Skip to main content


All API and SDK requests require authentication. API calls require an authorization token, and calls to the SDK require a session key. Follow along this page to learn how to retrieve and use your authorization token and session key.

Making API Requests

All API requests require your auth token to be included as a header.

Getting Your Auth Token

Calls to Link Money's APIs are authenticated with an authorization token. This token can be retrieved by making a call to our authentication servers as in the following example. The two pieces of information needed to get an authorization token are your Client ID and Client Secret. See later steps in this tutorial for examples of how to use your auth token.

Retrieving Your Auth Token

Client ID and Secret

Your Client ID and Secret can be retrieved from Link Money's merchant portal. Use the following links for sandbox and production. Navigate to the Accounts page and look for the tile pictured below. Enter these values in the template in the next step.

Auth Token Request

This is an example of retrieving an auth token in bash. Ensure that a POST method is being used, you have the correct URL, you include the content-type header with the value given in the following example, fill in your client ID and secret in the appropriate fields, and include the appropriate scope for the request you are making.

Scope types

  • Link-Payment


    Used for Payments, Refunds, Credits, and Cancelations

  • Link-Core


    For all other requests

POST Request
1curl --location --request POST '{API_BASE_URL}/v1/tokens' \
2--header 'Content-Type: application/x-www-form-urlencoded' \
3--data-urlencode 'client_id={CLIENT_ID}' \
4--data-urlencode 'client_secret={CLIENT_SECRET}' \
5--data-urlencode 'scope=Link-Core' \
6--data-urlencode 'grant_type=client_credentials'

Response Body

The two key values returned are the expires_in field which denotes the number of seconds that the token will be valid, and the access_token field which is the token itself.

2	 "token_type": "Bearer", 
3	 "expires_in": 3600, 
4	 "access_token": "{ACCESS_TOKEN}", 
5	 "scope": "Link-Core" 

Making SDK Requests

Linking customer bank accounts through Link Money's SDK requires a session key. To retrieve a session key, call the following endpoint with the appropriate customer details. Your auth token from step (1) must be included as a header to the API sessions endpoint or a 401 error will be returned.

This endpoint returns a session key to be used for SDK requests. Since session keys are associated with a single customer's session, a new session key must be retrieved for each customer, each time they want to link a new account.


Request Body

  • email


    Your customer’s email

  • firstName


    Your customer’s first name

  • lastName


    Your customer’s last name

  • phoneNumber


    Your customer’s phone number

  • product

    enum - OPTIONAL

    PAY or VERIFY - indicates whether this session is for Pay by Bank or AccountVerify. Defaults to PAY

POST Request
1curl --location --request POST '{API_BASE_URL}/v1/sessions' \
2--header 'Content-Type: application/json' \
3--header 'Accept: application/json' \
4--header 'Authorization: Bearer {ACCESS_TOKEN}' \
5--data-raw '{ 
6	"firstName" : "{CUSTOMER_FIRST_NAME}", 
7	"lastName" : "{CUSTOMER_LAST_NAME}", 
8	"email" : "{CUSTOMER_EMAIL}", 
9	"phoneNumber" : "{CUSTOMER_PHONE_NUMBER}", 
10	"product" : "PAY" 

Response Body

  • sessionKey


    Your session key

{ "sessionKey" : "a5292de413e-2626d8244239-879a9-ffbdfa2" }