Wait for webhooks before proceeding
Always wait for thetask-status-updated webhook with status: done before treating a connection as complete. Do not rely solely on the client-side onSuccess callback. The task may still be processing server-side.
Validate account details upfront
Provide complete and accurate bank account information when creating the bridge token. Missing or incorrect fields cause configuration failures. Deposit Switch: route the user’s entire paycheck or a fixed amount:Deposit type options
deposit_type | Description |
|---|---|
entire | Route the entire paycheck |
amount | Route a fixed dollar amount (set deposit_value) |
percent | Route a percentage of the paycheck (set deposit_value) |
Handle errors from webhooks
Monitortask-status-updated webhooks for error statuses. These indicate the connection or configuration failed.
| Webhook status | Cause | Resolution |
|---|---|---|
login_error | Incorrect credentials | Prompt the user to re-authenticate via Bridge Update Mode |
mfa_error | MFA challenge failed | Prompt the user to try again |
config_error | Provider doesn’t support the requested operation | Fall back to manual instructions or try a different provider |
account_locked | Too many failed attempts at the provider | Ask the user to unlock their account with the provider |
Handle client-side errors
Listen forERROR events in the Bridge onEvent callback. The error object uses error_code, not a generic code field.
Use deeplinking when you know the employer
If you know the user’s employer or payroll provider, pass it when creating the bridge token to skip search screens and improve conversion.Check DDS/PLL support before connecting
Use the company search endpoint to check if a provider supports DDS or PLL before routing the user through the flow. This avoids dead-end experiences where the user connects but the provider doesn’t support the desired product.Leverage VOIE-PLL flow
For combined income verification and paycheck linked lending, complete the VOIE flow first, then check if the connected provider supports DDS/PLL. After VOIE completes, fetch the link details:is_dds_available flag in the response. If true, the user’s payroll provider supports DDS/PLL and you can offer it as a follow-up step without requiring the user to reconnect.
Understand the token flow
The Widget-only flow uses a three-token exchange to securely connect users to their payroll providers:| Token | Created By | Lifetime | Purpose |
|---|---|---|---|
bridge_token | Your server (via API) | 6 hours | Initialize Truv Bridge on the client |
public_token | Truv Bridge (on success) | Short-lived | Temporary token for exchange |
access_token | Token exchange (via API) | Persistent | Configure DDS/PLL and retrieve data |
Store and protect tokens
access_tokenis persistent and grants access to the user’s data. Store it encrypted on your server.bridge_tokenis short-lived (6 hours) and safe to pass to the client. Generate a new one if the user hasn’t started within that window.public_tokenis single-use. Exchange it immediately for anaccess_tokenviaPOST /v1/link-access-tokens/and discard it.
access_token or API credentials in client-side code.
Verify webhook signatures
Always verify theX-WEBHOOK-SIGN header on incoming webhooks to confirm they are from Truv. Use the raw request body. Never use parsed JSON.
See Webhook Security for verification examples.
Next steps
Widget-only Integration
Implementation guide for Widget-only flow
Returning User
Reconnect or update an existing link
Bridge Events
Client-side event types and error codes
Task Lifecycle
Server-side connection statuses