Overview

Merge's linking flow uses several distinct tokens, each with a different scope and lifetime. This article gives a quick reference for what each one is and where it's used. For a more in-depth walkthrough, see the getting started guide in our docs.

What are the tokens used in the linking flow?

• Link token — the first of three tokens used during Merge's linking flow. It's a temporary authentication token that scopes the session between your customer and Merge while they complete Merge Link.

• Public token — returned to your application once your customer finishes the linking flow. This is another temporary token; you exchange it with Merge for an account token.

• Account token — the final, permanent token generated by the linking process. Your back-end should store it securely so your application can make requests on behalf of that Linked Account.

• Access token — your organization's API authentication token, used for all interactions with the Merge API. You can find your access token in the Merge Dashboard at https://app.merge.dev/configuration/keys.

Who should I contact for help?

If you have questions about which token to use in a given step of the linking flow, reach out to us at [email protected].