API Reference
Comprehensive reference for integrating with Plaid API endpoints
Endpoint and schema overview
Plaid's API endpoints and schemas are listed below. If you are looking for reference information about client-side integrations on web or mobile, see the Link docs.
Retrieving and deleting Items | |
Fetching data about supported institutions | |
Retrieving account information and seeing all possible account types and subtypes | |
Obtaining and managing tokens from Link | |
Endpoints for use with or by Plaid partners | |
Endpoints for use by Plaid reseller partners | |
Sandbox-specific endpoints for testing | |
Optionally verify webhook signatures | |
Retrieve up to 24 months of transaction data and stay up-to-date with webhooks | |
Retrieve and verify bank account information | |
Retrieve real-time balance information | |
Verify users' identities and reduce fraud with the Identity product | |
Access users' financial information for loan underwriting | |
View holdings and transactions from investment accounts | |
Access data for student loans, mortgages, and credit cards | |
Initiate payments within your app | |
Manage the entire lifecycle of a payment | |
Transfer funds between bank accounts | |
Verify a user's income via payroll data. | |
Verify a user's identity. | |
Screen a user or entity. | |
Assess the return risk of an ACH debit transaction. | |
Send transaction data and retrieve enrichments. | |
Send transaction data and retrieve enrichments. | |
API access
To gain access to the Plaid API, create an account on the Plaid Dashboard. Once you’ve completed the signup process and acknowledged our terms, we’ll provide a live client_id
and secret
via the Dashboard.
API protocols and headers
The Plaid API uses POST requests to communicate and HTTP response codes to indicate status and errors. All responses come in standard JSON. The Plaid API is served over HTTPS TLS v1.2+ to ensure data privacy; HTTP and HTTPS with TLS versions below 1.2 are not supported. Clients must use an up to date root certificate bundle as the only TLS verification path; certificate pinning should never be used. All requests must include a Content-Type
of application/json
and the body must be valid JSON.
Almost all Plaid API endpoints require a client_id
and secret
. These may be sent either in the request body or in the headers PLAID-CLIENT-ID
and PLAID-SECRET
.
Every Plaid API response includes a request_id
, either in the body or (in the case of endpoints that return binary data, such as /asset_report/pdf/get
) in the response headers. For faster support, include the request_id
when contacting support regarding a specific API call.
API host
1https://sandbox.plaid.com (Sandbox)2https://development.plaid.com (Development)3https://production.plaid.com (Production)
Plaid has three environments: Sandbox, Development, and Production. Items, once created, cannot be moved to another environment. The Sandbox environment supports only test Items. The Development environment supports up to 100 live Items using real data. All testing should be done in the Sandbox and Development environments. All activity in the Production environment will be billed. When you’re getting ready to launch into Production, request Production API access via the dashboard.
API status and incidents
API status is available at status.plaid.com.
API status and incidents are also available programmatically via the following endpoints:
- https://status.plaid.com/api/v2/status.json for current status
- https://status.plaid.com/api/v2/incidents.json for current and historical incidents
For a complete list of all API status information available programmatically, as well as more information on using these endpoints, see the Atlassian Status API documentation.
For information on institution-specific status, see Troubleshooting institution status.
Storing API data
Any token returned by the API is sensitive and should be stored securely. Except for the public_token
and link_token
, all Plaid tokens are long-lasting and should never be exposed on the client side. Consumer data obtained from the Plaid API is sensitive information and should be managed accordingly. For guidance and best practices on how to store and handle sensitive data, see the Open Finance Security Data Standard.
Identifiers used by the Plaid API that do not contain consumer data and are not keys or tokens are designed for usage in less sensitive contexts. The most common of these identifiers are the account_id
, item_id
, link_session_id
, and request_id
. These identifiers are commonly used for logging and debugging purposes.
API field formats
Strings
Many string fields returned by Plaid APIs are reported exactly as returned by the financial institution. For this reason, Plaid does not have maximum length limits or standardized formats for strings returned by the API. In practice, field lengths of 280 characters will generally be adequate for storing returned strings, although Plaid does not guarantee this as a maximum string length.
Numbers and money
Plaid returns all currency values as decimal values in dollars (or the equivalent for the currency being used), rather than as integers. In some cases, it may be possible for a money value returned by the Plaid API to have more than two digits of precision -- this is common, for example, when reporting crypto balances.
OpenAPI definition file
OpenAPI is a standard format for describing RESTful APIs that allows those APIs to be integrated with tools for a wide variety of applications, including testing, client library generation, IDE integration, and more. The Plaid API is specified in our Plaid OpenAPI GitHub repo.
Postman collection
The Postman collection is a convenient tool for exploring Plaid API endpoints without writing code. The Postman collection provides pre-formatted requests for almost all of Plaid's API endpoints. All you have to do is fill in your API keys and any arguments. To get started, check out the Plaid Postman Collection Quickstart on GitHub.
Client libraries
See the client libraries page for more information on Plaid's client libraries.