Set up Finch Connect to collect consent from your customers and begin syncing data from their HR or payroll system.
client_id
and client_secret
and is configurable with the following parameters:
Parameter | Required | Description |
---|---|---|
customer_id | true | A unique identifier for your customer. |
customer_name | true | The name of your customer. |
customer_email | false | The email associated to your customer. |
products | true | A space-separated list of permissions your application is requesting access to. See Product Permissions for a list of valid permissions. Please note that SSN is its own product scope. |
redirect_uri | redirect only | The URI your user is redirected to after successfully granting your application access to their system. This value must match one of your application’s configured redirect URIs. |
state | optional | An optional value included as a query parameter in the response back to your application. This value is often used to identify a user and/or prevent cross-site request forgery. |
integration.provider | optional | An optional parameter that allows you to bypass the provider selection screen by providing a valid provider_id from our list of Providers. |
integration.auth_method | optional | An optional parameter that allows you to bypass the provider selection screen by providing a valid auth_method for a provider from our list of Providers. |
sandbox | false | An optional value that allows users to switch on sandbox mode to connect to test environments. Allowed values: finch and provider . For more information, read our testing guide. |
manual | false | An optional value which when set to true displays both Automated and Assisted Providers on the selection screen. |
minutes_to_expire | false | An optional value which allows you to set the number of minutes the connect session should be valid for. Defaults to 30 days. |
connection_id | reauthentication only | A unique identifier created when an employer successfully authenticates through Finch Connect. This ID is only used for reauthentication. You will not have a connection_id for the first call. For all reauthentication flows you should include the connection_id to avoid duplicate connections being created. |
POST /connect/sessions
. When creating the connect session, include your internal customer_id for your customer, the customer’s name and any of the optional fields listed below.
POST /connect/sessions
using the same customer_id
you passed in, Finch will prompt you to re-authenticate instead and return the following error:
POST / connect/sessions
using the same customer_id
you passed in, Finch will simply refresh the connect session and return the same session_id
. You can do this if you wish to update the Customer Name or any other parameter before your customer connects. If you wish to update any parameters after the customer has connected, you will need to use POST / connect/sessions/reauthenticate
.
customer_id
for a given employer, and reuse the same customer_id
across retries or drop-offs. Even if an employer opens the Connect session multiple times before successfully connecting, using the same customer_id
ensures all attempts are tracked as a single staged session.customer_id
to differentiate the Connect sessions (e.g.: acme-1
, acme-2
). Visit this Help Center article for more details.customer_ids
on retries or failed connection attempts - this results in multiple redundant staged connections and could result in unintended behavior:
reauth
, you will need to create a reauthentication session. This is done by calling Create a new Connect session for reauthentication (POST /connect/sessions/reauthenticate
) endpoint with the connection_id
of the connection that requires reauthentication. The response will include a new session_id
and connect_url
for the reauthentication session.
session_id
to the Finch Connect SDK or direct your customer to the URL provided in the response.
https://connect.tryfinch.com
. After a successful connection, Finch Connect will redirect your user back to a URI you specified (redirect_uri
) with a short-lived authorization code
. The redirect_uri
must be set in the Finch Developer Dashboard. Otherwise, the request will fail.
Navigate to the URL in connect_url
from the API response to initiate the redirect flow.
The redirect authorization flow consists of four steps:
redirect_uri
with a short-lived authorization code
.access_token
that your application will use to call the Finch API to retrieve data. Please read the Retrieve An Access Token section for more details on how to exchange the code for an access token.onSuccess
event is called by the SDK, simply pass the code to your internal callback endpoint as a query parameter.
NOTE: You should not include a redirect_uri
if using the embedded flow. Because the entire flow is already self-contained in your app, no redirect is necessary.
npm install --save @tryfinch/react-connect
- yarn add @tryfinch/react-connect
<script src="https://prod-cdn.tryfinch.com/v1/connect.js"></script>
Since Finch Connect is an iFrame that requires interactivity, the HTML page that is loading Finch Connect must be served from a server. If the page is hosted statically, Finch Connect will not work properly.
onSuccess
and onError
.
onSuccess
: This event is triggered when the user completes the authentication process. It returns an authorization code
that you will use to obtain an access_token
in the next step. Pass this authorization code
securely and temporarily to the access token exchange function. Please read Retrieve An Access Token section for more details on how to exchange the code for an access token.onError
: This event is triggered if there’s an issue during the authentication process. Your application should handle this error gracefully, either by displaying an error message to the user or retrying the authentication flow.onClose
: This event is triggered when a user exits the Finch Connect model, either by closing the modal or clicking outside the modal.