Backend
Get Session Token
In this guide, you’ll create Session Token which makes it easier to manage you end customer’s tokens.
Now that you have successfully created Linked Accounts for your end-users, it’s time to create Session Tokens for your clients. The token creation should always happen server side.
Session tokens are used to protect your Cobalt API key and make it easier to manage your end customers’ tokens. When your client makes a request to the Cobalt APIs, it must include the session token in the request header. The Cobalt APIs will then use the session token to authenticate the request and grant access to the requested resources.
To generate Session Token for a Linked Account, you can use the Cobalt API or Cobalt’s Client Side SDK.
Cobalt API/SDK for Session Token
- Request : In your server side code, make a POST Request to the
/session-tokenendpoint or call the .getTokenForLinkedAccount() method of the NodeJS SDK. The request should include thelinked-account_idof the user for which the Session token is to be generated.
The session token gets expired in 24 hours. Please make sure you generate a new token in every new session or within 24 hours.
- Handle the response: Cobalt will respond with a JSON Object containing the
tokenif request was successful. Parse the JSON response body and extract thetoken.
Response
- Store the Session token: It is critical to store Session tokens securely, as they grant access to sensitive user data. Implement a secure storage solution to store Session tokens and do not log or expose tokens to your frontend application.
-
Handle Errors: If the
/session-tokenendpoint returns a 500 error, your server-side code should handle it gracefully. The error is returned due to providing an incorrect linked_account_id while making the request.
After completing this step, you now have the Session Token for your Linked Accounts.