Partner endpoints and webhooks

Create and manage end customers

Reseller Partner Endpoints and Webhooks

These endpoints and webhooks are used by Plaid reseller partners to create and manage their end customers.

Endpoints
/partner/customer/createCreate an end customer
/partner/customer/getGet the status of an end customer
/partner/customer/oauth_institutions/getGet the OAuth-institution registration status for an end customer
/partner/customer/enableEnable an end customer in Production
/partner/customer/removeRemove an end customer
Webhooks
PARTNER_END_CUSTOMER_OAUTH_STATUS_UPDATEDCustomer OAuth status updated

Endpoints

/partner/customer/create

Creates a new end customer for a Plaid reseller.

The /partner/customer/create endpoint is used by reseller partners to create end customers.

partner/customer/create

Request fields and example

client_id
string
Your Plaid API client_id. The client_id is required and may be provided either in the PLAID-CLIENT-ID header or as part of a request body.
secret
string
Your Plaid API secret. The secret is required and may be provided either in the PLAID-SECRET header or as part of a request body.
company_name
requiredstring
The company name of the end customer being created. This will be used to display the end customer in the Plaid Dashboard. It will not be shown to end users.
is_diligence_attested
requiredboolean
Denotes whether or not the partner has completed attestation of diligence for the end customer to be created.
products
required[string]
The products to be enabled for the end customer.

Possible values: assets, auth, balance, identity, income_verification, investments, liabilities, transactions, employment
create_link_customization
boolean
If true, the end customer's default Link customization will be set to match the partner's. You can always change the end customer's Link customization in the Plaid Dashboard. See the Link Customization docs for more information.
logo
string
Base64-encoded representation of the end customer's logo. Must be a PNG of size 1024x1024 under 4MB. The logo will be shared with financial institutions and shown to the end user during Link flows. A logo is required if create_link_customization is true. If create_link_customization is false and the logo is omitted, a stock logo will be used.
legal_entity_name
requiredstring
The end customer's legal name. This will be shared with financial institutions as part of the OAuth registration process. It will not be shown to end users.
website
requiredstring
The end customer's website.
application_name
requiredstring
The name of the end customer's application. This will be shown to end users when they go through the Plaid Link flow.
technical_contact
object
The technical contact for the end customer. Defaults to partner's technical contact if omitted.
given_name
string
family_name
string
email
string
billing_contact
object
The billing contact for the end customer. Defaults to partner's billing contact if omitted.
given_name
string
family_name
string
email
string
customer_support_info
object
This information is public. Users of your app will see this information when managing connections between your app and their bank accounts in Plaid Portal. Defaults to partner's customer support info if omitted.
address
requiredobject
The end customer's address.
city
string
street
string
region
string
postal_code
string
country_code
string
ISO-3166-1 alpha-2 country code standard.
is_bank_addendum_completed
requiredboolean
Denotes whether the partner has forwarded the Plaid bank addendum to the end customer.
assets_under_management
object
Assets under management for the given end customer. Required for end customers with monthly service commitments.
amount
requirednumber
iso_currency_code
requiredstring
redirect_uris
[string]
A list of URIs indicating the destination(s) where a user can be forwarded after completing the Link flow; used to support OAuth authentication flows when launching Link in the browser or via a webview. URIs should not contain any query parameters. When used in Production or Development, URIs must use https. To specify any subdomain, use * as a wildcard character, e.g. https://*.example.com/oauth.html. To modify redirect URIs for an end customer after creating them, go to the end customer's API page in the Dashboard.
1const request: PartnerCustomerCreateRequest = {
2      address: {
3          city: city,
4          country_code: countryCode,
5          postal_code: postalCode,
6          region: region,
7          street: street
8      },
9      application_name: applicationName,
10      billing_contact: {
11          email: billingEmail,
12          given_name: billingGivenName,
13          family_name: billingFamilyName
14      },
15      customer_support_info: {
16          email: supportEmail,
17          phone_number: supportPhoneNumber,
18          contact_url: supportContactUrl,
19          link_update_url: linkUpdateUrl
20      },
21      company_name: companyName,
22      is_bank_addendum_completed: true,
23      is_diligence_attested: true,
24      legal_entity_name: legalEntityName,
25      products: products,
26      technical_contact: {
27          email: technicalEmail,
28          given_name: technicalGivenName,
29          family_name: technicalFamilyName
30      },
31      website: website
32};
33try {
34  const response = await plaidClient.partnerCustomerCreate(request);
35  const endCustomer = response.data.end_customer;
36} catch (error) {
37  // handle error
38}
partner/customer/create

Response fields and example

end_customer
object
The details for an end customer.
client_id
string
company_name
string
status
string
The status of the given end customer.
UNDER_REVIEW: The end customer has been created and enabled in the non-Production environments. The end customer must be manually reviewed by the Plaid team before it can be enabled in production, at which point its status will automatically transition to PENDING_ENABLEMENT or DENIED.
PENDING_ENABLEMENT: The end customer is ready to be enabled in the Production environment. Call the /partner/customer/enable endpoint to enable the end customer in Production.
ACTIVE: The end customer has been enabled in all environments.
DENIED: The end customer has been created and enabled in the non-Production environments, but it did not pass review by the Plaid team and therefore cannot be enabled in the Production environment. Talk to your Account Manager for more information.

Possible values: UNDER_REVIEW, PENDING_ENABLEMENT, ACTIVE, DENIED
secrets
object
The secrets for the newly created end customer in non-Production environments.
sandbox
string
The end customer's secret key for the Sandbox environment.
development
string
The end customer's secret key for the Development environment.
request_id
string
A unique identifier for the request, which can be used for troubleshooting. This identifier, like all Plaid identifiers, is case sensitive.
1{
2  "end_customer": {
3    "client_id": "7f57eb3d2a9j6480121fx361",
4    "company_name": "Plaid",
5    "status": "ACTIVE",
6    "secrets": {
7      "sandbox": "b60b5201d006ca5a7081d27c824d77",
8      "development": "95e56a510204f293d3bebd4b9cf5c7"
9    }
10  },
11  "request_id": "4zlKapIkTm8p5KM"
12}

/partner/customer/get

Returns a Plaid reseller's end customer.

The /partner/customer/get endpoint is used by reseller partners to retrieve data about a single end customer.

partner/customer/get

Request fields and example

client_id
string
Your Plaid API client_id. The client_id is required and may be provided either in the PLAID-CLIENT-ID header or as part of a request body.
secret
string
Your Plaid API secret. The secret is required and may be provided either in the PLAID-SECRET header or as part of a request body.
end_customer_client_id
requiredstring
1const request: PartnerCustomerGetRequest = {
2  end_customer_client_id: clientId,
3};
4try {
5  const response = await plaidClient.partnerCustomerGet(request);
6  const endCustomer = response.data.end_customer;
7} catch (error) {
8  // handle error
9}
partner/customer/get

Response fields and example

end_customer
object
The details for an end customer.
client_id
string
company_name
string
status
string
The status of the given end customer.
UNDER_REVIEW: The end customer has been created and enabled in the non-Production environments. The end customer must be manually reviewed by the Plaid team before it can be enabled in production, at which point its status will automatically transition to PENDING_ENABLEMENT or DENIED.
PENDING_ENABLEMENT: The end customer is ready to be enabled in the Production environment. Call the /partner/customer/enable endpoint to enable the end customer in Production.
ACTIVE: The end customer has been enabled in all environments.
DENIED: The end customer has been created and enabled in the non-Production environments, but it did not pass review by the Plaid team and therefore cannot be enabled in the Production environment. Talk to your Account Manager for more information.

Possible values: UNDER_REVIEW, PENDING_ENABLEMENT, ACTIVE, DENIED
request_id
string
A unique identifier for the request, which can be used for troubleshooting. This identifier, like all Plaid identifiers, is case sensitive.
1{
2  "end_customer": {
3    "client_id": "7f57eb3d2a9j6480121fx361",
4    "company_name": "Plaid",
5    "status": "ACTIVE"
6  },
7  "request_id": "4zlKapIkTm8p5KM"
8}

/partner/customer/oauth_institutions/get

Returns OAuth-institution registration information for a given end customer.

The /partner/customer/oauth_institutions/get endpoint is used by reseller partners to retrieve OAuth-institution registration information about a single end customer. To learn how to set up a webhook to listen to status update events, visit the reseller documentation.

partner/customer/oauth_institutions/get

Request fields and example

client_id
string
Your Plaid API client_id. The client_id is required and may be provided either in the PLAID-CLIENT-ID header or as part of a request body.
secret
string
Your Plaid API secret. The secret is required and may be provided either in the PLAID-SECRET header or as part of a request body.
end_customer_client_id
requiredstring
1const request: PartnerCustomerOAuthInstitutionsGetRequest = {
2  end_customer_client_id: clientId,
3};
4try {
5  const response = await plaidClient.partnerCustomerOAuthInstitutionsGet(request);
6} catch (error) {
7  // handle error
8}
partner/customer/oauth_institutions/get

Response fields and example

flowdown_status
string
The status of the addendum to the Plaid MSA ("flowdown") for the end customer.

Possible values: NOT_STARTED, IN_REVIEW, NEGOTIATION, COMPLETE
questionnaire_status
string
The status of the end customer's security questionnaire.

Possible values: NOT_STARTED, RECEIVED, COMPLETE
institutions
[object]
The OAuth institutions with which the end customer's application is being registered.
name
string
institution_id
string
environments
object
Registration statuses by environment.
development
string
The registration status for the end customer's application.

Possible values: NOT_STARTED, PROCESSING, APPROVED, ENABLED, ATTENTION_REQUIRED
production
string
The registration status for the end customer's application.

Possible values: NOT_STARTED, PROCESSING, APPROVED, ENABLED, ATTENTION_REQUIRED
production_enablement_date
nullablestring
The date on which the end customer's application was approved by the institution, or an empty string if their application has not yet been approved.
classic_disablement_date
nullablestring
The date on which non-OAuth Item adds will no longer be supported for this institution, or an empty string if no such date has been set by the institution.
request_id
string
A unique identifier for the request, which can be used for troubleshooting. This identifier, like all Plaid identifiers, is case sensitive.
1{
2  "flowdown_status": "COMPLETE",
3  "questionnaire_status": "COMPLETE",
4  "institutions": [
5    {
6      "name": "Chase",
7      "institution_id": "ins_56",
8      "environments": {
9        "production": "PROCESSING",
10        "development": "PROCESSING"
11      },
12      "production_enablement_date": null,
13      "classic_disablement_date": "2022-06-30"
14    },
15    {
16      "name": "Capital One",
17      "institution_id": "ins_128026",
18      "environments": {
19        "production": "ENABLED",
20        "development": "ENABLED"
21      },
22      "production_enablement_date": "2022-12-19",
23      "classic_disablement_date": null
24    }
25  ],
26  "request_id": "4zlKapIkTm8p5KM"
27}

/partner/customer/enable

Enables a Plaid reseller's end customer in the Production environment.

The /partner/customer/enable endpoint is used by reseller partners to enable an end customer in the Production environment.

partner/customer/enable

Request fields and example

client_id
string
Your Plaid API client_id. The client_id is required and may be provided either in the PLAID-CLIENT-ID header or as part of a request body.
secret
string
Your Plaid API secret. The secret is required and may be provided either in the PLAID-SECRET header or as part of a request body.
end_customer_client_id
requiredstring
1const request: PartnerCustomerEnableRequest = {
2  end_customer_client_id: clientId,
3};
4try {
5  const response = await plaidClient.partnerCustomerEnable(request);
6  const productionSecret = response.data.production_secret;
7} catch (error) {
8  // handle error
9}
partner/customer/enable

Response fields and example

production_secret
string
The end customer's secret key for the Production environment.
request_id
string
A unique identifier for the request, which can be used for troubleshooting. This identifier, like all Plaid identifiers, is case sensitive.
1{
2  "production_secret": "79g03eoofwl8240v776r2h667442119",
3  "request_id": "4zlKapIkTm8p5KM"
4}

/partner/customer/remove

Removes a Plaid reseller's end customer.

The /partner/customer/remove endpoint is used by reseller partners to remove an end customer. Removing an end customer will remove it from view in the Plaid Dashboard and deactivate its API keys. This endpoint can only be used to remove an end customer that has not yet been enabled in Production.

partner/customer/remove

Request fields and example

client_id
string
Your Plaid API client_id. The client_id is required and may be provided either in the PLAID-CLIENT-ID header or as part of a request body.
secret
string
Your Plaid API secret. The secret is required and may be provided either in the PLAID-SECRET header or as part of a request body.
end_customer_client_id
requiredstring
1const request: PartnerCustomerRemoveRequest = {
2  end_customer_client_id: clientId,
3};
4try {
5  const response = await plaidClient.partnerCustomerRemove(request);
6} catch (error) {
7  // handle error
8}
partner/customer/remove

Response fields and example

request_id
string
A unique identifier for the request, which can be used for troubleshooting. This identifier, like all Plaid identifiers, is case sensitive.
1{
2  "request_id": "4zlKapIkTm8p5KM"
3}

Webhooks

PARTNER_END_CUSTOMER_OAUTH_STATUS_UPDATED

The webhook of type PARTNER and code END_CUSTOMER_OAUTH_STATUS_UPDATED will be fired when a partner's end customer has an update on their OAuth registration status with an institution.

webhook_type
string
PARTNER
webhook_code
string
END_CUSTOMER_OAUTH_STATUS_UPDATED
end_customer_client_id
string
The client ID of the end customer
environment
string
The Plaid environment the webhook was sent from

Possible values: development, sandbox, production
institution_id
string
The institution ID
institution_name
string
The institution name
status
string
The OAuth status of the update

Possible values: not-started, processing, approved, enabled, attention-required
1{
2  "webhook_type": "PARTNER",
3  "webhook_code": "END_CUSTOMER_OAUTH_STATUS_UPDATED",
4  "end_customer_client_id": "634758733ebb4f00134b85ea",
5  "environment": "production",
6  "institution_id": "ins_127989",
7  "institution_name": "Bank of America",
8  "status": "attention-required"
9}