Starting Session
Get Session Token (Authentication)
POST /v2/session/startSession
To authenticate and begin your session, you will need to provide the following credentials in a secure POST request:
Request Headers:
- Content-Type: application/json
- x-source-customer-id: string
Note: Refer to the Security Requirements section on suggestions to secure the x-source-customer-id. Also for customers who have not linked a card to the Cardlytics Rewards platform, you can use no-user-available as the x-source-customer-id to receive a valid token.
Request Payload:
- clientId: Your unique clientId provided by Cardlytics.
- secret: A secure secret key shared with you by Cardlytics.
Request Payload Sample:
{
"clientId": "String",
"secret": "String"
}
Response
Upon successful authentication, the API will provide a bearer token that you can use to access our services.
Token Details:
-
Bearer Token Validity: The token is valid for 15 minutes from the time of issue.
-
This Bear Token should be cached for subsequent API calls.
-
Only request a new token if the previous one has expired.
Errors and Handling Expired Tokens:
-
Providing an invalid clientId or clientSecret the API will return a 500 Internal Server Error
-
If your token expires, all subsequent API requests will return a 401 Unauthorized response indicating that the session is no longer valid.
-
To continue accessing the API, you must request a new token using the same token generation endpoint (
POST /v2/session/startSession
).
Link SDK
Overview
The Link SDK provides several methods to manage customers’ account linking between your application and financial institutions through our platform. Below you'll find detailed explanations of how to use each method.
Methods
-
getAccountLinkStatus
-
Description: Retrieves the account linking status. {#exceptions:}
-
Parameters:
-
Returns: CardlyticsCustomerProfile
-
-
startAccountLink
-
Description:
Initiates the account linking process. The process varies depending on the selected link provider but aims to store an access token in the CDLX backend.
-
Parameters:
-
cdlxSessionToken (string): A valid CDLX session token.
-
linkProvider (string): Must be one of the supported linking providers. Currently supports "PLAID_HOSTED". {#exceptions:}
-
redirect_uri (string): The URL to redirect to after a successful link.
-
x-source-customer-id (string): A valid source customer Id. Should be the same hashed id used during /startSession
-
-
Returns: void
-
Exceptions:
-
-
deleteAccountLink
Script Tag
To include the Cardlytics Link SDK in your project, use the following script tag:
<script src="/linking-sdk/v1/cardlytics-linking-sdk.js"></script>
Security Requirements
Use HMAC-SHA-256 to obfuscate x-source-customer-id
:
Example (Node.js):
const crypto = require('crypto');
function hashCustomerId(customerId, secret) {
return crypto.createHmac('sha256', secret).update(customerId).digest('hex');
}
Updated 1 day ago