Skip to main content

This API is for our Open Banking product

This API is used for Outbound, the Flinks Open Banking product. For more information about using Outbound, speak with your Flinks Representative.

Using the Open Banking API

The open banking API is used by both Data Recipients and Partners to connect customer accounts and securely receive financial data from the customer’s financial institution. Our Data Access endpoints use Financial Data Exchange (FDX), an industry standard, to securely transfer financial data. You’ll see the following terms when using our documentation:
  • Data Provider: A financial institution or bank with which a customer has an account. The customer provides consent for the Data Provider to release their financial data to Partners and Data Recipients so they can use their services.
  • Partner: An organization that provides a financial service and is fully integrated in the Outbound ecosystem.
  • Data Recipient: An organization that provides a financial service, but is not fully integrated in the Outbound ecosystem. Flinks completes some of the technical integration aspects on their behalf, including the Data provider registration process. At a high level, Data Recipients receive data from financial institutions.

Before you begin

Before you can start calling this API, you must receive client credentials from Flinks. This includes a `client_id and client_secret. Client credentials are used to identify you as a specific client of Flinks and grant you secure access to our APIs. We provide these during the onboarding process.

Making your first API call

Getting started with this API differs slightly depending on which type of client you are. Refer to one of the following pages for more information on how to make your first API call.

Get Started as a Partner

Complete the following sections to use the Open Banking API as a Partner.

Get an Access Token

To call any of our Endpoints for Partners, use the client credentials that we provided to you during onboarding to obtain an access_token. Call the /Token endpoint using the following settings:
  • grant_type: client_credentials
  • client_id: {partner client_id}
  • client_secret: {partner client_secret}
  • scope: client:admin
If the request is successful, you’ll receive an access \token:
Json
{
  "access_token": "{access_token}"
}
Store the access_token in a secure location, as you will need it to make future API calls. Each access_token has an expiry date that’s defined in the expires_in of the response. When an access_token expires, discard it and complete this step again to obtain a new one. If you pass an expired or invalid access_token, you’ll receive a 400 error response.

Register with Data Providers

If this is your first time using the Open Banking API, register to the Data Providers your customers are working with so they can securely share the customer’s financial data with them. Call the /Recipients/providers/requests endpoint to submit a registration request and provide the ID of the Data Provider(s) you want to register with. Flinks reviews the request and approves it. To check the status of a registration, call the /Recipients/{client_id}/providers/requests endpoint. The following is a list of possible registration statuses:
STATUSDESCRIPTION
PENDING_APPROVALA partner has sent a registration request and is awaiting approval from Flinks.
PENDING_ACTIVATIONFlinks has approved the registration request and it’s been sent to the Data Provider for activation.
ACTIVEThe Data Provider is registered with the Data Recipient. The Data Recipient can successfully use the Flinks Open Banking API for this particular Data Provider.

Get Started as a Data Recipient

Complete the following sections to use the Open Banking API as a Data Recipient.

(Optionally) Determine which Data Providers a Data Recipient is registered to

Get an access_token by passing your client credentials to the /Token endpoint. Then, call the /Providers endpoint and pass the access_token. You’ll receive a list of Data Providers who are registered to the Data Recipient. This step is optional and not required to authorize.

Authorize with a Data Provider

Initiate the authorization process with the Data Provider by calling the /Authorize endpoint. If the request is successful and the customer provides consent, you’ll receive a 302 response at the redirect_uri, an authorization code, and the original state. If the request is not successful or the customer declines to provide consent, you’ll receive an error, error_description, and the original state. Below is the Example Authorize URL:
Url
https://api.flinks.io/api/v1/authorize?
response_type=code
&client_id=clientid
&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback
&scope=ACCOUNT_BASIC%20ACCOUNT_DETAILED%20ACCOUNT_PAYMENTS%20INVESTMENTS%20TRANSACTIONS%20STATEMENTS%20CUSTOMER_CONTACT%20CUSTOMER_PERSONAL
&state=state
&provider_id=1000
&correlation_id=fce84d61-dfa8-4e2b-bd94-f1ec6a445841
You will receive the following on success:
Url
https://www.example.com/callback?
code=code
&state=state
And you will receive the following on a failure:
Url
https://www.example.com/callback?
error=access_denied
&error_description=The user denied the access
&state=state

Exchange the authorization code for an access token

Call the /Token endpoint and use authorization_code as the grant_type. If the request is successful, you’ll receive an access token:
Json
{
  "access_token": "{access_token}",
  "token_type": "Bearer",
  "expires_in": 300,
  "refresh_token": "{refresh_token}"
}

Start receiving your data

Use the access_token to call the Data Access endpoints and start receiving your data. For example, to get customer account data, call the /Accounts endpoint and pass the access_token.

Get a refresh token

When your access_token expires, call the /Token endpoint and use the refresh_token as the grant_type. If the request is successful, you’ll receive a new access_token.