON object containing the access token.

400

Bad Request

401

Unauthorized. The oauth token call can return Unauthorized for the following reasons:

  • Your client ID is invalid.
  • Your client secret is invalid.
  • Your tenant ID is invalid.
  • Your client is not authorized to access the specified tenant.

The details field in the response body will provide the specific reason why your authentication failed.

post/oauth/token
Request samples
application/json
{
  • "clientId": "string",
  • "clientSecret": "string",
  • "tenantId": "string",
  • "userId": "string"
}
Response samples
application/json
{
  • "accessToken": "string",
  • "tokenType": "string",
  • "expiresIn": 0,
  • "scope": "string"
}