# Collect an account to build data-powered products Collect your user's account and use data such as balances, ownership details, and transactions to build products. Available in: US > Starting January 1, 2024, all webview-based integrations must properly manage secure institution authentication and app redirects to avoid disruptions in your Financial Connections authorization flow. > > While using the WebView API, make sure that you follow the provided instructions to correctly set up redirects and handle authentication within a secure browser instance. This is a required step because some financial institutions block requests from insecure sessions. > > To simplify development, use our SDKs for [Android](https://docs.stripe.com/financial-connections/other-data-powered-products.md?platform=android), [iOS](https://docs.stripe.com/financial-connections/other-data-powered-products.md?platform=ios), and [React Native](https://docs.stripe.com/financial-connections/other-data-powered-products.md?platform=react-native) to handle authentication, secure redirects, and session management. This reduces the need for manual configuration and helps make sure the process of linking accounts is straightforward and secure for users. > As an alternative to using the Webview API, you can redirect your users to a Stripe-hosted page to link their accounts. If you’re interested in using this preview feature, [email us](mailto:financial-connections-beta+hosted@stripe.com) for access. Not sure about which Financial Connections integration to use? See our [overview of integration options](https://docs.stripe.com/financial-connections/use-cases.md). Financial Connections lets your users securely share their financial data by linking their external financial accounts to your business. You can use Financial Connections to access user-permissioned financial data such as tokenized account and routing numbers, account balances, account owner information, and historical transactions. Some common examples of how you can use Financial Connections to improve product experiences for your users include: - Mitigate fraud when onboarding a customer or business by verifying the [ownership](https://docs.stripe.com/financial-connections/ownership.md) information of an account, such as the name and address of the bank account holder. - Help your users track expenses, handle bills, manage their finances and take control of their financial well-being with [transactions](https://docs.stripe.com/financial-connections/transactions.md) data. - Speed up underwriting and improve access to credit and other financial services with transactions and balances data. - Enable your users to connect their accounts in fewer steps with Link, allowing them to save and reuse their bank account details across Stripe businesses. ## Overview [Client-side] To embed Financial Connections within a WebView, begin with one of our example WebView applications: - [Android Webview](https://github.com/stripe/stripe-android/blob/master/financial-connections-example/src/main/java/com/stripe/android/financialconnections/example/FinancialConnectionsWebviewExampleActivity.kt) - [iOS WKWebview](https://github.com/stripe/stripe-ios/blob/master/Example/FinancialConnections%20Example/FinancialConnections%20Example/WebViewViewController.swift) These sample applications are fully functional (on both simulators and physical devices) and contain all necessary code to set up Financial Connections and handle events delivered to your application through HTTP redirect urls. ## Set up Stripe [Server-side] [Register](https://dashboard.stripe.com/financial-connections/application) for Financial Connections after we approve your account for live-mode access. Use our official libraries for access to the Stripe API from your application: #### Ruby ```bash # Available as a gem sudo gem install stripe ``` ```ruby # If you use bundler, you can add this line to your Gemfile gem 'stripe' ``` ## Create or retrieve a customer [Server-side] Create a customer-configured [Account](https://docs.stripe.com/api/v2/core/accounts/create.md#v2_create_accounts-configuration-customer) or [Customer](https://docs.stripe.com/api/customers/create.md) when users create an account with your business. Financial Connections can use the email address to identify returning [Link](https://support.stripe.com/questions/link-for-financial-connections-support-for-businesses) users and optimize the [authentication flow](https://docs.stripe.com/financial-connections/fundamentals.md#authentication-flow) by dynamically showing a streamlined user interface. > #### Use the Accounts v2 API to represent customers > > The Accounts v2 API is generally available for Connect users, and in public preview for other Stripe users. If you’re part of the Accounts v2 preview, you need to specify a [specify a preview version](https://docs.stripe.com/api-v2-overview.md#sdk-and-api-versioning) in your code. > > To request access to the Accounts v2 preview, > > For most use cases, we recommend [modeling your customers as customer-configured Account objects](https://docs.stripe.com/accounts-v2/use-accounts-as-customers.md) instead of using [Customer](https://docs.stripe.com/api/customers.md) objects. #### Accounts v2 ```curl curl -X POST https://api.stripe.com/v2/core/accounts \ -H "Authorization: Bearer <>" \ -H "Stripe-Version: 2026-05-27.preview" \ --json '{ "contact_email": "{{CUSTOMER_EMAIL}}", "display_name": "{{CUSTOMER_NAME}}", "configuration": { "customer": {} }, "include": [ "configuration.customer" ] }' ``` #### Customers v1 ```curl curl https://api.stripe.com/v1/customers \ -u "<>:" \ -d email={{CUSTOMER_EMAIL}} \ -d name={{CUSTOMER_NAME}} ``` ## Create a Financial Connections Session [Server-side] Before you can retrieve data from a user’s bank account with Financial Connections, your user must authenticate their account with the [authentication flow](https://docs.stripe.com/financial-connections/fundamentals.md#authentication-flow). Your user begins the authentication flow when they want to connect their account to your site or application. Insert a button or link on your site or in your application, which allows a user to link their account—for example, your button might say “Link your bank account”. Create a Financial Connections Session by posting to `/v1/financial_connections/sessions`: The [permissions](https://docs.stripe.com/api/financial_connections/sessions/create.md#financial_connections_create_session-permissions) parameter controls which account data you can access. You must request at least one permission. When completing the authentication flow, your user can see the data you’ve requested access to, and provide their consent to share it. Consider the data required to fulfill your use case and request permission to access only the data you need. Requesting permissions that go well beyond your application’s scope might erode your users’ trust in how you use their data. For example, if you’re building a personal financial management application or a lending product, you might request `transactions` data. If you’re mitigating fraud such as account takeovers, you might want to request `ownership` details. After your user authenticates their account, you can expand data permissions only by creating a new Financial Connections Session and specifying a new value for the `permissions` parameter. Your user must complete the authentication flow again, where they’ll see the additional data you’ve requested permission to access, and provide consent to share their data. The optional [prefetch parameter](https://docs.stripe.com/api/financial_connections/sessions/create.md#financial_connections_create_session-prefetch) controls which data you retrieve immediately after the user connects their account. Use this option if you know you always want a certain type of data. It removes the need to make an extra API call to initiate a [data refresh](https://docs.stripe.com/api/financial_connections/accounts/refresh.md). To preserve the option to [accept ACH Direct Debit payments](https://docs.stripe.com/financial-connections/other-data-powered-products.md#accept-ach-direct-debit), request the `payment_method` permission. To collect accounts in a WebView, specify the `return_url` parameter, which you can use to redirect your customer back to your native app if they log into their bank with OAuth in the native browser. | iOS | Android | | --------------------------------------------------- | ----------------------------------------------------- | | The return_url needs to be an https universal link. | The return_url needs to be an https Android App Link. | The following code example demonstrates how to create a WebView-optimized Financial Connections Session that collects accounts with `balances` and `payment_method` data: #### Accounts v2 ```curl curl https://api.stripe.com/v1/financial_connections/sessions \ -u "<>:" \ -d "account_holder[type]=customer" \ -d "account_holder[customer_account]={{CUSTOMERACCOUNT_ID}}" \ -d "permissions[]=balances" \ -d "permissions[]=payment_method" \ --data-urlencode "return_url=https://stripe.com" ``` #### Customers v1 ```curl curl https://api.stripe.com/v1/financial_connections/sessions \ -u "<>:" \ -d "account_holder[type]=customer" \ -d "account_holder[customer]={{CUSTOMER_ID}}" \ -d "permissions[]=balances" \ -d "permissions[]=payment_method" \ --data-urlencode "return_url=https://stripe.com" ``` The request returns a response similar to the following: ```json { "id": "fcsess_1MuOL4IG1CZuezXpoeuzQJYm", "object": "financial_connections.session", "client_secret": "fcsess_client_secret_UsESkKYzeiRcivgDJZfxZRFh", "accounts": { "object": "list", "data": [], "has_more": false, "total_count": 0, "url": "/v1/financial_connections/accounts?session=fcsess_1MuOL4IG1CZuezXpoeuzQJYm" }, "livemode": false, "return_url": "https://stripe.com" } ``` ## Collect a Financial Connections account [Client-side] Use the returned `client_secret` with Stripe.js to allow your user to connect their accounts. A `client_secret` allows client-side Stripe SDKs to make changes to the Financial Connections Session. Don’t store it, log it, embed it in URLs, or expose it to anyone other than your end user. Make sure that you have [TLS](https://docs.stripe.com/security/guide.md#tls) enabled on any page that includes the client secret. Use [collectFinancialConnectionsAccounts](https://docs.stripe.com/js/financial_connections/collect_financial_connections_accounts) to collect an account. ```javascript const stripe = new Stripe('<>') const financialConnectionsSessionResult = await stripe.collectFinancialConnectionsAccounts({ clientSecret: "fcsess_client_secret_UsESkKYzeiRcivgDJZfxZRFh" }); ``` ### Handle OAuth redirects on your mobile app In addition to including Stripe.js on your webview-embedded page, your app might need to handle redirecting your customer to their native mobile browser for OAuth login. > Beginning January 1, 2024, all webview-based integrations need to properly handle secure institution authentication and app redirects, or it will impact your Financial Connections authorization flow. Refer to the iOS or Android instructions above. #### Android On Android your app must register an [intent filter](https://developer.android.com/guide/components/intents-filters) for the previously set `return_url` in your manifest. Read more about [handling links on Android](https://developer.android.com/training/app-links). ```xml ``` Register a [WebViewClient](https://developer.android.com/reference/android/webkit/WebViewClient) on your WebView. You can override `shouldOverrideUrlLoading` to open OAuth login pages on a Custom Tab / secure browser instance: ```kotlin val webViewClient = object : WebViewClient() { override fun shouldOverrideUrlLoading( view: WebView, webResourceRequest: WebResourceRequest ): Boolean { val url = webResourceRequest.url.toString() CustomTabsIntent.Builder().build().launchUrl(view.context, Uri.parse(url)) return true } } // ... // register the web view client on your WebView myWebView.webViewClient = webViewClient ``` #### iOS On iOS, your app must be equipped to handle the WebView’s attempt to open an OAuth window. This process involves attempting to open the URL in a bank app or, if unsupported, in a secure browser instance. When the `WKWebView` intercepts a new window request, first attempt to open the URL as a universal link. Universal links allow banking apps installed on the user’s device to directly handle their associated URLs to simplify the authentication process. This method enhances user security and convenience by leveraging the existing, trusted apps already on the device. If opening the URL as a universal link isn’t successful—either because no supporting bank app is installed or the link isn’t recognized—the app needs to fall back to using `ASWebAuthenticationSession`. This session facilitates the authentication flow within a secure, in-app browser that ensures the safe handling of sensitive information. `ASWebAuthenticationSession` mimics the native browser, allowing users to authenticate without leaving the app. ```swift class ViewController: UIViewController { private var webAuthenticationSession: ASWebAuthenticationSession? override func viewDidLoad() { super.viewDidLoad() // Initialize and configure your WKWebView let webView = WKWebView(frame: .zero, configuration: WKWebViewConfiguration()) // Load your website URL webView.load(URLRequest(url: URL(string: "https://yourwebsite.com")!)) // Add the web view to the view view.addSubview(webView) // Important: Assign a `uiDelegate` to handle redirects webView.uiDelegate = self } } extension ViewController: WKUIDelegate { func webView( _ webView: WKWebView, createWebViewWith configuration: WKWebViewConfiguration, for navigationAction: WKNavigationAction, windowFeatures: WKWindowFeatures ) -> WKWebView? { // Check if the link is attempting to open in a new window. // This is typically the case for a banking partner's authentication flow. let isAttemptingToOpenLinkInNewWindow = navigationAction.targetFrame?.isMainFrame != true if isAttemptingToOpenLinkInNewWindow, let url = navigationAction.request.url { // Attempt to open the URL as a universal link. // Universal links allow apps on the device to handle specific URLs directly. UIApplication.shared.open( url, options: [.universalLinksOnly: true], completionHandler: { [weak self] success in guard let self else { return } if success { // App-to-app flow: // The URL was successfully opened in a banking application that supports universal links. print("Successfully opened the authentication URL in a bank app: \(url)") } else { // Fallback for when no compatible bank app is found: // Create an `ASWebAuthenticationSession` to handle the authentication in a secure in-app browser self.launchInSecureBrowser(url: url) } }) } return nil } private func launchInSecureBrowser(url: URL) { let redirectURL = URL(string: "https://yourwebsite.com")! let webAuthenticationSession = ASWebAuthenticationSession( url: url, callbackURLScheme: redirectURL.scheme, completionHandler: { redirectURL, error in if let error { if (error as NSError).domain == ASWebAuthenticationSessionErrorDomain, (error as NSError).code == ASWebAuthenticationSessionError.canceledLogin.rawValue { print("User manually closed the browser by pressing 'Cancel' at the top-left corner.") } else { print("Received an error from ASWebAuthenticationSession: \(error)") } } else { // IMPORTANT NOTE: // The browser will automatically close when // the `callbackURLScheme` is called. print("Received a redirect URL: \(redirectURL?.absoluteString ?? "null")") } } ) // Store the session reference to prevent premature deallocation self.webAuthenticationSession = webAuthenticationSession // Set the presentation context provider to handle the browser's UI presentation webAuthenticationSession.presentationContextProvider = self // Use an ephemeral session to enhance privacy // This also disables the initial Apple alert about signing in to another app webAuthenticationSession.prefersEphemeralWebBrowserSession = true // Initiate the authentication session webAuthenticationSession.start() } } ``` After your customer logs into their institution and authorizes access to their accounts, Stripe redirects to the `return_url` to return to your app. After returning to the app, your customer can resume and complete the bank account detail collection process. The return value of `stripe.collectFinancialConnectionsAccounts` is a Promise. When the user completes the authentication flow, the Promise resolves with an object that contains the list of connected accounts: ```json { financialConnectionsSession: { id: "fcsess_1MuOL4IG1CZuezXpoeuzQJYm", accounts: [ { id: "fca_1Jbry3BAjqvGMUSxCDjFsrLU", object: "financial_connections.account", category: "Checking", display_name: "Premium Checking", institution_name: "Test Bank", last4: "4242" } ], return_url: "https://stripe.com" } } ``` If the user connects no accounts, or exits the authentication flow early, the `accounts` array will be empty. ## Retrieve data on a Financial Connections account [Server-side] After your user has successfully completed the authentication flow, access or refresh the account data you’ve specified in the `permissions` parameter of the Financial Connections Session. To protect the privacy of your user’s data, account data accessible to you is limited to the data you’ve specified in the `permissions` parameter. Follow the guides for [balances](https://docs.stripe.com/financial-connections/balances.md), [ownership](https://docs.stripe.com/financial-connections/ownership.md) and [transactions](https://docs.stripe.com/financial-connections/transactions.md) to start retrieving account data. ## Optional: Accept an ACH Direct Debit payment from a Financial Connections account You can optionally accept ACH Direct Debit payments on a previously collected Financial Connections account as long as the `supported_payment_method_types` attribute on the account includes `us_bank_account`. Only US bank accounts are eligible to accept ACH Direct Debits such as a checking or savings account. To accept an ACH Direct Debit payment on a previously collected account, you must have specified `payment_method` in the [data permissions](https://docs.stripe.com/financial-connections/fundamentals.md#data-permissions) parameter on the Financial Connections Session. ### Create a Payment Intent or Setup Intent Use the *Payment Intents API* (The Payment Intents API tracks the lifecycle of a customer checkout flow and triggers additional authentication steps when required by regulatory mandates, custom Radar fraud rules, or redirect-based payment methods) to accept an ACH Direct payment for an account you want to charge now. Use the *Setup Intents API* (The Setup Intents API lets you build dynamic flows for collecting payment method details for future payments. It tracks the lifecycle of a payment setup flow and can trigger additional authentication steps if required by law or by the payment method) to save details for future ACH Direct Debit payments. [Learn more about the difference between a](https://support.stripe.com/questions/payment-intents-api-vs-setup-intents-api) Payment Intent and Setup Intent. This path shows you how to accept an ACH Direct Debit payment using the Payment Intents API. Use the Financial Connections account ID and the customer ID to create a `PaymentIntent`: #### Accounts v2 ```curl curl https://api.stripe.com/v1/payment_intents \ -u "<>:" \ -d "customer_account={{CUSTOMERACCOUNT_ID}}" \ -d "payment_method_types[]=us_bank_account" \ -d "payment_method_data[us_bank_account][financial_connections_account]={{FINANCIALCONNECTIONSACCOUNT_ID}}" \ -d "payment_method_data[type]=us_bank_account" \ -d "payment_method_data[billing_details][name]=J. Customer" \ -d amount=100 \ -d currency=usd ``` #### Customers v1 ```curl curl https://api.stripe.com/v1/payment_intents \ -u "<>:" \ -d "customer={{CUSTOMER_ID}}" \ -d "payment_method_types[]=us_bank_account" \ -d "payment_method_data[us_bank_account][financial_connections_account]={{FINANCIALCONNECTIONSACCOUNT_ID}}" \ -d "payment_method_data[type]=us_bank_account" \ -d "payment_method_data[billing_details][name]=J. Customer" \ -d amount=100 \ -d currency=usd ``` This returns a `PaymentIntent` similar to: ```json { "id": "pi_1GszXf2eZvKYlo2Ce7rjvnPP", "object": "payment_intent", "amount": 100, "amount_capturable": 0, "amount_details": { "tip": { "amount": null } }, "amount_received": 0, "application": null, "application_fee_amount": null, "automatic_payment_methods": null, "canceled_at": null, "cancellation_reason": null, "capture_method": "automatic", "charges": { "object": "list", "data": [ ], "has_more": false, "total_count": 0, "url": "/v1/charges?payment_intent=pi_1GszXf2eZvKYlo2Ce7rjvnPP" }, "client_secret": "pi_1GszXf2eZvKYlo2Ce7rjvnPP", "confirmation_method": "automatic", "created": 1651010665, "currency": "usd", "customer": null, "description": null, "invoice": null, "last_payment_error": null, "livemode": false, "metadata": { }, "next_action": null, "on_behalf_of": null, "payment_method": "pm_1Mb4UkJGNKiWrCEmJ1PS72Cd", "payment_method_options": { "us_bank_account": { "verification_method": "automatic" } }, "payment_method_types": [ "us_bank_account" ], "processing": null, "receipt_email": null, "review": null, "setup_future_usage": null, "shipping": null, "source": null, "statement_descriptor": null, "statement_descriptor_suffix": null, "status": "requires_confirmation", "transfer_data": null, "transfer_group": null } ``` ### Collect mandate acknowledgement and submit the payment Before you can initiate the payment, you must obtain authorization from your customer by displaying mandate terms for them to accept. To be compliant with Nacha rules, you must obtain authorization from your customer before you can initiate payment by displaying mandate terms for them to accept. For more information on mandates, see [Mandates](https://docs.stripe.com/payments/ach-direct-debit.md#mandates). ### Confirm the Payment Intent To confirm this Payment Intent, you need to provide either a [`mandate` parameter](https://docs.stripe.com/api/payment_intents/confirm.md#confirm_payment_intent-mandate) with an existing Mandate ID, or provide [mandate_data](https://docs.stripe.com/api/payment_intents/confirm.md#confirm_payment_intent-mandate_data) to create a new mandate. For example, if you have a checkout page with a “Place Order” button, clicking that button could trigger a `POST` to an endpoint on your server. That endpoint could extract the request’s User Agent and the client’s IP address, and then make the following request to Stripe’s API: ```curl curl https://api.stripe.com/v1/payment_intents/{{PAYMENTINTENT_ID}}/confirm \ -u "<>:" \ -d "mandate_data[customer_acceptance][accepted_at]=1647448692" \ -d "mandate_data[customer_acceptance][type]=online" \ -d "mandate_data[customer_acceptance][online][ip_address]=71.183.194.54" \ --data-urlencode "mandate_data[customer_acceptance][online][user_agent]=Mozilla/5.0 ..." ``` After successfully confirming the Payment Intent, it will look similar to: ```json { "id": "pi_1GszXf2eZvKYlo2Ce7rjvnPP", "object": "payment_intent", "amount": 100, "amount_capturable": 0, "amount_received": 0, "application": null, "application_fee_amount": null, "automatic_payment_methods": null, "canceled_at": null, "cancellation_reason": null, "capture_method": "automatic", "charges": { "object": "list", "data": [ { "id": "py_17F8CPDyDglZKgWE3uzOAUe9", "object": "charge", "amount": 100, "amount_captured": 100, "amount_refunded": 0, "application": null, "application_fee": null, "application_fee_amount": null, "balance_transaction": null, "billing_details": { "address": { "city": null, "country": null, "line1": null, "line2": null, "postal_code": null, "state": null }, "email": null, "name": "J. Customer", "phone": null }, "calculated_statement_descriptor": null, "captured": true, "created": 1647448692, "currency": "usd", "customer": "cus_LKe65xcPnrCiTZ", "description": null, "destination": null, "dispute": null, "disputed": false, "failure_code": null, "failure_message": null, "fraud_details": { }, "invoice": null, "livemode": false, "metadata": { }, "on_behalf_of": null, "order": null, "outcome": null, "paid": false, "payment_intent": "pi_1GszXf2eZvKYlo2Ce7rjvnPP", "payment_method": "pm_1Mb4UkJGNKiWrCEmJ1PS72Cd", "payment_method_details": { "type": "us_bank_account", "us_bank_account": { "account_holder_type": "individual", "account_type": "checking", "bank_name": "STRIPE TEST BANK", "fingerprint": "QnXqpAeqjjh8pPFa", "last4": "6789", "routing_number": "110000000" } }, "receipt_email": null, "receipt_number": null, "receipt_url": null, "refunded": false, "refunds": { "object": "list", "data": [ ], "has_more": false, "total_count": 0, "url": "/v1/charges/py_17F8CPDyDglZKgWE3uzOAUe9/refunds" }, "review": null, "shipping": null, "source": null, "source_transfer": null, "statement_descriptor": null, "statement_descriptor_suffix": null, "status": "pending", "transfer_data": null, "transfer_group": null } ], "has_more": false, "total_count": 1, "url": "/v1/charges?payment_intent=pi_1GszXf2eZvKYlo2Ce7rjvnPP" }, "client_secret": "pi_1GszXf2eZvKYlo2Ce7rjvnPP_secret_m38BKZvm3vSdpGdra360hPEov", "confirmation_method": "automatic", "created": 1647447792, "currency": "usd", "customer": "cus_LKe65xcPnrCiTZ", "description": null, "invoice": null, "last_payment_error": null, "livemode": false, "metadata": { }, "next_action": null, "on_behalf_of": null, "payment_method": "pm_1Mb4UkJGNKiWrCEmJ1PS72Cd", "payment_method_options": { "us_bank_account": { "verification_method": "automatic" } }, "payment_method_types": [ "us_bank_account" ], "processing": null, "receipt_email": null, "review": null, "setup_future_usage": null, "shipping": null, "source": null, "statement_descriptor": null, "statement_descriptor_suffix": null, "status": "processing", "transfer_data": null, "transfer_group": null } ``` ACH Direct Debit is a *delayed notification payment method* (A payment method that can't immediately return payment status when a customer attempts a transaction (for example, ACH debits). Businesses commonly hold an order in a pending state until payment is successful with these payment methods). This means that it can take up to four business days to receive notification of the success or failure of a payment after you initiate a debit from your customer’s account. The PaymentIntent you create initially has a status of `processing`. After the payment succeeds, the PaymentIntent status is updated from `processing` to `succeeded`. Learn about the events that are sent when the [PaymentIntent status is updated](https://docs.stripe.com/payments/ach-direct-debit/accept-a-payment.md#web-confirm-paymentintent-succeeded).