How to obtain MatchingAccountVerificationData after successful user verification via Fastlink IAV widget? - yodlee

I'm trying to obtain MatchingAccountVerificationData from Yodlee IAV getMatchingAccountVerificationData
for user that was verified via fastlink widget.
The only missing piece for me is how to obtain verifiableAccount.verifiableAccountId so
I could make use of that API.
I would know how to get that data without fastlink, because that information
appears in response to addTransferAccountForItem as "dfiAccountId".
The problem is that fastlink widget handles that so we're not aware of transferaccount ids.
It is possible to get list of transferaccount / verifiableaccounts per user
so we'll be able to MatchingAccountVerificationData?
How to do it?
Thanks,

Though, this is not documented but you can use getAllTransferAccounts API
Below is the informaiton for the same-
Endpoint(You can replace your environment specific base URL)- https://rest.developer.yodlee.com/services/srest/restserver/v1.0/jsonsdk/TransferAccountManagement/getAllTransferAccounts
HTTP: POST
Input parameter needs to be passed-
cobSessionToken
userSessionToken
This will give you list of all added accounts' dfiAccountId and transferAccountId.

Related

Yodlee Fastlink Refresh/Update vs update via API providerAccount with loginForm

From Yodlee's put providerAccount API documentation here
It says that I have to pass in loginForm data along with user's credentials:
5. If the credentials have to be updated in the Yodlee system, one of the following should be provided as input to this service:
a. LoginForm
b. Field array
6. The loginForm or the field array are the objects under the provider object that is obtained from the get provider details service response.
7. The credentials provided by the user should be embedded in the loginForm or field array object.
Questions
Does this mean I am expected to save or somehow have user's bank credentials stored?
When I go through the refresh flow on Fastlink, it somehow pre-fills the credentials and all I have to do is just click continue; how does Fastlink do that? if Fastlink can do this, my guess is that there is a programmatic way to do this
PUT providerAccounts can be used for three things:
You can initiate an update an account, this means you are asking Yodlee to connect to the bank and retrieve the latest details using credentials that Yodlee already have for that user's account.
You can update credentials(equivalent to edit flow of Fastlink), this is used for updating the password into Yodlee system if the user has changed their password at the bank website.
You can pass MFA information if required(for MFA sites) while updating or editing accounts.
Though, to answer your question:
1: No, you should definitely not store user's bank credentials. If your need is just to update user's account, you can initiate that update without passing loginForm or fieldArray. And if the use case is that you need to update user's password, you should ask the user to provide their credentials at the runtime.
2: You should just call PUT without passing any loginForm, that's what Fastlink refresh flow does.

Using FastLink for Account Refresh and Edit

We are trying to use Fastlink to provide instant refresh and account edit functions. This has not been successful as we keep getting "Problem updating account" FastLink UI.
We do not want to use the ProviderAccount PUT API to trigger refresh as we want to stay away from providing login/MFA UI. FastLink has been very helpful in providing the account add function and we really want to leverage it for all the account related functions.
Please use the following sample values in extraParams for refreshing or updating account.
Refresh Account:
String extraParams="flow=refresh&siteAccountId=10139794&callback=https://www.google.co.in";
Update Account:String extraParams = "flow=edit&siteAccountId=10139794&callback=https://www.google.co.in";
Please pass the value of providerAccountId for siteAccountId.

Yodlee Site cannot be refresh

I'm trying to test the MFA in Yodlee with the dummy account DagBankTokenFMPA. I let the MFA timed out and now everytime, I try to refresh I got the same error :
{"siteRefreshStatus":{"siteRefreshStatusId":10,"siteRefreshStatus":"SITE_CANNOT_BE_REFRESHED"},"siteRefreshMode":{"refreshModeId":1,"refreshMode":"MFA"},"updateInitTime":0,"nextUpdate":2047149073,"code":522,"suggestedFlowReason":{"suggestedFlowReasonId":2,"suggestedFlowReason":"ACCOUNT_IN_ERROR"},"suggestedFlow":{"suggestedFlowId":3,"suggestedFlow":"EDIT"},"itemRefreshInfo":[{"memItemId":10088102,"itemSuggestedFlow":{"suggestedFlowId":3,"suggestedFlow":"EDIT"},"itemSuggestedFlowReason":{"suggestedFlowReasonId":2,"suggestedFlowReason":"ACCOUNT_IN_ERROR"},"errorCode":522,"retryCount":1}],"noOfRetry":1,"isMFAInputRequired":true}
How can I prevent that ? Do I need to stop the refresh with stopRefresh and start over ?
In this case you need to call updateSiteAccountCredentials API and just pass the details again, this will trigger a refresh and then you need to call getMFAResponseForSite to see what MFA information is required by the bank.
To add more, it seems like you are mixing two sets of APIs here. We recommend to either use container based APIs or Site Based set of APIs, in conjunction with Core APIs which are common to both.

How to make twitter api calls using access token

I have managed to get an access token from the twitter api. Now I want to use that token for my further data fetching things, so please help me here to get the details of my twitter account.
For example, lets say I wanted to get the user's data, so when I tested this in apigee console, I got my result.
But how to get the same result, using same api, by hitting on a browser using the access token
something like this
Please help
It's a little more complex than the URL you suggested, but you can use Twitter's OAuth tool to generate the OAuth signature you need to make requests to its Home Timeline API call.
You can find the OAuth tool here:
https://dev.twitter.com/docs/api/1.1/get/statuses/home_timeline#oauth-tool
it's not like that when making twitter api calls you need to send consumer key, consumer secret, your_access_token and your_access_token_secret together
Eg: oauth_consumer_key="KEY",oauth_signature_method="HMAC-SHA1",oauth_timestamp="TIMESTAMP",oauth_nonce="NONCE",oauth_version="1.0",oauth_token="YOUR_TOKEN",oauth_signature="SIGN"
Source: https://twittercommunity.com/t/getting-the-user-details-using-access-token/6325/3

Authorizing for Google ToDo List (AuthToken, secid)

I'm trying to get access to the Google's todo feed with this url:
https://www.google.com/calendar/tdl?secid=<SECID>&tdl={%22action_list%22%3A[{%22action_type%22%3A%22get_all%22%2C%22action_id%22%3A%221%22%2C%22list_id%22%3A%2215052708471047222911%3A0%3A0%22%2C%22get_deleted%22%3Afalse}]%2C%22client_version%22%3A-1}
If I open this in my browser with a correct secid, it shows me right what I want.
Now, the question is: how do I get secid programmatically (specifically, in a java program)? I have access to the authToken (from CalendarService), but I have no clue how to use it to authorize my access to the URL above.
I tried to use the url http://google.com/accounts/ServiceLogin, but I didn't find any examples.
Any help, please?
From what I read secid is a session ID obtained from browser's cookies. Whereas your case uses Java which implies a server app. If that is the case, you want to drop the idea of using secid entirely.
Instead, you want to check out Google's OAuth2 documentation. If you are using Java, most likely you would be interested in the web-server OAuth flow. Pay special attention to the sequence diagrams.
The key steps include:
1) Obtain an authorization code from Google OAuth with the user's consent. For that, you redirect the user to Google with the appropriate scope. Check the list of calendar scopes for your case. Once the user consents, Google redirects back to you with an authorization code.
2) Call Google OAuth with the authorization code and your app's credentials to exchange for an access token.
3) Call Google's Calendar API using the access token.
And if you use Google's Java client as suggested by #ChaosPredictor, chances are some of the steps are already wrapped into the Java client (and your code will be much simpler).