Under the section: Authorize token valid one time only
Note that the authorize token is valid only one time. You need to generate a new authorize token before each time you need to use Flinks Connect or to call the /Authorize endpoint.
Please specify that a RequestId (Authorize Token):
- Only exists for 30 minutes before it expires
- Expires after the /GetAccountsDetail endpoint is called
- Is generated new even for cached calls
You can now use the authorize token. There are 2 different ways to use it depending on if you are using Flinks Connect or if you are manually calling the /Authorize endpoint.
Authorize token valid one time only
Note that the authorize token is valid only one time. You need to generate a new authorize token before each time you need to use Flinks Connect or to call the
/Authorizeendpoint.
Option 1 - Flinks Connect
You have to send the authorize token generated in Step 2 using the query string parameter authorizeToken like in this example:
https://yourinstance-iframe.private.fin.ag/?redirectUrl=flinks.com&authorizeToken=d65f1adb-8ebc-48dc-be8b-20c773ba1565
Option 2 - Call /Authorize endpoint
Alternatively, if you call the /Authorize endpoint, you have to send the authorize token generated in Step 2 using the request header parameter flinks-auth-key.
Valid token
From this point on, the normal /Authorize flow is engaged.
Dealing with MFA
In this example, we are not faced with a MFA challenge but if you need to call
/Authorizea second time to answer the MFA question, you need to send back the same authorize token usingflinks-auth-keyrequest header parameter.
Invalid token
If you call /Authorize endpoint but don't provide a valid authorize token (ex: expired token or already used token), you will receive this error message.