Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.refold.ai/llms.txt

Use this file to discover all available pages before exploring further.

Now that you have successfully created Linked Accounts for your end-users, it’s time to create Session Tokens for your clients. The token creation should always happen server side. Session tokens are used to protect your Refold API key and make it easier to manage your end customers’ tokens. When your client makes a request to the Refold APIs, it must include the session token in the request header. The Refold APIs will then use the session token to authenticate the request and grant access to the requested resources. To generate Session Token for a Linked Account, you can use the Refold API or Refold’s Client Side SDK.

Refold API/SDK for Session Token

  1. Request : In your server side code, make a POST Request to the /session-token endpoint or call the .getTokenForLinkedAccount() method of the NodeJS SDK. The request should include the linked-account_id of the user for which the Session token is to be generated.
The session token gets expired in 24 hours. Please make sure you generate a new token in every new session or within 24 hours.
    curl --request POST \
  --url https://api.gocobalt.io/api/v2/public/session-token \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '{
  "linked_account_id": "<string>"
}'
  1. Handle the response: Refold will respond with a JSON Object containing the token if request was successful. Parse the JSON response body and extract the token.
Response
{
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdfaWQiOiI2M2M5M2RhMGI0NmI3MjQzNzg1YTFlMTciLCJsaW5rZWRfYWNjb3VudF9pZCI6IjEyMzQ1Njc4IiwiZW52aXJvbm1lbnQiOiJ0ZXN0IiwiaWF0Ij"
}
  1. Store the Session token: It is critical to store Session tokens securely, as they grant access to sensitive user data. Implement a secure storage solution to store Session tokens and do not log or expose tokens to your frontend application.
  2. Handle Errors: If the /session-token endpoint returns a 500 error, your server-side code should handle it gracefully. The error is returned due to providing an incorrect linked_account_id while making the request.

Checkpoint + Next Step

After completing this step, you now have the Session Token for your Linked Accounts. But before you make the API Calls, first let’s Display the apps/integrations on Client-side.