Skip to main content
This page provides solutions to common authentication issues when working with Flinks authorization endpoints.

Common Error Messages

”You must provide a valid authorize token” Error

Problem: Getting 401 Unauthorized error Solutions:
  • Verify your secret key is correct and hasn’t expired
  • Check the header name is exactly flinks-auth-key (not x-api-key or Authorization)
  • For /GenerateAuthorizeToken: Use your secret key in the header
  • For /Authorize: Use the generated authorize token (not the secret key)

Authentication Token Issues

“You must provide a valid auth key” (when generating tokens)
  • Verify your secret key is correct
  • Ensure you’re using the secret key provided by Flinks during integration setup
  • Check that you’re using the correct environment credentials
“LoginId not found or invalid” (when authorizing)
  • Confirm the LoginId was obtained from a successful Flinks Connect session
  • Verify you’re using the correct environment (sandbox vs production)
  • Check that the LoginId hasn’t been deleted via /DeleteCard

Token Management

Token Usage Rules

Important Notes:
  • The generated authorize token is single-use only
  • Token expires after 30 minutes if unused
  • Use the token immediately in your next API call (either Flinks Connect or /Authorize endpoint)
  • Generate a new token for each authentication flow
Token Reuse Error: 
// ❌ DON'T DO THIS
const token = 'generated-once';
await callAuthorize(token);
await callAuthorize(token); // This will fail!

// ✅ CORRECT
const token1 = await generateToken();
await callAuthorize(token1);

// Later, for another user/session:
const token2 = await generateToken(); // New token
await callAuthorize(token2);

Header Configuration Issues

Wrong Header Names

# ❌ DON'T USE THESE
--header 'x-api-key: token'        # Wrong header name
--header 'Authorization: token'    # Wrong header name
--header 'Bearer: token'           # Wrong header name

# ✅ CORRECT
--header 'flinks-auth-key: token'  # Correct header name

Header Requirements by Endpoint

EndpointHeader NameHeader Value
/GenerateAuthorizeTokenflinks-auth-keyYour secret key
/Authorize (Direct API)flinks-auth-keyGenerated authorize token
Flinks ConnectN/APass token as URL parameter
Important: Do not confuse flinks-auth-key with x-api-key. Always use flinks-auth-key for Flinks authentication.

URL Format Issues

URL Format Validation

Ensure your URLs follow this exact format: 
https://{instance}-api.private.fin.ag/v3/{customerId}/BankingServices/{endpoint}
Common mistakes:
  • https://toolbox-api.private.fin.ag//v3/... (double slash)
  • https://toolbox.api.private.fin.ag/v3/... (wrong subdomain format)
  • https://toolbox-api.private.fin.ag/v3/... (correct)

Environment-Specific URLs

EnvironmentInstanceAPI Base URLIframe Base URL
Sandbox/Testingtoolboxhttps://toolbox-api.private.fin.aghttps://toolbox-iframe.private.fin.ag
ProductionYour company namehttps://{company}-api.private.fin.aghttps://{company}-iframe.private.fin.ag
Never use production credentials in sandbox or vice versa. Each environment requires its own set of credentials.

Environment Configuration

Sandbox vs Production Setup

Sandbox/Testing Environment:
  • Instance: toolbox
  • URL: https://toolbox-api.private.fin.ag/v3/{customerId}/...
  • Use test credentials for generating authorize tokens
Production Environment:
  • Instance: Your company name
  • URL: https://{yourcompany}-api.private.fin.ag/v3/{customerId}/...
  • Use production credentials provided by Flinks

Integration Flow Issues

Authentication Flow Validation

The correct authentication flow:
  1. Obtain Secret Key: Get from Flinks during integration setup
  2. Generate Authorize Token: Call /GenerateAuthorizeToken with secret key
  3. Use Token Immediately:
    • Flinks Connect: Add authorizeToken={token} to iframe URL
    • Direct API: Pass token as flinks-auth-key header to /Authorize
  4. Handle Response: Process successful authentication or error responses

Common Integration Mistakes

Wrong Token Type: Expired Tokens:
  • Generate new tokens for each authentication session
  • Don’t cache or reuse tokens across multiple sessions
  • Implement token refresh logic in your application

Need Additional Help?

If these troubleshooting steps don’t resolve your issue:
  1. Check the Error Codes page for specific error code documentation
  2. Review the Getting Started guide for complete setup instructions
  3. Contact Flinks with specific error details and request context