openapi: 3.0.1 info: title: Envestnet Account Token APIs description: Financial institutions (FIs) or FinTech customers using the account verification product to provide digital payment services can eliminate the risk of storing users' sensitive financial account information using Account Token endpoints. The endpoints allow customers to create an account-specific token that the payment processors can use to retrieve account information.

Payment processors who have a processorToken can exchange these tokens for account data using Payment Processor endpoints. termsOfService: https://developer.yodlee.com/terms/condition contact: email: developer@yodlee.com license: name: Yodlee Developer License url: https://developer.yodlee.com/terms/condition#_Services_1 version: 1.1.0 servers: - url: / tags: - name: Account Token description: 'Account verification customers looking to integrate with one of our payment partners can use the Account Token endpoints. These APIs allow creating a secure processor token for your user''s verified financial accounts. You can then share the processor token with our payment partners to enable them to securely request the user''s account details from Envestnet | Yodlee.

You will have to set the header before making the API call. The following headers apply to all the APIs:

Note: If there are any API-specific headers, they are mentioned explicitly in the respective API''s description.

' - name: Auth description: APIs that invoke authentication as a prerequisite for access to our other APIs. - name: Payment Processor description: 'Envestnet | Yodlee''s payment processor partners can use the Payment Processor endpoints to access verified account details using the processorToken created and shared by mutual customers. These APIs are only for payment processor partners and not for developers using the Envestnet | Yodlee services to integrate with payment partners. Refer here for a guide on working with payment processor partners.
As a processor payment partner, you can retrieve the following account information using the processorToken:
You will have to set the header before making the API call. The following headers apply to all the APIs:

Note: If there are any API-specific headers, they are mentioned explicitly in the respective API''s description.

' paths: /paymentProcessor/token: post: tags: - Account Token summary: Envestnet Create Account Token description: The create account token service allows you to create a secure processorToken for a user's verified financial account. This processorToken can then be shared with one of our payment processor partners. operationId: generatePaymentProcessorToken requestBody: description: account information content: application/json: schema: $ref: '#/components/schemas/PaymentProcessorTokenRequest' required: true responses: "200": description: OK content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/PaymentProcessorTokenResponse' "400": description: 'Y007 : Authorization header missing
Y008 : Invalid token in authorization header
Y833 : Invalid values(s) for accountId
Y800 : Invalid value for processor
Y813 : accountId should be provided
Y813 : processor should be provided' content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/YodleeError' "401": description: Unauthorized content: {} "404": description: Not Found content: {} deprecated: false x-codegen-request-body-name: tokenRequest delete: tags: - Account Token summary: Envestnet Delete Account Token description: The delete account token service allows you to revoke a previously generated processorToken. It is recommended to use this service when you want to disallow further access to the user's financial account, for instance when a user removes their account from your application. operationId: revokePaymentProcessorToken parameters: - name: processorToken in: header description: The token that you want to delete. required: true schema: type: string responses: "204": description: No Content content: {} "400": description: 'Y007 : Authorization header missing
Y008 : Invalid token in authorization header
Y016 : processorToken header missing' content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/YodleeError' "401": description: Unauthorized content: {} "404": description: Not Found content: {} deprecated: false /auth/token: post: tags: - Auth summary: Envestnet Generate Access Token description: Generate Access Token using client credential authentication.
This service returns access tokens required to access Yodlee 1.1 APIs. These tokens are the simplest and easiest of several alternatives for authenticating with Yodlee servers.
The most commonly used services obtain data specific to an end user (your customer). For these services, you need a user access token. These are simply tokens created with the user name parameter (loginName) set to the id of your end user.

Note: You determine this id and you must ensure it's unique among all your customers.

Each token issued has an associated user. The token passed in the http headers explicitly names the user referenced in that API call.

Some of the APIs do administrative work, and don't reference an end user.
One example of administrative work is key management. Another example is registering a new user explicitly, with POST /user/register call or subscribe to webhook, with POST /config/notifications/events/{eventName}.
To invoke these, you need an admin access token. Create this by passing in your admin user login name in place of a regular user name.

This service also allows for simplified registration of new users. Any time you pass in a user name not already in use, the system will automatically implicitly create a new user for you.
This user will naturally have very few associated details. You can later provide additional user information by calling the PUT user/register service.

Notes: operationId: generateAccessToken requestBody: content: application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/auth_token_body' responses: "201": description: OK content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/ClientCredentialTokenResponse' "400": description: 'Y800 : Invalid value for loginName
Y806 : Invalid input
Y801 : Invalid length for loginName
Y303 : clientId or secret is missing
Y301 : Invalid clientId or secret
Y305 : Access token can be issued only for pre-registered users
Y004 : Inactive user
Y901 : Service not supported
' content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/YodleeError' "401": description: 'Y016 : loginName header missing
Y015 : Unauthorized User
Y016 : Api-Version header missing
Y020 : Invalid token in authorization header
Y027 : Unsupported authentication type' content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/YodleeError' "404": description: Not Found content: {} deprecated: false delete: tags: - Auth summary: Envestnet Delete Token description: This endpoint revokes the token passed in the Authorization header. This service is applicable for JWT-based (and all API key-based) authentication and also client credential (clientId and secret) based authentication. This service does not return a response body. The HTTP response code is 204 (success with no content).
Tokens generally have limited lifetime of up to 30 minutes. You will call this service when you finish working with one user, and you want to delete the valid token rather than simply letting it expire.

Note:
  • Revoking an access token (either type, admin or a user token) can take up to 2 minutes, as the tokens are stored on a distributed system.
    operationId: deleteToken responses: "204": description: No Content content: {} "401": description: 'Y020 : Invalid token in authorization header
    Y023 : Token has expired
    Y016 : Api-Version header missing
    Y015 : Unauthorized User
    Y027 : Unsupported authentication type
    Y007 : Authorization header missing
    Y020 : Invalid token in authorization header' content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/YodleeError' "404": description: Not Found content: {} deprecated: false /partner/paymentProcessor/account/holder: get: tags: - Payment Processor summary: Envestnet Get Account Holder Details description: 'The get account holder details service retrieves the account holder information such as name, email, phone number, address, etc. of the verified financial account associated with the processorToken. The lastUpdated field indicates when the account information was last updated. We recommend using this service when looking for information related to the account holder(s), for instance, to confirm the account holder''s name.

    Note: Remember to include the Authorization header.' operationId: getVerifiedAccountHolder parameters: - name: processorToken in: header description: Token shared by customer to access financial account information. required: true schema: type: string responses: "200": description: OK content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/PaymentAccountHolderResponse' "400": description: 'Y007 : Authorization header missing
    Y008 : Invalid token in authorization header
    Y800 : Invalid value for processorToken
    Y016 : processorToken header missing' content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/YodleeError' "401": description: Unauthorized content: {} "404": description: Not Found content: {} deprecated: false /partner/paymentProcessor/account: get: tags: - Payment Processor summary: Envestnet Get Account Details description: 'The get account details service retrieves account information such as account name, type, status, balance, account number and transfer code (for example, routing number of the bank account in the US) of the verified account associated with the processorToken. The lastUpdated field indicates when the account information was last updated. We recommend using this service when looking for details related to the financial account, for instance, the full account number and bank transfer code for initiating a payment.

    Note: Remember to include the Authorization header.' operationId: getVerifiedAccount parameters: - name: processorToken in: header description: Token shared by customer to access financial account information. required: true schema: type: string responses: "200": description: OK content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/PaymentAccountResponse' "400": description: 'Y007 : Authorization header missing
    Y008 : Invalid token in authorization header
    Y800 : Invalid value for processorToken
    Y016 : processorToken header missing' content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/YodleeError' "401": description: Unauthorized content: {} "404": description: Not Found content: {} deprecated: false /partner/paymentProcessor/account/balance: get: tags: - Payment Processor summary: Envestnet Get Account Balance description: 'The get account balance service retrieves the account balance information of the verified account associated with the processorToken. The response returns additional account information including account names, type and status, along with the account balance information.
    This service forces an update of the account balances. While other services also return the account balances, this service attempts to refresh the account balances in real-time rather than return a cached value. Refer to the lastUpdated field to determine when the account balances were refreshed. We recommend using this service when looking for the latest balance for the account.
    While posting a debit against an account, it is generally advisable to check the available balance field to verify the availability of sufficient funds. This service returns both available and current balances:
    Note: Remember to include the Authorization header.' operationId: getVerifiedAccountBalance parameters: - name: processorToken in: header description: Token shared by customer to access financial account information. required: true schema: type: string responses: "200": description: OK content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/PaymentAccountBalanceResponse' "400": description: 'Y007 : Authorization header missing
    Y008 : Invalid token in authorization header
    Y800 : Invalid value for processorToken
    Y016 : processorToken header missing' content: application/json;charset=UTF-8: schema: $ref: '#/components/schemas/YodleeError' "401": description: Unauthorized content: {} "404": description: Not Found content: {} deprecated: false components: schemas: PaymentProcessorTokenResponse: title: PaymentProcessorTokenResponse type: object properties: token: type: array description: token readOnly: true items: $ref: '#/components/schemas/AccountToken' AccountToken: title: AccountToken type: object properties: processorToken: type: string description: The unique token that the payment partner can use to make API request to the Envestnet | Yodlee system. readOnly: true accountId: type: integer description: The unique identifier for the user's account. format: int64 readOnly: true YodleeError: title: YodleeError type: object properties: errorMessage: type: string errorCode: type: string referenceCode: type: string PaymentProcessorTokenRequest: title: PaymentProcessorTokenRequest required: - accountId - processor type: object properties: accountId: type: array description: The unique identifier for the user's account. items: type: integer format: int64 processor: type: string description: The payment processor with whom the customer is integrating. ClientCredentialTokenResponse: title: ClientCredentialTokenResponse type: object properties: token: $ref: '#/components/schemas/ClientCredentialToken' ClientCredentialToken: title: ClientCredentialToken type: object properties: expiresIn: type: integer description: Time in seconds after which the issued accessToken expires.

    Endpoints: format: int32 readOnly: true issuedAt: type: string description: The date and time on which accessToken was created for the customer.

    Endpoints: readOnly: true accessToken: type: string description: Access Token to access YSL 1.1 services.

    Endpoints: readOnly: true PaymentAccountHolderResponse: title: PaymentAccountHolderResponse type: object properties: account: type: array readOnly: true items: $ref: '#/components/schemas/PaymentAccountHolder' PaymentAccountHolder: title: PaymentAccountHolder type: object properties: accountStatus: type: string description: The status of the account that is updated by the user through an application or an API.
    • Endpoints: readOnly: true enum: - ACTIVE - INACTIVE - TO_BE_CLOSED - CLOSED - DELETED lastUpdated: type: string description: The date time the account information was last retrieved from the provider site and updated in the Yodlee system.
    Endpoints: readOnly: true accountName: type: string description: The account name as it appears at the site.
    Endpoints: readOnly: true accountType: type: string description: The type of account that is aggregated, i.e., savings, checking, charge, etc. The account type is derived based on the attributes of the account.
    Endpoints: readOnly: true profile: $ref: '#/components/schemas/AccountProfileDetail' holder: type: array description: Holder details of the account.
    Endpoints:
  • GET /partner/paymentProcessor/account/holder
    • readOnly: true items: $ref: '#/components/schemas/AccountHolderData' id: type: integer description: The primary key of the account resource and the unique identifier for the account.

    Endpoints: format: int64 readOnly: true AccountProfileDetail: title: AccountProfileDetail type: object properties: identifier: type: array description: Identifiers available in the profile page of the account.
    Endpoints:
  • GET /partner/paymentProcessor/account/holder
    • readOnly: true items: $ref: '#/components/schemas/Identifier' address: type: array description: Address available in the profile page of the account.
    Endpoints:
  • GET /partner/paymentProcessor/account/holder
    • readOnly: true items: $ref: '#/components/schemas/AccountAddress' phoneNumber: type: array description: Phone number available in the profile page of the account.
    Endpoints:
  • GET /partner/paymentProcessor/account/holder
    • readOnly: true items: $ref: '#/components/schemas/PhoneNumber' email: type: array description: Email Id available in the profile page of the account.
    Endpoints:
  • GET /partner/paymentProcessor/account/holder
    • readOnly: true items: $ref: '#/components/schemas/Email' Identifier: title: Identifier type: object properties: type: type: string description: Type of Identifier readOnly: true enum: - NIE - DNI - EIN - BN - AADHAR - NIN - NRIC value: type: string description: Value of the identifier readOnly: true AccountAddress: title: AccountAddress type: object properties: zip: type: string country: type: string address3: type: string address2: type: string city: type: string sourceType: type: string address1: type: string street: type: string state: type: string type: type: string enum: - HOME - BUSINESS - POBOX - RETAIL - OFFICE - SMALL_BUSINESS - COMMUNICATION - PERMANENT - STATEMENT_ADDRESS - PAYMENT - PAYOFF - UNKNOWN PhoneNumber: title: PhoneNumber type: object properties: type: type: string description: type of phone number readOnly: true enum: - HOME - WORK - LANDLINE - MOBILE value: type: string description: Phone Number readOnly: true Email: title: Email type: object properties: type: type: string readOnly: true enum: - PRIMARY - SECONDARY - PERSONAL - WORK - OTHERS value: type: string readOnly: true AccountHolderData: title: AccountHolderData type: object properties: identifier: type: array description: Identifiers of the account holder.
    Endpoints:
  • GET /partner/paymentProcessor/account/holder
    • readOnly: true items: $ref: '#/components/schemas/Identifier' gender: type: string description: Identifiers of the account holder.
    Endpoints:
  • GET /partner/paymentProcessor/account/holder
    • readOnly: true ownership: type: string description: Indicates the ownership of the account.
    Endpoints:
  • GET /partner/paymentProcessor/account/holder
    • readOnly: true enum: - PRIMARY - SECONDARY - CUSTODIAN - OTHERS - POWER_OF_ATTORNEY - TRUSTEE - JOINT_OWNER - BENEFICIARY - AAS - BUSINESS - DBA - TRUST name: $ref: '#/components/schemas/Name' Name: title: Name type: object properties: middle: type: string last: type: string fullName: type: string first: type: string PaymentAccountResponse: title: PaymentAccountResponse type: object properties: account: type: array readOnly: true items: $ref: '#/components/schemas/PaymentAccount' PaymentAccount: title: PaymentAccount type: object properties: accountStatus: type: string description: The status of the account that is updated by the user through an application or an API.Endpoints: readOnly: true enum: - ACTIVE - INACTIVE - TO_BE_CLOSED - CLOSED - DELETED lastUpdated: type: string description: The date time the account information was last retrieved from the provider site and updated in the Yodlee system.
    Endpoints: readOnly: true accountName: type: string description: The account name as it appears at the site.
    Endpoints: readOnly: true accountType: type: string description: The type of account that is aggregated, i.e., savings, checking, charge, etc. The account type is derived based on the attributes of the account.
    Endpoints: readOnly: true currentBalance: $ref: '#/components/schemas/Money' id: type: integer description: The primary key of the account resource and the unique identifier for the account.

    Endpoints: format: int64 readOnly: true bankTransferCode: type: array description: Bank and branch identification information.

    Endpoints: readOnly: true items: $ref: '#/components/schemas/PaymentBankTransferCodeData' availableBalance: $ref: '#/components/schemas/Money' fullAccountNumberList: $ref: '#/components/schemas/FullAccountNumbers' Money: title: Money required: - amount type: object properties: amount: type: number format: double convertedAmount: type: number format: double currency: type: string enum: - USD - AUD - BRL - CAD - EUR - GBP - HKD - IDR - INR - JPY - NZD - SGD - ZAR - CNY - VND - MYR - CHF - AED - AFA - ALL - AMD - ANG - AOA - ARS - AWG - AZM - BAM - BBD - BDT - BGL - BHD - BIF - BMD - BND - BOB - BSD - BTN - BWP - BYR - BZD - CDF - CLP - COP - CRC - CUP - CVE - CYP - CZK - DJF - DKK - DOP - DZD - EEK - EGP - ERN - ETB - FJD - FKP - GEL - GGP - GHC - GIP - GMD - GNF - GTQ - GYD - HNL - HRK - HTG - HUF - ILS - IMP - IQD - IRR - ISK - JEP - JMD - JOD - KES - KGS - KHR - KMF - KPW - KRW - KWD - KYD - KZT - LAK - LBP - LKR - LRD - LSL - LTL - LVL - LYD - MAD - MDL - MGF - MKD - MMK - MNT - MOP - MRO - MTL - MUR - MVR - MWK - MXN - MZM - NAD - NGN - NIO - NOK - NPR - OMR - PAB - PEN - PGK - PHP - PKR - PLN - PYG - QAR - ROL - RUR - RWF - SAR - SBD - SCR - SDD - SEK - SHP - SIT - SKK - SLL - SOS - SPL - SRG - STD - SVC - SYP - SZL - THB - TJR - TMM - TND - TOP - TRL - TTD - TVD - TWD - TZS - UAH - UGX - UYU - UZS - VEB - VUV - WST - XAF - XAG - XAU - XCD - XDR - XOF - XPD - XPF - XPT - YER - YUM - ZMK - ZWD - ADP - ATS - BEF - BUK - CSD - CSK - DDM - DEM - ECS - ESP - FIM - GRD - GWP - IEP - ITL - LUF - MLF - NLG - PTE - SUR - TPE - UAK - XBA - XBB - XBC - XBD - XEU - XFO - XFU - XGF - XMK - XRM - XTS - YDD - YUD - ZRN - TJS - RON - BGN - BTC - XBT - CNH - RUB - TRY - GHS - TMT - ZMW - VEF - SSP - ALK convertedCurrency: type: string enum: - USD - AUD - BRL - CAD - EUR - GBP - HKD - IDR - INR - JPY - NZD - SGD - ZAR - CNY - VND - MYR - CHF - AED - AFA - ALL - AMD - ANG - AOA - ARS - AWG - AZM - BAM - BBD - BDT - BGL - BHD - BIF - BMD - BND - BOB - BSD - BTN - BWP - BYR - BZD - CDF - CLP - COP - CRC - CUP - CVE - CYP - CZK - DJF - DKK - DOP - DZD - EEK - EGP - ERN - ETB - FJD - FKP - GEL - GGP - GHC - GIP - GMD - GNF - GTQ - GYD - HNL - HRK - HTG - HUF - ILS - IMP - IQD - IRR - ISK - JEP - JMD - JOD - KES - KGS - KHR - KMF - KPW - KRW - KWD - KYD - KZT - LAK - LBP - LKR - LRD - LSL - LTL - LVL - LYD - MAD - MDL - MGF - MKD - MMK - MNT - MOP - MRO - MTL - MUR - MVR - MWK - MXN - MZM - NAD - NGN - NIO - NOK - NPR - OMR - PAB - PEN - PGK - PHP - PKR - PLN - PYG - QAR - ROL - RUR - RWF - SAR - SBD - SCR - SDD - SEK - SHP - SIT - SKK - SLL - SOS - SPL - SRG - STD - SVC - SYP - SZL - THB - TJR - TMM - TND - TOP - TRL - TTD - TVD - TWD - TZS - UAH - UGX - UYU - UZS - VEB - VUV - WST - XAF - XAG - XAU - XCD - XDR - XOF - XPD - XPF - XPT - YER - YUM - ZMK - ZWD - ADP - ATS - BEF - BUK - CSD - CSK - DDM - DEM - ECS - ESP - FIM - GRD - GWP - IEP - ITL - LUF - MLF - NLG - PTE - SUR - TPE - UAK - XBA - XBB - XBC - XBD - XEU - XFO - XFU - XGF - XMK - XRM - XTS - YDD - YUD - ZRN - TJS - RON - BGN - BTC - XBT - CNH - RUB - TRY - GHS - TMT - ZMW - VEF - SSP - ALK PaymentBankTransferCodeData: title: PaymentBankTransferCodeData type: object properties: id: type: string description: The financial institution's branch identification number that is associated with the lender.
    Endpoints: type: type: string description: 'The payment bank transfer code type varies based on the region of the account originates from.
    Valid Values: BSB, IFSC, ROUTING_NUMBER, SORT_CODE
    Endpoints:Applicable Values
    ' enum: - BSB - IFSC - ROUTING_NUMBER - SORT_CODE FullAccountNumbers: title: FullAccountNumbers type: object properties: paymentAccountNumber: type: string description: The payment account number is used for payments in all regions, this may be looked as an ACH account number in the US.
    Endpoints: readOnly: true unmaskedAccountNumber: type: string description: The unmasked account number is same as account number that is used to refer to an account and is not partial or masked.
    Endpoints: readOnly: true PaymentAccountBalanceResponse: title: PaymentAccountBalanceResponse type: object properties: account: type: array readOnly: true items: $ref: '#/components/schemas/PaymentAccountBalance' PaymentAccountBalance: title: PaymentAccountBalance type: object properties: accountStatus: type: string description: The status of the account that is updated by the user through an application or an API.Endpoints: readOnly: true enum: - ACTIVE - INACTIVE - TO_BE_CLOSED - CLOSED - DELETED lastUpdated: type: string description: The date time the account information was last retrieved from the provider site and updated in the Yodlee system.
    Endpoints: readOnly: true accountName: type: string description: The account name as it appears at the site.
    Endpoints: readOnly: true accountType: type: string description: The type of account that is aggregated, i.e., savings, checking, charge, etc. The account type is derived based on the attributes of the account.
    Endpoints: readOnly: true currentBalance: $ref: '#/components/schemas/Money' id: type: integer description: The primary key of the account resource and the unique identifier for the account.

    Endpoints: format: int64 readOnly: true availableBalance: $ref: '#/components/schemas/Money' auth_token_body: type: object properties: clientId: type: string description: clientId issued by Yodlee is used to generate the OAuth token for authentication. secret: type: string description: secret issued by Yodlee is used to generate the OAuth token for authentication.