Verify - Data Scoping
We recommend customizing the data fields you’ll be needing to return via the Features section of the Atomic Console. Given your use case, you can determine which data fields will be required to achieve your end result.
Atomic’s Linked Accounts feature allows you to periodically update VOIE data on-demand. In many cases, you’ll be able to perform these updates entirely from your backend, without requiring user interaction. Whether or not the user needs to be present during the process will be determined by the intersection of the data you’ve opted to retrieve, and the particular payroll system backing the connection. You may use our API to determine this factor.
If the user is required to be present, you’ll be able to leverage the
linkedAccount parameter of our Transact SDK to initiate the data update with the user. Leveraging this feature will significantly reduce the friction of the update by not requiring the user to re-enter their payroll credentials. There is a chance that they may need to step through two-factor authentication during the update process.
Principle of least privilege
In order to protect your users and optimize your experience, a best practice is to only retrieve the data that is needed.
In addition to added protection, there are cases where your field selection can impact the user experience. An example of this is retrieving not only the W2 wages as structured data, but also opting into retrieving the associated PDF form. By enabling the retrieval of the form, the user is may be prompted to go through a 2FA experience during their authentication process in order to secure the transaction. Although this is not likely to impact your conversion rate, it could present friction in the case where you’re planning on implementing our Linked Accounts feature to periodically update the user’s income data without needing their presence in your application.
If your implementation necessitates the downloading of forms, such as paystubs or W-2s, you’ll receive a URL to the file as part of your webhook event. This URL is valid for one hour from the time of receipt. We recommend transferring the file to your system as soon as the URL is transmitted to your system.
In the event that you do not wish to store the file, or the link has expired, you may also use the
_id field in conjunction with our endpoint to generate a new URL to retrieve the file at a later time.