Use of Yodlee APIs requires application login (referred as cobrand login) as well login for end user (referred to as user login). Cobrand login establishes authentication for client application with Yodlee platform. End user login allows clients to use APIs for their own customers.
Calls to Yodlee API require authentication tokens passed through Authorization HTTP header, the format for Authorization Header is as below:
GET /ysl/restserver/v1/accounts HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Accept-Encoding: gzip, deflate, sdch, br
Refer to Get Started
guide on how to use Yodlee APIs in your application.
Yodlee PKI Encryption
Yodlee is commited to security of information transferred between client applications to its server. Yodlee already uses industry standard security practices at transport layer (HTTPS).
To go a step further, Yodlee APIs has optional feature to allow customers encrypt all sensitive information (account credentials) prior to sending those over API call. Sensitive information is encrypted using Yodlee Public Key (obtained using API call).
To use Yodlee PKI Feature along with Yodlee APIs refer to integration document Here
For encrypting sensitive credentials before API call, use encryption utility Here
Yodlee APIs working with PKI Features
1. Add Account : POST /v1/providers/providerAccounts
2. Update Account: PUT /v1/providers/providerAccounts