Add Alloy to your app

Plaid and Alloy have partnered to offer identity data orchestration and credit decisioning to financial services companies looking to address fraud and uphold compliance. Plaid enables consumers to instantly and securely authenticate their identity associated with their bank account, including address, email, phone number, and name. Merchants can leverage Plaid Identity along with Alloy to pull third-party data and verify consumer identity at account opening, lending application review and on an ongoing basis.

This guide covers partnering with Alloy for credit decisioning. To learn about integrating with Alloy for Identity, see Identity Partnerships: Alloy.

You'll first want to familiarize yourself with Plaid Link, a drop-in client-side integration for the Plaid API that handles input validation, error handling, and multi-factor authentication. You will also need to have a verified Alloy account to add a bank funding source. Your customers will use Link to authenticate with their financial institution and select the bank account they wish to connect. From there, you'll receive a Plaid access_token and a Alloy processor_token, which allows you to quickly and securely retrieve the user's financial data via Alloy's API. Utilizing Plaid + Alloy enables a seamless workflow for connecting external financial accounts to Alloy.

You'll need accounts at both Plaid and Alloy in order to use the Plaid + Alloy integration. You'll also need to enable your Plaid account for the Alloy integration.

First, you will need to work with the Alloy team to sign up for an Alloy account if you do not already have one.

Next, verify that your Plaid account is enabled for the integration. If you do not have a Plaid account, create one.

To enable your Plaid account for the integration, go to the Integrations section of the account dashboard. If the integration is off, simply click the 'Enable' button for Alloy to enable the integration.

You'll need to complete your Plaid Application Profile in the Dashboard, which involves filling out basic information about your app, such as your company name and website. This step helps your end-users learn more how your product uses their bank information and is also required for connecting to some banks.

Finally, you'll need to go to the Link customization UI and pick the use cases that you will be using Alloy to power, so that Plaid can request the appropriate authorization and consent from your end users. If you have any questions, contact Alloy.

In order to integrate with Plaid Link, you will first need to create a link_token. A link_token is a short-lived, one-time use token that is used to authenticate your app with Link. To create one, make a /link/token/create request with your client_id, secret, and a few other required parameters from your app server. For a full list of link_token configurations, see /link/token/create.

To see your client_id and secret, visit the Plaid Dashboard.

1const request: LinkTokenCreateRequest = {
2  loading_sample: true
3};
4try {
5  const response = await plaidClient.linkTokenCreate(request);
6  const linkToken = response.data.link_token;
7} catch (error) {
8  // handle error
9}

Once you have a link_token, all it takes is a few lines of client-side JavaScript to launch Link. Then, in the onSuccess callback, you can call a simple server-side handler to exchange the Link public_token for a Plaid access_token.

1<button id="linkButton">Open Link - Institution Select</button>
2<script src="https://cdn.plaid.com/link/v2/stable/link-initialize.js"></script>
3<script>
4  (async function(){
5    var linkHandler = Plaid.create({
6      // Make a request to your server to fetch a new link_token.
7      token: (await $.post('/create_link_token')).link_token,
8      onSuccess: function(public_token, metadata) {
9        // The onSuccess function is called when the user has successfully
10        // authenticated and selected an account to use.
11        //
12        // When called, you will send the public_token and the selected accounts,
13        // metadata.accounts, to your backend app server.
14        sendDataToBackendServer({
15           public_token: public_token,
16           accounts: metadata.accounts
17        });
18      },
19      onExit: function(err, metadata) {
20        // The user exited the Link flow.
21        if (err != null) {
22            // The user encountered a Plaid API error prior to exiting.
23        }
24        // metadata contains information about the institution
25        // that the user selected and the most recent API request IDs.
26        // Storing this information can be helpful for support.
27      },
28    });
29  })();
30
31  // Trigger the authentication view
32  document.getElementById('linkButton').onclick = function() {
33    // Link will automatically detect the institution ID
34    // associated with the public token and present the
35    // credential view to your user.
36    linkHandler.open();
37  };
38</script>

See the Link parameter reference for complete documentation on possible configurations.

Plaid.create accepts one argument, a configuration Object, and returns an Object with three functions, open, exit, and destroy. Calling open will display the "Institution Select" view, calling exit will close Link, and calling destroy will clean up the iframe.

The Link module handles the entire onboarding flow securely and quickly, but does not actually retrieve account data for a user. Instead, the Link module returns a public_token and an accounts array, which is a property on the metadata object, via the onSuccess callback. Exchange this public_token for a Plaid access_token using the /item/public_token/exchange API endpoint.

After creating the access_token(s) you need, you will create an Asset Report by calling /asset_report/create.

1const daysRequested = 90;
2const options = {
3  client_report_id: '123',
4  webhook: 'https://www.example.com',
5  user: {
6    client_user_id: '7f57eb3d2a9j6480121fx361',
7    first_name: 'Jane',
8    middle_name: 'Leah',
9    last_name: 'Doe',
10    ssn: '123-45-6789',
11    phone_number: '(555) 123-4567',
12    email: 'jane.doe@example.com',
13  },
14};
15const request: AssetReportCreateRequest = {
16  access_tokens: [accessToken],
17  days_requested,
18  options,
19};
20// accessTokens is an array of Item access tokens.
21// Note that the assets product must be enabled for all Items.
22// All fields on the options object are optional.
23try {
24  const response = await plaidClient.assetReportCreate(request);
25  const assetReportId = response.data.asset_report_id;
26  const assetReportToken = response.data.asset_report_token;
27} catch (error) {
28  // handle error
29}

After extracting the Asset Report token, call /credit/relay/create to generate a Relay token to share with Alloy. You'll need to contact Alloy to obtain the secondary_client_id string belonging to Alloy.

1const request: CreditRelayCreateRequest = {
2  report_tokens: [createResponse.data.asset_report_token],
3  secondary_client_id: secondaryClientId
4};
5try {
6  const response = await plaidClient.creditRelayCreate(request);
7  const relayToken = response.data.relay_token;
8} catch (error) {
9  // handle error
10}

You can create Relay tokens in the following API environments:

• Sandbox (https://sandbox.plaid.com): test simulated users
• Production (https://production.plaid.com): production environment for when you're ready to go live and have valid Alloy Production credentials

To test the integration in Sandbox mode, simply use the Plaid Sandbox credentials along when launching Link with a link_token created in the Sandbox environment.

Your account is immediately enabled for our Sandbox environment (https://sandbox.plaid.com). To move to Production, please request access from the Dashboard. You will need Alloy Production credentials prior to initiating live traffic in the Alloy API with Plaid.

Find answers to many common integration questions and concerns—such as pricing, sandbox and test mode usage, and more, in our docs.

If you're still stuck, open a support ticket with information describing the issue that you're experiencing and we'll get back to you as soon as we can.