> ## Documentation Index > Fetch the complete documentation index at: https://docs.flinks.com/llms.txt > Use this file to discover all available pages before exploring further. # /Authorize Start a session and fetch cached banking data for a user. Pass your authorize token (from [/GenerateAuthorizeToken](./generate-authorize-token)) via the `flinks-auth-key` header — see [Authentication Reference](../../../guides/connect/authentication-reference) for all credentials and headers. If the response is `203`, MFA is required — see the [MFA flow](../../../guides/connect/legacy-api-integrations#multi-factor-authentication), then resubmit with `RequestId` and `SecurityResponses`. For error cases, see [Authentication Troubleshooting](../troubleshooting). ## OpenAPI ````yaml POST /v3/{customerId}/BankingServices/Authorize openapi: 3.0.3 info: title: Flinks API description: > Flinks API provides financial data connectivity, enrichment, and payment solutions. ## Authentication Endpoints require authentication using `flinks-auth-key` header (Bearer token). For more information, visit: https://docs.flinks.com version: 3.0.0 contact: name: Flinks Support url: https://www.flinks.com/contact/sales termsOfService: https://www.flinks.com servers: - url: https://{instance}-api.private.fin.ag description: Flinks API Environment variables: instance: default: toolbox description: The environment instance (e.g., toolbox, sandbox, production) security: [] tags: - name: Authorization description: Endpoints for generating authorization tokens and authenticating requests - name: Enrich - Consumer Attributes description: Consumer financial attribute analysis and credit risk assessment paths: /v3/{customerId}/BankingServices/Authorize: post: tags: - Authorization summary: Authorize parameters: - name: flinks-auth-key in: header required: true description: >- Authorize token (one-time, 30-minute lifetime) generated by [/GenerateAuthorizeToken](./generate-authorize-token). Do not pass your secret key here — the secret key is only used when generating the token. schema: type: string example: d65f1adb-8ebc-48dc-be8b-20c773ba1565 default: d65f1adb-8ebc-48dc-be8b-20c773ba1565 - name: Content-Type in: header required: false description: Content type of the request. example: application/json schema: type: string default: application/json example: application/json - name: Accept in: header required: false description: Acceptable response media type. example: application/json schema: type: string default: application/json example: application/json - name: customerId in: path required: true description: >- Unique GUID provided by Flinks that grants you access to the environment specified in the instance field. By default, the value is the key for the toolbox environment. example: 43387ca6-0391-4c82-857d-70d95f087ecb schema: type: string default: 43387ca6-0391-4c82-857d-70d95f087ecb example: 43387ca6-0391-4c82-857d-70d95f087ecb requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AuthorizeRequest' responses: '200': description: >- Authorization successful - Session opened and RequestId can be used for subsequent data calls content: application/json: schema: $ref: '#/components/schemas/AuthorizeResponse200' '203': description: >- Multi-Factor Authentication (MFA) required - Collect user's answers and call /Authorize again content: application/json: schema: $ref: '#/components/schemas/AuthorizeResponse203' '400': description: Bad Request - Invalid parameters content: application/json: schema: $ref: '#/components/schemas/Error' example: HttpStatusCode: 400 Message: >- The LoginId provided is either invalid or does not belong to the CustomerId. FlinksCode: INVALID_LOGIN '401': description: Unauthorized - Authentication failed content: application/json: schema: $ref: '#/components/schemas/Error' examples: questionNotFound: summary: Question not found value: HttpStatusCode: 401 Message: Question not found FlinksCode: QUESTION_NOT_FOUND disabledLogin: summary: Disabled login value: HttpStatusCode: 401 Message: Login has been disabled FlinksCode: DISABLED_LOGIN components: schemas: AuthorizeRequest: type: object example: LoginId: 5e115eac-1209-4f19-641c-08d6d484e2fe MostRecentCached: true properties: LoginId: type: string description: >- Identifier returned by Flinks Connect after a successful customer authentication. Use this in combination with `MostRecentCached: true` to open a session against the cached data aggregated by the widget. This is the recommended flow for most integrations. example: 5e115eac-1209-4f19-641c-08d6d484e2fe MostRecentCached: type: boolean description: >- Controls how the session is opened. `true` = cached mode (recommended): pair with `LoginId` to retrieve the most recently aggregated data for a customer. `false` = live mode: initiates a fresh live connection to the financial institution; typically used for manual refresh or direct API (legacy) integrations with `Username`/`Password`. default: true example: true Username: type: string description: >- Username used to connect to the financial institution. Only used for direct API (legacy) integrations when `MostRecentCached` is `false` — Flinks Connect handles authentication for the widget integration path. example: greatday Password: type: string description: >- Password used to connect to the financial institution. Only used for direct API (legacy) integrations when `MostRecentCached` is `false`. example: everyday Institution: type: string description: >- Unique identifier of the financial institution. Only required for direct API (legacy) integrations — the widget sets this automatically. example: FlinksCapital Language: type: string description: Preferred language for the connection process (en | fr) default: en example: en Save: type: boolean description: >- If set to true, all collected data and credentials will be saved after the request is completed. default: true example: true Tag: type: string description: Custom string to attach to a specific request. RequestId: type: string format: uuid description: Required for MFA. Pass the RequestId received in the 203 response. SecurityResponses: type: object description: >- Pass this parameter if you received a 203 response from the /Authorize endpoint and are calling it a second time to complete MFA questions. This parameter contains the user's responses to the MFA questions, where keys are the prompts and values are arrays of answers. additionalProperties: type: array items: type: string AuthorizeResponse200: type: object properties: HttpStatusCode: type: integer description: HTTP status code example: 200 Links: type: array description: List of available data endpoints items: $ref: '#/components/schemas/Link' example: - rel: AccountsDetail href: /GetAccountsDetail example: null - rel: AccountsSummary href: /GetAccountsSummary example: null - rel: Statements href: /GetStatements example: null InstitutionName: type: string description: Name of the financial institution example: FlinksCapital Login: allOf: - $ref: '#/components/schemas/Login' example: Username: Greatday IsScheduledRefresh: false LastRefresh: '2026-01-21T20:47:47.145999' Type: Personal Id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx InstitutionId: type: integer description: Unique identifier of the financial institution example: 14 Institution: type: string description: Name of the financial institution example: FlinksCapital RequestId: type: string format: uuid description: Unique request identifier used for subsequent data calls example: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx AuthorizeResponse203: type: object properties: Links: type: array items: $ref: '#/components/schemas/Link' HttpStatusCode: type: integer example: 203 SecurityChallenges: type: array description: List of security questions that need to be answered items: $ref: '#/components/schemas/SecurityChallenge' Institution: type: string example: FlinksCapital RequestId: type: string format: uuid example: 9022abc2-8a2e-4b06-a06e-c3e5449c4d10 Error: type: object properties: HttpStatusCode: type: integer Message: type: string FlinksCode: type: string Link: type: object properties: rel: type: string description: Relationship type of the link example: AccountsDetail href: type: string description: Endpoint path example: /GetAccountsDetail example: type: string nullable: true example: null Login: type: object description: End user's technical login information properties: Id: type: string format: uuid example: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Username: type: string example: greatday IsScheduledRefresh: type: boolean default: false example: false LastRefresh: type: string format: date-time example: '2026-01-21T20:47:47.145999' Type: type: string nullable: true example: Personal SecurityChallenge: type: object description: >- User's response to a security challenge, where keys are the prompts and values are arrays of answers. additionalProperties: type: array items: type: string ````