API Configuration

Introduction

Here you'll find a guide on how to configure everything you need to manage your interaction with our API or Link flow. This section will go through every different configuration you can find in our Finlink platform, and how it impacts the usage of the API or Link flow.

Webhook

Our webhooks allow you to create completely asynchronous workflows when working with us. We highly recommend you to look into implementing webhooks in your flow. Webhooks allow you to receive updates faster than polling, making the integration work better. You can follow our guide and best practices on webhooks.

Client Secrets

Client secrets are used for programatically starting an API session related to a specific app. They are extremely sensitive and should not be shared with anyone.

Creating a secret

Go into App Settings -> API Secrets. At that page you can find the table "Credentials".

Revoking a secret

In case a secret gets compromised, or you just want to delete an unused one, we offer you an option to revoke a secret. Revoking a secret will terminate the active session associated to it if there's any. Revoking a secret is permanent, so be certain you are removing the correct secret.

To revoke a secret, go to App Settings -> API Client. In the "Credentials" table, you'll find a button to revoke secrets in each secret's row.

When revoking a secret, you will be prompted with your account password to confirm the operation.

Limitations

• You can only create up to 5 secrets per app

• Every secret can only have 1 active session at a time. If a new session is started with a secret being in use, the previous session will be revoked

Force Link to use an auth token

You can find this option inside your App Settings -> Configuration tab. When marking this option as true, every new connection through our Link solution will only be accepted if the parameter authToken is provided. Instances of the Link solution without it will be rejected. This will make it so that only you can initiate an instance of the Link for your application, and that no parameter manipulation can be done (they will be ignored as only the ones provided when generating the authToken are valid). Read more on link parameters.

If this feature is not enabled, you can still initiate the Link solution using an authToken parameter, but unauthenticated forms of initialization will still be valid. You can find more information about how to generate a valid authToken for our Link solution here.

List of banks

This feature allows to custom your list of banks showed on widget list.

Link configuration

Since our Link is such an important part of the flow, we have reserved a full section in these docs to configure them.