Overview
The/init endpoint creates a new Link session. It returns a URL that you can redirect the user to (Hosted mode) or load in an iframe/popup (Embed mode).
HTTP Request
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
redirectUrl | string | No | URL to redirect to after completion. If omitted, uses the first Allowed Redirect URI from your dashboard. |
clientReferenceId | string | No | Your own internal ID for this user. Returned in webhooks and query params. |
connectionId | string | No | Provide an existing connection ID to reconnect/re-authenticate that specific connection. |
The
redirectUrl must be pre-registered in your OFAuth dashboard under Developers → API → Allowed Redirect URIs.Response
| Field | Type | Description |
|---|---|---|
url | string | The URL to redirect the user to. |
expiresAt | string | ISO timestamp when this session expires (usually 30-60 minutes). |
mode | string | The mode the session was initialized in. |
Redirect Query Parameters
After Link completes, OFAuth redirects the user to yourredirectUrl with query parameters appended:
On Success
| Param | Description |
|---|---|
status | success |
connection_id | The new or updated connection ID |
client_reference_id | Your reference ID (if provided in init) |
On Cancel
| Param | Description |
|---|---|
status | cancelled |
step | Where the user cancelled: pre-login, authorization, login, or 2fa |
client_reference_id | Your reference ID (if provided) |
On Error
| Param | Description |
|---|---|
status | error |
error_code | Error type: session_expired, invalid_credentials, etc. |
client_reference_id | Your reference ID (if provided) |