Sandbox Testing

The below article has been written to help you with testing your application and exploring Lean's APIs within the Sandbox. This means the following three statements are always in effect:

  1. All calls in Sandbox are made to not
  2. Usage of the LinkSDK has sandbox: true in the method calls.
  3. Calls to Lean's API do not require certificates or mTLS transmission.

Lean Mockbank

Usage of the LinkSDK in Sandbox mode will enable 'Lean Mockbank' as a provider. Mockbank allows you to connect sample users and test the various states of your application to make sure you're ready for production data.

Mockbank behaves the same way as live banks, providing data and sending webhooks.

Test Users

In order to log into the mockbank, you will need to provide the credentials for one of your provisioned Test Users - these are displayed in the developer portal under the authentication tab.

Your application starts out with 5 test users which are unique to you. Each test user will all have a different set of accounts and transactions which will allow you to simulate working with multiple users in your application. If at any point you would like to generate further test users, let your Lean representative know.

OTP challenges

During various flows within the Link SDK, your user will be asked to submit a One Time Password (OTP).

The valid response for all OTP challenges in the sandbox is 1111.

Mocking the Reconnect Flow

Reconnecting is a key workflow when using our Data API over a sustained period of time. In order to test this workflow, Mockbank will automatically deauthenticate a user after 10 minutes of inactivity. While most banks won't need to be authenticated this often, your integration should handle this as a possible response to any call to the Data API.

After 10 minutes, the next time you try to make a call to the Data API you will receive a response with the status RECONNECT_REQUIRED and a relevant reconnect_id, enabling you to test this workflow.

Reconnect API Reference


curl -X POST '' \
--header 'Content-Type: application/json' \
--header 'lean-app-token: 4028f6df76b9e6350176ccff97520017' \
--data-raw 'entity_id: 52dbcb60-f0ae-431c-b435-db319fa5a0ce'


"payload": {
"reconnect_id": "6137108c-8e18-45b1-bba6-97e877e8bdeb",
"type": "reconnect"
"results_id": "e3e8529f-08e9-4a0f-8064-6aa250181829",
"message": "User input is required to reconnect with the bank",
"timestamp": "2021-01-11T14:00:42.014308Z"

Capturing Webhooks

You can test our API's directly from your terminal or Postman without building your backend, however key information is delivered via webhook.

While in sandbox, and no live data is being sent, you can use a webhook catcher to view the webhook data being sent.

LinkSDK Testing

We've provided a simple HTML wrapper on github to get started with creating entities in the Sandbox. Simply clone the repository and update the values with your own.

LinkSDK HTML Boilerplate


git clone