Skip to main content

Mandatory for all new integrations as of October 2024

If your integration was created prior to October 2024, the authorize token is still optional.
When completing the authorization process for both Flinks Connect and direct API connections, you must pass a valid authorize token to access account data. This adds an extra layer of security by ensuring that only the intended person is accessing the account. Complete the steps below to pass us an authorize token each time you authenticate: Flinks provides a secret key during the integration process. This is a unique key that identifies you within the system and grants you access to our APIs. Use your secret key to generate an authorize token. This allows us to confirm your identity and ensure that the correct person is accessing the data.

b) Generate an authorize token

Call the /GenerateAuthorizeToken endpoint and pass your secret key. This token can only be used once and is active for 30 minutes. This token expires if it is not used within 30 minutes and you must generate a new one.

c) Send us an authorize token to successfully authenticate

Those using Flinks Connect will pass the authorize token using a customization parameter. Add the authorizeToken customization parameter to your Flinks Connect iframe URL, then pass your authorize token using the format authorizeToken=123-456-789. Replace 123-456-789 with your valid token. For example:
URL
https://yourinstance-iframe.private.fin.ag/?redirectUrl=flinks.com&authorizeToken=d65f1adb-8ebc-48dc-be8b-20c773ba1565

Connect to optional API endpoints to enhance your integration

Custom integrations only

This page explains how to set up custom integrations that use a direct API connection. If you are using Flinks Connect, see Set Up Flinks Connect.
Complete the following steps to connect with us using a custom API integration that uses OAuth 2.0.
  1. Ask your Flinks Representative to whitelist the URLs that your endpoints will be calling, including the redirect URL is step 2A.
  2. Call the /OAuth/Authorize endpoint and perform the following tasks:
    • Redirect the end user to their bank’s login screen using the institution parameter. Here, they’ll enter their login credentials and complete multi-factor authentication (MFA) if required.
    • Provide a URL to redirect the end user back to your website or app using the redirect_uri field. If the login is successful, you receive a redirect response containing a loginId: https://{redirect}?loginId={loginId}&state={state}. If the login is unsuccessful, you receive a redirect response containing an error message: https://{redirect}?state={state}&error={error}&error_description={error_description}. For more information on how to make this call, see our API documentation.
  3. Call the /Authorize endpoint and apply the following settings to initiate the authorization flow:
    • Pass the loginId that you received in step 2.
    • Make the call in live mode by setting the MostRecentCached parameter to FALSE.
      For more information on how to make this call, see our API documentation.
    • Set the save parameter to TRUE to maintain communication with the database (for nightly refreshes, receiving insights, and more).
      For more information on how to make this call, see our API documentation.
If you receive a 200 response, the end-user is successfully authenticated, and you can now use the Flinks API to retrieve data.