To take advantage of the new connections Extend functionality, check out the API reference for the
connections/extend endpoint supersedes the
/reauthuri endpoint. We've designed moving across to be easy - the request structure is very similar. We recommend replacing your use of
At present, we do not have auth dialog support for reconfirmation of consent. This means your application must include a reconfirmation of consent screen, to make sure the end-user has fully informed consent when they reconfirm.
Once consent has been reconfirmed, you can use
You will need to pass in several key pieces of information that will be used depending on the actions required when extending the connection. This allows TrueLayer to provide a straightforward integration which can be expanded upon over time.
You should also provide information about the end user at this point. This includes the user's full name and either their email or phone number. The
user_id is the UUID that was automatically generated for the user when they initially created the connection. You do not need to include any fields specifying the user's bank details.
This call does not require a valid
access_token, but you must include a
refresh_token in the request body for the connection you want to extend. This is so that an expired connection (no consent given in the last 90 days) can still be extended, even if you cannot generate a valid access token for it.
After a valid call to
connections/extend, you receive a successful response. Validation is in place to give meaningful errors if information is missing from the request, as well as informing when other issues may arise.
A successful response from
connections/extend may have a different structure depending on the next steps required. A successful response will always have the field
action_needed, which you can use to determine what needs to happen next in the process.
action_types with mock providers
Our mock bank supports different login credentials which trigger different action types.
- John Doe (username: john, password: doe) will return "authentication_needed"
- John Eternal (username: john, password: eternal) will return "no_action_needed"
When you have received the
no_action_needed action_type, store the new access token and the refresh token you used. These enable you to continue to access account information for that connection. There is no further action required.
When receiving the
authentication_needed action type, the response will include a
user_input_link. The end user should be directed to the
user_input_link. This can occur if a bank hasn't updated their APIs to support reconfirmation — or, in exceptional circumstances, if a bank suspects that data access is occurring fraudulently.
After the end user has gone through the bank authentication process, they are redirected to the
redirect_uri specified in your initial
connections/extend. TrueLayer populates the redirection link with a code that can be used to exchange for a new
Updated 3 months ago