April 12, 2021

T-minus 0 to Launch: Moving Beyond the Envestnet | Yodlee Sandbox

Hod Greeley

The Checklist

Congratulations! You’ve tested the waters with a Envestnet | Yodlee Sandbox account. Here are some tips and reminders to smooth your shift to the next phase, moving to Launch (or beyond).

Start with the following checklist. If you’ve taken care of all the items, you’re in good shape. Following the checklist, we’ll talk about the items in more depth.

If you aren’t sure of the terms used here, you can find explanations in this blog post.

Authentication - Every environment (Sandbox, Development, and Production) has a different set of credentials. Check the tab on your dashboard to make sure you’re using the right set.
API Endpoints - The base path for the API endpoints (part that starts with https://xyz.api.yodlee.com/ysl) varies with environment. Update with the entries from the API URLs section on your dashboard.
FastLink URL - Like the main API URLs, the FastLink URL depends on environment. Make sure your front end uses the path from the API URLs tab on your dashboard.
Configure FastLink - FastLink 4 users must create configurations, including specifying your company name and other required fields. Development and Production environments each require at least one configuration. Go to the FastLink styling tool by clicking the "Configuration Tool" button on the API URLs tab on your dashboard. Be sure to fill all the required fields.
Register/track users - Sandbox has pre-configured users. Past Sandbox, you need to create your own in the Yodlee system. You must use an admin token for this, or, understand how implicit registration works. Be sure to track them, as well.

If you’re confident you’ve done everything on the list, you should be all set. In the remainder of this post, we’ll go into more detail. Or, you can click on the links in the list to jump directly to a topic.

Environments

On signing up, you had access to a restricted Sandbox environment. This environment comes with a fixed set of pre-registered users. It also prevents you from linking live financial data, since that comes with heightened security risks and oversight.

Once you move to any tier beyond Sandbox, you have access to two new environments. We refer to them as Development and Production.

Each of the environments serves a different purpose. Accordingly, each requires its own auth keys, uses specific base URLs, and has different end-user accounts registered. Account linking information is not shared, either.

Authentication

Yodlee APIs support several different authentication methods. Developer portal users with access prior to April, 2020, may have access via JSON Web Tokens (JWTs), but we recommend migrating to the current recommended best practice, Client Credentials (CC). (See this blog post for information about migrating from JWTs to CC.)

Take a look at this screen capture of a developer dashboard. You’ll see three tabs in the upper left. These let you select the environment you want to work with.

If you flip between the tabs and check, you’ll see the admin loginName, client ID, and client secret all change. If you’re getting authorization errors when trying to use an API, make sure you have the right keys.

API Endpoints

Each Yodlee environment has a different base URL. To select the appropriate one for the environment you’re working with, go to your developer dashboard. Select 'API URLs' in the left hand navigation pane. Choose 'Sandbox', 'Development', or 'Production' from the tabs in the upper left.

Use the value shown next to 'Yodlee API Endpoint' as the base for all your API calls.

For example, based on the dashboard shown, you would use https://production.api.yodlee.com/ysl/accounts to access the accounts API in the Development environment.

While your URLs may be similar to the one shown, be sure to get the values from your dashboard, to make sure they’re correct.

FastLink combines a helper library with a backend service. Working with the backend is transparent to you, but you must use the right URL for each Yodlee environment.

Copy the appropriate URL for the environment you’re working with to the JavaScript code you use to invoke FastLink. To find the one you want, go to your developer dashboard. Select 'API URLs' in the left-hand navigation pane. Choose 'Sandbox', 'Development', or 'Production' from the tabs in the upper left.

Use the value shown next to 'FastLink 4.0 URL' (or 'FastLink 3.0 URL' if using FastLink version 3).

For example, based on the dashboard shown, you would use the URL starting with https://fl4.preprod.yodlee.com when invoking FastLink to work with a Development environment.

While your URLs may be similar to the one shown, be sure to get the values from your dashboard, to make sure they’re correct.

FastLink Configuration

When working in Development or Production environments, FastLink must be configured before it can be invoked. If you try to launch FastLink before doing so, you’ll get an error. (We recommend logging the FastLink error callback information during development to help catch these kinds of errors. You can read more about that here.)

You can launch the FastLink tool for an environment by clicking on the "Configuration Tool" button on your dashboard. The image below shows what the configuration tool looks like. Be sure to save a configuration to both Development and Production

Register/track users

When we talk about users in this context, we mean the end-users of your application. Most likely you will already have a way to log your users into your application. To connect them with their data, you’ll need to let the Yodlee system know about them.

Unlike in Sandbox, with both Development and Production environments you start with a clean slate. There are no pre-registered users.

For convenience, Yodlee now registers new users implicitly. Any time you create an auth token, if the loginName does not match an existing user, the system creates one. The record created has limited information, so you may want to update the record with more.

If you want to manage users explicitly, you can do so with the /user endpoints. For example, to add a user, perform a POST to /user/register.

Be sure to have some way to track what you’ve registered. There is currently no API for listing them.

Attributions

Image of the launch of the Perseverance rover used courtesy of NASA, per NASA media guidelines. Image may be subject to copyright.