July 31, 2019

July 2019 Release Notes

Envestnet | Yodlee

Yodlee API v1.1 Features and Enhancements

Auto Refresh Status in Accounts Endpoint

  • The auto refresh status information for accounts can be requested in the GET /accounts and GET /accounts/{accountId} endpoints with the include=autoRefresh query parameter.
  • Auto refresh entity includes the following details:
    • Status – Indicates if auto refresh is enabled or disabled (This status does not indicate the result of the auto refresh process).
    • Additional Status – The reason auto refresh is enabled or disabled.
    • As of Date – The date when the auto refresh status is derived/calculated for the account.
  • Take advantage of this enhancement for the following use cases:
    • Ask users to refresh the MFA based sites as soon as they log in.
    • Ask users to correct the login information because a user action is required to rectify a login error.
    • Message your users about the issues that block auto refreshes.

Auto Refresh Status Change Notification

  • A new notification AUTO_REFRESH.STATUS_UPDATES has been introduced to communicate:
    • Auto refresh status changes.
    • Auto refresh disablement reason changes.
  • Subscribe to the new notification through our webhooks subscription endpoint.
  • You will be notified only when the status changes from enabled to disabled or the reasons auto refresh changed. The notification will be sent every 15 minutes.
  • The notification payload includes user login name, account id(s), status, and additional status of the accounts.
  • When notified, if you want to keep the latest account details in your local storage or need more data about accounts, call the GET /accounts for the accountIds you received in the notification with a valid user session or token.
  • Use this notification to:
    • message users about an action they must take to rectify the auto refresh issues.
    • message the users that you are unable to perform auto refreshes.

Update All Eligible ProviderAccounts API

  • The PUT /providerAccounts endpoint has been enhanced to perform refreshes for all the provider accounts that are eligible for refresh.
  • Account in these states will not be picked up for refresh: accounts that need MFA information, accounts that need user action to correct the login information, accounts that were recently refreshed, accounts for which data retrieval is in progress, inactive accounts, closed accounts, etc.
  • Dataset attributes like accounts, transactions, holdings, and statements are only considered for refresh.
  • If you have not opted for the identified dataset attributes or if they have not been retrieved in one of the previous refreshes, they will not be retrieved during the update all call.
  • You can display the latest account balance when your users log in to your application.
  • Do not perform batch refreshes using this option because Yodlee may block the batch refresh calls.

Swagger YAML File

We have released the Swagger 2.0 specification based YAML file for the APIs listed in our developer portal. You can download the file from the developer portal. Using the YAML file, you can generate your preferred client libraries with the help of the Swagger tools.

Access Cobrand Token-based APIs Using the User Token

If you are using API key-based authentication to access our v1.1 APIs, you may have experienced an error if you accessed a cobrand-token-based API with a user token. After this release, you will be able to access all the cobrand token-based APIs using a user token. There is no change in the API response.
APIs that can be invoked with the user token follow:

  • GET /holdings/holdingTypeList
  • GET /holdings/assetClassificationList

APIs to Create Issuer/API Key

  • APIs have been released that:
    • create the API key(also referred to as issuer key) by uploading the RSA public key.
    • get the active API keys.
    • delete the API key associated with the public key.
  • Customers can delete the existing RSA public key and upload a new RSA public key as well.
  • The endpoints available for managing the API keys follow:
    • POST /auth/apiKey
    • GET /auth/apiKey
    • DELETE /auth/apiKey/{key}
  • The above APIs can be accessed using one of the following authentication parameters:
    • Cobrand session
    • Cobrand login name with a password
    • API key based token
  • The above APIs cannot be accessed in the sandbox environment.

Bug Fixes

  • GET /accounts and GET /accounts/{accountId} endpoints provide correct userClassification in the response only if the value has been updated through the PUT /accounts/{accountId} endpoint. The API has been wrongly providing the default value, which is fixed in this release.
  • The url attribute is removed from the account entity of the GET /dataExtracts/userData response, as it is a Yodlee internal field.
  • Middle name that was provided as middleInitial in the POST user API response has now been changed to middle.

Data Access and FastLink – New Features/Enhancements

JWT Token Changes

JWT token secured FastLink sessions were timing-out without proper handling. The session will now be renewed automatically, with an absolute timeout of 2 hours, user idle timeout of 15 minutes, and a 30-minute timeout for API customers. After these session timeouts, a POST message will be sent to the parent application.

OAuth for Held Accounts

Currently held accounts are aggregated through OAuth authentication

  • The ability to revoke the token both in the platform and the associated functional changes in FastLink have been introduced
  • Multiple locale consent changes have been introduced.

Open Banking Changes

  • Support of OB3.1 as a standard and PS265 algorithm changes as stipulated by Open Banking.
  • Ability to adapt and accommodate dynamic bank registrations.
  • New consent form to be presented. This new consent form has to be customized in the styling tool for various use cases.
  • New API Consent, introduced to handle the dynamic generation of consent by API customers.
  • As part of this release, Open Banking migration is available. Migration is handled by a trigger to migrate in the onboarding flow in the Yodlee CustomerCare (YCC) tool.

Enhancements to Account Verification Data Service

  • It displays only the configured account types on the success page instead of showing all the account types—a key-based change. A new customizable key was introduced for this aspect.
  • If only one account type is available, the account selection screen is skipped.
  • The default behavior remains the same for other customers.

Miscellaneous Enhancements

  • The default value of enable transfer is empty. The label string can be customized using the FastLink Styling tool UI.
  • When all open banking accounts are deleted, the consent dashboard shows a message to confirm deletion. It used to be a Toast Message. It was changed to a Static Message to retain the information for a longer period.

UK, AUS Language Update

In the UK and Australia regions, CHECKING account will be displayed according to local conventions. CURRENT will be displayed in the UK, AUS. This applies only to FastLink.