Changelog
Flinks API Reference
< Back to Flinks

Authorize Token

ℹ️

Mandatory for all new integrations as of October 2024

If your integration was created prior to October 2024, the authorize token is still optional.

When completing the authorization process both for Flinks Connect and direct API connections, you must pass a valid authorize token to be able to access account data. This adds an extra layer of security by ensuring that only the intended person is accessing the account.

Complete the steps below to pass us an authorize token each time you authenticate.

How to pass an authorize token

Step 1: Receive a secret key from Flinks

Flinks provides a secret key during the integration process. This is a unique key that identifies you within the Flinks system and grants you access to our APIs.

Use your secret key to generate an authorize token. This allows us to confirm your identity and ensure the correct person is accessing the data.

Step 2: Generate an authorize token

Call the /GenerateAuthorizeToken endpoint and pass your secret key.

This token can only be used once and is active for 30 minutes. The token expires if it's not used within 30 minutes and you must generate a new one.

Step 3: Send us an authorize token to successfully authenticate

Depending on your integration, if you are using Flinks Connect or a direct API connection, you will pass the authorize token in one of the following ways:

  • For Flinks Connect integrations, pass it using a customization parameter in the iframe URL
  • For direct API connections, pass it using a header parameter when you call the /Authorize endpoint

For more information about how to do this for each integration type, review the following sections.

Sending an authorize token for Flinks Connect integrations

If you are using Flinks Connect, pass the authorize token using a customization parameter.

Add the authorizeToken customization parameter to your Flinks Connect iframe URL, then pass your authorize token using the format authorizeToken=123-456-789. Replace 123-456-789 with your valid token.

For example:

https://yourinstance-iframe.private.fin.ag/?redirectUrl=flinks.com&authorizeToken=d65f1adb-8ebc-48dc-be8b-20c773ba1565

Sending an authorize token for direct API integrations

If you are using a direct API integration, pass the authorize token through the /Authorize endpoint.

Call the /Authorize endpoint to authenticate, then pass the authorize token using the header parameter flinks-auth-key.