According to the API documentation, /providerAccounts?{providerAccountId} with include=credentials, should return additional credentials information to the linked account for the user.
When testing this call for the sandboxed account, it seems to return the username, but not the password. Is this the expected behavior?
Without a way to obtain the encrypted password (for manual management on user's behalf), we'd be forced to not use FastLink, but rather re-implement the entire Account link logic (pretty much reinventing FastLink from scratch) in order to be able to store credentials for later use. This causes duplicated data, logic, and creates new security concerns with user credentials management.
This is expected behavior of the API. This is done to provide extra level of security to the users of client of Yodlee. What would be your use case where you would need user's credentials apart from account linking done at first place? Apart from that if you are trying to store user credentials, you should not be doing that as that requires a lot of compliance approvals(unless you have those).