API ReferenceSign In

2. Account Linking

Last updated 06/11/2020

Linked token represents a customer’s authorization to access a particular channel. A customer object is needed to proceed with account linking.

  1. Merchant sends a POST request to Initiate Account Authorization API with the required parameters. This is done once per channel/bank. Make sure to provide the customer object ID in as the customer_id.
  2. There are two ways to initiate linking:

For debit card linking in Indonesia: 

  1. Upon receipt of the successful response, this means that an OTP is sent to the end-customer’s bank-registered mobile number.
  2. To complete linking, a valid OTP must be sent to the Validate Authorization API. This will respond if the authorization is successful or not.

For bank account access linking in the Philippines: 

  1. Upon receipt of the successful response, the merchant must redirect the customer to the  authorizer_url  to display the selected channel’s own authorization page.

  2. Upon completion of authorization (success or fail), Xendit will do the following:

    1. Redirect the user to the provided success_redirect_url or fail_redirect_url based on the status.

      • A linked_account_token_id will be included as a query parameter on the success_redirect_url; use this to query accessible accounts by the token.
      • This process is synchronous and it is recommended to wait for the redirect before proceeding with other actions.
    2. For successful bank account linking, Xendit sends an object with the list of accounts via POST to the given callback_url