Authentication
All API and SDK requests require authentication. API calls require an authorization token, and calls to the SDK require a session key. Follow along this page to learn how to retrieve and use your authorization token and session key.
Making API Requests
All API requests require your auth token to be included as a header.
Getting Your Auth Token
Calls to Link Money's APIs are authenticated with an authorization token. This token can be retrieved by making a call to our authentication servers as in the following example. The two pieces of information needed to get an authorization token are your Client ID and Client Secret. See later steps in this tutorial for examples of how to use your auth token.
Retrieving Your Auth Token
Client ID and Secret
Your Client ID and Secret can be retrieved from Link Money's merchant portal. Use the following links for sandbox and production. Navigate to the Accounts page and look for the tile pictured below. Enter these values in the template in the next step.
Auth Token Request
This is an example of retrieving an auth token in bash. Ensure that a POST method is being used, you have the correct URL, you include the content-type header with the value given in the following example, fill in your client ID and secret in the appropriate fields, and include the appropriate scope for the request you are making.
Scope types
Link-Payment
string
Used for Payments, Refunds, Credits, and Cancelations
Link-Core
string
For all other requests
1curl --location --request POST '{API_BASE_URL}/v1/tokens' \
2--header 'Content-Type: application/x-www-form-urlencoded' \
3--data-urlencode 'client_id={CLIENT_ID}' \
4--data-urlencode 'client_secret={CLIENT_SECRET}' \
5--data-urlencode 'scope=Link-Core' \
6--data-urlencode 'grant_type=client_credentials'
Response Body
The two key values returned are the expires_in
field which denotes the number of seconds that the token will be valid, and the access_token
field which is the token itself.
1{
2 "token_type": "Bearer",
3 "expires_in": 3600,
4 "access_token": "{ACCESS_TOKEN}",
5 "scope": "Link-Core"
6}
Making SDK Requests
Linking customer bank accounts through Link Money's SDK requires a session key. To retrieve a session key, call the following endpoint with the appropriate customer details. Your auth token from step (1) must be included as a header to the API sessions endpoint or a 401 error will be returned.
This endpoint returns a session key to be used for SDK requests. Session keys are uniquely associated with each customer's session. When a customer wants to link a new account, a session key must be retrieved for them. The only mandatory fields in the session request are email
, firstName
and lastName
. Additional data provided through the session API enables us to more accurately decision payments and enhance the user experience. Check out best practices to learn more about the data requested.
{API_BASE_URL}/v1/sessions
Request Body
email
string
Your customer’s email
firstName
string
Your customer’s first name
lastName
string
Your customer’s last name
phoneNumber
string
Your customer’s phone number
billingAddress
object
Your customer’s billing address. Max length of
streetAddress
is 200,city
andstateOrProvince
is 50;postalCode
is 11.shippingAddress
object
This field is a part of
orderDetails
. It is your customer’s shipping address. Max length ofstreetAddress
is 200,city
andstateOrProvince
is 50;postalCode
is 11.items
array of objects
Each item should have a description (string), amount (object) and goodType (enum). The values for goodType are
DIGITAL
orPHYSICAL
.amount
object
This is the item’s cost and is part of the object passed in the items array.
totalAmount, subtotalAmount, discountAmount, shippingAmount, taxAmount
object
These fields are are part of order details and represent your customer’s transaction cost breakdown. These fields will only be accepted if the totalAmount field is provided, and subtotalAmount must be provided to include discountAmount, shippingAmount and taxAmount.
product
enum
PAY
orVERIFY
- indicates whether this session is for Pay by Bank or AccountVerify. Defaults toPAY
The following fields are part of the customerProfile
object and are meant to collect customer information to provide the best experience possible by mitigating fraud, increasing authorization rate and maximizing risk decisioning accuracy
guestCheckout
boolean
Whether this is a registered or guest checkout.
accountCreationDate
string
Timestamp in ISO-8601 format e.g. "2023-12-30T07:00:00-04:00" and "2023-12-30T07:00:00.1234-04:00"
firstTransactionDate
string
Timestamp in ISO-8601 format e.g. "2023-12-30T07:00:00-04:00" and "2023-12-30T07:00:00.1234-04:00"
transactionCount
integer
The number of transactions a customer has previously made with the merchant.
verifiedEmail
boolean
Whether the customer’s email has been verified.
verifiedPhone
boolean
Whether the customer’s phone has been verified.
1curl --location --request POST '{API_BASE_URL}/v1/sessions'
2--header 'Content-Type: application/json'
3--header 'Accept: application/json'
4--header 'Authorization: Bearer {ACCESS_TOKEN}'
5--data-raw '{
6 "firstName" : "{CUSTOMER_FIRST_NAME}",
7 "lastName" : "{CUSTOMER_LAST_NAME}",
8 "email" : "{CUSTOMER_EMAIL}",
9 "phoneNumber" : "{CUSTOMER_PHONE_NUMBER}",
10 "billingAddress" : {
11 "streetAddress": string,
12 "city": string,
13 "stateOrProvince": string
14 "postalCode": string,
15 "country": string
16 },
17 "orderDetails": {
18 "items": [
19 {
20 "description": string,
21 "goodType": enum
22 "amount": { "value": float, "currency": "USD" }
23 },
24 {
25 "description": string,
26 "goodType": enum
27 "amount": { "value": float, "currency": "USD" }
28 }
29 ],
30 "subtotalAmount": { "value": float, "currency": "USD" },
31 "discountAmount": { "value": float, "currency": "USD" },
32 "shippingAmount": { "value": float, "currency": "USD" },
33 "taxAmount": { "value": float, "currency": "USD" },
34 "totalAmount": { "value": float, "currency": "USD" },
35 "shippingAddress": {
36 "streetAddress": string,
37 "city": string,
38 "stateOrProvince": string
39 "postalCode": string,
40 "country": string
41 },
42 },
43 "customerProfile":{
44 "guestCheckout": boolean,
45 "accountCreationDate": timestamp,
46 "transactionCount": integer,
47 "firstTransactionDate": timestamp,
48 "verifiedEmail": boolean,
49 "verifiedPhone": boolean
50 },
51 "product": "PAY"
52}'
53
Response Body
sessionKey
string
Your session key
{ "sessionKey" : "a5292de413e-2626d8244239-879a9-ffbdfa2" }