April 2, 2020

New Release in the Developer Portal
Peter van der Linden

For the last couple of months, Envestnet | Yodlee software engineering teams have been hard at work on new features.  The results are now available to new developers who register for a developer account. The changes can be summarized:

  • New, simpler approach to authentication and authorization
  • Some simplifications in the account verification flows
  • Some great new learning content that we call "Quickstart"  

To make this happen, we had to remove the feature of linking live (real world) accounts in the sandbox environment.  But don't panic - everyone can still link live accounts in the development environment, which can be accessed for free, with a limited number of monthly activities in the Launch pricing tier.   Yodlee has three testing environments (sandbox, development, and production).  Overlaid on that are four pricing tiers, which are summarized on the pricing page.

Expanding on the changes in these three areas, we have introduced a simplified scheme for creating tokens that authenticate you to the Yodlee API server and authorize your access to the data of specific end users.  In the new approach, there is an API call to get a token.  New developers no longer have to mint a JSON web token; you simply ask the Yodlee server for one.  You present a set of credentials (essentially a username and password) and the login name of the end-user whose data you want.  The new tokens are not JSON web tokens, and they are opaque to the developer.  You pass the new token in an HTTP header to every subsequent API call.  It's the same "Authorization: Bearer tokenGoesHere" HTTP header that we used with JSON web tokens.

Developers who register new accounts will use this new approach.  Developers who are using JSON web tokens today will continue to use them.  We think that everyone will want to migrate to the new approach because it is simpler to code and thus easier for you to maintain.  It is based on the client credential grant of the industry-standard RFC 6749 framework.  We'll provide more information for existing developers on adopting the new token system, in the weeks ahead. 

The second and third new features are tied together.  We simplified some of the flows for account verification, and we have some new content describing it.  There are 3 brief videos introducing developers to the Yodlee platform, explaining the FastLink tool, and walking through two of the most popular verification flows.  As well as the videos, we have some great online Postman scripts and guidance to help you navigate the flows.  We simplified the way you invoke FastLink and pass parameters back and forth to it.  You no longer need to use the FastLink styling tool to set the kind of verification you want FastLink to do (account balance verification or account holder details verification).

We think these changes will be welcomed by developers, and we look forward to hearing your feedback.