Authentication
All endpoints require the standard Sumvin partner authentication. The user is derived from the auth context — nouser_id parameter is accepted.
The bank-linking endpoints require the user to have the Meld bank-linking entitlement (a server-side feature gate). Without it, calls return 403 Forbidden with error code GATE-403-001.
Provider configuration
Get link config
"meld" or "plaid". Determined per user by feature gate.true for Meld — the partner must list institutions, then pass the selected institution_id on link initiation. false for Plaid.GET /v0/bank-linking/institutions — List institutions.POST /v0/accounts/link — Initiate the link.HAL links to
self, link, and accounts.| Code | Meaning |
|---|---|
200 OK | Config returned. |
401 Unauthorized | Missing or invalid partner credentials. |
403 Forbidden | User does not pass the resolved provider’s gate. |
Bank linking
List institutions
Filter to institutions present in this country code (e.g.
US, GB).Filter to institutions that support all of the named Meld products (e.g.
BALANCES, IDENTIFIERS, OWNERS, TRANSACTIONS). Repeatable.Case-insensitive name substring match.
Institutions matching the filters.
Number of institutions in the response.
InstitutionData fields:
Meld institution id. Pass as
institution_id when initiating the link.POST /v0/accounts/linkDisplay name.
ISO country codes the institution operates in.
Logo URL if available.
Institution website if available.
Meld products the institution supports.
| Code | Meaning |
|---|---|
200 OK | Institutions returned (possibly empty). |
401 Unauthorized | Missing or invalid partner credentials. |
403 Forbidden | User does not have the Meld bank-linking entitlement. |
Initiate link
202 Accepted with the widget URL the user opens to complete the connect flow.
This endpoint is shared with Plaid. The shape of
link in the response varies by provider (discriminated union). For Plaid, link carries link_token and the response is 200 OK. Sections below describe the Meld variant.Required when the resolved provider is Meld. Sourced from the institution list.
GET /v0/bank-linking/institutionsOptional; passed through to the underlying provider where supported.
Optional; defaults to
["BALANCES", "IDENTIFIERS", "OWNERS", "TRANSACTIONS"].Optional; restricts available institutions inside the widget.
"meld".URL to render the Meld institution-connect widget.
Connect token issued by Meld for this session.
Meld customer id associated with the user.
Echo of the requested institution id.
HAL links to
self, accounts, and poll (/v0/accounts?status=pending_connection).| Code | Meaning | Error code |
|---|---|---|
202 Accepted | Meld widget URL issued; account creation is asynchronous. | — |
400 Bad Request | institution_id missing for the Meld path. | BANK_INSTITUTION_REQUIRED |
401 Unauthorized | Missing or invalid partner credentials. | — |
403 Forbidden | User does not pass the Meld gate. | GATE-403-001 |
500 Internal Server Error | Sumvin failed to obtain a Meld connect token. | BANK_LINK_TOKEN_FAILED |
Issue a processor token
The Meld
provider_account_id of the linked account. (This is the Meld-side identifier on the account, not the Sumvin external_id.)Name of the downstream processor for which to mint the token. Refer to Meld’s processor compatibility list for valid values.
The processor-issued token.
Echo of the account id.
| Code | Meaning | Error code |
|---|---|---|
201 Created | Token issued. | — |
401 Unauthorized | Missing or invalid partner credentials. | — |
403 Forbidden | User does not own the account or does not have the bank-linking entitlement. | BANK_ACCOUNT_UNAUTHORIZED, GATE-403-001 |
404 Not Found | No Meld-provided account with this id. | BANK_ACCOUNT_NOT_FOUND |
Linked account management
The endpoints below are provider-agnostic — they operate on accounts regardless of whether they were linked via Meld or Plaid. They are listed here for convenience because they are how a partner observes the result of a Meld bank-linking flow.List accounts
Optional. Filter to one provider (
meld or plaid).Optional. Filter by account status (e.g.
active, pending_connection, refresh_required, disconnected, error).Optional. Filter by account type (e.g.
checking, savings).accounts: AccountData[] and total. See AccountData under Get account.
Get account
Sumvin
external_id of the account."meld" or "plaid".Mapped account type (
checking, savings, credit_card, loan, investment).Lifecycle state derived from provider connection state. See the table in Bank linking.
Display name of the institution.
Logo URL if available.
Display name on the account at the institution.
Last few digits if available.
Current balance, in
balance_currency.Available balance, in
balance_currency.ISO currency code (defaults to
USD if Meld did not provide one).The Meld connection id (
provider_connection_id). Useful for correlating with webhook events.Sync account
202 Accepted immediately with a sync_event_id. Poll the account back for the updated last_synced_at.
GET /v0/accounts/{account_id}
Disconnect account
204 No Content.
Webhooks
Meld posts events to a single Sumvin endpoint. Partners do not subscribe directly — Sumvin consumes these and updates partner-visible resources.Endpoint
| Header | Purpose |
|---|---|
meld-signature | Base64-encoded HMAC-SHA256 of <timestamp>.<url>.<body> keyed by the configured webhook secret. |
meld-signature-timestamp | Unix epoch seconds. Sumvin rejects requests older than 5 minutes. |
401 Unauthorized with error code MELD_WEBHOOK_INVALID_SIGNATURE. A successfully verified webhook always returns 200 OK with {"received": true} once the handler has been dispatched, even if the handler itself fails — the event is logged for follow-up rather than retried at the HTTP layer.
Events Sumvin handles
| Event type | What Sumvin does |
|---|---|
CUSTOMER_KYC_STATUS_CHANGE | Logs the change. The Sumvin-side KYC state remains driven by SumSub. |
BANK_LINKING_CONNECTION_COMPLETED | Informational. Logged; account creation happens on the next event. |
BANK_LINKING_ACCOUNTS_UPDATED | Upserts accounts under the user, mapping Meld account types to Sumvin’s taxonomy. |
BANK_LINKING_TRANSACTIONS_AGGREGATED | Triggers a background sync to pull transactions for the affected accounts. |
BANK_LINKING_HISTORICAL_TRANSACTIONS_AGGREGATED | Same handler as above; runs on the historical backfill batch. |
BANK_LINKING_CONNECTION_STATUS_CHANGE | Updates status and status_reason on every account under the connection. |
BANK_LINKING_CONNECTION_DELETED | Soft-deletes every account under the connection. |
BANK_LINKING_ACCOUNTS_UPDATING | Recognised but no handler — informational only. |
TRANSACTION_CRYPTO_*) are recognised by the webhook router; their handlers are part of the buy/sell slice and are not partner-observable today.
Error code reference
Errors follow RFC 7807 Problem Details with a Sumvinerror_code field.
| Error code | When it fires |
|---|---|
BANK_INSTITUTION_REQUIRED | POST /v0/accounts/link was called against the Meld provider without institution_id. |
BANK_LINK_TOKEN_FAILED | Sumvin failed to mint a connect token from the underlying provider. |
BANK_PROVIDER_ERROR | The underlying provider returned an error during a token exchange or sync. |
BANK_ACCOUNT_NOT_FOUND | The referenced account does not exist for any user. |
BANK_ACCOUNT_UNAUTHORIZED | The referenced account exists but does not belong to the authenticated user. |
MELD_WEBHOOK_INVALID_SIGNATURE | A Meld webhook was rejected because of a missing or invalid signature, or a stale timestamp. |
GATE-403-001 | The authenticated user does not pass the Meld bank-linking feature gate. |