AccessToken
or AuthToken
is a generated secret (sequence of symbols) that is returned by Mesh API upon successful account authentication and used in subsequent requests to access the user’s data.
Each token represents a connection between a particular user (typically, an end user of a client) and the user’s brokerage/exchange/wallet account.
The token grants access to the user’s data and enables the execution of read and (based on the integration) write operations. Therefore, it is essential to store the token with utmost security measures in place.
AccessToken
RefreshToken
CreateNewRefreshToken
parameteronIntegrationConnected()
to capture the accessTokenPayload after the user successfully connects an account. In particular, the elements you’ll need are:
accessToken
refreshToken
expiresInSeconds
refreshTokenExpiresInSeconds
brokerType
brokerName
expiresInSeconds
value is present. If so, it means that the accessToken
should be refreshed before it expires.expiresInSeconds
, and uses the refreshToken
in a POST to the endpoint /api/v1/token/refresh before timestamp
+ expiresInSeconds
occurs.refreshTokenExpiresInSeconds
is also provided, create the same logic for the refreshToken
to refresh it with a call to the same endpoint with CreateNewRefreshToken: true
parameter before timestamp +refreshTokenExpiresInSeconds
occurs.
Note: it is a bad practice to rely on 401 responses to update tokens after they have expired.
createLink()
…IntegrationAccessToken
interface…accessTokens
…
accessToken
brokerType
brokerName
accountId
can be emptyaccountName
can be emptyintegrationId
in the linkToken
request. This will skip the catalog and would normally bring the user to that integrations authentication flow. But if an accessToken
is supplied for this integration when initializing the SDK, then the user will go right into the transfer flow when Link launches (ie. they will skip catalog and skip auth).
If you would like the user to see the catalog (ie. maybe there’s a general “Deposit directly from your exchange or wallet” button in your UX), then you can simply follow the steps above to pass any accessTokens
available for the user (one or an array). If the user selects an integration from the catalog for which there is an available accessToken
, they will skip auth and go right to transfer.