yodlee

Yodlee Fastlink Refresh/Update vs update via API providerAccount with loginForm


From Yodlee's put providerAccount API documentation here

It says that I have to pass in loginForm data along with user's credentials:

5. If the credentials have to be updated in the Yodlee system, one of the following should be provided as input to this service: a. LoginForm b. Field array 6. The loginForm or the field array are the objects under the provider object that is obtained from the get provider details service response. 7. The credentials provided by the user should be embedded in the loginForm or field array object.

Questions

  1. Does this mean I am expected to save or somehow have user's bank credentials stored?

  2. When I go through the refresh flow on Fastlink, it somehow pre-fills the credentials and all I have to do is just click continue; how does Fastlink do that? if Fastlink can do this, my guess is that there is a programmatic way to do this


Solution

  • PUT providerAccounts can be used for three things:

    1. You can initiate an update an account, this means you are asking Yodlee to connect to the bank and retrieve the latest details using credentials that Yodlee already have for that user's account.
    2. You can update credentials(equivalent to edit flow of Fastlink), this is used for updating the password into Yodlee system if the user has changed their password at the bank website.
    3. You can pass MFA information if required(for MFA sites) while updating or editing accounts.

    Though, to answer your question:

    1: No, you should definitely not store user's bank credentials. If your need is just to update user's account, you can initiate that update without passing loginForm or fieldArray. And if the use case is that you need to update user's password, you should ask the user to provide their credentials at the runtime.

    2: You should just call PUT without passing any loginForm, that's what Fastlink refresh flow does.