Atomic logo

Switch Implementation Guide

Atomic's products empower users to access and update their payroll data. When users are authenticating with their payroll account, Atomic requires that the process be facilitated through Transact. Your integration with Transact will differ slightly depending on your specific use-case and tech stack.

An implementation of Atomic breaks down into five steps:

  • 1

    Request an access token from your server.

  • 2

    On your server, request an access token from Atomic's API.

  • 3

    Using your generated access token, instantiate our Transact SDK.

  • 4

    The user links their account(s) via Transact.

  • 5

    Optionally, receive webhook events to your server.

Data Flow Diagram

To authenticate an end user and start Transact, you will need your API Key and Secret from the Atomic Console.

An AccessToken for the end user is required to initialize Transact. To retrieve the AccessToken, make the following HTTP request on your server.

POST/access-token
https://sandbox-api.atomicfi.com/access-token

The above request will result in a response with a publicToken.

We will need the publicToken from the response for setting up your client-side code to initialize Transact, so once its been received on your server, send the publicToken to your client.

Response body
{
  "data": {
    "publicToken": "6e93549e-3571-4f57-b0f7-77b7cb0b5e48"
  }
}

Automating the transfer of card data is crucial to streamline the payment switching experience. Depending on your PCI compliance status and whether or not you hold card data, your integration approach may vary.

Accordingly, there are three options for passing card data:

Just before a user initiates the Transact experience, an Access Token is created. Card data may be transferred during access token creation by passing an array of card data to Atomic’s PCI compliant environment, pci.atomicfi.com. This data is temporarily held in our vault while the user completes their switching experience.

Option A: During access token creation
POST/access-token
https://sandbox-pci.atomicfi.com/access-token

An alternative option to up-front transfer of card data is to wait until the user authenticates with a merchant. This approach limits the amount of card data transferred to Atomic’s environment. Listening for user authentication can be done either server-side or client-side.

  1. Client-side: Transact will invoke a client-side onDataRequest callback to your system.
  2. Server-side: Listen for a task-status-updated webhook event indicating that the status is processing. This event also includes the identifier of the user.

After either of these, you'll make a request to our Update User endpoint to transfer the card data to be used for the switch.

Option B: After merchant authentication
In order to populate the card selection within the user experience before authentication, we will need general card information during access token creation, however sensitive card fields will be omitted. For example, you can send the lastFourAccountNumber in lieu of the full card number, and omit the cvv.

Example access token creation using insensitive fields

POST/access-token
https://sandbox-pci.atomicfi.com/access-token

Example adding card data to the user after authentication

https://sandbox-pci.atomicfi.comundefined

It is common for our customers to be using a BaaS vendor for their card program, outsourcing card data management and PCI compliance to the BaaS vendor. If this describes your situation, Atomic offers a solution for transferring card data that allows your system to remain out-of-scope as it relates to PCI.

Card proxy diagram

By sending a request for card details through our pci.atomicfi.com domain which contains a provider configuration, the response from the provider that may contain sensitive card fields can be routed directly to Atomic’s PCI-compliant environment.

You will add a paymentService object to your code that contains fields necessary for Atomic to retrieve the card information. The fields required vary per BaaS provider, and our team will work with you to build and test the specific integration.

Example request that implements paymentService
POST/access-token
https://sandbox-pci.atomicfi.com/access-token

On the Emulator page on the Atomic Console you can interactively configure and launch an instance of Transact. This is an embedded instance of our SDK within the Console. Use it to test variations of the flow, see the outcomes of Tasks using our Test Credentials, and customize Transact itself.

Transact requires a configuration object when initialized in a live application. To get started you only need the publicToken from the previous step and the tasks you wish to execute. This configuration object has many options to customize the look and behavior of Transact.

For a full list of options, please refer to the Transact SDK Parameters Reference .
Configuration object
{
  "publicToken": "6e93549e-3571-4f57-b0f7-77b7cb0b5e48",
  "tasks": [
    {
      "operation": "switch"
    }
  ]
}

Atomic's Transact is a client-side SDK that allows your users to connect their payroll accounts to your app.

Transact will handle credential validation, multi-factor authentication, and error handling for each system that we support. Transact supports browsers, native apps, and hybrid apps.

To aid in testing various user experiences, you may use any of these pre-determined "test" credentials for authentication. Any password will work as long as the username is found in these lists. If the authentication requires an email, simply append @example.com to the end of the chosen username.

Upon submission of your credentials, a test task is created in Atomic’s system to process the end user’s data. These credentials can be toggled off for production use in the Atomic Console.

Test where the user's credentials are correct and the task completes. When answering MFA questions, any answer will be accepted.

UsernamePhone NumberDescription
test-good(555) 555-0100Test a successful operation.
test-code-mfa(555) 555-0101Test an authentication that includes a device code based MFA flow.
test-push-mfa(555) 555-0102Test an authentication that simulates push-based MFA.
test-question-mfa(555) 555-0103Test an authentication that simulates question-based MFA.

Test where the user encounters an issue connecting to the third-party system.

UsernamePhone NumberDescription
test-system-unavailable(555) 555-0104Test the user experience during a third-party system outage.
test-unknown-failure(555) 555-0105Test the user experience when there is an unexpected error.
test-session-timeout(555) 555-0106Test the user experience when the auth session has timed out.
test-connection-error(555) 555-0107Test the user experience when there is a connection error caused by a network failure.
test-high-latency(555) 555-0108Test the flow which occurs when there is high latency communicating with backend systems.
test-post-auth-delay(555) 555-0109Test the flow when there is a post-auth delay happening. This may occur due to an unanticipated change in the third-party system.
test-failure(555) 555-0110Test a failure that occurs after a successful authentication.

Test where the user encounters an issue with their payroll system configuration or access.

UsernamePhone NumberDescription
test-distribution-not-supported(555) 555-0111Test a user who enters an unsupported deposit amount.
test-routing-number-not-supported(555) 555-0112Test a user whose payroll system rejects the routing number of the target deposit account.
test-product-not-supported(555) 555-0113Test a user whose payroll system does not allow the operation.

Test where there is an error that occurs due to an action of the user.

UsernamePhone NumberDescription
test-bad(555) 555-0114Test an unsuccessful authentication.
test-lockout(555) 555-0115Test a user who has been locked out of their account.
test-account-unusable(555) 555-0116Test a user whose payroll account rejects the target deposit account.
test-enrolled-in-paycard(555) 555-0117Test a user enrolled in a paycard, which prevents payment via direct deposit.
test-expired(555) 555-0118Test a user whose payroll password has expired.
test-transaction-pending(555) 555-0119Test a user who already has a direct deposit change in progress.
test-account-setup-incomplete(555) 555-0120Test a user who has not fully onboarded to their employee payroll system.
test-work-status-terminated(555) 555-0121Test a user who is not an active employee in the payroll system.

No matter the outcome of your test authentication, you will have the opportunity to receive data from us about the end user’s actions and the created task in multiple ways.

These flows operate identically to the way the Atomic system functions in production. Running a test task will generate the same events and webhooks as a task run by an end user.

Transact emits events and passes them to your application. Such events allow applications to react and perform functions as needed. Some events will be passed with a data object with additional information.

When using the Atomic Console Emulator page all events emitted by the Transact instance are output on the page for you to explore.

For full documentation of Transact events, please refer to the Transact Events Reference.

You can configure webhook endpoints via the Atomic Console. Atomic will issue POST requests to the designated endpoint(s). We recommend using Hookbin as a way to inspect the payload of events during development without needing to stand up a server.

To aid building, we surface all webhooks for a Task in Console. Visit the details page of any Task in the Atomic Console and scroll down to the Webhooks Events section to view all of the data associated with that Task.

For full documentation of webhooks, please refer to the Webhooks Reference page.