Comprehensive reference for integrating with Plaid API endpoints
Endpoint and schema overview
Plaid's API endpoints and schemas are listed below. If you are looking for reference information about client-side integrations on web or mobile, see the Link docs.
Retrieving and deleting Items
Fetching data about supported institutions
Retrieving account information and seeing all possible account types and subtypes
Obtaining and managing tokens from Link
Endpoints for use with or by Plaid partners
Endpoints for use by Plaid reseller partners
Sandbox-specific endpoints for testing
Optionally verify webhook signatures
Retrieve up to 24 months of transaction data and stay up-to-date with webhooks
Retrieve and verify bank account information
Retrieve real-time balance information
Verify users' identities and reduce fraud with the Identity product
Access users' financial information for loan underwriting
View holdings and transactions from investment accounts
Access data for student loans, mortgages, and credit cards
Initiate payments within your app
Manage the entire lifecycle of a payment
Transfer funds between bank accounts
Verify a user's income via payroll data.
Verify a user's identity.
Screen a user or entity.
Assess the return risk of an ACH debit transaction.
Send transaction data and retrieve enrichments.
Send transaction data and retrieve enrichments.
To gain access to the Plaid API, create an account on the Plaid Dashboard. Once you’ve completed the signup process and acknowledged our terms, we’ll provide a live
secret via the Dashboard.
API protocols and headers
The Plaid API uses POST requests to communicate and HTTP response codes to indicate status and errors. All responses come in standard JSON. The Plaid API is served over HTTPS TLS v1.2+ to ensure data privacy; HTTP and HTTPS with TLS versions below 1.2 are not supported. Clients must use an up to date root certificate bundle as the only TLS verification path; certificate pinning should never be used. All requests must include a
application/json and the body must be valid JSON.
Almost all Plaid API endpoints require a
secret. These may be sent either in the request body or in the headers
Every Plaid API response includes a
request_id, either in the body or (in the case of endpoints that return binary data, such as
/asset_report/pdf/get) in the response headers. For faster support, include the
request_id when contacting support regarding a specific API call.
1https://sandbox.plaid.com (Sandbox)2https://development.plaid.com (Development)3https://production.plaid.com (Production)
Plaid has three environments: Sandbox, Development, and Production. Items, once created, cannot be moved to another environment. The Sandbox environment supports only test Items. The Development environment supports up to 100 live Items using real data. All testing should be done in the Sandbox and Development environments. All activity in the Production environment will be billed. When you’re getting ready to launch into Production, request Production API access via the dashboard.
API status and incidents
API status is available at status.plaid.com.
API status and incidents are also available programmatically via the following endpoints:
- https://status.plaid.com/api/v2/status.json for current status
- https://status.plaid.com/api/v2/incidents.json for current and historical incidents
For a complete list of all API status information available programmatically, as well as more information on using these endpoints, see the Atlassian Status API documentation.
For information on institution-specific status, see Troubleshooting institution status.
Storing API data
Any token returned by the API is sensitive and should be stored securely. Except for the
link_token, all Plaid tokens are long-lasting and should never be exposed on the client side. Consumer data obtained from the Plaid API is sensitive information and should be managed accordingly. For guidance and best practices on how to store and handle sensitive data, see the Open Finance Security Data Standard.
Identifiers used by the Plaid API that do not contain consumer data and are not keys or tokens are designed for usage in less sensitive contexts. The most common of these identifiers are the
request_id. These identifiers are commonly used for logging and debugging purposes.
API field formats
Many string fields returned by Plaid APIs are reported exactly as returned by the financial institution. For this reason, Plaid does not have maximum length limits or standardized formats for strings returned by the API. In practice, field lengths of 280 characters will generally be adequate for storing returned strings, although Plaid does not guarantee this as a maximum string length.
Numbers and money
Plaid returns all currency values as decimal values in dollars (or the equivalent for the currency being used), rather than as integers. In some cases, it may be possible for a money value returned by the Plaid API to have more than two digits of precision -- this is common, for example, when reporting crypto balances.
OpenAPI definition file
OpenAPI is a standard format for describing RESTful APIs that allows those APIs to be integrated with tools for a wide variety of applications, including testing, client library generation, IDE integration, and more. The Plaid API is specified in our Plaid OpenAPI GitHub repo.
The Postman collection is a convenient tool for exploring Plaid API endpoints without writing code. The Postman collection provides pre-formatted requests for almost all of Plaid's API endpoints. All you have to do is fill in your API keys and any arguments. To get started, check out the Plaid Postman Collection Quickstart on GitHub.
See the client libraries page for more information on Plaid's client libraries.