Platform API
The Lunch Flow Platform API lets you embed financial data into your own product. Register users, connect their bank accounts, and read their transaction, balance, and holdings data.
If you only need to access your own data, check out the simpler Personal API.
Base URL
https://lunchflow.app/api/platform/v1Authentication
| Scheme | Credentials | Used for |
|---|---|---|
| Basic Auth | client_id : client_secret | Managing users (create, update, delete) |
| Bearer Token | access_token | Accessing user data, portal sessions |
Your client_id and client_secret come from the Developer Dashboard. The access_token is returned when you register a user or when a user completes the OAuth flow.
Refresh expired tokens via POST /oauth/token with grant_type=refresh_token.
Two integration approaches
You can choose for the end user to pay the subscription, or you can pay for their subscription. The integration process follows a very similar flow in both cases: Share a link with your end users to connect their banks, redirect to your website, and access data server-side. The only difference is whether users get a checkout form (when they're paying) or go directly to connect a number of bank accounts that you control (when you pay).
Create an app
Go to the Developer Dashboard and create an app to get your client_id and client_secret. Add a redirect URI.
Register a user
Call POST /users with Basic Auth. You get back an access_token and refresh_token.
curl -X POST https://lunchflow.app/api/platform/v1/users \
-u "$CLIENT_ID:$CLIENT_SECRET" \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com"}'Connect bank via OAuth
Redirect the user to the authorize endpoint. They sign in, connect their bank, and are redirected back with a code.
GET https://lunchflow.app/api/platform/oauth/authorize
?client_id=$CLIENT_ID
&redirect_uri=https://yourapp.com/callback
&email=user@example.com
&state=$RANDOM_STATEExchange the code for tokens:
curl -X POST https://lunchflow.app/api/platform/oauth/token \
-H "Content-Type: application/json" \
-d '{
"grant_type": "authorization_code",
"code": "$AUTH_CODE",
"redirect_uri": "https://yourapp.com/callback",
"client_id": "$CLIENT_ID",
"client_secret": "$CLIENT_SECRET"
}'Access data
Once the user has linked their bank, read their accounts, transactions, balances, and holdings.
curl https://lunchflow.app/api/platform/v1/accounts \
-H "Authorization: Bearer $ACCESS_TOKEN"Refreshing tokens
Access tokens expire after 1 hour. Use the refresh token to get a new pair:
curl -X POST https://lunchflow.app/api/platform/oauth/token \
-H "Content-Type: application/json" \
-d '{
"grant_type": "refresh_token",
"refresh_token": "$REFRESH_TOKEN",
"client_id": "$CLIENT_ID",
"client_secret": "$CLIENT_SECRET"
}'For public (self-hosted) clients, omit the client_secret.
Endpoints
Browse the interactive reference for each endpoint in the Users and Accounts sections of the sidebar.
Support
Questions or issues? Email hello@lunchflow.app.
Get account holdings GET
Returns investment holdings for the specified brokerage account. Only available for accounts from providers that support holdings (SnapTrade, MX, Finicity, Pluggy).
Register a user POST
Creates or retrieves a platform user for this app. Returns a user_id, access_token, and refresh_token. Use the access_token as a Bearer token for data endpoints.