Overview
The Yodlee FastLink Integration Guide provides information about integrating Yodlee FastLink with customer online solutions. The document is intended to help partners integrate Yodlee FastLink with their online solution during product upgrades or new launches.
Prerequisites
New Customers: You can get started with the latest release right away.
Existing Customers: If you are an existing customer using a previous release to 12.x, please consult your BD contact before using Yodlee FastLink because a one-time migration of your data may be required.
Enabling Yodlee FastLink in a Web Page
Web pages that are intended to display Yodlee FastLink can do so through the help of an iframe. The iframe must be able to process and execute OAuth deep linking to Yodlee FastLink.
The iframe specifications include the height and width of the frame. The floater iframes should be hidden by default with a transparent background and no border.
Accessing Yodlee FastLink through OAuth
The following are the mandatory generic parameters to be passed for invoking Yodlee FastLink flows through OAuth deep linking.
Launch Parameter | Description |
---|---|
access_type | The oauth_deeplink value should be passed to determine the access type for the connection being established to the application. |
displayMode | The desktop value should be passed to get the standard application styles |
oauth_callback | At the end of the Yodlee FastLink process (for example, the add site process), the browser is redirected to the location provided in the URL through a standard browser redirect. The URL looks similar to https://www.iqbank.com/home. The types of protocol supported are: http and https. The URL should have the browser protocol. A special case, oob (OAuth deep linking only), means the request is considered out of bounds of a normal Web request. In the case of oob, at the end of the Yodlee FastLink process (for example, the add site flow) a confirmation screen is shown and there is no final redirect. |
oauth_consumer_key | The string is obtained when the application is registered with the OAuth provider. It is a value used by the consumer to register itself to the service provider. Example: 3c1007b2561a42699c0f56ff9d89e2d0 |
oauth_timestamp | The parameter is expressed in the number of seconds since January 1, 1970 00:00:00 GMT. The timestamp value must be a positive integer and must be equal or greater than the timestamp used in previous requests |
oauth_nonce | The parameter is a random string uniquely generated for each request with unique timestamp. It allows the service provider to verify that a request has never been made before and helps prevent replay attacks when requests are made over a non secure channel (such as HTTP). |
oauth_signature_method | The value HMAC-SHA1 should be passed. This parameter generates a signature and stores it in the oauth_signature parameter. |
oauth_signature | The parameter stores the unique string generated using the signature method. Example: u3aQBQZYOcyQuajFq69DPzcHFoI |
oauth_token | The parameter is the request token for user authorization and is a unique string. |
oauth_version | The parameter states the protocol version. The value 1.0 should be passed |
Features of Yodlee FastLink
Please refer to the Yodlee FastLink Product Guide to understand different scenarios to invoke the following:
Feature | URL that needs to be invoked |
---|---|
Add Site Flow | https://<servername>/appscenter/fastlinksb/linkAccount.fastlinksb.action |
Login Form Flow | https://<servername>/appscenter/fastlinksb/linkAccount.fastlinksb.action?siteId=2852 If you want to bypass the search page and start with a login form page where the user needs to enter the credentials, use the above link. |
Update Site Flow | https://<servername>/appscenter/fastlinksb/prepareEditSiteAccounts.fastlinksb.action?siteAccountId=123567890 |
Refresh Site Flow | https://<servername>/appscenter/fastlinksb/refreshSiteAccount.fastlinksb.action?_flowId=siteRefresh&siteAccountId=1234567890 |
Launch Parameters and Return Parameters
Launch Parameters: In addition to the basic deep linking URL and generic parameters, the following additional URL parameters are to be passed to invoke different flows.
Launch Parameter | Description |
---|---|
siteAccountId | The siteAccountId parameter should be passed to display the login form fields of the site while updating credentials for the account. This helps Yodlee to identify the credentials associated with the user. |
siteId | The siteId parameter should be passed to display the login form fields of the site without showing the search page. Use this parameter only when search page needs to be bypassed |
_flowId | The siteRefresh value should be passed to invoke the site refresh flow. |
Return Parameters: The following table shows the parameters passed by Yodlee to the oauth_callback URL after completing adding/updating/refreshing an account.
Return Parameter | Description |
---|---|
status | The status parameter is the status of the initiated add/update/refresh site account process. The following are valid values:
|
error_code | Error code associated with different flows add/update/refresh of a site is sent through this parameter. Example: 402, 525, etc., |
memSiteAccountID | Returns memSiteAccountID which gets created for every attempt made irrespective of whether it is a success or failure. |
reason | The reason parameter has the following valid reasons for which the refresh flow is not triggered: This is applicable only for refresh flow.
|
When to invoke Edit/Refresh flow of FastLink
To determine if the account is eligible for "Edit/Refresh" flow please follow the instructions below.
Refresh.isSiteAccountsEligibleForRefresh(UserContext userContext, ArrayOflong memSiteAccIds)
- Above method returns
SiteAccountInfo
SiteAccountInfo.siteRefreshInfo.SuggestedFlow = "EDIT"
indicates that Edit Account Flow needs to be invoked.SiteAccountInfo.siteRefreshInfo.SuggestedFlow = "REFRESH"
indicates that Refresh Account Flow needs to be invoked.SiteAccountInfo.siteRefreshInfo.SuggestedFlow = "NOT_REFRESHABLE"
indicates that account is not eligible for refresh. Refer toSiteAccountInfo.code
for the error code and alsoSiteAccountInfo.siteRefreshInfo.SuggestedFlowReason
to know the reason.
Retrieving Accounts Added after YodleeFastLink
Yodlee FastLink returns memSiteAccountID, an unique identifier for the account added. Please invoke DataService.getItemSummariesForSite(UserContext, memSiteAcctId) to retrieve an array of ItemSummary object containing all the required data. For retrieving the transactions, you can continue to use TransactionSearchService.
Steps for Invoking Yodlee FastLink
Step 1: Using Yodlee API, get the token and token secret using the OAuthAccessTokenManagementService.getOAuthAccessToken
by passing 10003200 as bridgetAppId in the parameter
Step 2: Open Access Token Signature this URL and enter the values in below fields.
URL | Use the URL from sandbox credentials |
---|---|
Parameter | &access_type=oauthdeeplink&displayMode = desktop&oauth_callback=www.google.com |
consumer key | Use the application key from sandbox credentials |
consumer secret | Use the application secret from sandbox credentials |
token | from step 1 |
token secret | from step 1 |
Click Now for a new timestamp and random button for a new nonce. Please note that the above values are only for sandbox eval environment. You will receive a set of different tokens for accessing Yodlee FastLink in production.
Step 3: Click the sign button and you will find the normalized parameters and signature fields populated. If the signature contains a “+” sign then please select a new nonce and timestamp and click the sign again. The goal is to have signature which doesn’t contain “+” sign
Step 4:Once you get the values create the FastLink URL as
URL?+value in normalized parameters field+&oauth_signature=+ value in signature field
Step 5: Open the constructed URL in the browser and you should be able to see Yodlee FastLink