Overview

Access to Yodlee APIs

The quickest way to get started with Yodlee APIs is by registering for a Sandbox Account on the Yodlee Developer Portal.

API Environment Details Notes
Sandbox – Developer Portal Immediate access to all APIs for aggregation, account verification, and Yodlee FastLink tools. Interactive API client to try individual REST APIs. Open to all. Account access is limited to a 45 day trial. Extensions are granted on request.
Stage API environment catering to specific implementation cases. Please reach out to Yodlee to learn more about the stage environment Access is restricted
Production/Live Access to the production environment is granted when a customer signs up with Yodlee. Access to the live environment is restricted for the customer server IP address. Please reach out to Yodlee for more details on setting up the live environment.
The environments are mutually exclusive and require separate access credentials and connection information (REST URLs) for each.

Integration Model

Integration with Yodlee is based on three objects

  1. Cobrand - Each Yodlee customer is referred to as a cobrand (partner). During the sign-up process, cobrand credentials are provided (for the respective environment).
  2. User - For every user in your system, Yodlee requires the creation of the respective user in the Yodlee system. A one-to-one relationship between users is required.
  3. User accounts - These are the financial accounts linked by end users. A user can add multiple financial accounts.


Authentication

Integration with Yodlee involves partner authentication (called Cobrand Authentication) using the cobrand credentials provided. User-specific operations require a second level of authentication for individual users. Cobrand and User logins return cobrand and user session tokens respectively and must be passed for successful API calls.

Cobrand Authentication


//Request Example - using Sandbox Environment
POST /ysl/restserver/v1/cobrand/login HTTP/1.1
Host: developer.api.yodlee.com
Accept: application/json
Content-Type: application/json
Content-Length: 164
Connection: keep-alive
{
    "cobrand":      {
      "cobrandLogin": "cobrand_user_name",
      "cobrandPassword": "cobrand_password",
      "locale": "en_US"
     }
}

//Response
{
  "cobrandId": 10010352,
  "applicationId": "3A4CAE9B71A1CCD7FF41F51006E9ED00",
  "locale": "en_US",
  "session": {
    "cobSession": "08062013_0:0d1ee7eb871b4e48b31bb553b459ca661f66bca0928fdef32ba673c61bb11c92a402b2341b97ca39fdd4a2b3e168d8ca90f66dd115eeee5e797660165f6cf8dd"
  }
}

User Authentication


//Request Example - using Sandbox Enviornment
POST /ysl/restserver/v1/user/login HTTP/1.1
Host: developer.api.yodlee.com
Accept: application/json
Content-Type: application/json
Authorization: {cobSession=08062013_2:7af6ff3f739965e72c8b7248c96a2317958f2b2c1a0a1bfa26394c25747e6b18b4e118e95d499058cbdd9212972d70cd41cbc7139934b66cbd65e220712a23ed}
Content-Length: 138
Origin: https://developer.yodlee.com
Connection: keep-alive

{
    "user":      {
      "loginName": "user_login_name",
      "password": "user_password#123",
      "locale": "en_US"
     }
}

//Response example
{
  "user": {
    "id": 10060702,
    "loginName": "user_login_name",
    "name": {
      "first": "John",
      "last": "Doe"
    },
    "session": {
      "userSession": "08062013_1:4daf4cf98182725d6fd018fa8d3165b73511a9d8f4c78f7fc65addfdb8288a0f451b49622d54635e681d3de153a73d608eaf9de7d41a23119cd249cb86d927c2"
    },
    "preferences": {
      "currency": "USD",
      "timeZone": "PST",
      "dateFormat": "MM/dd/yyyy"
    }
  }
}
							

Linking Accounts

Yodlee supports linking accounts from more than 15,000 global financial institutions. Linking accounts are crucial steps in integrating with Yodlee APIs. Yodlee supports linking accounts using Yodlee FastLink as well as linking directly with APIs.

Yodlee highly recommends using Yodlee FastLink to link and aggregate user accounts for better conversion and success rates.

Using Yodlee FastLink

Yodlee FastLink is a UI application available to all customers. Yodllee FastLink takes care of complex user flows for linking accounts including intuitive searches for financial institutions, credentials management, and error handling. Yodlee FastLink is a responsive, white-label hosted application. Yodlee continuously monitors and improves Yodlee FastLink for factors like conversion rates, user retention, optimal UI flows, and data analytics.

By using Yodlee FastLink, developers avoid creating complex UI flows and integration with thousands of ever-changing financial institution login mechanisms.

Linking Accounts Using APIs

Yodlee customers can opt to build their own UI application for link account user flows with Yodlee APIs. Developers need to ensure all critical aspects of the link account flow are covered:

  1. Get a list of financial institutions supported by Yodlee (providers) using /provider end points. The API supports searching by name of the financial institution.
  2. After selecting a financial institution to link, the user needs to be presented with the form to capture the provider's login credentials. Use /providers/ API to get a complete list of form fields needed to render the UI form
  3. Call Add Account API POST /providers/providerAccount. Status and additonalStatus fields in response to the POST /providers/providerAccount call will indicate if linking the account is successful
  4. With a successful link account call, a list of the user’s accounts are available using /accounts end point.
Handling MFAs
Some financial institutions require additional information from the user during login called multifactor authentication – in such cases, the Status and additionalStatus fields in the response will indicate the values IN_PROGRESS and USER_INPUT_REQUIRED – this requires the developers to present the MFA login form to users and capture the additional information required by the provider.


  1. Details of MFA are obtained by calling /providerAccounts/ API for presentation to the user.
  2. MFA details entered by the user need to be submitted using the PUT /providers/providerAccounts API call.
  3. Developers then are required to poll the status of the link account using the GET /providers/providerAccounts/ API call.

Multifactor Authentication

Multifactor authentication (MFA) verifies the identity of customers of a financial institution through a series of steps when they log in to their accounts online. It is called multifactor authentication because the login mechanism consists of two or more forms of verification. While single factor authentication is based on the username and password, in multifactor authentication, consumers provide additional detail like answers to security questions or some dynamic information to identify themselves.

Scheduled Automatic Refresh

After accounts are added, Yodlee keeps them up to date by running a nightly cache refresh that refreshes the account on behalf of the user.  Yodlee uses internal tools to intelligently manage the cache run process. These tools allow the time and frequency of account updates to be controlled based on consumer activity, account type, and error codes. Intelligent refreshing benefits Yodlee, our customers, and data providers by:

  • Providing the most up-to-date data to the most active users.
  • Uniformly distributing load to Yodlee content providers to eliminate refresh spikes that can cause instability or capacity issues.
  • Enabling Yodlee to control the refresh infrastructure volume throughout the course of a day.
Refresh Scheduling Policy
  • The cache run starts daily at 10AM PDT and ends the following day at 5AM PDT (19-hour window).
  • The cache run volumes increase throughout the day as user volumes decrease.
  • The peak window for the cache run is 9PM to 4AM as this is the low usage window.
  • There is no cache run from 5AM to 10AM PDT as this is the peak usage period for nearly all customers.

Refresh Frequency Policy
  • Frequently changing financial accounts (bank, card, investments) are refreshed daily for 0-30 day active users.
  • Frequently changing financial accounts are refreshed every 3 days for 30-45 day active users and weekly for 45-90 day active users.
  • Low frequency financial accounts (loan, mortgage, insurance, bills) and nonfinancial accounts (rewards, email) are refreshed weekly for 0-30 day active users.
  • Low frequency financial and nonfinancial accounts are refreshed every two weeks for 30-90 day active users.
  • Refreshes stop for users who are inactive for over 90 days.
  • If a user is inactive for over 90 days, that user needs to refresh the account from the application for the cache/nightly refresh to start working again. 

Webhooks

Webhooks refer to the overall concept of sending notifications to webhook endpoints. Webhook endpoints are URLs defined by users to which Yodlee sends events. Use webhooks to be notified about events that happen in a refresh account flow. Your system can then take appropriate action based on this event.

Refer to the detailed Webhooks integration guide about receiving REFRESH notification events at your Webhooks endpoint.


Account Aggregation

Refer to Account Aggregation API versions, documentation, and API reference

Account Verification

Yodlee Instant Account Verification (IAV) offers a safe and secure way to onboard consumers, connect their financial accounts, mitigate payment and account funding risks, and verify the account and account status for products and services. Instead of a time-consuming process that forces consumers to look up account information or use micro deposits to verify their bank accounts, consumers need only enter their online banking credentials. IAV confirms the account and verifies the account balance in seconds.

Refer to detailed documentation for account verification


Yodlee FastLink

Refer to Yodlee FastLink 2.0 Documentation


Testing

To verify integration with Yodlee and see accounts and transactions data accessible to your application you can use real financial institution accounts. Use of real bank accounts is possible in the Sandbox, Stage, and live environments.

A Sandbox trial account also provides test financial institution accounts for testing during the registration process

Test Accounts

Yodlee also offers a tool to set up test (dummy) financial institution sites and related accounts. Refer to the Yodlee Dummy Account Generator to create your own test credentials.