Exchange Token

After the end user has successfully completed the linking process, your back end calls this endpoint to exchange the token received by your front end for a link_id that can be used to access the link's data.

URL

POST

/link-session/exchange-token

Request

curl --request POST \
  --url https://api.moneykit.com/link-session/exchange-token \
  --header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
  --header 'content-type: application/json' \
  --data '{"exchangeable_token":"c7318ff7-257c-490e-8242-03a815b223b7"}'

const options = {
  method: 'POST',
  headers: {
    Authorization: 'Bearer REPLACE_BEARER_TOKEN',
    'content-type': 'application/json'
  },
  body: '{"exchangeable_token":"c7318ff7-257c-490e-8242-03a815b223b7"}'
};

fetch('https://api.moneykit.com/link-session/exchange-token', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

import requests

url = "https://api.moneykit.com/link-session/exchange-token"

payload = {"exchangeable_token": "c7318ff7-257c-490e-8242-03a815b223b7"}
headers = {
    "Authorization": "Bearer REPLACE_BEARER_TOKEN",
    "content-type": "application/json"
}

response = requests.request("POST", url, json=payload, headers=headers)

print(response.text)

package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://api.moneykit.com/link-session/exchange-token"

	payload := strings.NewReader("{\"exchangeable_token\":\"c7318ff7-257c-490e-8242-03a815b223b7\"}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Authorization", "Bearer REPLACE_BEARER_TOKEN")
	req.Header.Add("content-type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api.moneykit.com/link-session/exchange-token")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer REPLACE_BEARER_TOKEN'
request["content-type"] = 'application/json'
request.body = "{\"exchangeable_token\":\"c7318ff7-257c-490e-8242-03a815b223b7\"}"

response = http.request(request)
puts response.read_body

import Foundation

let headers = [
  "Authorization": "Bearer REPLACE_BEARER_TOKEN",
  "content-type": "application/json"
]
let parameters = ["exchangeable_token": "c7318ff7-257c-490e-8242-03a815b223b7"] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.moneykit.com/link-session/exchange-token")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

Response

{
  "link": {
    "link_id": "mk_eqkWN34UEoa2NxyALG8pcV",
    "institution_id": "chase",
    "institution_name": "Chase",
    "institution_avatar": "https://example.com/avatar.png",
    "state": "connected",
    "error_code": null,
        "link_tags": [
      "smoke_test",
      "user_type:admin"
    ],
    "webhook": "https://example.com/webhook",
    "products": {
      "accounts": {
        "refreshed_at": "2023-02-16T09:14:11",
        "last_attempted_at": "2023-02-16T09:14:11",
        "error_code": "rate_limit",
        "error_message": string,
        "unavailable": string
      },
      "account_numbers": {
        "refreshed_at": "2023-02-16T09:14:11",
        "last_attempted_at": "2023-02-16T09:14:11",
        "error_code": "rate_limit",
        "error_message": string,
        "unavailable": string
      },
      "identity": {
        "refreshed_at": "2023-02-16T09:14:11",
        "last_attempted_at": "2023-02-16T09:14:11",
        "error_code": "rate_limit",
        "error_message": string,
        "unavailable": string
      },
      "transactions": {
        "refreshed_at": "2023-02-16T09:14:11",
        "last_attempted_at": "2023-02-16T09:14:11",
        "error_code": "rate_limit",
        "error_message": string,
        "unavailable": string
      },
      "investments": {
        "refreshed_at": "2023-02-16T09:14:11",
        "last_attempted_at": "2023-02-16T09:14:11",
        "error_code": "rate_limit",
        "error_message": string,
        "unavailable": string
      },
      "enrichment": {
        "refreshed_at": "2023-02-16T09:14:11",
        "last_attempted_at": "2023-02-16T09:14:11",
        "error_code": "rate_limit",
        "error_message": string,
        "unavailable": string
      }
    },
    "available_products": [
      "account_numbers"
    ]
  }
}

{
  "error_code": "link_session_error.invalid_token_exchange",
  "error_message": "Invalid token for link",
  "documentation_url": string
}

{
  "error_code": "api_error.auth.expired_access_token",
  "error_message": "Access token expired",
  "documentation_url": string
}

{
  "error_code": "link_session_error.invalid_token_exchange",
  "error_message": "Invalid token for link",
  "documentation_url": string
}

exchangeable_token

: string

required

The token returned to your front end by Connect's onSuccess callback.

example: c7318ff7-257c-490e-8242-03a815b223b7

Responses

201

Successful Response

link_id

: string

deprecated

Please use link.link_id for this value

example: mk_eqkWN34UEoa2NxyALG8pcV

link

: object

Details of the new link.

400

Invalid token exchange (bad token, incorrect link state, etc...).

error_code

: string

link_session_error.invalid_token_exchange

default: "link_session_error.invalid_token_exchange"

Allowed values:

"link_session_error.invalid_token_exchange"

error_message

: string

Error message

example: Invalid token for link

documentation_url

: string

422

Number of allowed connected links exceeded.

error_code

: string

link_session_error.invalid_token_exchange

default: "link_session_error.invalid_token_exchange"

Allowed values:

"link_session_error.invalid_token_exchange"

error_message

: string

Error message

example: Invalid token for link

documentation_url

: string

Request

curl --request POST \
  --url https://api.moneykit.com/link-session/exchange-token \
  --header 'Authorization: Bearer REPLACE_BEARER_TOKEN' \
  --header 'content-type: application/json' \
  --data '{"exchangeable_token":"c7318ff7-257c-490e-8242-03a815b223b7"}'

const options = {
  method: 'POST',
  headers: {
    Authorization: 'Bearer REPLACE_BEARER_TOKEN',
    'content-type': 'application/json'
  },
  body: '{"exchangeable_token":"c7318ff7-257c-490e-8242-03a815b223b7"}'
};

fetch('https://api.moneykit.com/link-session/exchange-token', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

import requests

url = "https://api.moneykit.com/link-session/exchange-token"

payload = {"exchangeable_token": "c7318ff7-257c-490e-8242-03a815b223b7"}
headers = {
    "Authorization": "Bearer REPLACE_BEARER_TOKEN",
    "content-type": "application/json"
}

response = requests.request("POST", url, json=payload, headers=headers)

print(response.text)

package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://api.moneykit.com/link-session/exchange-token"

	payload := strings.NewReader("{\"exchangeable_token\":\"c7318ff7-257c-490e-8242-03a815b223b7\"}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Authorization", "Bearer REPLACE_BEARER_TOKEN")
	req.Header.Add("content-type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://api.moneykit.com/link-session/exchange-token")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer REPLACE_BEARER_TOKEN'
request["content-type"] = 'application/json'
request.body = "{\"exchangeable_token\":\"c7318ff7-257c-490e-8242-03a815b223b7\"}"

response = http.request(request)
puts response.read_body

import Foundation

let headers = [
  "Authorization": "Bearer REPLACE_BEARER_TOKEN",
  "content-type": "application/json"
]
let parameters = ["exchangeable_token": "c7318ff7-257c-490e-8242-03a815b223b7"] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.moneykit.com/link-session/exchange-token")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

Response

{
  "link": {
    "link_id": "mk_eqkWN34UEoa2NxyALG8pcV",
    "institution_id": "chase",
    "institution_name": "Chase",
    "institution_avatar": "https://example.com/avatar.png",
    "state": "connected",
    "error_code": null,
        "link_tags": [
      "smoke_test",
      "user_type:admin"
    ],
    "webhook": "https://example.com/webhook",
    "products": {
      "accounts": {
        "refreshed_at": "2023-02-16T09:14:11",
        "last_attempted_at": "2023-02-16T09:14:11",
        "error_code": "rate_limit",
        "error_message": string,
        "unavailable": string
      },
      "account_numbers": {
        "refreshed_at": "2023-02-16T09:14:11",
        "last_attempted_at": "2023-02-16T09:14:11",
        "error_code": "rate_limit",
        "error_message": string,
        "unavailable": string
      },
      "identity": {
        "refreshed_at": "2023-02-16T09:14:11",
        "last_attempted_at": "2023-02-16T09:14:11",
        "error_code": "rate_limit",
        "error_message": string,
        "unavailable": string
      },
      "transactions": {
        "refreshed_at": "2023-02-16T09:14:11",
        "last_attempted_at": "2023-02-16T09:14:11",
        "error_code": "rate_limit",
        "error_message": string,
        "unavailable": string
      },
      "investments": {
        "refreshed_at": "2023-02-16T09:14:11",
        "last_attempted_at": "2023-02-16T09:14:11",
        "error_code": "rate_limit",
        "error_message": string,
        "unavailable": string
      },
      "enrichment": {
        "refreshed_at": "2023-02-16T09:14:11",
        "last_attempted_at": "2023-02-16T09:14:11",
        "error_code": "rate_limit",
        "error_message": string,
        "unavailable": string
      }
    },
    "available_products": [
      "account_numbers"
    ]
  }
}

{
  "error_code": "link_session_error.invalid_token_exchange",
  "error_message": "Invalid token for link",
  "documentation_url": string
}

{
  "error_code": "api_error.auth.expired_access_token",
  "error_message": "Access token expired",
  "documentation_url": string
}

{
  "error_code": "link_session_error.invalid_token_exchange",
  "error_message": "Invalid token for link",
  "documentation_url": string
}

Exchange Token

URL

Request

Response

Body Parameters

Authorization

Responses

201

400

422

Request

Response