Mesh Link is a collection of client side SDKs, that allows your users to connect to their financial institutions and perform transactions using a user interface provided by Mesh.

Link will handle credential validation, multi-factor authentication, and error handling for each institution that Mesh supports. Link can also provide a user interface for asset transfers, deposits or payment methods. You can read more about Link use cases in this document.

Mesh provides client side SDKs for all modern platforms:

  1. Web Link SDK
  2. iOS Link SDK
  3. Android Link SDK
  4. React Native SDK

Authentication + Call Flow Overview

The starting point for any integration with Mesh is with an account connection, which using the fastest way to get started is by using Link SDKs or cloning the Quickstart React app.

After generating Sandbox and Production API keys, you’ll start by leveraging Link SDKs to facilitate end user authentication.

  1. Call /api/v1/linktoken to create a linktoken. This endpoint provides a short-lived, one-time-use token for initializing a Link session
  2. Pass the linktoken to the appropriate Link SDK. The exact implementation details for passing the linktoken will vary by platform. For detailed instructions, see the page for your specific platform
  3. Your user will be able to filter and search for the account they want to connect. Mesh will manage the authentication flow and handle MFAs for all supported integrations.
  4. After successful authentication on the Link UI, auth_token will be passed to the SDK.
    1. 🚨 You should securely store the auth_token (and refresh_token) for use in subsequent server requests

The diagram below shows the model of how Link is used to obtain the auth_token and refresh_token which can be used for subsequent server requests.

Here is a more detailed call flow diagram for user authentication using Link SDK:

Depending on the linktoken API call payload, Link’s functionality can be tailored to suit various user flows. From Authentication, Transfers to Deposits, the primary use cases can be found here.

Troubleshooting

For details on dealing with common problems, see the Troubleshooting section.

Security Measures for Handling Authentication Tokens

Secure Storage of Authentication Tokens

  • Backend Storage: It is highly recommended that auth_token and refresh_token obtained through Mesh Link should be securely stored on your backend server. Storing tokens on the server side enhances security by reducing the exposure of sensitive data to client-side vulnerabilities.
  • Mobile SDK Secure Storage: For mobile applications, Mesh provides secure storage solutions within the iOS and Android SDKs. The iOS SDK leverages the Secure Enclave, a hardware-based key manager, and for Android devices, Mesh SDK utilizes secure storage mechanisms provided by the Android Keystore system. Utilizing these secure storage options ensures that tokens are stored in a manner compliant with the best practices of each platform.

Handling User Credentials

  • No Storage of User Credentials: Mesh’s backend infrastructure is designed to never store user credentials. This approach aligns with best practices in data security, ensuring that sensitive user information remains confidential and reducing the risk of data breaches.

Learn more about about Security at Mesh

Event Tracking in UI

Mesh Link UI offers an event tracking system, allowing you to gain insights into user interactions within the Link UI. These events can be used for analytics and understanding user behavior. The event data can be obtained directly from the SDKs and includes various user actions, such as initiating a connection, completing authentication, completing an asset transfer, or encountering errors.

The way in which these events are captured and transmitted varies slightly across different platforms (Web, iOS, Android, and React Native). For detailed instructions, see the page for your specific platform.

The following document list of UI Events details all of the events supported by Mesh SDKs.