Build data auth links

Use the auth link builder in Console to test and build the authorisation flow for your users.

In order for users of your app to share their financial data with you, they have to:

  • Consent to sharing their data.
  • Select the banking provider to share data from and authorise this.

Use the Auth link builder in Console to build links for your users to do this. Go to Console > Data API > Auth Link Builder.

When you customise your auth link on this page, the parameters in the Your generated Authentication link section at the bottom of the page dynamically update to display the structure of the link.

The Auth Link Builder in Console.

The Auth Link Builder in Console.

Configuration options

In the Auth link builder that displays on the right of the page, there are a variety of options you can customise. You can use the country dropdown in the top-right to toggle between different countries. The rest of the options are contained within tabs.

Some options are only available in the live environment. For example, in the sandbox environment, you can only select the United Kingdom as a country and the only available provider is Mock. Additionally, the Providers tab in the sandbox environment changes in the live environment to reflect the types of providers that are available.

Country dropdown

Use the country dropdown to switch different countries you want to select providers for in your auth link.

The Providers you select for each country persist when you switch to a different country and select different providers. However, settings you select in the Permissions, Redirect URIs, or Others tabs are universal and apply to all countries.

You can check the query parameters in the URL under Your generated auth link to see this.


In the live environment, the Providers tab displays as the Open Banking or XSA2 Banks tabs. This depends on what type of providers are available for your chosen country.

Use the checkboxes in these tabs to select which providers your users can share their data from. Use the toggles at the top of the tab to select individual providers, all, or none of them.


Use the Permissions tab to select the information your customers can choose to share with you. For example, information about identity, transactions, or cards.

You can also enable the offline_access scope if you want to receive a refresh_token that can be used to continue to access data after the access_token expires.

Additionally, if you have contacted us and have access to them, you can enable the signupplus and verification scopes to enable those products.

Redirect URIs

Use this to select the Redirect URI your user is sent to after they authorise a connection with their banking provider. You can add more redirect URIs in App settings.


The Others tab contains the option to add the response_mode=form_post query parameter to your auth link. If you use this, the code you receive after user authentication is sent to your redirect URI as a post request (this can be useful for security reasons). You can exchange this code for an access_token.