We've reorganized our products to make building with Codat easier than ever
Skip to main content

Authorization flow

Explore how your customers can authorize access to their data

Authorization is a key part of any Codat solution - every Company must authorize access to their data before you can pull that data. A frictionless and reassuring auth flow is essential for accessing your SMB customers' data.

Building your auth flow

There are three ways you can enable your customers to connect their financial accounts:

  • No-code

    Hosted Link

    Start capturing data today with our simple, pre-built, conversion-optimized, and customizable authorization flow.

    Read more....

  • Low-code

    Embedded Link

    Maximise conversion and authorize from within your app in 10 lines of code with our auth flow SDK.

    Read more....

  • More code

    Link API

    Leverage our API for a fully customized bespoke user journey.

    Read more....

Link is a pre-built, conversion-optimized, and white-labelled authorization journey. Your customers can connect their financial accounts in minutes using Link. See a demo in action.

  1. For best results, you can fully embed Link in your experience and use our Embedded Link component in your front-end code.

  2. If you're looking to get up and running as quick as possible, use our Hosted Link authorization flow. You can use it out of the box or integrate this into your existing app.

We built Link with these values in mind: Transparency, Consent, and Control.


The data sharing flow should be transparent when explaining to your business customer: What exactly is being shared, how the data will be used, the value they will receive by sharing the data.

Link ensures customers have a clear understanding of:

  • The value exchange on the benefits of providing data access
  • What will happen with the shared data and how it is secured
  • The data that has been shared

After familiarizing themselves with the conditions of sharing their data, your customers should have enough confidence and trust to authorize consented access to their data.

Link provides:

  • Visibility of the data requiring consent to access,
  • A way for the user to authorize consent.

You should have enough control over the authorization flow to offer your customer an experience seamlessly aligned with your brand’s values and aesthetics.

Codat gives you control of Link, ensuring that it meets your use case and provides a focused and relevant flow which your customers understand.

Building your own

We suggest using Link for best results, which can be embedded within your app. However, where you need full control of the flow, you can use our API to build your own authorization journey.

Our auth flow solution supports many real world applications and scenarios that you can leverage regardless of the approach you take to building your auth flow.

Asynchronous use of Link

In your customer's organization, the person signing up through Codat may not have their credentials to hand. To enable them to proceed and explore your product, you can make upfront authorization for different integration categories optional in Settings > Auth flow > Link. Later, remind them to authorize, providing a clear indication of the value to them.

The user signing up may not have access to their business's financial data at all. For best results, provide them with an option to authorize themselves, or to invite someone else to (e.g. a member of their finance team). This can be done via email, or within your product. If the user chooses to invite someone else, this will share the Link URL with the stakeholder who has the credentials for the relevant platform.

This way, users do not have to share credentials with each other, and the user with platform access can complete the authorization asynchronously.

💡 Tips and traps

Device compatibility

Whether you build your own or use Link, browser and mobile compatibility varies for different integrations:

  • Link is compatible with the whole product range of Codat except for Sync for Commerce, which is currently not supported. To set up your Sync for Commerce authorization flow, follow the instructions in our Sync for Commerce documentation.

  • You should not iframe Link. Link is not compatible with iframes and will not work for security reasons (CORS).

  • You should only enable one of the banking integrations to be displayed in the auth flow because each integration is represented differently in the auth flow. Combining multiple approaches may confuse users and lead to reduced auth completion rates.

Was this page useful?