- Since the data from payroll providers is sensitive, making API requests from the backend and storing that data on the backend reduces the likelihood of this data being exposed to malicious persons.
- Exchanging the authorization
codefor anaccess_tokenshould always take place in your backend to ensure yourclient_secretandaccess_tokenare never publicly exposed. - Likewise, your backend should always store the access token in a secure database and should never return the access token to the frontend application.
Build Backend Application
Backend Security
Finch takes security seriously, so we require a backend server to manage all requests and responses to and from Finch APIs. Once the connection has been created via Finch Connect, you can obtain an access_token which will be used to call the Finch APIs. We offer several backend SDKs to make the backend integration smoother.
We require a backend for several reasons: