DocsAPI Reference
Log In
Docs
Start typing to search…

Using Multiple Products Without Reauthenticating

Certain Service Providers Meld supports live in multiple domains. Examples include Stripe being in both payments and crypto, and Mesh being in both crypto and bank linking. For a Service Provider that lives in both domains, you may want them to perform actions in both domains without having to reauthenticate, aka re-type their username and password.

Currently, this feature (known as cross domain access token sharing), is only available for Mesh, and there are 3 different flows where it can be used. Also note that since Mesh supports multiple institutions, this can only be used for the same institution in multiple domains.

Bank Linking then Crypto Transfer

In this use case, a user would first link their exchange as normal using Mesh with Meld's bank linking stack. Then later, when the user want to complete a crypto transfer from their exchange, they would pass the same customerId used for the bank linking connection and well as the bank linking connectionId as part of the /widget request to make a transfer. This way, the user will not be prompted for their username and password again when making the transfer. They may still have to complete 2FA however.

After the bank linking connection is made, here is how a sample request to /widget for a crypto transfer would look like:

{
    "sessionData": {
        "walletAddress": "testWalletAddress",
        "countryCode": "US",
        "sourceCurrencyCodes": ["ETH"],
        "sourceAmount": 0.01,
        "serviceProvider": "MESH",
        "institutionId": "W9kC2RrDiatakKkAWi8YNR",
    },
    "authenticationBypassDetails": { 
        "previouslyAuthenticatedId": "WXErtTVqB17Vw9YKdiZ2LS", // this is the bank linking connectionId
        "category": "BANK_LINKING" // this is the category of the widget used in the previously authenticated connection
    },
    "sessionType": "TRANSFER",
    "externalSessionId": "atestjul1f",
    "customerId": "W93Zdl3GM3h11h3GH72"
}

Repeat Crypto Transfer

In this use case, a user first completes a crypto transfer as normal using Mesh with Meld's crypto stack. Then later, when the user want to complete another crypto transfer from their same exchange, they would pass the same customerId and sessionId of the previous transfer as part of the /widget request to make a transfer. This way, the user will not be prompted for their username and password again when making the transfer. They may still have to complete 2FA however. The reason sessionId is used instead of transactionId is it's possible a user authenticates but doesn't complete the transaction.

After the first transfer is made, here is how a sample request to /widget for a crypto transfer would look like:

{
    "sessionData": {
        "walletAddress": "testWalletAddress",
        "countryCode": "US",
        "sourceCurrencyCodes": ["ETH"],
        "sourceAmount": 0.01,
        "serviceProvider": "MESH",
        "institutionId": "W9kC2RrDiatakKkAWi8YNR",
    },
    "authenticationBypassDetails": {
        "previouslyAuthenticatedId": "WZVabTV293nV3e3JKE76x", // this is the previous transfer's sessionId
        "category": "CRYPTO_TRANSFER" // this is the category of the widget used in the previously authenticated session
    },
    "sessionType": "TRANSFER",
  	"externalCustomerId": "testExternalCustomerId1",
    "externalSessionId": "testSession1",
    "customerId": "W93Zdl3GM3h11h3GH72"
}

Crypto Transfer with Bank Linking

In this use case, a user first completes a crypto transfer as normal using Mesh with Meld's crypto stack. Then any time after this, you would call Meld's Bank Linking Import endpoint, passing in the externalCustomerId and the sessionId of the crypto session in which the user previously authenticated. Meld then triggers an asynchronous import process to load the data from Mesh, notifying you that the bank linking connection has been made via webhooks. If the auth is expired, a connection status change webhook will be sent immediately indicating that the user should reconnect the connection via the /repair flow. In this flow, the user doesn't have to do anything besides the initial transfer: there's no separate bank linking UI flow they go through.

After the first transfer is made, here is how a sample request to /import would look like:

{
  "connections": [
    {
      "serviceProvider": "MESH",
      "externalCustomerId": "testExternalCustomerId1",
      "products": ["INVESTMENT_HOLDINGS", "BALANCES"],
      "importType": "MELD_AUTHENTICATED", // Indicates that this import is using auth that already exists with Meld
      "authenticationBypassDetails": // Required if the importType is MELD_AUTHENTICATED
      {
        "previouslyAuthenticatedId": "WXF1NqQ3PmNmsECuVfF3SV",
        "category": "CRYPTO_TRANSFER"
      }
    }
  ]
}

Once you submit the import, it happens asynchronously. You will receive webhooks, specifically the BANK_LINKING_ACCOUNTS_UPDATED webhook, letting you know your holdings data is ready. You can use the externalCustomerId, which is in both the import request and the webhooks, to tie them to one another.


Updated 2 months ago