Install the SDK using npm or yarn.
npm install @moneytree/mt-link-javascript-sdk
# or
yarn add @moneytree/mt-link-javascript-sdkThen you can use it directly in your code:
// using import
import mtLinkSdk, { MtLinkSdk } from '@moneytree/mt-link-javascript-sdk';
// or using require
const { default: mtLinkSdk, MtLinkSdk } = require('@moneytree/mt-link-javascript-sdk');
// or via window object
const instance = window.mtLinkSdk;
const newInstance = new window.MtLinkSdk();
// mtLinkSdk - an instance of the SDK.
// MtLinkSdk - in case you need to create a new instance of the SDK for whatever reason,
// e.g: const newInstance = new MtLinkSdk();The source also includes Typescript definitions out of the box.
We use fetch and Promise internally, if you wish to support old browsers (e.g: IE11), make sure to add the necessary polyfills.
The Moneytree LINK Javascript SDK exposes APIs to get guest consent to access financial data, and exchange an authorization grant for an access token.
The init call is used to initialize the SDK and set default options for API calls. Some LINK APIs can be used without calling init.
Calls related to OAuth require a client id which can only be set via the init function. These APIs include:
- authorize
- onboard
- exchangeToken
- tokenInfo
mtLinkSdk.init(clientId, options);| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| clientId | string | true | OAuth NOTE: This function will throw an error if this parameter isn't provided. |
|
| options | object | false | These options include all of the values below and also all Available options are documented under authorize options and common options; refer to each individual link for more details. |
|
| options.mode | production, staging, develop, local |
false | production |
Environment for the SDK to connect to, the SDK will connect to the Moneytree production server by default.
|
| options.locale | string | false | Auto detect. | Force Moneytree to load content in this specific locale. A default value will be auto detected based on guest langauges configurations and location if available. Check this spec for more information. Currently supported values are: en, en-AU, ja. |
| options.cobrandClientId (private) | string | false | NOTE: This is an internal attribute. Please do not use it unless instructed by your integration representative. Brand Moneytree apps with client's branding. E.g: logo or theme. |
OAuth authorization method to request guest consent to access data via the Link API.
For security reasons we removed support for implicit flow. We have opted for the PKCE/code grant flow.
Guest login is required for this SDK to work, by default we will show the login screen and redirect the guest to the consent screen after they log in (Redirection happens immediately if they are currently logged in; you may pass the forceLogout option to force the guest to log in, even if they have an active session.)
You may also choose to display the sign up form by default by passing the authAction option.
NOTE: You must initialize the SDK (via the init method) before calling this API.
mtLinkSdk.authorize(options);| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| object | false | Value set during init. |
Optional parameters as described in common options. | |
| options.scopes | string OR string[] |
false | Value set during init.OR guest_read |
Access scopes you're requesting. This can be a single scope, or an array of scopes. Currently supported scopes are: guest_read, accounts_read, points_read, point_transactions_read, transactions_read, transactions_write, expense_claims_read, categories_read, investment_accounts_read, investment_transactions_read, notifications_read, request_refresh, life_insurance_read. |
| options.redirectUri | string | false | Value set during init. |
OAuth redirection URI, refer here for more details. NOTE: This function will throw an error if this value is undefined and no default value was provided in the init options. |
| options.state | string | false | Value set during init.OR Randomly generated uuid. |
Refer here for more details. NOTE: Make sure to set this value explicitly if your server generates an identifier for the OAuth authorization request so that you can use to acquire the access token after the OAuth redirect occurs. |
| options.codeChallenge | string | false | We only support SHA256 as code challenge method, therefore please ensure the code_challenge was generated using the SHA256 hash algorithm. Click here for more details.NOTE: Set this value only if your server wish to use PKCE flow. |
|
| options.pkce | boolean | false | false | Set to true if you wish to use PKCE flow on the client side, SDK will automatically generate the code challenge from a locally generated code verifier and use the code verifier in exchangeToken. |
| boolean | false | false |
Force existing guest session to logout and call authorize with a clean state. |
The onboard API allows a new guest to get onboard faster without having to go through the registration process. All you have to do is provide an emai address and pass the same options parameter as the authorize function. We will display a consent screen explaining the access requests and applicable scopes. Once the guest consents, a new Moneytree account will be created on their behalf and authorization is completed. Resulting behavior will be the same as the authorize redirection flow.
Onboard will force any current guest session to logout, hence you do not have to call logout manually to ensure a clean state.
If an account with this email address already exists we will redirect the guest to the login screen.
NOTE:
mtLinkSdk.onboard(options);| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| options | object | false | Value set during init. |
Optional parameters. Most options are the same as the authorize method options and common options with a few exceptions. Unsupported options from authorize and common options are: |
| options.email | string | true | Value set during init. |
A new Moneytree account will be created with this email address. If an existing account with this email exists, the guest will be redirected to the login screen. NOTE: SDK will throw an error if both values here and from the init options are undefined. |
Since we are using PKCE/Code grant, we will have to exchange the code for a token. You can optionally pass code via options parameter or it will fallback to automatically extract it from the browser URL.
code will be invalidated (can be used only once) after exchanged for a token, it is your responsibility to store the token yourself as the SDK does not store it internally.
Refer here for more details.
One way to use this API is by calling it in the script on your redirection page. For example, if authorize redirects to https://yourapp.com/callback?code=somecode, you can call this function in the script loaded on that redirection page and the client library will automatically extract the code to exchange for a token.
Alternatively, you can extract the code manually from the redirect URL and pass it to this function via the options object yourself.
const token = await mtLinkSdk.exchangeToken(options);| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| options | object | false | Value set during init. |
Optional parameters. |
| options.code | string | false | Value from browser URL | Code from OAuth redirection used to exchange for a token, SDK will try to extract it from the browser URL if none is provided. NOTE: SDK will throw an error if no value is provided here and the client library failed to extract it from browser URL. |
| options.codeVerifier | string | false | If you pass a codeChallenge option during the authorize or onboard call and wish to exchange the token on the client side application, make sure to set the code verifier used to generate the said codeChallenge here. |
|
| options.redirectUri | string | false | Value set during init. |
Make sure the value of redirectUri here is the same redirectUri value used during the authorize or onboard call.NOTE: The SDK will throw an error if both this parameter and the default value from the init options are undefined. |
You can validate a token or get guest or resource server information related to the token by calling this API.
NOTE: This function will throw an error if the token has expired.
const tokenInfo = await mtLinkSdk.tokenInfo(token);
tokenInfo.iat; // token creation timestamp,
tokenInfo.exp; // token expiration timestamp,
tokenInfo.sub; // guest uid or null,
tokenInfo.scope; // string with space separated scopes
tokenInfo.client_id; // application client id or null
tokenInfo.app; // application related information or null
tokenInfo.app.name; // application name
tokenInfo.app.is_mt; // is moneytree client (internal usage)
tokenInfo.guest; // guest related information or null
tokenInfo.guest.email; // guest email if available
tokenInfo.guest.country; // guest country
tokenInfo.guest.currency; // guest currency,
tokenInfo.guest.lang; // guest language| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| token | string | true | Token you wish to get info for. |
Logout current guest from Moneytree.
mtLinkSdk.logout(options);| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| options | object | false | Value set during init. |
Optional parameters. Includes all options in common options. |
This is a method to open various services provided by Moneytree such as Moneytree account settings, Vault etc.
NOTE: calling this API before calling init will open the services view without branding (company logo etc.)
mtLinkSdk.openService(serviceId, options);| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| serviceId | vault, myaccount, link-kit |
true | Open a service by Id, current supported services are:vault - Manage your financial institution credentials.myaccount - Manage your Moneytree account settings.link-kit - View all your financial data.NOTE: This function will throw an error if you do not specify a valid service ID. |
|
| options | object | false | Value set during init. |
Optional parameters. Includes all options in common options. |
| options.view for Vault | services-list, service-connection, connection-setting, customer-support |
false | We provide options for opening a specific page on Vault and MyAccount. Please check the following sessions: NOTE: The serviceId must be vault to enable this option. |
|
| options.view for MyAccount | authorized-applications, change-language, email-preferences, delete-account, update-email, update-password |
false | We provide options for opening a specific page on MyAccount. Please check the following sessions: NOTE: The serviceId must be myaccount to enable this option. |
It has to include these properties of options below when calling openService API.
NOTE: This scenario only works when serviceId is vault.
mtLinkSdk.openService('vault', { view: 'services-list', type: 'bank', group: 'grouping_bank', search: 'japan' });| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| serviceId | vault |
true | Open a Vault service. | |
| options.view | services-list |
true | Assign to open services page. | |
| options.type | bank (personal bank), credit_card (personal credit card), stored_value (electronic money), point (loyalty point), corporate (corporate bank or card) |
false | Filter the services by type. | |
| options.group | grouping_bank, grouping_bank_credit_card, grouping_bank_dc_card, grouping_corporate_credit_card, grouping_credit_card, grouping_credit_coop, grouping_credit_union, grouping_dc_pension_plan, grouping_debit_card, grouping_digital_money, grouping_ja_bank, grouping_life_insurance, grouping_point, grouping_regional_bank, grouping_stock, grouping_testing |
false | Filter the services by group. | |
| options.search | string | false | Filter the services by the search term. |
It has to include these properties of options below when calling openService API.
NOTE: This scenario only works when serviceId is vault.
mtLinkSdk.openService('vault', { view: 'service-connection', entityKey: 'yucho_bank' });| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| serviceId | vault |
true | Open a Vault service | |
| options.view | service-connection |
true | Assign to open service connection page | |
| options.entityKey | string | true | Service entity key NOTE: Top page of the Vault would be shown if entityKey is invalid. |
It has to include these properties of options below when calling openService API.
NOTE: This scenario only works when serviceId is vault.
mtLinkSdk.openService('vault', { view: 'connection-setting', credentialId: '123456' });| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| serviceId | vault |
true | Open a Vault service | |
| options.view | connection-setting |
true | Assign to open connection setting page | |
| options.credentialId | string | true | Service credential Id NOTE: Top page of the Vault would be shown if the credentialId is invalid. |
It has to include these properties of options below when calling openService API.
NOTE: This scenario only works when serviceId is vault.
mtLinkSdk.openService('vault', { view: 'customer-support' });| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| serviceId | vault |
true | Open a Vault service | |
| options.view | customer-support |
true | Assign to open customer support page |
It has to include these properties of options below when calling openService API.
NOTE: This scenario only works when serviceId is myaccount.
mtLinkSdk.openService('myaccount', { view: 'settings/update-email' });| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| serviceId | myaccount |
true | Open MyAccount | |
| options.view | string | false | settings (for mobile view)OR settings/update-email (for desktop view) |
Directly go to the chosen page. Currently supported locations include:settings - Main Moneytree account settings screen.settings/authorized-applications - List of apps currently connected to Moneytree.settings/change-language - Change Moneytree account language screen.settings/email-preferences - Change Moneytree email preferences screensettings/delete-account - Delete Moneytree account screen.settings/update-email - Change Moneytree account email screen.settings/update-password - Change Moneytree account password screen.If no value is provided, it goes to the top page of MyAccount. |
Request for a password-less login link to be sent to the guest's email address. Clicking on the link in the email will log a guest in directly to the screen specified by the loginLinkTo parameter.
mtLinkSdk.requestLoginLink(options);| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| options | object | false | Value set during init. |
Optional parameters. Includes all options in common options. |
| options.loginLinkTo | string | true | settings (for mobile view)OR settings/update-email (for desktop view) |
Redirection to location after login, currently supported locations include:settings - Main Moneytree account settings screen.settings/authorized-applications - List of apps currently connected to Moneytree.settings/change-language - Change Moneytree account language screen.settings/email-preferences - Change Moneytree email preferences screensettings/delete-account - Delete Moneytree account screen.settings/update-email - Change Moneytree account email screen.settings/update-password - Change Moneytree account password screen. |
| options.email | string | true | Value set during init. |
Login Link will be sent to this email. NOTE: This function will throw an error if both values here and from the init options are undefined. |
These common options are used in multiple APIs. Instead of repeating the same options in every definition, they are documented here.
NOTE: Since options are optional for each function call in the SDK, they will be read from the init options by default if none are provided.
| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
| options.email | string | false | Value set during init. |
Email used to pre-fill the email field in login or sign up or form. |
| options.backTo | string | false | Value set during init. |
A redirection URL for redirecting a guest back to in the following condition: Back to [App Name] button in any Moneytree screen.NOTE: No Back to [App Name] button will be shown if this value is not set, and any of the actions mentioned above will redirect the guest back to login screen by default. |
login, signup |
false | Value set during init.OR login |
Show login or sign up screen when a session does not exist during an authorize call. |
|
| options.showAuthToggle | boolean | false | Value set during init.OR true |
If you wish to disable the login to sign up form toggle button and vice-versa in the auth screen, set this to false. |
| options.showRememberMe | boolean | false | Value set during init.OR true |
If you wish to disable the Stay logged in for 30 days checkbox in the login screen, set this to false. |
| options.isNewTab | boolean | false | Value set during init.OR false |
Call method and open/render in a new browser tab, by default all views open in the same tab. |
| options.sdkPlatform (private) | string | false | Generated by the SDK. | NOTE: this is for Moneytree internal use, please do not use it to avoid unintended behavior! Indicating sdk platform. |
| options.sdkVersion (private) | semver | false | Generated by the SDK. | NOTE: this is for Moneytree internal use, please do not use it to avoid unintended behavior! Indicating sdk version. |
We support gray labelling some of the services offered by Moneytree, please contact your Moneytree representative for more information.
Currently supported services:
- onboard API
- Vault service
- Link-Kit service