Integrating Yodlee with Lovable uses Edge Functions to handle Yodlee's OAuth2 authentication, FastLink widget initialization, and financial data retrieval. Store your Yodlee credentials in Cloud Secrets, create Edge Functions for token generation and account data proxying, embed Yodlee's FastLink widget for bank connections, and build financial planning dashboards. Setup takes 60-75 minutes due to Yodlee's enterprise onboarding.
Why integrate Yodlee with Lovable?
Yodlee is the financial data aggregation engine behind many of the world's largest banks and fintech applications — it's the infrastructure Mint originally used, and it remains the enterprise standard for financial data aggregation. While Plaid has dominated the developer market with its simpler API, Yodlee offers several capabilities that make it the preferred choice for specific use cases: deeper historical data (up to 36 months at some institutions), broader global coverage (21,000+ institutions including international banks), richer investment data (holdings, cost basis, dividends), and access to bill payment information.
For Lovable developers building financial planning tools, wealth management dashboards, or financial wellness apps targeting an institutional or enterprise market, Yodlee provides data depth that Plaid doesn't match. The tradeoff is complexity: Yodlee's authentication uses a dual-token system with separate app-level and user-level tokens, and the API's response structure is more verbose than Plaid's. This tutorial covers both the technical integration and the architectural decisions needed to make Yodlee work in Lovable's Edge Function environment.
Yodlee provides a developer sandbox through their Envestnet developer portal with pre-loaded test accounts covering various institution types and account categories. The sandbox credentials are different from production — you'll use them throughout development and switch to production credentials only when going live with real users. API access requires registering at developer.envestnet.com and creating a developer application, which is typically approved within 24-48 hours.
Integration method
Yodlee has no native Lovable connector. Integration requires Supabase Edge Functions to manage Yodlee's OAuth2 token flow (both app-level and user-level tokens), initialize the FastLink widget for bank connections, and proxy data requests for accounts, transactions, and holdings. All Yodlee API credentials stay in Cloud Secrets. The FastLink widget loads in the browser using a user-level token generated by the Edge Function.
Prerequisites
- A Lovable project with Cloud enabled
- A Yodlee developer account — register at developer.envestnet.com
- Yodlee API credentials: clientId, secret, and cobrand name from your developer portal application
- Understanding of Yodlee's dual-token authentication: cobrand (app) token + user token
- Familiarity with OAuth2 flow concepts
Step-by-step guide
Register a Yodlee developer application and get credentials
Register a Yodlee developer application and get credentials
Go to developer.envestnet.com and create a developer account. After email verification, navigate to 'My Applications' and click 'Create Application'. Fill in your application name, description, and intended use case. For development access, select the 'Developer' tier which provides sandbox access with test accounts. Once your application is approved (typically within 24-48 hours), navigate to your application's detail page. You'll find three key credentials: ClientId (a UUID-format identifier), Secret (a long random string), and your Cobrand Name (a short identifier like 'restserver' in the sandbox). These three values together authenticate your application to Yodlee's API. Yodlee's authentication is a two-step process that differs from simpler API keys. First, you obtain a cobrand (app-level) token by authenticating with your ClientId, Secret, and Cobrand Name. This app-level token represents your application. Second, you obtain a user token by authenticating a specific user within your app. Each end-user of your Lovable app must have a corresponding Yodlee user record, and their token is used for all data requests related to that user's accounts. In the sandbox, Yodlee provides pre-configured test users (like 'sbMem...' format usernames) with pre-linked test financial accounts. This lets you test the entire data retrieval flow without going through the FastLink bank connection UI, which speeds up development.
Pro tip: The Yodlee sandbox cobrand name is 'restserver' and the API base is https://sandbox.api.yodlee.com/ysl. When you move to production, the cobrand name changes to your company-specific name and the base URL changes to https://production.api.yodlee.com/ysl. Store both as Cloud Secrets to enable environment switching.
Expected result: You have your Yodlee ClientId, Secret, and Cobrand Name saved. Your developer application appears in the Envestnet portal with sandbox access enabled.
Store Yodlee credentials in Cloud Secrets
Store Yodlee credentials in Cloud Secrets
Open your Lovable project, click the '+' icon in the top-right, select 'Cloud', and expand the Secrets section. Add the following credentials as encrypted environment variables. Add YODLEE_CLIENT_ID with your ClientId value. Add YODLEE_SECRET with your Secret value. Add YODLEE_COBRAND_NAME with your cobrand name ('restserver' for sandbox). Add YODLEE_API_BASE with 'https://sandbox.api.yodlee.com/ysl' for sandbox or the production URL when ready. Add YODLEE_LOCALE with 'en_US' as the default locale for your application. Yodlee's credentials grant full read access to all financial data for all users registered under your cobrand. Unlike a simple API key that just grants access to a data feed, Yodlee credentials represent a trust relationship with financial institutions and carry significant data responsibility. Protecting them with Cloud Secrets is not just good practice but a Yodlee contractual requirement — their developer agreement requires that credentials be stored securely and never exposed in client-side code. Lovable's SOC 2 Type II certified secrets infrastructure meets this requirement.
Pro tip: Create a Supabase table called yodlee_tokens (cobrand_token, cobrand_expires, user_id, user_token, user_expires) to cache both token types. Tokens expire every 30 minutes for cobrand tokens and vary for user tokens. Caching eliminates repeated token requests on every API call.
Expected result: YODLEE_CLIENT_ID, YODLEE_SECRET, YODLEE_COBRAND_NAME, YODLEE_API_BASE, and YODLEE_LOCALE appear in your Cloud Secrets list.
Create the Yodlee authentication and FastLink Edge Function
Create the Yodlee authentication and FastLink Edge Function
Yodlee's authentication requires two sequential token requests. The cobrand (app) token request authenticates your application using your clientId and secret. The user token request authenticates a specific end-user using the cobrand token plus the user's loginName in your Yodlee cobrand. For new users, you must first register them in Yodlee using a POST to /user/register with a loginName (can be your app's user ID), email, and locale. This creates a corresponding Yodlee user record. Subsequent sessions for the same user just need the user token request. For the FastLink widget (the bank connection UI), you need a user token but also generate a FastLink token using POST /user/accessTokens. This token is passed to the FastLink JavaScript SDK to initialize the widget. FastLink handles the entire bank login flow — you just provide the token and a callback function, and FastLink calls your callback when the user successfully adds an account. Create an Edge Function that handles all three operations as separate actions: get-cobrand-token, get-user-token, and get-fastlink-token. Cache cobrand tokens for 25 minutes (they expire at 30) and user tokens per their expiry. For complex multi-user deployments with enterprise-level usage, RapidDev's team can help design token caching architectures that scale efficiently.
Create a Supabase Edge Function at supabase/functions/yodlee-auth/index.ts. It should: Read YODLEE_CLIENT_ID, YODLEE_SECRET, YODLEE_COBRAND_NAME, YODLEE_API_BASE from Deno.env. Support three actions: action='cobrand-token' — POST to /cobrand/login with clientId, secret, cobrand name; cache result in yodlee_tokens Supabase table; return cobrand_session; action='user-token' with loginName — POST to /user/login with cobrand token and loginName; return user_session; action='fastlink-token' with loginName — calls user token endpoint first then POST to /user/accessTokens; returns {access_token, fastlink_url}.
Paste this in Lovable chat
1// supabase/functions/yodlee-auth/index.ts2import { serve } from "https://deno.land/std@0.168.0/http/server.ts";3import { createClient } from "https://esm.sh/@supabase/supabase-js@2";45const BASE = Deno.env.get("YODLEE_API_BASE") ?? "";6const CLIENT_ID = Deno.env.get("YODLEE_CLIENT_ID") ?? "";7const SECRET = Deno.env.get("YODLEE_SECRET") ?? "";8const COBRAND = Deno.env.get("YODLEE_COBRAND_NAME") ?? "";9const corsHeaders = { "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Methods": "POST, OPTIONS", "Access-Control-Allow-Headers": "Content-Type, Authorization" };1011serve(async (req) => {12 if (req.method === "OPTIONS") return new Response(null, { headers: corsHeaders });13 const supabase = createClient(Deno.env.get("SUPABASE_URL") ?? "", Deno.env.get("SUPABASE_SERVICE_ROLE_KEY") ?? "");14 const body = await req.json();15 const { action, login_name } = body;1617 try {18 const getCobrandToken = async () => {19 const { data: cached } = await supabase.from("yodlee_tokens").select("cobrand_token, cobrand_expires").order("cobrand_expires", { ascending: false }).limit(1).single();20 if (cached && new Date(cached.cobrand_expires) > new Date(Date.now() + 60_000)) return cached.cobrand_token;2122 const res = await fetch(`${BASE}/cobrand/login`, {23 method: "POST",24 headers: { "Api-Version": "1.1", "Content-Type": "application/json" },25 body: JSON.stringify({ cobrand: { cobrandLogin: COBRAND, cobrandPassword: SECRET } }),26 });27 const data = await res.json();28 if (!data.session?.cobSession) throw new Error("Cobrand login failed");29 const expires = new Date(Date.now() + 25 * 60_000).toISOString();30 await supabase.from("yodlee_tokens").insert({ cobrand_token: data.session.cobSession, cobrand_expires: expires });31 return data.session.cobSession;32 };3334 if (action === "cobrand-token") {35 const token = await getCobrandToken();36 return new Response(JSON.stringify({ cobrand_token: token }), { headers: { ...corsHeaders, "Content-Type": "application/json" } });37 }3839 if (action === "user-token") {40 const cobToken = await getCobrandToken();41 const res = await fetch(`${BASE}/user/login`, {42 method: "POST",43 headers: { "Api-Version": "1.1", "Cobrand-Session": cobToken, "Content-Type": "application/json" },44 body: JSON.stringify({ user: { loginName: login_name, password: CLIENT_ID } }),45 });46 const data = await res.json();47 if (!data.user?.session?.userSession) throw new Error("User login failed");48 return new Response(JSON.stringify({ user_token: data.user.session.userSession }), { headers: { ...corsHeaders, "Content-Type": "application/json" } });49 }5051 return new Response(JSON.stringify({ error: "Unknown action" }), { status: 400, headers: corsHeaders });52 } catch (err) {53 return new Response(JSON.stringify({ error: err.message }), { status: 500, headers: { ...corsHeaders, "Content-Type": "application/json" } });54 }55});Pro tip: Yodlee requires each user in your app to have a corresponding user record in their system. When a user signs up for your Lovable app, immediately call the Yodlee user registration endpoint using the yodlee-auth Edge Function. Use your app's user_id (from Supabase Auth) as the Yodlee loginName for easy mapping.
Expected result: The yodlee-auth Edge Function is deployed. Calling it with action='cobrand-token' returns a valid cobrand session token. Calling action='user-token' with a loginName returns a user session token.
Fetch account data via the Yodlee data Edge Function
Fetch account data via the Yodlee data Edge Function
With authentication working, create the data retrieval Edge Function. Yodlee's main data endpoints are: GET /accounts (all linked accounts with balances), GET /transactions (transaction history with Yodlee's 15,000-category classification), and GET /holdings (investment securities for investment accounts). All data requests require the user-session token in the Authorization header as 'Bearer {user_token}' plus the cobrand session in a separate Cobrand-Session header. The user_token is user-specific — each user's data is isolated in Yodlee by their session token. For transactions, Yodlee provides much richer categorization than Plaid — over 15,000 categories in a hierarchical taxonomy. For display purposes, use the top-level category (categoryType: EXPENSE, INCOME, TRANSFER) combined with the category name (e.g., 'Restaurants', 'Salary', 'Credit Card Payment'). Filter transactions by date range using the fromDate and toDate query parameters in YYYY-MM-DD format. Store synced data in Supabase tables (yodlee_accounts, yodlee_transactions) and apply RLS policies so users only access their own records. Use the user's Supabase Auth user_id as the foreign key for all Yodlee data, maintaining the mapping between Supabase users and their Yodlee login names in a separate user_integrations table.
Create a Supabase Edge Function at supabase/functions/yodlee-data/index.ts. It should: get a user_token by calling yodlee-auth with the user's login_name; support three actions: action='accounts' — GET /accounts with user_token and cobrand token, return array of {account_id, name, balance, account_type, currency}; action='transactions' with from_date and to_date — GET /transactions with date range, return array of {transaction_id, date, description, amount, category, account_id}; action='holdings' — GET /holdings return array of {security, quantity, value, cost_basis}. Upsert results to corresponding Supabase tables.
Paste this in Lovable chat
Pro tip: Yodlee's account balance structure differs by account type: bank accounts have availableBalance and currentBalance; credit cards have runningBalance (amount owed); investment accounts have totalBalance. Map each account type to the correct balance field in your Edge Function for accurate net worth calculations.
Expected result: The yodlee-data Edge Function fetches accounts, transactions, and holdings from Yodlee and stores them in Supabase. Calling action='accounts' returns all connected accounts with current balances.
Common use cases
Comprehensive financial dashboard with all account types
A financial planning app aggregates checking, savings, credit cards, mortgages, and investment accounts in one view. Yodlee's FastLink handles the bank connection UI, then Edge Functions fetch account balances and recent transactions. The dashboard shows net worth (all assets minus all liabilities), account-by-account balances, and a combined transaction feed across all accounts.
Build a comprehensive financial dashboard using Yodlee. After bank accounts are connected via Yodlee FastLink, fetch all account balances via an Edge Function and display them grouped by type: Banking (checking, savings), Credit Cards, Loans, Investment. Calculate total assets, total liabilities, and net worth. Show a combined recent transactions feed from all accounts sorted by date. Add a net worth trend chart using stored snapshots.
Copy this prompt to try it in Lovable
Investment portfolio tracker with holdings
A wealth management tool shows investment account holdings with current values, cost basis, unrealized gains, and asset allocation charts. Yodlee's investment data API returns individual security holdings with quantities and prices. The Edge Function fetches holdings for all investment accounts and the frontend displays portfolio analytics.
Build an investment portfolio tracker. Create an Edge Function that fetches Yodlee investment account holdings using the /accounts and /holdings endpoints. Return each holding's symbol, description, quantity, current price, current value, cost basis, and unrealized gain/loss. Display a portfolio table sorted by value, a pie chart of asset allocation by sector, and summary metrics: total portfolio value, total cost basis, total unrealized gain/loss, and overall return percentage.
Copy this prompt to try it in Lovable
Spending analytics and financial health score
A financial wellness app analyzes 3 months of transaction data from all connected accounts to calculate a financial health score based on income stability, spending patterns, savings rate, and debt-to-income ratio. Yodlee's categorized transaction data provides the raw inputs. The Edge Function aggregates the data and the frontend displays actionable recommendations.
Build a financial health analyzer. Fetch 90 days of transactions from Yodlee for all connected accounts. Calculate and display: monthly average income (sum of credits > $500), monthly average spending by category, savings rate (income minus expenses / income), estimated debt payments from transaction patterns. Display a 0-100 health score based on these metrics, with a breakdown card for each component and specific improvement suggestions.
Copy this prompt to try it in Lovable
Troubleshooting
Cobrand login fails with 'Invalid credentials' error
Cause: The YODLEE_COBRAND_NAME, YODLEE_CLIENT_ID, or YODLEE_SECRET values in Cloud Secrets don't match the credentials in your Envestnet developer portal, or you're mixing sandbox and production credentials.
Solution: Open developer.envestnet.com, navigate to your application, and copy the exact ClientId, Secret, and Cobrand Name values. The Cobrand Name is case-sensitive. Verify you're using the sandbox credentials with the sandbox API URL (https://sandbox.api.yodlee.com/ysl) and production credentials with the production URL. They are separate environments with separate credentials.
User token request returns 'User not found' error
Cause: The loginName you're using to request a user token doesn't exist in Yodlee's system for your cobrand. Each user must be registered in Yodlee before their token can be requested.
Solution: Add a user registration step to your app's onboarding flow: when a user creates an account in your Lovable app, immediately call the Yodlee POST /user/register endpoint with their loginName (typically your app's user_id), email, and locale. Store the Yodlee registration status in your user_integrations table so you can detect and retry failed registrations.
FastLink widget doesn't load or shows a blank screen
Cause: FastLink requires a valid, non-expired user access token passed to its initialization function. Tokens expire quickly (30 minutes), and if the frontend caches the token and uses it later, FastLink will fail silently.
Solution: Request a fresh FastLink token immediately before opening the widget — never cache FastLink tokens on the frontend. Call your yodlee-auth Edge Function to get a new token each time the user opens the bank connection flow. Also verify that the FastLink CDN URL you're loading matches your Yodlee environment (sandbox vs. production URLs differ).
Transaction data shows duplicate entries after syncing
Cause: Yodlee's transaction IDs are consistent for posted transactions but can change for pending transactions when they post. If you're upserting on transaction_id and the ID changes, you get duplicates for the pending and posted versions of the same transaction.
Solution: Filter out pending transactions from your sync (add PARAM transactionStatus=POSTED to your transactions request) or implement a deduplication step that matches pending and posted transactions by amount, date, and merchant when the pending transaction disappears.
Best practices
- Cache cobrand tokens for 25 minutes and user tokens near their expiry time in Supabase to avoid re-authenticating on every API call — Yodlee's token endpoints are rate-limited and slow.
- Use your Supabase Auth user_id as the Yodlee loginName for a clean mapping between your app's users and their Yodlee accounts — never use email addresses as loginNames since users can change emails.
- Apply RLS to all Yodlee data tables so each user can only access their own accounts and transactions — financial data requires strict per-user isolation.
- Never return Yodlee user session tokens to the frontend — keep all token management in Edge Functions and use your Supabase Auth JWT to identify users in API requests.
- Implement incremental transaction sync using Yodlee's fromDate/toDate filters to fetch only new transactions since the last sync, reducing API calls and improving sync performance.
- Store account balance snapshots daily in a separate table for net worth trending — Yodlee doesn't provide historical balance data, only current balances, so you must capture snapshots yourself.
- Handle Yodlee's error codes explicitly: 0 (success), Y007 (invalid credentials), Y008 (token expired), Y009 (unauthorized) — each requires different user-facing messaging and recovery actions.
Alternatives
Plaid has a simpler developer setup and cleaner API design for US bank connectivity; choose Plaid when ease of integration matters more than data depth or international coverage.
Alpha Vantage provides market price data for investment tracking without needing bank account access; use it when you need price data but not personal account holdings.
QuickBooks handles business accounting and invoicing rather than personal financial aggregation; choose QuickBooks when your users are tracking business finances rather than personal accounts.
Frequently asked questions
What's the main difference between Yodlee and Plaid?
Yodlee is an enterprise-grade financial data aggregator with broader global coverage (21,000+ institutions vs. Plaid's ~12,000), deeper data history, richer investment data, and institutional-grade reliability used by major banks. Plaid has a significantly simpler developer experience, faster onboarding, and a cleaner modern API design. For indie builders and startups targeting US users, Plaid is the better starting point. For enterprise apps with global users or deep investment tracking needs, Yodlee's capabilities justify the added complexity.
How do I handle Yodlee user registration for my app's users?
Each end-user of your Lovable app needs a corresponding Yodlee user record. Create one during your app's signup flow by calling POST /user/register with a loginName (use your Supabase user_id for easy mapping), email, and locale. Store the registration status in a user_integrations table. If registration fails (network error, Yodlee downtime), implement a retry mechanism that re-attempts registration on the user's next login before showing the bank connection option.
What does Yodlee's FastLink widget handle vs. what my app handles?
FastLink handles everything in the bank authentication flow: institution search, username/password entry, MFA/OTP challenges, OAuth redirects for banks that require it, and confirmation. Your app handles everything before FastLink (providing the user token) and after (receiving the callback with the newly linked account ID and then fetching account data via the Yodlee API). You never see or store the user's bank credentials — FastLink keeps those entirely within Yodlee's infrastructure.
Is Yodlee available in countries outside the US?
Yes — Yodlee supports financial institutions in over 20 countries including the US, Canada, UK, Australia, India, and major European markets. Coverage depth varies significantly by country. In some markets, Yodlee uses screen scraping rather than direct bank API connections, which means connection reliability is lower and credentials are handled differently. Check Yodlee's institution coverage documentation for your target markets before committing to the platform.
How much does Yodlee cost for a Lovable app?
Yodlee's developer sandbox is free for testing. Production pricing is based on data volume and is negotiated directly with Envestnet/Yodlee's sales team — they don't publish public pricing. Typically pricing is per API call or per connected account per month, and enterprise contracts start at several thousand dollars monthly. Yodlee is better suited to funded startups or enterprises than bootstrapped indie projects where Plaid's transparent self-serve pricing is more practical.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation