Skip to main content
POST
/
connections
/
redirect-token
/
verify
Verify a redirect-token (ls_token) from the post-Connect callback
curl --request POST \
  --url https://api-sandbox.ledgersyncappv2.com/v3/connections/redirect-token/verify \
  --header 'Content-Type: application/json' \
  --data '
{
  "ls_token": "<string>"
}
'
{
  "redirect_url": "https://myapp.example.com/cb",
  "connection_id": "con_FINICITY_41294",
  "client_id": "cli_smoke"
}

Body

application/json
ls_token
string
required

The opaque ls_token query-string value the Connect widget appended to your redirect_url. Internally an HS256 JWT (header {alg:HS256,typ:JWT}; payload includes v=1, iss=ls-v3, iat, exp, connection_id, redirect_url, client_id) but integrators should treat it as opaque.

Response

Token was valid; the bound connection metadata is returned.

redirect_url
string<uri>
required

The originally-bound redirect_url, as registered in the client allowlist.

Example:

"https://myapp.example.com/cb"

connection_id
string
required

Connection id the widget session was bound to. Placeholder during pending; canonical after connection.active.

Example:

"con_FINICITY_41294"

client_id
string
required

The Client id the connection belongs to.

Example:

"cli_smoke"