Yodlee FastLink Integration Guide


Yodlee has introduced new features and updated the IAV API documentation. New version of Yodlee Fastlink called Fastlink 2.0 is available here

The Yodlee FastLink Integration Guide provides information about integrating Yodlee FastLink with customer online solutions. The document is intended to help partners integrate Yodlee FastLink with their online solution during product upgrades or new launches.


New Customers: You can get started with the latest release right away.

Existing Customers: If you are an existing customer using a previous release to 12.x, please consult your BD contact before using Yodlee FastLink because a one-time migration of your data may be required. 

Enabling Yodlee FastLink in a Web Page

Web pages that are intended to display Yodlee FastLink can do so through the help of an iframe. The iframe must be able to process and execute OAuth deep linking to Yodlee FastLink.

The iframe specifications include the height and width of the frame. The floater iframes should be hidden by default with a transparent background and no border.

Accessing Yodlee FastLink through OAuth

The following are the mandatory generic parameters to be passed for invoking Yodlee FastLink flows through OAuth deep linking.

Launch Parameter Description
The oauth_deeplink value should be passed to determine the access type for the connection being established to the application.
displayMode The desktop value should be passed to get the standard application styles
At the end of the Yodlee FastLink process (for example, the add site process), the browser is redirected to the location provided in the URL through a standard browser redirect. The URL looks similar to https://www.iqbank.com/home. The types of protocol supported are: http and https. The URL should have the browser protocol. A special case, oob (OAuth deep linking only), means the request is considered out of bounds of a normal Web request. In the case of oob, at the end of the Yodlee FastLink process (for example, the add site flow) a confirmation screen is shown and there is no final redirect.
The string is obtained when the application is registered with the OAuth
provider. It is a value used by the consumer to register itself to the service
provider. Example: 3c1007b2561a42699c0f56ff9d89e2d0
The parameter is expressed in the number of seconds since January 1, 1970 00:00:00 GMT. The timestamp value must be a positive integer and must be equal or greater than the timestamp used in previous requests
The parameter is a random string uniquely generated for each request with unique timestamp. It allows the service provider to verify that a request has never been made before and helps prevent replay attacks when requests are made over a non secure channel (such as HTTP).
oauth_signature_method The value HMAC-SHA1 should be passed. This parameter generates a signature and stores it in the oauth_signature parameter.
The parameter stores the unique string generated using the signature
method. Example: u3aQBQZYOcyQuajFq69DPzcHFoI
The parameter is the request token for user authorization and is a unique
oauth_version The parameter states the protocol version.  The value 1.0 should be passed

Features of Yodlee FastLink

Please refer to the Yodlee FastLink Product Guide to understand different scenarios to invoke the following: 

Feature URL that needs to be invoked
Add Site Flow


Sample URL

Login Form Flow


If you want to bypass the search page and start with a login form page where the user needs to enter the credentials, use the above link.

Sample URL

Update Site Flow https://<servername>/appscenter/fastlinksb/prepareEditSiteAccounts.fastlinksb.action?siteAccountId=123567890
Refresh Site Flow


Launch Parameters and  Return Parameters

Launch Parameters: In addition to the basic deep linking URL and generic parameters, the following additional URL parameters are to be passed to invoke different flows.

Launch Parameter Description 
The siteAccountId parameter should be passed to display the login form fields of the site while updating credentials for the account. This helps Yodlee to identify the credentials associated with the user. 
siteId The siteId parameter should be passed to display the login form fields of the site without showing the search page. Use this parameter only when search page needs to be bypassed
_flowId The siteRefresh value should be passed to invoke the site refresh flow.

Return Parameters: The following table shows the parameters passed by Yodlee to the oauth_callback URL after completing adding/updating/refreshing an account. 

Return Parameter Description
The status parameter is the status of the initiated add/update/refresh site account process. The following are valid values:
  • success
  • failed
  • in_progress
  • user_aborted
error_code Error code associated with different flows add/update/refresh of a site is sent through this parameter. Example: 402, 525, etc., 
memSiteAccountID Returns memSiteAccountID which gets created for every attempt made irrespective of whether it is a success or failure.  
The reason parameter has the following valid reasons for which the refresh flow is not triggered: This is applicable only for refresh flow. 

When to invoke Edit/Refresh flow of FastLink

To determine if the account is eligible for "Edit/Refresh" flow please follow the instructions below. 

  • Refresh.isSiteAccountsEligibleForRefresh(UserContext userContext, ArrayOflong memSiteAccIds) 
  • Above method returns SiteAccountInfo
  • SiteAccountInfo.siteRefreshInfo.SuggestedFlow = "EDIT" indicates that Edit Account Flow needs to be invoked.
  • SiteAccountInfo.siteRefreshInfo.SuggestedFlow = "REFRESH" indicates that Refresh Account Flow needs to be invoked.
  • SiteAccountInfo.siteRefreshInfo.SuggestedFlow = "NOT_REFRESHABLE" indicates that account is not eligible for refresh.  Refer to SiteAccountInfo.code for the error code and also SiteAccountInfo.siteRefreshInfo.SuggestedFlowReasonto know the reason. 

Retrieving Accounts Added after YodleeFastLink

Yodlee FastLink returns memSiteAccountID, an unique identifier for the account added. Please invoke DataService.getItemSummariesForSite(UserContext, memSiteAcctId) to retrieve an array of ItemSummary object containing all the required data. For retrieving the transactions, you can continue to use TransactionSearchService

Steps for Invoking Yodlee FastLink

Edit section

Step 1: Using Yodlee API, get the token and token secret using the OAuthAccessTokenManagementService.getOAuthAccessTokenby passing 10003200 as bridgetAppId in the parameter

Step 2: Open Access Token Signature this URL and enter the values in below fields.  

URL Use the URL from sandbox credentials
Parameter &access_type=oauthdeeplink&displayMode = desktop&oauth_callback=www.google.com&nbsp;
consumer key Use the application key from sandbox credentials
consumer secret Use the application secret from  sandbox credentials
token from step 1
token secret from step 1

Click Now for a new timestamp and random button for a new nonce. Please note that the above values are only for sandbox eval environment.  You will receive a set of different tokens for accessing Yodlee FastLink in production. 

Step 3: Click the sign button and you will find the normalized parameters and signature fields populated. If the signature contains a “+” sign then please select a new nonce and timestamp and click the sign again. The goal is to have signature which doesn’t contain “+” sign

Step 4:Once you get the values create the FastLink URL as

URL?+value in normalized parameters field+&oauth_signature=+ value in signature field

Sample URL

Step 5: Open the constructed URL in the browser and you should be able to see Yodlee FastLink