Skip to main content
Use the https://api.flinks.io/api/v1/token endpoint to receive an access token so that you can start using the Open Banking API.

Token structure

When you use the authorization_code or refresh_token as the grant type, the token will include the following claims: 
{
  "client_id": "dc-7tf8aijpjqofl3uxppi136ldc",
  "sub": "bbc6eb83-60fa-4fb0-a6ea-9e2bd54e1071",
  "exp": 1709147034
}
The sub claim can be used to uniquely identify the user at the Data Provider.

About the refresh_token

When you’re using authorization_code as the grant type, the refresh_token that you receive is controlled by Flinks. It has an idle timeout of 30 days and does not expire. This means that it can be refreshed indefinitely unless it’s revoked. The refresh_token also does not change when exchanged.

Receiving a 400, 401, or 403 response

The data collection lifecycle is not connected to the refresh_token. If you receive a 400, 401, or 403 error when calling this endpoint, it means that either of the tokens that are managed by Flinks have expired.

How to handle an error response

If you receive an error response, refer to the List of Authorization Errors for more information about the error and how to resolve it.