What is Link SDK?
Mesh Link is a collection of client side SDKs, that allows your users to connect to their financial institutions and perform transactions using a user interface provided by Mesh. Link will handle credential validation, multi-factor authentication, and error handling for each institution that Mesh supports. Link can also provide a user interface for asset transfers, deposits or payment methods. You can read more about Link use cases in this document. Mesh provides client side SDKs for all modern platforms:Authentication + Call Flow Overview
The starting point for any integration with Mesh is with an account connection, which using the fastest way to get started is by using Link SDKs or cloning the Quickstart React app. After generating Sandbox and Production API keys, you’ll start by leveraging Link SDKs to facilitate end user authentication.- Call /api/v1/linktoken to create a
linktoken
. This endpoint provides a short-lived, one-time-use token for initializing a Link session - Pass the
linktoken
to the appropriate Link SDK. The exact implementation details for passing thelinktoken
will vary by platform. For detailed instructions, see the page for your specific platform - Your user will be able to filter and search for the account they want to connect. Mesh will manage the authentication flow and handle MFAs for all supported integrations.
- After successful authentication on the Link UI,
auth_token
will be passed to the SDK.- 🚨 You should securely store the
auth_token
(andrefresh_token
) for use in subsequent server requests
- 🚨 You should securely store the
auth_token
and refresh_token
which can be used for subsequent server requests.


Link Initialization and Use Cases
Depending on thelinktoken
API call payload, Link’s functionality can be tailored to suit various user flows. From Authentication, Transfers to Deposits, the primary use cases can be found here.
Troubleshooting
For details on dealing with common problems, see the Troubleshooting section.Security Measures for Handling Authentication Tokens
Secure Storage of Authentication Tokens- Backend Storage: It is highly recommended that
auth_token
andrefresh_token
obtained through Mesh Link should be securely stored on your backend server. Storing tokens on the server side enhances security by reducing the exposure of sensitive data to client-side vulnerabilities. - Mobile SDK Secure Storage: For mobile applications, Mesh provides secure storage solutions within the iOS and Android SDKs. The iOS SDK leverages the Secure Enclave, a hardware-based key manager, and for Android devices, Mesh SDK utilizes secure storage mechanisms provided by the Android Keystore system. Utilizing these secure storage options ensures that tokens are stored in a manner compliant with the best practices of each platform.
- No Storage of User Credentials: Mesh’s backend infrastructure is designed to never store user credentials. This approach aligns with best practices in data security, ensuring that sensitive user information remains confidential and reducing the risk of data breaches.