Skip to main content
Work in progressThis section is currently under active development as part of improvements planned for 2026. Content may change as we expand product capabilities.If you’re interested in early access or want to learn more about what’s coming, feel free to reach out to the team.
EFT V2 replaces V1’s endpoint-by-endpoint integration with a single session-based flow. You create one session, launch the hosted Flinks Pay experience, and monitor the session to completion — no custom front-end required.
Looking for the original endpoints (create transaction, schedules, PAD agreements)? See the EFT V1 reference. V2 is the recommended path for new integrations.

How V2 differs from V1

V1 (Direct Transactions)V2 (Session-based)
IntegrationMultiple endpoints, custom front-endOne session + hosted UI
Create callPOST /api/v1/transactionsPOST /api/v2/sessions (type = EFT)
Status modelEftStatus / PaymentStatusSessionStatus
Bank account captureProvided by youCaptured in the hosted flow
This is the Regular EFT path. Guarantee features belong to the GEFT product.

Base URLs

Production: {{BaseUri}} Sandbox: {{BaseUri}}

Authentication

EFT V2 uses the OAuth 2.0 Client Credentials flow:
  1. Authenticate with Basic auth (Client ID and Secret) at the /Authorize endpoint.
  2. Receive a Bearer token valid for 599 seconds (10 minutes).
  3. Use the Bearer token on all subsequent calls via the Authorization: Bearer header.
  4. Refresh the token before it expires.
EndpointAuthentication
POST /api/v2/sessionsBearer token
POST /api/v2/sessions/{sessionId}/cancelBearer token
GET /api/v2/sessions/{sessionId}/detailsBearer token
Session creation requires the RegularEft feature to be enabled on your client (otherwise the request returns 403).

API Endpoints

MethodEndpointDescription
POST/api/v1/authorizeObtain access token
POST/api/v2/sessionsInitiate session
GET/api/v2/sessions/{sessionId}/detailsGet session details
POST/api/v2/sessions/{sessionId}/cancelCancel session

Quick Start

1. Authenticate

curl --location '{{BaseUri}}/api/v1/authorize' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic {{clientId:clientSecret}}' \
--data-urlencode 'grant_type=client_credentials'

2. Initiate a session

curl --location '{{BaseUri}}/api/v2/sessions' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{access_token}}' \
--data-raw '{
  "referenceId": "USER12345",
  "type": "EFT",
  "direction": "DEBIT",
  "payor": {
    "firstName": "Sara",
    "lastName": "Ahmad",
    "email": "sara.ahmad@example.com"
  },
  "options": {
    "guarantee": { "enable": false }
  }
}'
The response returns a sessionId: 
{
  "sessionId": "850750a4-3021-4061-ac03-a8d873aa4179",
  "referenceId": "USER12345"
}

3. Launch the user flow

<iframe
  src="{{BaseUri}}/app/?sessionId={{sessionId}}"
  width="100%"
  height="600">
</iframe>

4. Monitor the session

curl --location '{{BaseUri}}/api/v2/sessions/{{sessionId}}/details' \
--header 'Authorization: Bearer {{access_token}}'

Session Status Codes

StatusStatusDetailsDescription
InitiatedEFT0101🟡 Session created, awaiting user start
CompletedEFT0301🟢 Transaction scheduled, session fully completed
CompletedEFT0302🟠 Bank account validated, awaiting PAD signature
FailedEFT0401🔴 Login failed — invalid financial institution credentials
FailedEFT0403🔴 Identity failed — user information did not match the bank account
FailedEFT0404🔴 Insufficient available balance
CancelledEFT0501⚫ Session cancelled by API request
ExpiredEFT0601⚫ Session timed out — user inactive or did not complete
Guarantee-related outcomes do not apply to regular EFT — they are specific to GEFT.

Validation Rules

  • type must be EFT; direction must be DEBIT; currency must be CAD (defaults to CAD).
  • payor.firstName, payor.lastName, and payor.email are required.
  • payor.address is optional for regular EFT. If provided, address line 1, city, province, postal code, and country are required.
  • payee must be omitted — funds settle to your client’s configured account.
  • referenceId is optional but recommended; it must be 1–36 alphanumeric characters or hyphens.
  • amount is optional; if provided it must be greater than 0, have at most 2 decimal places, and fall within your client’s configured minimum/maximum EFT amount. If omitted, the user enters the amount in the hosted flow.

Next Steps

  1. Initiate Session — full request and response schema
  2. Session Details — retrieve full session information and status