- Extend user and cobrand session
- Implement cache for big data calls
- Know and code for different MFA providers
- Do not expect all fields in response
- Expect and code for new values for enums
- Plan for changing the code for deprecated fields and calls
- Do not base business logic on message strings
- Implement the recommended logic in add/update account flows
Extend user session and cobrand sessions
A user session expires after 30 min. and a cobrand session expires after 100 min.
You should be able to create a new user or cobrand session before it expires. Invoke the User Login API or Cobrand Login API accordingly.
After receiving the cobrand session, you should use the same cobrand session for all subsequent user logins and services for the next 100 minutes until the session expires.
You should avoid calling the Cobrand Login API to get the cobrand session repeatedly for subsequent API calls such as user login or data retrieval calls. It is not advisable to call an API multiple times as this is detrimental to the performance of the services.
You should avoid calling the User Login API multiple times for a session.
Implement cache for big data calls
The Get All Provider API takes more than one second to execute due to the amount of data that it provides. Implementing caches to avoid making calls to the server multiple times is recommended because the data rarely changes.
Know and code for different MFA providers
If you are not using Yodlee FastLink, code for the different types of MFA supported by Yodlee
- Security questions and answers
- Token ID authentication
- CAPTCHA image authentication
- Multistep authentication
Do not expect all fields in response
The sample input for calls and the data model page list the complete set of fields that are available for an entity. The fields in the actual response can vary depending on the data available at provider sites.
Expect and code for new values for enums
All enums tend to grow for business reasons. You are requested not to code based on the fixed set of values provided. We recommend that you code for unexpected values in a way that implementation does not break at any point.
- Examples of enums—accountType, holdingType, status, additionalStatus.
- Please refer the data model page to know all the enums.
Occasionally, existing values will be replaced with new value for better reasons. Yodlee will let customers know about the new and changed values well in advance of a release.
Plan for changing the code for deprecated fields and requests
Fields and calls may get deprecated for better reasons
- Information about what is being deprecated will be provided well in advance.
- End of life for the deprecated calls and fields will be noted well in advance so that you can plan implementation changes ahead and avoid affecting live users.
Do not base business logic on message strings
Do not code business logic based on the following message strings
- Error Messages - The messages are for information and may be enhanced or fine-tuned for better understanding.
- Additional Info - The messages are for information and reporting purposes.
Implement the recommended logic in add/update account flows:
If you are not using Yodlee FastLink, code for the following in the add/update account flows :
| Recommendation | Benefit |
|---|---|
| Construct the login form user experience using all the login form fields provided including the optional fields. | Reduced user confusion while providing credentials; as login field names displayed to them will be same as those in the provider site |
| Use the maxLength field, if provided in the login form fields. | Limits users from inputting credentials less than or exceeding the permitted length on the provider site |
| Implement the Re-enter Password feature while accepting credentials from users | Avoids errors when credentials are entered by users since they will be required to enter same credentials twice |
| Implement the Show Password field in the login form screen | Gives users the option to view the characters they entered passwords and will help them verify whether it is the correct password |
| Implement the Edit/Update Credentials option in their application | Helps users update their credentials during the add account flow rather than reaggregating them multiple times and avoids creating multiple provider account IDs |
| Display site-level and login form help text provided in the login form to users | Helps users provide the correct set of information for successful aggregation/log in |
| Do not allow users to copy and paste passwords into the login form | Ensures that a user is not entering additional characters unintentionally and there are no cookie issues |
| Users should select at least one option to enter their credentials when the login form has multiple options | Ensures that users do not leave a necessary field blank |