The Cobalt Link flow has the following steps:
  1. Call  https://api.usecobalt.com/link/token/create to create a link_token and pass it to your app’s client.
  2. Use the link_token to open Link for your user. In the onSuccess callback, Link will provide a temporary public_token.
  3. Call https://api.usecobalt.com/link/token/exchange to exchange the public_token for a permanent access_token.
  4. Store the access_token and use it to make API requests.

Detailed Steps

The /link/token/create endpoint creates a link_token, which is required as a parameter when initializing Link. Once Link has been initialized, it returns a public_token, which can then be exchanged for an access_token via /link/token/exchange as part of the main Link flow. 
curl -X POST https://api.usecobalt.com/link/token/create \
-H 'Content-Type: application/json' \
-H 'client_id: "%COBALT_CLIENT_ID%"' \
-H 'client_secret: "%COBALT_CLIENT_SECRET%"' \
-d '{
  "user_id": "%REFERENCE_USER_ID%",
  "org_id": "%REFERENCE_ORG_ID%"
}'
The request requires the following parameters:
  • client_id this is your Cobalt API client id.
  • client_secret this is your Cobalt API secret.
  • user_id this is a unique ID representing the end user. Typically this will be a user ID number from your application. Personally identifiable information, such as an email address or phone number, should not be used in the user_id.
  • org_id this is the ID of the organization that this user belongs to in your system. This is often a clinic or hospital. This association is important to handle any custom settings that an org has.
Example response: 
{
    "success": true,
    "token": "189hisdf78w9r3ysdfhi" // used in next step.
}
Lightbox Mode Lightbox Mode will activate the Cobalt Link experience in a modal rather than having the element appear directly embedded elsewhere on the page. The lightbox takes up the entire user’s screen, darkening the background content with a semi-transparent overlay of the page and centering Cobalt’s Link UI in a modal located at the center of the user’s screen. To utilize Lightbox mode, include the Javascript snippet on your site, before the closing </body> tag. Make sure to attach a button’s onClick event to call the launch_cobalt() function. Alternatively, you can call the window.CobaltLink.init() function directly within an event callback of your choice. CobaltLink.init accepts one argument, a configuration Object. The configuration object requires the following parameters:
  • token this is the temporary link_token from the create link token step.
  • onSuccess this callback is called when a user successfully links their account. It takes one arguments: the public_token. The public_token can then be used in the exchange public token step.
New Window Mode If you prefer to not include the Cobalt Link code in your site you can direct the user to complete the Link flow in a separate window. Do this by sending the user to https://link.usecobalt.com?token={link_token}. Once the user completes the flow they will be redirected back to your callback_url along with the public_token (eg. https://{YOUR_CALLBACK_URL}?token={public_token}). You can then use the public_token in the next step. If you haven’t set up a callback_url yet it will default to google.com and you’ll see the token in the browser’s address bar after the redirect.

Exchange Public Token

The /link/token/exchange endpoint exchanges a public_token for an access_token. 
curl -X GET "https://api.usecobalt.com/link/token/exchange" \
-H 'Content-Type: application/json' \
-H 'client_id: "%COBALT_CLIENT_ID%"' \
-H 'client_secret: "%COBALT_CLIENT_SECRET%"' 
-G \
--data-urlencode "public_token=234p852489035y29083y4" \
The request requires the following parameters:
  • client_id this is your Cobalt API client id.
  • client_secret this is your Cobalt API secret.
  • public_token this is the token acquired during the Initialize Client Link step.
Example response: 
{
    "success": true,
    "token": "9872394hjkldsfh987re9iwqhjosdffh9sdychosdofc"
}

Examples

Code snippet

<script async defer src="https://link.usecobalt.com/init.js"></script>

<script>
    function launch_cobalt() {
        window.CobaltLink.init({
            token: "%TEMPORARY_LINK_TOKEN%",
            onSuccess: (public_token) => {
              // send the public_token to your server so it can exchange it for an access_token
            },
        })
    }
</script>

Javascript

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Cobalt Demo</title>
    <link rel="stylesheet" href="index.css">
</head>
<body>
    <div id="button-container">
        <button id="loadAppButton">Link account</button>
    </div>

    <script src="https://link.usecobalt.com/init.js"></script>
    
    <script type="text/javascript">
        document.getElementById('loadAppButton').addEventListener('click', async function() {

            // Fetch the link token from the Cobalt API
            try {
                const publicTokenResponse = await fetch('https://api.usecobalt.com/link/token/create', {
                    method: 'POST',
                    headers: {
                        'Content-Type': 'application/json',
                        'client_id': '%COBALT_CLIENT_ID%',
                        'client_secret': '%COBALT_CLIENT_SECRET%'
                    },
                    body: JSON.stringify({ user_id: '%REFERENCE_USER_ID%', org_id: '%REFERENCE_ORG_ID%' })
                });
                const publicTokenData = await publicTokenResponse.json();
                
                if (publicTokenData && publicTokenData.token) {
                    // Initialize Cobalt Link with the fetched token
                    window.CobaltLink.init({
                        token: publicTokenData.token,
                        onSuccess: async (public_token) => {
                            console.log('got the public_token: ', public_token);
	                            
                            // Exchange the public token for the access token
                            const accessTokenResponse = await fetch(`https://api.usecobalt.com/link/token/exchange?public_token=${public_token}`, {
					                    method: 'GET',
					                    headers: {                        
						                    'Content-Type': 'application/json',
						                    'client_id': '%COBALT_CLIENT_ID%',
						                    'client_secret': '%COBALT_CLIENT_SECRET%'
						                  },
					                  });
						                const accessTokenData = await accessTokenResponse.json();
						                console.log('got the access_token: ', accessTokenData.token);
						                // Now you can save the access_token and use it to call the API
                    });
                } else {
                    console.error('Failed to obtain link token:', data.message);
                    messageEl.innerText = "Error: " + data.message;
                }
            } catch (err) {
                console.error('Failed to setup integration:', err);
                messageEl.innerText = "Error: " + err.message;
            }
        });
    </script>
</body>
</html>

React

import React, { useCallback, useState, useEffect } from "react";

// Custom hook from Cobalt for handling link operations.
// Run `npm i @cobalt-technology/react-link` to install the package. 
import { useCobaltLink } from "@cobalt-technology/react-link";

export default function CobaltLinkDemo() {
    const [linkToken, setLinkToken] = useState(null); // State to store the link token received from the Cobalt API
    const [publicToken, setPublicToken] = useState(""); // State to store the public token received from the onSuccess callback
    const [isReadyToInit, setIsReadyToInit] = useState(false); // State to determine if the component is ready to initialize the Cobalt link

    // Callback function to handle success after receiving public token
    const onSuccess = useCallback((public_token) => {
        console.log("got the public_token: ", public_token);
        setPublicToken("Public token: " + public_token);
        
        // Exchange the public token for the access token
        const accessTokenResponse = await fetch(`https://api.usecobalt.com/link/token/exchange?public_token=${public_token}`, {
	        method: 'GET',
	        headers: {                        
		        'Content-Type': 'application/json',
		        'client_id': '%COBALT_CLIENT_ID%',
		        'client_secret': '%COBALT_CLIENT_SECRET%'
		      },
				});
				const accessTokenData = await accessTokenResponse.json();
				console.log('got the access_token: ', accessTokenData.token);
				// Now you can save the access_token and use it to call the API
    }, []);

    // Destructuring the necessary methods and states from the useCobaltLink hook
    const { init, loading } = useCobaltLink({
        token: linkToken,
        onSuccess,
    });

    // Effect to initialize the Cobalt link once conditions are met
    useEffect(() => {
        if (isReadyToInit && linkToken && !publicToken) {
            init();
        }
    }, [isReadyToInit, linkToken, init]);

    // Function to request a link token from the Cobalt API
    const initLink = async () => {
        try {
            const response = await fetch(
                "https://api.usecobalt.com/link/token/create", {
                    method: "POST",
                    headers: {
                        "Content-Type": "application/json",
                        client_id: "%COBALT_CLIENT_ID%",
                        client_secret: "%COBALT_CLIENT_SECRET%",
                    },
                    body: JSON.stringify({ user_id: "%REFERENCE_USER_ID%", org_id: "%REFERENCE_ORG_ID%" }),
                }
            );
            const data = await response.json();
            if (data && data.token) {
                setLinkToken(data.token);
                setIsReadyToInit(true);
            } else {
                console.error("Failed to obtain link token:", data.message);
            }
        } catch (err) {
            console.error("Failed to setup integration:", err);
        }
    };

    // Render a button that triggers the initLink function
    return (
        <div>
            <button disabled={loading} onClick={initLink}>
                Link Account
            </button>
        </div>
    );
}