Skip to main content
POST
/
v3
/
{customerId}
/
BankingServices
/
Authorize
Authorize
curl --request POST \
  --url https://{instance}-api.private.fin.ag/v3/{customerId}/BankingServices/Authorize \
  --header 'Content-Type: application/json' \
  --header 'flinks-auth-key: <flinks-auth-key>' \
  --data '
{
  "LoginId": "5e115eac-1209-4f19-641c-08d6d484e2fe",
  "MostRecentCached": true
}
'
{
  "HttpStatusCode": 200,
  "Links": [
    {
      "rel": "AccountsDetail",
      "href": "/GetAccountsDetail",
      "example": null
    },
    {
      "rel": "AccountsSummary",
      "href": "/GetAccountsSummary",
      "example": null
    },
    {
      "rel": "Statements",
      "href": "/GetStatements",
      "example": null
    }
  ],
  "InstitutionName": "FlinksCapital",
  "Login": {
    "Username": "Greatday",
    "IsScheduledRefresh": false,
    "LastRefresh": "2026-01-21T20:47:47.145999",
    "Type": "Personal",
    "Id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  },
  "InstitutionId": 14,
  "Institution": "FlinksCapital",
  "RequestId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
Start a session and fetch cached banking data for a user. Pass your authorize token (from /GenerateAuthorizeToken) via the flinks-auth-key header — see Authentication Reference for all credentials and headers. If the response is 203, MFA is required — see the MFA flow, then resubmit with RequestId and SecurityResponses. For error cases, see Authentication Troubleshooting.

Headers

flinks-auth-key
string
default:d65f1adb-8ebc-48dc-be8b-20c773ba1565
required

Authorize token (one-time, 30-minute lifetime) generated by /GenerateAuthorizeToken. Do not pass your secret key here — the secret key is only used when generating the token.

Example:

"d65f1adb-8ebc-48dc-be8b-20c773ba1565"

Content-Type
string
default:application/json

Content type of the request.

Example:

"application/json"

Accept
string
default:application/json

Acceptable response media type.

Example:

"application/json"

Path Parameters

customerId
string
default:43387ca6-0391-4c82-857d-70d95f087ecb
required

Unique GUID provided by Flinks that grants you access to the environment specified in the instance field. By default, the value is the key for the toolbox environment.

Example:

"43387ca6-0391-4c82-857d-70d95f087ecb"

Body

application/json
LoginId
string

Identifier returned by Flinks Connect after a successful customer authentication. Use this in combination with MostRecentCached: true to open a session against the cached data aggregated by the widget. This is the recommended flow for most integrations.

Example:

"5e115eac-1209-4f19-641c-08d6d484e2fe"

MostRecentCached
boolean
default:true

Controls how the session is opened. true = cached mode (recommended): pair with LoginId to retrieve the most recently aggregated data for a customer. false = live mode: initiates a fresh live connection to the financial institution; typically used for manual refresh or direct API (legacy) integrations with Username/Password.

Example:

true

Username
string

Username used to connect to the financial institution. Only used for direct API (legacy) integrations when MostRecentCached is false — Flinks Connect handles authentication for the widget integration path.

Example:

"greatday"

Password
string

Password used to connect to the financial institution. Only used for direct API (legacy) integrations when MostRecentCached is false.

Example:

"everyday"

Institution
string

Unique identifier of the financial institution. Only required for direct API (legacy) integrations — the widget sets this automatically.

Example:

"FlinksCapital"

Language
string
default:en

Preferred language for the connection process (en | fr)

Example:

"en"

Save
boolean
default:true

If set to true, all collected data and credentials will be saved after the request is completed.

Example:

true

Tag
string

Custom string to attach to a specific request.

RequestId
string<uuid>

Required for MFA. Pass the RequestId received in the 203 response.

SecurityResponses
object

Pass this parameter if you received a 203 response from the /Authorize endpoint and are calling it a second time to complete MFA questions. This parameter contains the user's responses to the MFA questions, where keys are the prompts and values are arrays of answers.

Response

Authorization successful - Session opened and RequestId can be used for subsequent data calls

HttpStatusCode
integer

HTTP status code

Example:

200

Links
object[]

List of available data endpoints

Example:
[
  {
    "rel": "AccountsDetail",
    "href": "/GetAccountsDetail",
    "example": null
  },
  {
    "rel": "AccountsSummary",
    "href": "/GetAccountsSummary",
    "example": null
  },
  {
    "rel": "Statements",
    "href": "/GetStatements",
    "example": null
  }
]
InstitutionName
string

Name of the financial institution

Example:

"FlinksCapital"

Login
object

End user's technical login information

Example:
{
  "Username": "Greatday",
  "IsScheduledRefresh": false,
  "LastRefresh": "2026-01-21T20:47:47.145999",
  "Type": "Personal",
  "Id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
InstitutionId
integer

Unique identifier of the financial institution

Example:

14

Institution
string

Name of the financial institution

Example:

"FlinksCapital"

RequestId
string<uuid>

Unique request identifier used for subsequent data calls

Example:

"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"