Developer Guide

This guide is for programmers that want to create an application that can access a user's financial data. Your application never sees the user's bank account credentials. In summary, this is the flow:

  1. A user gets a Setup Token from this server.
  2. The user gives the Setup Token to your application.
  3. Your application sends the Setup Token to this server and receives an Access Token in return.
  4. Your application uses the Access Token to get the user's transaction data from this server.
  5. At any point, the user can disable the Access Token.

Bash/cURL Example

This example can be copied and pasted into a Linux terminal to see that it works.

1. Generate a Setup Token

Send your users here to sign up for this service and generate a token:

For testing purposes, here's a ready-to-use demo token:


2. Exchange the Setup Token for an Access Token

As per the SimpleFIN specification, base64-decode the token to get a URL, then issue a POST to that URL. Here's how you might do that on Linux:

CLAIM_URL="$(echo "$SETUP_TOKEN" | base64 -D)"
ACCESS_URL=$(curl -H "Content-Length: 0" -X POST "$CLAIM_URL")

You can only do the above step once. Once you receive an ACCESS_URL, save it—the corresponding SETUP_TOKEN will no longer work.

3. Use the Access Token to get some data

Make an HTTP GET request to {ACCESS_URL}/accounts with Basic Auth credentials. Here's how you might do that on Linux:

curl "${ACCESS_URL}/accounts"

Python Example

This Python script (which requires the Requests library) will prompt for a Setup Token (the thing in the box above) then fetch and print the latest sample transaction data.