Flinks Statements API
Signs up one or more of the connected customer accounts to retrieve PDF bank statements issued by their financial institution, referenced by the session RequestId.
Signs up one or more of the connected customer accounts to retrieve PDF bank statements issued by their financial institution, referenced by the session RequestId.
openapi: 3.0.1
info:
title: Flinks API
description: >-
Representative specification of the Flinks financial data API. Businesses
connect to consumer and business bank accounts to aggregate account,
transaction, and statement data, verify identity, and derive income,
credit-risk, and fraud analytics. A session is opened with the multi-step
/Authorize (MFA) endpoint using a LoginId returned by Flinks Connect; the
resulting RequestId is passed to subsequent data, enrichment, and analytics
endpoints. All calls are authenticated with a short-lived authorize token
supplied in the flinks-auth-key header.
termsOfService: https://flinks.com/terms-of-service/
contact:
name: Flinks Support
url: https://help.flinks.com/
version: '3.0'
servers:
- url: https://{instance}-api.private.fin.ag/v3/{customerId}/BankingServices
description: Flinks per-customer instance host.
variables:
instance:
default: toolbox
description: Assigned instance / environment prefix (e.g. toolbox for sandbox).
customerId:
default: '00000000-0000-0000-0000-000000000000'
description: Your Flinks customer identifier (GUID).
paths:
/GenerateAuthorizeToken:
post:
operationId: generateAuthorizeToken
tags:
- Authorize
summary: Generate a short-lived authorize token.
description: >-
Exchanges your API secret for a 30-minute authorize token that must be
supplied in the flinks-auth-key header on all other endpoints.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/GenerateAuthorizeTokenRequest'
responses:
'200':
description: Authorize token generated.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthorizeTokenResponse'
/Authorize:
post:
operationId: authorize
tags:
- Connect
summary: Open a banking session and handle MFA.
description: >-
Opens a session for a Flinks Connect LoginId. Returns HTTP 200 with a
RequestId and Links on success, or HTTP 203 with SecurityChallenges when
a multi-factor challenge is required. Resubmit with RequestId and
SecurityResponses to complete the challenge.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AuthorizeRequest'
responses:
'200':
description: Authorization successful; session is ready for data calls.
content:
application/json:
schema:
$ref: '#/components/schemas/AuthorizeResponse'
'203':
description: Multi-factor authentication required.
content:
application/json:
schema:
$ref: '#/components/schemas/MfaChallengeResponse'
'400':
description: Invalid parameters.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
description: Authentication failed.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
/GetAccountsDetail:
post:
operationId: getAccountsDetail
tags:
- Connect
summary: Retrieve full account detail and transactions.
description: >-
Returns full detail for each linked account - identity, balances, up to
90 or 365 days of transactions, and holder KYC. May return HTTP 202;
poll /GetAccountsDetailAsync with the same RequestId until HTTP 200.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/GetAccountsDetailRequest'
responses:
'200':
description: Account detail returned.
content:
application/json:
schema:
$ref: '#/components/schemas/AccountsResponse'
'202':
description: Request accepted and processing; poll the async endpoint.
content:
application/json:
schema:
$ref: '#/components/schemas/AsyncPendingResponse'
/GetAccountsDetailAsync/{requestId}:
get:
operationId: getAccountsDetailAsync
tags:
- Connect
summary: Poll a pending accounts-detail request.
parameters:
- name: requestId
in: path
required: true
schema:
type: string
format: uuid
description: The RequestId returned by /Authorize.
responses:
'200':
description: Account detail returned.
content:
application/json:
schema:
$ref: '#/components/schemas/AccountsResponse'
'202':
description: Still processing.
content:
application/json:
schema:
$ref: '#/components/schemas/AsyncPendingResponse'
/GetAccountsSummary:
post:
operationId: getAccountsSummary
tags:
- Connect
summary: Retrieve general account summary information.
description: >-
Returns cardholder name (when available), balance, category, and EFT
eligibility for each linked account, without full transaction history.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/RequestIdBody'
responses:
'200':
description: Account summary returned.
content:
application/json:
schema:
$ref: '#/components/schemas/AccountsResponse'
'202':
description: Processing; poll /GetAccountsSummaryAsync.
content:
application/json:
schema:
$ref: '#/components/schemas/AsyncPendingResponse'
/GetStatements:
post:
operationId: getStatements
tags:
- Connect
summary: Retrieve PDF bank statements.
description: >-
Signs up one or more connected accounts to retrieve PDF statements
issued by their financial institution.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/GetStatementsRequest'
responses:
'200':
description: Statements returned.
content:
application/json:
schema:
$ref: '#/components/schemas/StatementsResponse'
/FieldMatch:
post:
operationId: fieldMatch
tags:
- Identity
summary: Verify applicant fields against the connected account holder.
description: >-
Compares supplied applicant identity fields (name, address, phone,
email) against the identity captured on the connected bank account and
returns per-field match results.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/FieldMatchRequest'
responses:
'200':
description: Field match results returned.
content:
application/json:
schema:
$ref: '#/components/schemas/FieldMatchResponse'
/GetCategorization:
post:
operationId: getCategorization
tags:
- Enrich
summary: Return categorized transactional data.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/RequestIdBody'
responses:
'200':
description: Categorized transactions returned.
content:
application/json:
schema:
$ref: '#/components/schemas/CategorizationResponse'
/GetIncomeAttributes:
post:
operationId: getIncomeAttributes
tags:
- Score
summary: Standardized income verification attributes.
description: >-
Returns a high-level overview of total income, employment income, and
government income for standardized income verification.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AttributesRequest'
responses:
'200':
description: Income attributes returned.
content:
application/json:
schema:
$ref: '#/components/schemas/AttributesResponse'
/GetCreditRiskAttributes:
post:
operationId: getCreditRiskAttributes
tags:
- Score
summary: Credit risk and income attributes.
description: >-
Returns overall financial information, employment and non-employment
income sources, loan payments, bill payments, and additional risk
analysis measures.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AttributesRequest'
responses:
'200':
description: Credit risk attributes returned.
content:
application/json:
schema:
$ref: '#/components/schemas/AttributesResponse'
/Upload:
post:
operationId: upload
tags:
- Fraud
summary: Process externally supplied bank statement / transaction data.
requestBody:
required: true
content:
multipart/form-data:
schema:
$ref: '#/components/schemas/UploadRequest'
responses:
'200':
description: Upload accepted and processed.
content:
application/json:
schema:
$ref: '#/components/schemas/UploadResponse'
/FraudAnalysis:
post:
operationId: fraudAnalysis
tags:
- Fraud
summary: Run fraud analysis on uploaded documents.
description: >-
Surfaces tampering and fraud signals from an uploaded document set.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/RequestIdBody'
responses:
'200':
description: Fraud analysis result returned.
content:
application/json:
schema:
$ref: '#/components/schemas/FraudAnalysisResponse'
components:
securitySchemes:
flinks_auth_key:
type: apiKey
in: header
name: flinks-auth-key
description: >-
Short-lived (30-minute) authorize token obtained from
/GenerateAuthorizeToken.
security:
- flinks_auth_key: []
schemas:
Error:
type: object
properties:
HttpStatusCode:
type: integer
Message:
type: string
FlinksCode:
type: string
description: >-
Machine-readable code such as INVALID_LOGIN, DISABLED_LOGIN, or
QUESTION_NOT_FOUND.
required:
- HttpStatusCode
- Message
GenerateAuthorizeTokenRequest:
type: object
properties:
secret:
type: string
description: Your Flinks API secret.
required:
- secret
AuthorizeTokenResponse:
type: object
properties:
AuthorizeToken:
type: string
ExpiresIn:
type: integer
description: Token lifetime in seconds (1800).
Link:
type: object
properties:
rel:
type: string
href:
type: string
method:
type: string
AuthorizeRequest:
type: object
properties:
LoginId:
type: string
format: uuid
description: Identifier returned by Flinks Connect after a successful login.
MostRecentCached:
type: boolean
default: true
description: Use cached data (true, recommended) or live mode (false).
Language:
type: string
enum: [en, fr]
default: en
Save:
type: boolean
default: true
Tag:
type: string
RequestId:
type: string
format: uuid
description: Required when resubmitting after an MFA challenge.
SecurityResponses:
type: object
description: >-
Map of MFA question prompts to arrays of user answers.
additionalProperties:
type: array
items:
type: string
required:
- LoginId
AuthorizeResponse:
type: object
properties:
RequestId:
type: string
format: uuid
Institution:
type: string
InstitutionId:
type: string
Login:
type: object
Links:
type: array
items:
$ref: '#/components/schemas/Link'
HttpStatusCode:
type: integer
example: 200
SecurityChallenge:
type: object
properties:
Type:
type: string
Iterables:
type: array
items:
type: string
Prompt:
type: string
MfaChallengeResponse:
type: object
properties:
RequestId:
type: string
format: uuid
SecurityChallenges:
type: array
items:
$ref: '#/components/schemas/SecurityChallenge'
HttpStatusCode:
type: integer
example: 203
RequestIdBody:
type: object
properties:
RequestId:
type: string
format: uuid
description: RequestId returned by /Authorize.
required:
- RequestId
GetAccountsDetailRequest:
type: object
properties:
RequestId:
type: string
format: uuid
WithAccountIdentity:
type: boolean
default: true
description: Include transit / institution / account numbers.
WithKYC:
type: boolean
default: true
description: Include account-holder identity information.
WithTransactions:
type: boolean
default: true
DaysOfTransactions:
type: string
enum: [Days90, Days365]
AccountsFilter:
type: array
items:
type: string
WithDetailsAndBankingStatements:
type: boolean
required:
- RequestId
GetStatementsRequest:
type: object
properties:
RequestId:
type: string
format: uuid
AccountsFilter:
type: array
items:
type: string
NumberOfStatements:
type: string
description: Number of PDF statements to retrieve (e.g. Months3, Months12).
required:
- RequestId
Balance:
type: object
properties:
Available:
type: number
Current:
type: number
Limit:
type: number
Transaction:
type: object
properties:
Date:
type: string
format: date
Description:
type: string
Debit:
type: number
nullable: true
Credit:
type: number
nullable: true
Balance:
type: number
Holder:
type: object
properties:
Name:
type: string
Address:
type: object
properties:
CivicAddress:
type: string
City:
type: string
Province:
type: string
PostalCode:
type: string
Country:
type: string
Email:
type: string
PhoneNumber:
type: string
Account:
type: object
properties:
Id:
type: string
Title:
type: string
AccountNumber:
type: string
LastFourDigits:
type: string
TransitNumber:
type: string
InstitutionNumber:
type: string
Category:
type: string
Type:
type: string
Currency:
type: string
Balance:
$ref: '#/components/schemas/Balance'
Transactions:
type: array
items:
$ref: '#/components/schemas/Transaction'
Holder:
$ref: '#/components/schemas/Holder'
AccountsResponse:
type: object
properties:
RequestId:
type: string
format: uuid
Accounts:
type: array
items:
$ref: '#/components/schemas/Account'
Institution:
type: string
HttpStatusCode:
type: integer
example: 200
AsyncPendingResponse:
type: object
properties:
RequestId:
type: string
format: uuid
HttpStatusCode:
type: integer
example: 202
Message:
type: string
example: Operation is pending; poll the async endpoint.
Statement:
type: object
properties:
AccountId:
type: string
FileName:
type: string
Base64Content:
type: string
description: Base64-encoded PDF statement.
StatementsResponse:
type: object
properties:
RequestId:
type: string
format: uuid
Statements:
type: array
items:
$ref: '#/components/schemas/Statement'
FieldMatchRequest:
type: object
properties:
RequestId:
type: string
format: uuid
Name:
type: string
Address:
type: string
Email:
type: string
PhoneNumber:
type: string
required:
- RequestId
FieldMatchResult:
type: object
properties:
Field:
type: string
Matched:
type: boolean
Score:
type: number
FieldMatchResponse:
type: object
properties:
RequestId:
type: string
format: uuid
Results:
type: array
items:
$ref: '#/components/schemas/FieldMatchResult'
Category:
type: object
properties:
Name:
type: string
Amount:
type: number
Count:
type: integer
CategorizationResponse:
type: object
properties:
RequestId:
type: string
format: uuid
Categories:
type: array
items:
$ref: '#/components/schemas/Category'
AttributesRequest:
type: object
properties:
RequestId:
type: string
format: uuid
Package:
type: string
description: Attributes package name to compute.
required:
- RequestId
Attribute:
type: object
properties:
Name:
type: string
Value:
type: string
AttributesResponse:
type: object
properties:
RequestId:
type: string
format: uuid
Attributes:
type: array
items:
$ref: '#/components/schemas/Attribute'
UploadRequest:
type: object
properties:
file:
type: string
format: binary
description: The bank statement or transaction document to process.
Tag:
type: string
required:
- file
UploadResponse:
type: object
properties:
RequestId:
type: string
format: uuid
Status:
type: string
FraudAnalysisResponse:
type: object
properties:
RequestId:
type: string
format: uuid
FraudScore:
type: number
Signals:
type: array
items:
type: object
properties:
Name:
type: string
Severity:
type: string
security:
- flinks_auth_key: []