Generate a reauthentication link

Generate a link to initiate a reauthentication flow. The reauthentication flow provides a simple path for the user to follow to reconnect their account, providing a shorter user journey compared to setting up their account for the first time.

UK only: Reauthentication is currently only supported for UK providers. Ireland and other European providers are not supported.

Most European banks require that end-users who are sharing account details grant permission for data sharing every 90 days.

For these banks, access to your user’s bank accounts will no longer be available 90 days after they initially connect their account. When this happens, the TrueLayer POST /connect/token endpoint will return a 400 invalid_grant error when you try to refresh your tokens, and if you try to fetch data using an access_token TrueLayer will return a 403 access_denied error.

To initiate the reauthentication flow, call the reauth endpoint with a refresh token for the user you would like to re-authenticate. We will return a link to the bank for the user to follow. You can have the user go through this flow either before or after their original connection expires (for example, you may prefer to have users reconnect their accounts a week before the connection expires, which would reset the expiration to 90 days from the time of reauthentication).

Users can use the reauthentication flow for up to 90 days after their associated refresh token expires. (The expiration time varies based on the underlying bank but in general you will have at least 90 days after their connection has expired in which to use the reauthentication flow). After that time has elapsed, reauthentication is no longer possible and the user should go through the first-time authentication flow instead.