Authorization flow
Explore how your customers can authorize access to their data
Authorization is a key part of any Codat solution - every Company must authorize access to their data before you can pull that data. A frictionless and reassuring auth flow is essential for accessing your SMB customers' data.
What is Embedded Link?
Link is a pre-built, conversion-optimized, and white-labelled authorization journey. Your customers can connect their financial accounts in minutes using Link. See a demo in action.
You can fully embed our auth flow into your user journey and use our Embedded Link component in your front-end code.
With our rich examples, you can have Link embedded in your application in minutes.
Link's values
We built Link with these values in mind: Transparency, Consent, and Control.
Transparency
Link ensures customers have a clear understanding of what exactly is being shared, how the data will be used, the value they will receive by sharing the data.
Consent
Link provides visibility of the data requiring consent to access, developing enough confidence and trust to authorize consented access to their data.
Control
Codat gives you control of the auth flow, ensuring that it serves your use case, provides an experience aligned with your brand’s values and aesthetics, and gives your customers and intuitive user experience.
Link in practice
Our auth flow solution supports many real world applications and scenarios that you can leverage regardless of the approach you take to building your auth flow.
Asynchronous use of Link
In your customer's organization, the person signing up through Codat may not have their credentials to hand. To enable them to proceed and explore your product, you can make upfront authorization for different integration categories optional in Settings > Auth flow > Link. Later, remind them to authorize, providing a clear indication of the value to them.
The user signing up may not have access to their business's financial data at all. For best results, provide them with an option to authorize themselves, or to invite someone else to (e.g. a member of their finance team). This can be done via email, or within your product. If the user chooses to invite someone else, this will share the Link URL with the stakeholder who has the credentials for the relevant platform.
This way, users do not have to share credentials with each other, and the user with platform access can complete the authorization asynchronously.
Other build options
No-code
Hosted Link
Start capturing data today with our simple, pre-built, conversion-optimized, and customizable authorization flow.
Low-code
Embedded Link
Maximise conversion and authorize from within your app in 10 lines of code with our auth flow SDK.
More code
Link API
Leverage our API for a fully customized bespoke user journey.
In addition to Embedded Link, you can also leverage our no-code or fully custom solutions.
Hosted Link
If you're looking to get up and running as quick as possible, or have limited developer resource, use our Hosted Link authorization flow. You can use it out of the box or integrate this into your existing app.
Building your own
We suggest using Link for best results, which can be embedded within your app. However, where you need full control of the flow, you can use our API to build your own authorization journey.
💡 Tips and traps
Whether you build your own or use Link, browser and mobile compatibility varies for different integrations:
- Some integrations are desktop-only e.g. Sage 50, QuickBooks Desktop.
- Some integrations require downloading a desktop package e.g. Oracle NetSuite, Microsoft Dynamics 365 Business Central.
- Some integrations require switching to complex flows on non mobile-optimized websites due to the complexity of the third-party platform e.g. Sage 200cloud, Sage Intacct.
Link is compatible with the whole product range of Codat except for Sync for Commerce, which is currently not supported. To set up your Sync for Commerce authorization flow, follow the instructions in our Sync for Commerce documentation.
You should not iframe Link. Link is not compatible with iframes and will not work for security reasons (CORS).
You should only enable one of the banking integrations to be displayed in the auth flow because each integration is represented differently in the auth flow. Combining multiple approaches may confuse users and lead to reduced auth completion rates.