Download OpenAPI specification:Download
The Link Money API is an authentication portal that allows multiple developers to access the same financial data from an aggregation API.
Sam is a developer at a fintech startup called TechFinance. TechFinance is building a personal finance app that helps users track their spending and savings. Sam wants to integrate a third-party aggregation API to pull in user financial data.
However, TechFinance deploys its technologies to a bank, BankNouveau, that has other fintech partners working on other applications. BankNouveau prefers that they use a single aggregation API to avoid multiple integrations, and to permit all developers, and the bank itself, to have access to any and all aggregated customer financial data.
With Link Money, BankNouveau can access a siloed instance of the aggregation API. Developers like Sam authenticate with Link Money to prove they are allowed to access the customer data that BankNouveau has aggregated. Once the developer is authenticated, Link Money API surfaces the aggregation API's endpoints unaltered to the developer.
This quickstart serves as a guide for developers who are new to aggregation in general. In this quickstart, we will:
To apply for a Link Monet account, submit a request for access. Your request will be reviewed by our team, and you will receive an email with a secure link to your client credentials. These credentials will be used to authenticate your requests to the Link Money API.
To generate an authentication token, you will need to use your client credentials to generate a JWT. This JWT will be used to authenticate your requests to the Link Money API.
You will additionally need to provide a tenant ID, which is a unique identifier for the bank or FI that you are working with. All link money developers are given access to a development environment tenant ID. If you are working with a bank or credit union and need access to their tenant environment, please contact support@fingoal.com with your request.
To get a JWT token from the API, use the oauth endpoint.
const axios = require('axios');
const clientId = 'your_client_id';
const clientSecret = 'your_client_secret';
const tenantId = 'your_tenant_id';
const url = 'https://api.linkmoney.com/oauth/token';
try {
const response = await axios.post(url, {
clientId,
clientSecret,
tenantId,
});
const token = response.data.token;
console.log(token);
} catch (error) {
console.error(error);
}
The Link Money JWT is valid for 1 hour and grants access to a single tenant in the Link Money API. If you need to access multiple tenants, you will need to generate a new JWT for each tenant.
To generate a Fastlink token, you will need to use your client credentials to generate a JWT. This JWT will be used to authenticate your requests to the Link Money API.
To get a Fastlink token from the API, use the fastlink endpoint.
const axios = require('axios');
const jwt = 'your_jwt_token'; // see step 2
const url = 'https://api.linkmoney.com/fastlink/token';
try {
const response = await axios.post(url, { loginName: "test_user_1" },
{ headers: { Authorization: `Bearer ${jwt}` } }
);
const fastlink_token = response.data.fastlink_token;
console.log(fastlink_token);
} catch (error) {
console.error(error);
}
The Fastlink response payload contains two parameters:
accessToken
: A user-specific Yodlee access token that can be used to authenticate the Fastlink 4 session. fastLinkURL
: A tenant-specific URL that can be used to open the Fastlink 4 widget in an iframe.Once you have the Fastlink 4 response from step 3, you can open the Fastlink 4 widget in your frontend. The following code snippet replicates the default Fastlink 4 configuration code from the Yodlee documentation, with an added fastlinkFourDetails
that includes the data from step 3.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>FL4 Field Test</title>
</head>
<body>
<div id="container-fastlink">
<div style="text-align: center;">
<input type="submit" id="btn-fastlink" value="Link an Account">
</div>
</div>
<script type='text/javascript' src='https://cdn.yodlee.com/fastlink/v4/initialize.js'></script>
<script>
const fastlinkFourDetails = {
"accessToken": "your_user_access_token",
"fastLinkURL": "tenant_fastlink_url"
};
(function (window) {
//Open FastLink
var fastlinkBtn = document.getElementById('btn-fastlink');
fastlinkBtn.addEventListener(
'click',
function() {
window.fastlink.open({
fastLinkURL: fastlinkFourDetails.fastLinkURL,
accessToken: 'Bearer ' + fastlinkFourDetails.accessToken,
params: {
configName : 'aggregation'
},
onSuccess: function (data) {
// will be called on success. For list of possible message, refer to onSuccess(data) Method.
console.log(data);
},
onError: function (data) {
// will be called on error. For list of possible message, refer to onError(data) Method.
console.log(data);
},
onClose: function (data) {
// will be called called to close FastLink. For list of possible message, refer to onClose(data) Method.
console.log(data);
},
onEvent: function (data) {
// will be called on intermittent status update.
console.log(data);
}
},
'container-fastlink');
},
false);
}(window));
</script>
</body>
</html>
Link Money supports 4 configNames for each tenant by default:
aggregation
, for mandatory account aggregation.verification
, for mandatory account verification.aggregation_and_verification
, for mandatory account aggregation and optional account verification.verification_and_aggregation
, for mandatory account verification and optional account aggregation.For more information on using the Yodlee Fastlink, see the Yodlee Fastlink 4 documentation. Some functionality, like Fastlink Congifuration, may not be available to you through Link Money. Reach out to Link Money support for more information on what is available to you if you need more advanced Fastlink functionality.
The Link Money API uses a direct proxy to request the Yodlee API. For the most part, you can refer to the Yodlee Core API documentation for the endpoints and payloads you need to use.
There is one key difference: Link Money's API requires that you include the loginName
for the user you are trying to request in the headers, rather than the authorization payload.
An example GET accounts request to Yodlee through Link Money looks like:
const axios = require('axios');
const jwt = "your_jwt_token"; // see step 2
const url = 'https://api.linkmoney.com/yodlee/v1/accounts';
try {
const response = await axios.get(url, {
headers: {
Authorization: `Bearer ${jwt}`,
loginName: 'test_user_1'
}
});
console.log(response.data);
} catch (error) {
console.error(error);
}
There are three kinds of people who interact with Link Money:
user
is an end user of the tenant
's application, and the client
is a developer who is building the tenant
's application.Every developer must have a client configuration in order to access Link Money. This includes developers who are operating within a tenant environment that they themselves manage.
Link Money supports all available Yodlee webhooks, which are documented in the Yodlee API documentation. Developers can subscribe to webhooks by sending requests to the Link Money API webhook management endpoints.
As each Link Money tenant is a separate environment, each tenant requires its own webhook subscription. Make sure you authenticate with a token that has the proper tenant ID to ensure tha the webhook subscription is created in the correct tenant environment.
Link Money tenants are shared by multiple clients, so it is possible to receive webhook notifications from customers who are not specifically accessing your application. Make sure that your application logic accounts for events that are related to users who other clients may have registered.
This endpoint returns details about your client's current configuration.
Client Configuration
Unauthorized
{- "client": {
- "clientId": "CLI-12345678-1234-1234-1234-123456789012",
- "clientName": "Hairfoot Budgeting",
- "clientDescription": "A budgeting tool for a hardy folk.",
- "registrationDate": "2021-01-01T00:00:00Z",
- "webhookIds": [
- [
- "WBK-12345678-1234-1234-1234-123456789012"
]
], - "tenants": [
- [
- "TNT-12345678-1234-1234-1234-123456789012"
]
]
}
}
This endpoint returns the full list of webhooks currently configured for your client.
The list has a default length of 10 items. For additional webhooks, use the limit
and offset
parameters to paginate the query.
Webhook List
Unauthorized
{- "webhooks": [
- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "webhookTypes": [
- "DATA_UPDATES"
], - "webhookDisabled": true,
- "status": "HEALTHY",
- "lastAttempt": "2019-08-24T14:15:22Z",
- "lastAttemptStatus": 200,
- "lastSuccess": "2019-08-24T14:15:22Z"
}
]
}
Allows clients to create a new webhook configuration by specifying the URI. The system generates all other fields.
Webhook configuration created successfully.
Bad Request
{- "webhookTypes": [
- "DATA_UPDATES"
], - "webhookDisabled": true
}
{- "webhook": {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "webhookTypes": [
- "DATA_UPDATES"
], - "webhookDisabled": true,
- "status": "HEALTHY",
- "lastAttempt": "2019-08-24T14:15:22Z",
- "lastAttemptStatus": 200,
- "lastSuccess": "2019-08-24T14:15:22Z"
}
}
Fetches the details of a specific webhook configuration using its unique identifier.
Webhook configuration retrieved successfully.
Webhook with specified ID not found.
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "webhookTypes": [
- "DATA_UPDATES"
], - "webhookDisabled": true,
- "status": "HEALTHY",
- "lastAttempt": "2019-08-24T14:15:22Z",
- "lastAttemptStatus": 200,
- "lastSuccess": "2019-08-24T14:15:22Z"
}
Use the update webhook endpoint to change details of one of your webhook configurations. Using this endpoint, you can:
Webhook configuration updated successfully.
Invalid input, e.g., invalid URI format or invalid enum value for webhookTypes.
Webhook with specified ID not found.
{- "webhookTypes": [
- "DATA_UPDATES"
], - "webhookDisabled": true
}
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "webhookTypes": [
- "DATA_UPDATES"
], - "webhookDisabled": true,
- "status": "HEALTHY",
- "lastAttempt": "2019-08-24T14:15:22Z",
- "lastAttemptStatus": 200,
- "lastSuccess": "2019-08-24T14:15:22Z"
}
Deletes a specific webhook configuration and returns the deleted webhook's data.
Webhook configuration deleted successfully. Returns the original webhook data.
Webhook with specified ID not found.
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "webhookTypes": [
- "DATA_UPDATES"
], - "webhookDisabled": true,
- "status": "HEALTHY",
- "lastAttempt": "2019-08-24T14:15:22Z",
- "lastAttemptStatus": 200,
- "lastSuccess": "2019-08-24T14:15:22Z"
}
Allows developers to trigger a test webhook event. This sends a dummy payload to the configured URI of the webhook identified by {webhookId}. This helps in verifying the webhook setup.
Webhook test initiated and response received.
Unauthorized
Webhook not found.
{- "receivedResponse": true,
- "responseCode": 0,
- "firedAt": "2019-08-24T14:15:22Z",
- "receivedAt": "2019-08-24T14:15:22Z",
- "processingDuration": 0
}
The Link Money API permits end users to link and get data from their bank accounts. But of course, that requires a front-end interface. That's where the Fastlink comes in.
The Fastlink is an example of what we call a "Linking Widget" - a small application, usually embedded via iframe in another financial application, that allows end users to interact with an aggregation service - in this case, Yodlee's Fastlink.
In this documentation Fastlink
refers specifically to Fastlink 4
, which is the most recent version of Yodlee's Fastlink widget. We do not support older versions of Fastlink, and urge all of our onboarding customers to upgrade to Fastlink 4.
To open a frontend session with Link Money's Fastlink4, you must:
First, get an authentication token for Link Money.
const fetch = require('node-fetch'); // If using Node.js, ensure to install the 'node-fetch' package
// Client credentials and other required information. We recommend storing these in a secure location, such as a password vault.
const clientId = 'YOUR_CLIENT_ID';
const clientSecret = 'YOUR_CLIENT_SECRET';
// The URL to your authentication endpoint
const tokenUrl = '{LINK_MONEY_BASE_URL}/oauth/token';
// Prepare the request body
const requestBody = { clientId, clientSecret };
// Make the HTTP POST request to obtain the JWT
try {
const rawResponse = await fetch(tokenUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: requestBody
});
const data = await response.json();
const token = data.accessToken;
// Use the access token for subsequent API requests that require authentication
} catch(error) {
console.error('Error fetching the access token:', error);
}
With the token
from the request, you can authorize a call to the Fastlink widget endpoint.
const fetch = require('node-fetch'); // If using Node.js, ensure to install the 'node-fetch' package
const accessToken = "{YOUR_ACCESS_TOKEN}"; // see previous step.
const fastlinkUrl = '{LINK_MONEY_BASE_URL}/yodlee/fastlink';
try {
const rawResponse = await fetch(tokenUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${accessToken}`
}
});
const data = await response.json();
const { fastlinkConfiguration } = data;
const { accessToken, fastLinkURL, configName } = fastlinkConfiguration;
// Use the accessToken, fastLinkURL, and configName to embed the Fastlink widget in your application
} catch(error) {
console.error('Error fetching the access token:', error);
}
The fields provided above have supplied you with everything you need to open the Yodlee Fastlink widget in your application. To complete the integration, you will need to use the Yodlee Fastlink SDK along with the configuration provided above.
<!-- Mark Up -->
<div id="container-fastlink">
<div style="text-align: center;">
<input type="submit" id="btn-fastlink" value="Link an Account">
</div>
</div>
<!-- Yodlee FL4 CDN -->
<script type='text/javascript' src='https://cdn.yodlee.com/fastlink/v4/initialize.js'></script>
<!-- Yodlee FL4 Config -->
<script>
// embed the code provided in the previous step here to receive...
const { accessToken, fastLinkURL, configName } = fastlinkConfiguration;
(function (window) {
//Open FastLink
const fastlinkBtn = document.getElementById('btn-fastlink');
fastlinkBtn.addEventListener('click', function() {
window.fastlink.open({
fastLinkURL: fastLinkURL, // from step 2
accessToken: `Bearer ${accessToken}`, // from step 2; do not use the token from step 1 here.
params: {
configName : configName // from step 2
},
onSuccess: function (data) {
// will be called on success. For list of possible message, refer to onSuccess(data) Method.
console.log(data);
},
onError: function (data) {
// will be called on error. For list of possible message, refer to onError(data) Method.
console.log(data);
},
onClose: function (data) {
// will be called called to close FastLink. For list of possible message, refer to onClose(data) Method.
console.log(data);
},
onEvent: function (data) {
// will be called on intermittent status update.
console.log(data);
}
},
'container-fastlink');
}, false);
}(window));
</script>
The Fastlink widget can be configured to meet your specific needs. For more information on configuration options, see the Yodlee Fastlink 4 documentation.
The Link Money API surfaces the variables required to open any instance of Fastlink 4. However, we do not currently surface any helper functions for customized instances of Fastlink4. However, we also do not restrict you from customizing the Fastlink widget to meet your needs. If you are opening the FL4 for a specific provider, simply alter the base configuration above as you normally would.
Provides necessary details for developers to integrate FastLink4 into their applications without exposing sensitive credentials. Requires user-level authentication.
FastLink4 details retrieved successfully.
Unauthorized. The user or tenant details are incorrect or do not have the necessary permissions.
Forbidden. Access is denied due to invalid credentials or access rights.
{
}
Obtain an access token using client credentials. The request must include clientId
, clientSecret
, and the custom claims tenantId
and userId
to specify the tenant and end user the token will represent.
tenantId
is only required in cases where you are trying to access a tenant-specific resource. Some routes, like those that let you view and alter your client configuration, do not require a token with this claim. userId
is only required in cases where you are trying to access a user-specific and tenant-specific resource. Some routes, like those that let you generate new users, do not require a token with this claim, even if they do require a token with a tenant claim.
A JSON object containing the access token.
Bad Request
Unauthorized. The oauth token call can return Unauthorized for the following reasons:
The details
field in the response body will provide the specific reason why your authentication failed.
{- "clientId": "string",
- "clientSecret": "string",
- "tenantId": "string",
- "userId": "string"
}
{- "accessToken": "string",
- "tokenType": "string",
- "expiresIn": 0,
- "scope": "string"
}