Build your own auth flow

Create your own journey to connect your customers' financial platforms

Codat recommends Link SDK

Instead of building your own solution, use the Link SDK to fully embed our flexible, white-labeled auth flow in your application.

You will benefit from our extensive experience combined with authorization best practices, providing your users with a native feeling of the auth flow and achieving an 89% conversion rate on average.

If your business scenario and circumstances prevent you from using our LinkLink The authorization flow that allows end users to connect their accounting, banking, or commerce platforms to your application via Codat. SDK, you can use the endpoints that allow you to build the journey for your business customers to connect their financial platforms. Next, we will go through the steps and endpoints in detail.

Create a Codat companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources.

First, create a company to represent your SMBSMB The primary customer segment that Codat helps businesses serve, typically companies with annual revenues under $500 million. in Codat. We recommend doing that at the time your SMBSMB The primary customer segment that Codat helps businesses serve, typically companies with annual revenues under $500 million. user signs up within your app. This way, you can track their connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. status from day one.

To create a new companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources., use the Create company endpoint and provide a name for the companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources. in the request body. If your user has previously authorized with you, use the companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources. you previously created for them. For details on managing and deleting existing companies, review Manage companies with our API.

Use your customer's ID for the company name

For the companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources. name parameter, we recommend you pass the ID that you use for the customer in your internal system. This makes it easier to identify the Codat companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources. that corresponds to your record of the customer.

From the response, retain the companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources. ID (companyId), because you will need it for directing your customers to LinkLink The authorization flow that allows end users to connect their accounting, banking, or commerce platforms to your application via Codat. and managing their connectionsConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform..

Optionally, you can set up a webhook to monitor the connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. status of the newly created companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources..

Display a list of integrations

Next, you need to provide your customer with a list of platforms they can provide you access to, including the platform name and logo. For additional guidance on best practices of integration selection, see Platform selection.

Retrieve all available integrations

Use the List integrations endpoint to retrieve a list of all integrations available for the customer to connect.

We recommend using a query to filter this list. For example, use the enabled parameter to only return the integrations enabled via the Codat Portal. The sourceType parameter allows you to filter integrations by their data type - accounting, banking or commerce.

You need to encode the query, unless you are using our APIAPI A set of rules and protocols that allows different software applications to communicate with each other. Codat provides APIs for accessing financial data from accounting, banking, and commerce platforms. reference, where that happens automatically. For more details on querying, see Querying.

  //Non-encoded query:
  ?query=sourceType=accounting&&enabled=true

  //Encoded query:
  ?query=sourceType%3DAccounting%26%26enabled%3Dtrue"

Retrieve branded assets

Call the Get branding endpoint to retrieve branded assets for the required integrations, including logos and buttons, and use them on the integration selection page. Cache the assets instead of calling the endpoint each time a user visits the platform selection page.

Add a relevant platform key as a parameter to the call, choosing from the accounting, banking or commerce options. The platformKey is a unique key Codat uses to remove the dependency on a platform's display name.

Branded assets provided by Codat

We advise using the assets provided by Codat because they meet the requirements of the supported integrations. For example, Intuit integrations (QuickBooks Online and QuickBooks Desktop) mandate the use of QuickBooks branded buttons, including specific hover states.

Direct user to enter credentials

Next, direct your customer to enter their credentials and authorize your connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. with their selected platform.

To do that, create a data connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. using the Create connection endpoint. In response, you will receive a linkUrl.

Direct your user to the linkUrl. The page will prompt them to enter their credentials for the third-party platform, authorizing the connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. and activating it in Codat.

One-time passwords for Link

LinkLink The authorization flow that allows end users to connect their accounting, banking, or commerce platforms to your application via Codat. URLs now have one-time passwords (OTP) appended to them. As a result, they behave as follows:

• Your customers aren't able to use the same LinkLink The authorization flow that allows end users to connect their accounting, banking, or commerce platforms to your application via Codat. URL more than once.
• CompanyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources.-specific and connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform.-specific LinkLink The authorization flow that allows end users to connect their accounting, banking, or commerce platforms to your application via Codat. URLs expire after one day even if they weren't used.

Contact your account manager if you want to disable these measures.

If your application already adds query parameters to LinkLink The authorization flow that allows end users to connect their accounting, banking, or commerce platforms to your application via Codat. URLs (for example, by appending ?link.showSandboxIntegrations=false), confirm that your code can handle URLs that already contain query strings.

Once the customer successfully authorized the data connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform., redirect them back to your app. Make sure to handle all possible redirect status codes and error messages so that your users understand what has gone wrong.

If you don't set a redirect URL, the user will be presented with our pre-built LinkLink The authorization flow that allows end users to connect their accounting, banking, or commerce platforms to your application via Codat. success page. To learn more about redirect URLs in Codat, see Redirect URLs.

Limitations on number of connections

A companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources. may only linkLink The authorization flow that allows end users to connect their accounting, banking, or commerce platforms to your application via Codat. a single source of accounting data, but multiple sources of banking or commerce data. Any combination of accounting, banking, and commerce connectionsConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. is allowed. For more on data connectionsConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. and connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. statuses, see Data connections.

Confirm successful authorization

Once the connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. is complete, mark it as authorized and confirm successful authorization to the user. If you want to monitor the connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform., you can set up a webhook to be informed of the status change.

The connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. completion triggers the initial synchronization of data for the newly connected companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources.. You can monitor the progress of the syncSync The process of fetching the latest data from a connected data source. Syncs can be triggered manually or run automatically on a schedule. in the Codat Portal, using our APIAPI A set of rules and protocols that allows different software applications to communicate with each other. Codat provides APIs for accessing financial data from accounting, banking, and commerce platforms.'s Get data status endpoint, or with a webhook.

Once the initial data syncSync The process of fetching the latest data from a connected data source. Syncs can be triggered manually or run automatically on a schedule. completes, inform the user accordingly and continue the flow of your app.

Allow users to manage connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform.

Going forward, your customer must have control over the data they've given you the permission to access. This is key from a regulatory perspective and builds trust between you and your customer. To build this capability, you will need these values:

• The companyId of the Codat companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources. that represents the user
• The connectionId of the connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. the user wants to modify

Use the Get company endpoint if you need to get these values from companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources. metadata.

Allow users to view existing connectionsConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform.

Call the List connections endpoint to get all the existing connectionsConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. for a companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources. and display them to your customer.

Allow users to deauthorize

User's consent is collected via OAuth2, which means we are able to access your customer's data on an ongoing basis.

Therefore, your customers should be able to deauthorize an existing connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform., essentially revoking your access to their platform. You will still be able to access previously synced data, but unable to perform any further syncsSync The process of fetching the latest data from a connected data source. Syncs can be triggered manually or run automatically on a schedule..

Use the Unlink connection endpoint to deauthorize the connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. without deleting it.

Allow users to delete a connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform.

Your customer's data is also permanently stored in our central data database, unless the connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. has been deleted. We do this so that the data is always accessible via our APIAPI A set of rules and protocols that allows different software applications to communicate with each other. Codat provides APIs for accessing financial data from accounting, banking, and commerce platforms. and we don’t need to go to the platform to get it, avoiding rate limits as a result.

However, your customer may want to delete a connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. entirely, preventing you from synchronizing new data or viewing synced data. To do that, use the Delete connection endpoint.

The end user would need to authorize a new data connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. if you wish to view new data for this companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources..

Codat's connection management

Codat is releasing a low-code embeddable UI component for connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. management. Please let us know if you are interested in using it.

For a detailed best practices article on connectionConnection A link between a Codat company and a data source (like an accounting platform). Each connection represents authorized access to pull or push data from that platform. management, see Connection management.

Best practices

We summarized our extensive experience in building authorization flows and maximizing conversion in the following best practice suggestions.

1. Show that your authorization flow is powered by Codat

To boost your customers' trust, you can download our "Powered by Codat" logo and embed it into your application.

2. Use webhooksWebhook An automated notification sent from Codat to your application when specific events occur, such as when data syncs complete or connections change status. to monitor updates

Where possible, use our webhooks service to receive updates on companyCompany In Codat, a company represents your customer's business entity. Companies can have multiple connections to different data sources. and data statuses. This will allow you to fetch fresh data as soon as it is available and reduce the amount of calls to our APIAPI A set of rules and protocols that allows different software applications to communicate with each other. Codat provides APIs for accessing financial data from accounting, banking, and commerce platforms..

3. Manage data usage permissions

We only support the management of data access permissions, not data usage permissions. This means your customer can consent to us accessing their data, and not to what is done with it. If you want to manage how the data is used, you need to do that in your system.

4. Enable users without credentials

In your customer's organization, the person signing up through Codat may not have their credentials to hand. For example, it may be their accountant who actually logs into their accounting software.

To enable them to proceed and explore your product, make upfront authorization for different integration categories optional in Settings > Auth flow > LinkLink The authorization flow that allows end users to connect their accounting, banking, or commerce platforms to your application via Codat.. Later, remind them to authorize or give them an alternative, such as Can't sign in to your platform?.

If the customer selects this option, you can:

• Provide them with a LinkLink The authorization flow that allows end users to connect their accounting, banking, or commerce platforms to your application via Codat. URL they can share
• Use a mailto: linkLink The authorization flow that allows end users to connect their accounting, banking, or commerce platforms to your application via Codat., optionally even prefilling the subject line and email body

It's important that the request to authorize comes from your customer to ensure that the message is trusted.

---

Read next

• Learn more about our Link SDK