🏦 Bank Authentication Implementation

✅ Implementation Steps

1. Generate a Session Key

Generate a sessionKey for the user by calling the Get Session Key endpoint.

• Session keys are valid for 30 minutes
• You must refresh the key if expired

2. Embed the Bank Authentication Flow in an <iframe>

Use this format to embed the authentication UI:

https://sandbox.coinflow.cash/solana/withdraw/YOUR_MERCHANT_ID?sessionKey=YOUR_SESSION_KEY&bankAccountLinkRedirect=YOUR_REDIRECT_URL

Replace the following:

• YOUR_MERCHANT_ID – Your Rapid merchant ID
• YOUR_SESSION_KEY – The session key from Step 1
• YOUR_REDIRECT_URL – Where to send the user after linking their account (URL-encoded)

Example:

<iframe
  src="https://sandbox.coinflow.cash/solana/withdraw/YOUR_MERCHANT_ID?sessionKey=eyJhbGciOi...&bankAccountLinkRedirect=https%3A%2F%2Fwww.google.com"
  width="100%"
  height="600"
  frameborder="0"
/>

3. Update Base URL for Production

When going live, update the iframe URL to use:

https://coinflow.cash/

💡 Listen for Success Message (Optional)

If embedding the iframe in a modal, you can listen for the accountLinked message to automatically close it:

window.addEventListener("message", (event) => {
  const { method } = event.data;
  if (method === "accountLinked") {
    // Close your modal or notify the app
    closeModal();
  }
});

🔗 Recipe → Listen for Account Linked Messages

🛠 FAQ / Troubleshooting

❓ Why is the debit card input field not loading?

If you're embedding the bank auth iframe and the card number token field fails to load, try passing the origins parameter.

Fix:
Append &origins=... to your iframe URL.

Example:

https://sandbox.coinflow.cash/solana/withdraw/YOUR_MERCHANT_ID?sessionKey=YOUR_SESSION_KEY&origins=%5B%22https%3A%2F%2Fmywebsite.com%22%5D

origins must be a URL-encoded JSON array of all ancestor frames/domains.