Flinks Connect is the interface on which your customers will connect their bank accounts. Flinks Connect handles all the complicated bank authentication processes, so you don't have to worry about all the edge cases and error handling.
The end-user interacts with Flinks Connect to provide the credentials that are needed for Flinks to connect to the user's bank account. A successful connection is confirmed when the end-user is redirected to a landing page that's configured in your integration. Alongside the redirect, you will receive a LoginId related to the account that has just been connected.
When this happens, Flinks starts to collect all the data in the background and your backend needs to start the flow in order to receive and consume all these data.
Here are the steps for you to quickly integrate Flinks into your business:
Adding the iframe
To embed Flinks Connect into your page, you simply need to add your Flinks Connect private instance URL into an iframe. For this example, we are using the sandbox instance (named toolbox) with a few recommended parameters:
Once an account is successfully authenticated with the Financial Institution, Flinks Connect will redirect the end-user to the landing page, which was defined in the RedirectUrl parameter. Along with the redirection, you will receive the LoginId (and the accountId if the account selector is enabled), which is the reference from the recently-connected account. This is the required information for you to receive the Financial data later on.
You have two ways to retrieve the LoginId:
Directly from the redirected URL
Flinks Connect adds the loginId along with the institution into the landing page url. Example:
There are 2 ways for you to access the data from the connected accounts from your backend. You can retrieve the data through API calls in cached mode, or by using webhooks.
Option #1 - API
Every time you want to retrieve data from a connected account, you need to initiate a new session with Flinks, which means that you will need to generate a RequestId each time, in order to call /GetAccountDetails .
Step 1: /Authorize - Open a new session
To generate a new RequestId, you need to call /Authorize, specifying a LoginId and the parameter MostRecentCached:true, as we're calling the API in Cached Mode.
This endoint will generate you a new RequestIdinto the response:
Step 2: /GetAccountsDetail - Requesting the data
Using the new RequestId from step1, you can check if our data is ready to be returned by calling /GetAccountsDetail:
In case you are making use of one of our Account Selection features, you must include the accountId fetched in the Redirect event through the AccountsFilter, as below:
Endpoint call response:
Important: In case you receive the FlinksCode OPERATION_PENDING, it means that the process dispatched by Flinks Connect is not yet completed. In this case, refer to this article in order to learn about the Asynchronos Flow.
Option #2 - Webhooks
Another way to receive data is by setting up a webhook endpoint in your backend.
Instead of calling the API to receive the JSON with the financial data, Flinks will callback your endpoint with the JSON result of the connected accounts as soon the data extraction process is complete.
For us to configure your private instance with your webhook endpoint address, please contact Flinks Support team.
Observation: It's not possible to test webhooks integration using a Sandbox environment
One way to verify the authenticity and the integrity of the requests coming to your server is to use a secret token to validate the information that you receive from the webhook's callbacks.
If this feature is enabled, Flinks webhook callback will be sent with a key so you can validate the authenticity and the integrity of the information received.
Flinks uses HMAC with SHA-256 encryption to generate a validation key that will be sent within the HTTP response using the header flinks-authenticity-key.
The secret key used to do the encryption will be provided and configured on your instance when we setup your webhook address.
Authenticity and Integrity
In order to verify the authenticity and the integrity of the received webhook callback, you’ll need to combine your secret key with the received JSON response. Using the technology of your choice:
Retrieve and store the content of the header flinks-authenticity-key
Using the ASCII encoding format, convert the secret key provided to you into a byte array.
Using the same ASCII encoding format, convert the serialized JSON response you received into a byte array.
Using HMAC-SHA256 encryption implementation in your language of choice, using the secret key as the encryption key, compute a hash of your serialized JSON response.
Convert the obtained hash byte into an Base64 string.
Compare the result of the Base64 string and the flinks-authenticity-key received in the header response.
If the Base64 string matches the flinks-authenticity-key, you have a valid message!