Automated Micro-deposits  ========================= #### Learn how to authenticate your users in a secure and frictionless micro-deposit flow  #### The Automated Micro-deposit flow  The Automated Micro-deposits authentication flow is supported for an additional 1,900 financial institutions in the US where Instant Auth is not available. These institutions together account for approximately <1% of US depository accounts. Plaid will make a single micro-deposit and then automatically verify it within one to two business days. The user launches Link... (An image of "The user launches Link...") (An image of "...and selects the institution to link.") (An image of "They find their institution...") (An image of "...and log in.") (An image of "Next, they select the account to link. (Single-account select is typically recommended for Auth.)") (An image of "They verify their bank's routing and account numbers...") (An image of "...and their name.") (An image of "Plaid will send a micro-deposit. Once it lands, Plaid will automatically detect it and verify the account.") You can try out the Automated Micro-deposits flow in an [Interactive Demo](https://plaid.coastdemo.com/share/67d0ce0df465686c02cc4fd2?zoom=100&step=6) . See more details in our [testing guide](https://plaid.com/docs/auth/coverage/testing/index.html.md#testing-automated-micro-deposits) . A user connects their financial institution using the following connection flow: 1. Starting on a page in your app, the user clicks an action that opens Plaid Link, with the correct Auth [configuration](https://plaid.com/docs/auth/coverage/automated/index.html.md#configure--create-a-link_token) . 2. Inside of Plaid Link, the user selects their institution, authenticates with their credentials, provides their account and routing number, and enters in their legal name. 3. Upon [successful authentication](https://plaid.com/docs/auth/coverage/automated/index.html.md#exchange-the-public-token) , Link closes with a `public_token` and a `metadata` account status of `pending_automatic_verification`. 4. Behind the scenes, Plaid sends a single micro-deposit to the user's account and will automatically verify the deposited amounts within one to two business days. 5. When verification succeeds or fails, Plaid sends an [Auth webhook](https://plaid.com/docs/auth/coverage/automated/index.html.md#handle-auth-webhooks) , which you can use to notify the user that their account is ready to move money. Once this step is done, your user's Auth data is verified and [ready to fetch](https://plaid.com/docs/auth/coverage/automated/index.html.md#fetch-auth-data) . #### Configure & Create a link\_token  Create a `link_token` with the following parameters: * `products` array containing `auth` or `transfer` -- unlike with Same-Day Micro-deposits, you can also include other products besides `auth` or `transfer` when creating a Link token for use with Automated Micro-deposits, but `auth` or `transfer` must be present. * `country_codes` set to `['US']` – Micro-deposit verification is currently only available in the United States. * A `webhook` URL to receive a POST HTTPS request sent from Plaid's servers to your application server, after Automated Micro-deposits succeeds or fails verification of a user's micro-deposits. * `auth` object should specify `"automated_microdeposits_enabled": true` ```bash curl -X POST https://sandbox.plaid.com/link/token/create \ -H 'Content-Type: application/json' \ -d '{ "client_id": "${PLAID_CLIENT_ID}", "secret": "${PLAID_SECRET}", "user": {"client_user_id": "${UNIQUE_USER_ID}"}, "client_name": "Plaid App", "products": ["auth"], "country_codes": ["US"], "language": "en", "webhook": "https://sample-web-hook.com", "auth": { "automated_microdeposits_enabled": true } }' ``` ```ruby link_token_create_request = Plaid::LinkTokenCreateRequest.new( { user: { client_user_id: "user-id", }, client_name: 'Plaid Test App', products: ['auth'], country_codes: ['US'], language: "en", webhook: 'https://webhook.sample.com', link_customization_name: "default", auth: { automated_microdeposits_enabled: true, }, } ) response = client.link_token_create( link_token_create_request ) link_token = response.link_token ``` ```node const request: LinkTokenCreateRequest = { user: { client_user_id: new Date().getTime().toString() }, client_name: 'Plaid App', products: [Products.Auth], country_codes: [CountryCode.Us], language: 'en', auth: { automated_microdeposits_enabled: true, }, }; try { const response = await plaidClient.linkTokenCreate(request); const linkToken = response.data.link_token; } catch (error) { // handle error } ``` ```java LinkTokenCreateRequestAuth auth = new LinkTokenCreateRequestAuth() .automatedMicrodepositsEnabled(true); LinkTokenCreateRequest request = new LinkTokenCreateRequest() .user(user) .clientName("very nice client name") .products(Arrays.asList(Products.AUTH)) .countryCodes(Arrays.asList(CountryCode.US)) .language("en") .webhook("https://example.com/webhook") .linkCustomizationName("default") .accountFilters(accountFilters) .auth(auth); ``` ```python request = LinkTokenCreateRequest( products=[Products('auth')], client_name="Plaid Test App", country_codes=[CountryCode('US')], language='en', webhook='https://sample-webhook-uri.com', link_customization_name='default', user=LinkTokenCreateRequestUser( client_user_id='user-id', ), auth=LinkTokenCreateRequestAuth( automated_microdeposits_enabled=True, ) ) response = client.link_token_create(request) ``` ```go user := plaid.LinkTokenCreateRequestUser{ ClientUserId: "user-id", } request := plaid.NewLinkTokenCreateRequest( "Plaid Test", "en", []plaid.CountryCode{plaid.COUNTRYCODE_US}, ) request.SetUser(user) request.SetProducts([]plaid.Products{plaid.PRODUCTS_AUTH}) request.SetLinkCustomizationName("default") request.SetWebhook("https://webhook-uri.com") var automatedMicrodepositsEnabled bool = true request.SetAuth(plaid.LinkTokenCreateRequestAuth{ AutomatedMicrodepositsEnabled: &automatedMicrodepositsEnabled, }) resp, _, err := client.PlaidApi.LinkTokenCreate(ctx).LinkTokenCreateRequest(*request).Execute() if err != nil { panic(err) } linkToken := resp.GetLinkToken() ``` #### Initialize Link with a link\_token  After creating a `link_token` for the `auth` product, use it to initialize Plaid Link. When the user inputs their username and password, and account and routing numbers for the financial institution, the `onSuccess()` callback function will return a `public_token`, with `verification_status` equal to `'pending_automatic_verification'`. App.js ```javascript const linkHandler = Plaid.create({ // Fetch a link_token configured for 'auth' from your app server token: (await $.post('/create_link_token')).link_token, onSuccess: (public_token, metadata) => { // Send the public_token and accounts to your app server $.post('/exchange_public_token', { publicToken: public_token, accounts: metadata.accounts, }); metadata = { ..., link_session_id: String, institution: { name: 'Bank of the West', institution_id: 'ins_100017' }, accounts: [{ id: 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D', mask: '1234', name: null, type: 'depository', subtype: 'checking', verification_status: 'pending_automatic_verification' }] } }, // ... }); // Open Link on user-action linkHandler.open(); ``` ##### Display a "pending" status in your app  Because Automated verification usually takes one to two days to complete, we recommend displaying a UI in your app that communicates to a user that verification will occur automatically and is currently pending. You can use the `verification_status` key returned in the `onSuccess` `metadata.accounts` object once Plaid Link closes successfully. Metadata verification\_status ```javascript verification_status: 'pending_automatic_verification'; ``` You can also [fetch the verification\_status](https://plaid.com/docs/auth/coverage/automated/index.html.md#check-the-account-verification-status-optional) for an Item's account via the Plaid API to obtain the latest account status. #### Exchange the public token  In your own backend server, call the [/item/public\_token/exchange](https://plaid.com/docs/api/items/index.html.md#itempublic_tokenexchange) endpoint with the Link `public_token` received in the `onSuccess` callback to obtain an `access_token`. Persist the returned `access_token` and `item_id` in your database in relation to the user. Note that micro-deposits will only be delivered to the ACH network in the Production environment. To test your integration outside of Production, see [Testing automated micro-deposits in Sandbox](https://plaid.com/docs/auth/coverage/testing/index.html.md#testing-automated-micro-deposits) . ```bash curl -X POST https://sandbox.plaid.com/item/public_token/exchange \ -H 'Content-Type: application/json' \ -d '{ "client_id": "${PLAID_CLIENT_ID}", "secret": "${PLAID_SECRET}", "public_token": "public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d" }' ``` ```node // publicToken and accountID are sent from your app to your backend-server const accountID = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D'; const publicToken = 'public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d'; // Obtain an access_token from the Link public_token try { const response = await client.itemPublicTokenExchange({ public_token: publicToken, }); const accessToken = response.data.access_token; } catch (err) { // handle error } ``` ```python # publicToken and accountID are sent from your app to your backend-server accountID = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D' publicToken = 'public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d' # Obtain an access_token from the Link public_token token_request = ItemPublicTokenExchangeRequest( public_token=publicToken) token_response = client.item_public_token_exchange(token_request) accessToken = token_response['access_token'] ``` ```ruby # publicToken and accountID are sent from your app to your backend-server accountID = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D' publicToken = 'public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d' # Obtain an access_token from the Link public_token item_public_token_exchange_request = Plaid::ItemPublicTokenExchangeRequest.new( { public_token: publicToken } ) token_response = client.item_public_token_exchange( item_public_token_exchange_request ) access_token = token_response.access_token ``` ```java // publicToken and accountID are sent from your app to your backend-servers String accountID = "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D"; String publicToken = "public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d"; // Obtain an access_token from the Link public_token ItemPublicTokenExchangeRequest tokenRequest = new ItemPublicTokenExchangeRequest() .publicToken(publicToken); Response tokenResponse = plaidClient .itemPublicTokenExchange(tokenRequest) .execute(); String accessToken = tokenResponse.body().getAccessToken(); ``` ```go // publicToken and accountID are sent from your app to your backend-server accountID := "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D" publicToken := "public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d" // Obtain an access_token from the Link public_token exchangePublicTokenResp, _, err := client.PlaidApi.ItemPublicTokenExchange(ctx).ItemPublicTokenExchangeRequest( *plaid.NewItemPublicTokenExchangeRequest(publicToken), ).Execute() accessToken := exchangePublicTokenResp.GetAccessToken() ``` Exchange token response ```json { "access_token": "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755", "item_id": "M5eVJqLnv3tbzdngLDp9FL5OlDNxlNhlE55op", "request_id": "m8MDnv9okwxFNBV" } ``` #### Handle Auth webhooks  Before you can call [/auth/get](https://plaid.com/docs/api/products/auth/index.html.md#authget) to fetch Auth data for a user's `access_token`, a micro-deposit first needs to post successfully to the user's bank account. Because Plaid uses Same Day ACH to send a single micro-deposit amount, this process usually takes one to two days. Once the deposit has arrived in the user's account, Plaid will automatically verify the deposit transaction and send an [AUTOMATICALLY\_VERIFIED](https://plaid.com/docs/api/products/auth/index.html.md#automatically_verified) webhook to confirm the account and routing numbers have been successfully verified. Attempting to call [/auth/get](https://plaid.com/docs/api/products/auth/index.html.md#authget) on an unverified `access_token` will result in a [PRODUCT\_NOT\_READY](https://plaid.com/docs/errors/item/index.html.md#product_not_ready) error. Auth AUTOMATICALLY\_VERIFIED webhook ```json > POST https://your_app_url.com/webhook { "webhook_type": "AUTH", "webhook_code": "AUTOMATICALLY_VERIFIED", "item_id": "zeWoWyv84xfkGg1w4ox5iQy5k6j75xu8QXMEm", "account_id": "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D" } ``` Occasionally automatic verification may fail, likely due to erroneous user input, such as an incorrect account and routing number pair. If the Item is unable to be verified within seven days, Plaid will send a [VERIFICATION\_EXPIRED](https://plaid.com/docs/api/products/auth/index.html.md#verification_expired) webhook. When verification fails, the Item is permanently locked; we recommend prompting your user to retry connecting their institution via Link. Auth VERIFICATION\_EXPIRED webhook ```json > POST https://your_app_url.com/webhook { "webhook_type": "AUTH", "webhook_code": "VERIFICATION_EXPIRED", "item_id": "zeWoWyv84xfkGg1w4ox5iQy5k6j75xu8QXMEm", "account_id": "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D" } ``` If Plaid encounters an `ITEM_LOGIN_REQUIRED` error during attempted validation, this may mean that Plaid lost access to the user's account after sending this micro-deposit but before being able to verify it. If this occurs, send the user through the [update mode](https://plaid.com/docs/link/update-mode/index.html.md) flow to re-verify their account. The example code below shows how to handle `AUTOMATICALLY_VERIFIED` and `VERIFICATION_EXPIRED` webhooks and call [/auth/get](https://plaid.com/docs/api/products/auth/index.html.md#authget) to retrieve account and routing data. If you are using the Sandbox environment, you can use the [/sandbox/item/set\_verification\_status](https://plaid.com/docs/api/sandbox/index.html.md#sandboxitemset_verification_status) endpoint to test your integration. ```bash ## no curl example ``` ```node // This example uses Express to receive webhooks const app = require('express')(); const bodyParser = require('body-parser'); app.use(bodyParser); app.post('/webhook', async (request, response) => { const event = request.body; // Handle the event switch (event.webhook_code) { case 'AUTOMATICALLY_VERIFIED': const accessToken = lookupAccessToken(event.item_id); const request: AuthGetRequest = { access_token: accessToken }; const authResponse = await client.authGet(request); const numbers = authResponse.numbers; break; case 'VERIFICATION_EXPIRED': // handle verification failure; prompt user to re-authenticate console.error('Verification failed for', event.item_id); break; default: // Unexpected event type return response.status(400).end(); } // Return a response to acknowledge receipt of the event response.json({ received: true }); }); app.listen(8000, () => console.log('Running on port 8000')); ``` ```python # This example uses Django to receive webhooks import json from django.http import HttpResponse @csrf_exempt def webhook_view(request): event = json.loads(request.body) # Handle the event if event['webhook_code'] == 'AUTOMATICALLY_VERIFIED': access_token = lookup_access_token(event['item_id']); request = AuthGetRequest(access_token=access_token) auth_response = client.auth_get(request) numbers = auth_response['numbers'] elif event['webhook_code'] == 'VERIFICATION_EXPIRED': print('Verification failed for ', event['item_id']) # handle verification failure; prompt user to re-authenticate else: # Unexpected event type return HttpResponse(status=400) return HttpResponse(status=200) ``` ```ruby # Using Sinatra require 'json' post '/webhook' do event = JSON.parse(request.body.read) # Handle the event case event['webhook_code'] when 'AUTOMATICALLY_VERIFIED' access_token = lookup_access_token(event['item_id']); request = Plaid::AuthGetRequest.new({ access_token: access_token }) response = client.auth_get(request) numbers = response.numbers when 'VERIFICATION_EXPIRED' puts "Verification failed for #{event['item_id']}" # Handle verification failure; prompt user to re-authenticate else # Unexpected event type status 400 return end status 200 end ``` ```java // No example implementation for Java ``` ```go // No example implementation for Go ``` #### Check the account verification status (optional)  In some cases you may want to implement logic to display the `verification_status` of an Item that is pending automated verification in your app. The [/accounts/get](https://plaid.com/docs/api/accounts/index.html.md#accountsget) API endpoint allows you to query this information. For non-programmatic access to this information, you can use the [Account Verification Dashboard](https://dashboard.plaid.com/account-verification/) . ```bash curl -X POST https://sandbox.plaid.com/accounts/get \ -H 'Content-Type: application/json' \ -d '{ "client_id": "${PLAID_CLIENT_ID}", "secret": "${PLAID_SECRET}", "access_token": "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755" }' ``` ```node // Fetch the accountID and accessToken from your database const accountID = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D'; const accessToken = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755'; const request: AccountsGetRequest = { access_token: accessToken, }; try { const response = await client.accountsGet(request); const account = response.data.accounts.find((a) => a.account_id === accountID); const verificationStatus = account.verification_status; } catch (err) { // handle error } ``` ```python # Fetch the accountID and accessToken from your database account_id = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D' access_token = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755' request = AccountsGetRequest(access_token=access_token) response = client.accounts_get(request) accounts = response['accounts'] ``` ```ruby # Fetch the accountID and accessToken from your database account_id = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D' access_token = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755' request = Plaid::AccountsGetRequest.new({ access_token: access_token }) response = client.accounts_get(request) accounts = response.accounts ``` ```java // Fetch the accountID and accessToken from your database String accountID = "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D"; String accessToken = "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755"; AccountsGetRequest request = new AccountsGetRequest() .accessToken(accessToken); Response response = client() .accountsGet(request) .execute(); if (response.isSuccessful()) { AccountBase account = response.body().getAccounts().stream() .filter(a -> a.getAccountId().equals(accountID)) .findFirst() .orElseThrow(); String verificationStatus = account.getVerificationStatus().getValue(); } ``` ```go // Fetch the accountID and accessToken from your database accountID := "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D" accessToken := "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755" accountsGetResp, _, err := client.PlaidApi.AccountsGet(ctx).AccountsGetRequest( *plaid.NewAccountsGetRequest(accessToken), ).Execute() accounts := accountsGetResp.GetAccounts() ``` Account get response ```json { "accounts": [ { "account_id": "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D", "balances": { Object }, "mask": "0000", "name": "Plaid Checking", "official_name": "Plaid Gold Checking", "type": "depository", "subtype": "checking", "verification_status": "pending_automatic_verification" | "automatically_verified" | "verification_expired" }, ... ], "item": { Object }, "request_id": String } ``` #### Fetch Auth data  Finally, we can retrieve Auth data once automated verification has succeeded: ```bash curl -X POST https://sandbox.plaid.com/auth/get \ -H 'Content-Type: application/json' \ -d '{ "client_id": "${PLAID_CLIENT_ID}", "secret": "${PLAID_SECRET}", "access_token": "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755" }' ``` ```node const accessToken = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755'; // Instantly fetch Auth numbers const request: AuthGetRequest = { access_token: accessToken, }; try { const response = await client.authGet(request); const numbers = response.data.numbers; } catch (err) { // handle error } ``` ```python access_token = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755' # Instantly fetch Auth numbers auth_request = AuthGetRequest(access_token=access_token) auth_response = client.auth_get(auth_request) numbers = auth_response['numbers'] ``` ```ruby access_token = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755'; # Instantly fetch Auth numbers request = Plaid::AuthGetRequest.new({ access_token: access_token }) auth_response = client.auth_get(request) numbers = auth_response.numbers ``` ```java String accessToken = "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755"; // Instantly fetch Auth numbers AuthGetRequest authGetRequest = new AuthGetRequest() .accessToken(accessToken); Response authResponse = client() .authGet(authGetRequest) .execute(); if (authResponse.isSuccessful()) { AuthGetResponse.Numbers numbers = authResponse.body().getNumbers(); } ``` ```go accessToken := "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755" // Instantly fetch Auth numbers authGetResp, _, err := client.PlaidApi.AuthGet(ctx).AuthGetRequest( *plaid.NewAuthGetRequest(accessToken), ).Execute() numbers := authGetResp.GetNumbers() ``` Auth response ```json { "numbers": { "ach": [ { "account_id": "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D", "account": "1111222233330000", "routing": "011401533", "wire_routing": "021000021" } ], "eft": [], "international": [], "bacs": [] }, "accounts": [ { "account_id": "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D", "balances": { Object }, "mask": "0000", "name": "Plaid Checking", "official_name": "Plaid Gold Standard 0% Interest Checking", "verification_status": "automatically_verified", "subtype": "checking" | "savings", "type": "depository" } ], "item": { Object }, "request_id": "m8MDnv9okwxFNBV" } ``` Check out the [/auth/get](https://plaid.com/docs/api/products/auth/index.html.md#authget) API reference documentation to see the full Auth request and response schema. #### Handling Link events  For a user who goes through the Automated Micro-deposit flow, the `TRANSITION_VIEW (view_name = NUMBERS)` event will occur after `SUBMIT_CREDENTIALS`, and in the `onSuccess` callback the `verification_status` will be `pending_automatic_verification`. Sample Link events for Automated Micro-deposits flow ```bash OPEN (view_name = CONSENT) TRANSITION_VIEW (view_name = SELECT_INSTITUTION) SEARCH_INSTITUTION SELECT_INSTITUTION TRANSITION_VIEW (view_name = CREDENTIAL) SUBMIT_CREDENTIALS TRANSITION_VIEW (view_name = LOADING) TRANSITION_VIEW (view_name = MFA, mfa_type = code) SUBMIT_MFA (mfa_type = code) TRANSITION_VIEW (view_name = LOADING) TRANSITION_VIEW (view_name = SELECT_ACCOUNT) TRANSITION_VIEW (view_name = NUMBERS) TRANSITION_VIEW (view_name = LOADING) TRANSITION_VIEW (view_name = CONNECTED) HANDOFF onSuccess (verification_status: pending_automatic_verification) ``` #### Same-Day Micro-deposits  Integrate the manual micro-deposit method [View guide](https://plaid.com/docs/auth/coverage/same-day/index.html.md) #### Testing in Sandbox  Learn how to test each Auth method in the Sandbox [View guide](https://plaid.com/docs/auth/coverage/testing/index.html.md)