Comment on page
Add a first user and connection
To start interacting with our API, make sure you have setup a domain and a client application in the administration console.
Users of your application exist in our API. All data collected and exposed through our services is organized and scoped by users. We enforce isolated access to user data by issuing user-scoped access tokens, shared secrets that let you both authorize with our API and identify the relevant user you want to interact with.
You are responsible for keeping these tokens safe, and maintain the association with your own user registry.
User data arise from connections. A connection materializes the link between a user and one of the connectors (banks or billing providers) we support. Creating a connection requires the end-user to authenticate with the connector. As long as the connection is active, we take care of synchronizing user data and expose it.
You will need to let your users add a first connection before you can access its banking or billing data.
The simplest way to perform a connection setup is to use our Connect webview, a set of web-based endpoints that complement your domain API. It will take care of letting the user choose his bank or provider, gather credentials for later sync and manage consent to the individual bank accounts or document subscriptions he wants to share with your service, enforcing GDPR requirements.
The steps include:
- redirect the user in a browser to the webview to let him pick up a connector and add a connection;
- handle redirection after the web steps and get the temporary code;
- exchange the temporary code for an access token.
For the most simple configuration, present the following URL to your user (new lines are only added for clarity):
You will need to provide the
client_idof the client application created in the administration console, and a
redirect_urito use as a callback that must match the white-list defined in the console.
After the user has completed all steps in the webview, he will be redirected to your callback URL:
This step involves sending your client secret (a sensitive data), you must perform it from a secure environment.
Congratulations, you have been provided an access token that you must save, and that you can use to interact with all our products!