Same Day Micro-deposits

Same Day Micro-deposits can be used to authenticate any bank account in the US, but especially for the ~2,000 institutions that don't support Instant Auth, Instant Match, or Automated Micro-deposit verification. Plaid will make a deposit that will post within one business day (using Same Day ACH, which is roughly two days faster than the standard micro-deposit experience of two to three days). Users are instructed to manually verify the code in the transaction description deposited in the account.

The user clicks an action that opens Plaid Link.

A user connects their financial institution using the following connection flow:

1. Starting on a page in your app, the user clicks an action that opens Plaid Link with the correct Auth configuration.
2. Inside of Plaid Link, the user enters the micro-deposit initiation flow and provides their legal name, account and routing number.
3. Upon successful authentication, Link closes with a public_token and a metadata account status of pending_manual_verification.
4. Behind the scenes, Plaid sends a micro-deposit to the user's account that will post within one to two business days.
5. After one to two days, the user is prompted to verify the code in the transaction description in their account, by opening Link with a generated link_token.

When these steps are done, your user's Auth data is verified and ready to fetch.

You can try out the Same Day Micro-deposit flow in Link Demo. For instructions on triggering the flow, see the testing guide.

Enable Same Day micro-deposits via the Account Verification Dashboard. Alternatively, you can also enable this flow by setting the auth.same_day_microdeposits_enabled: true parameter when calling /link/token/create.

Create a link_token with the following parameters:

• products array should include only auth or transfer as a product when using same-day manual micro-deposit verification. While in most cases additional products can be added to existing Plaid Items, Items created for Same Day manual micro-deposit verification are an exception and cannot be used with any Plaid products other than Auth or Transfer.

• country_codes set to ['US'] – Micro-deposit verification is currently only available in the United States.

After creating a link_token for the auth product, use it to initialize Plaid Link.

When the user successfully inputs their account and routing numbers, the onSuccess() callback function (or the equivalent field in /link/token/get, if using the Hosted Link integration method) will return a public_token, with verification_status equal to 'pending_manual_verification'.

1const linkHandler = Plaid.create({
2  // Fetch a link_token configured for 'auth' from your app server
3  token: (await $.post('/create_link_token')).link_token,
4  onSuccess: (public_token, metadata) => {
5    // Send the public_token and connected accounts to your app server
6    $.post('/exchange_public_token', {
7      publicToken: public_token,
8      accounts: metadata.accounts,
9    });
10
11    metadata = {
12      ...,
13      link_session_id: String,
14      institution: {
15        name: null,          // name is always null for Same Day Micro-deposits
16        institution_id: null // institution_id is always null for Same Day Micro-deposits
17      },
18      accounts: [{
19        id: 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D',
20        mask: '1234',
21        name: "Checking...1234",
22        type: 'depository',
23        subtype: 'checking',
24        verification_status: 'pending_manual_verification'
25      }]
26    }
27  },
28  // ...
29});
30
31// Open Link on user-action
32linkHandler.open();

Because Same Day verification usually takes one business day to complete, we recommend displaying a UI in your app that communicates to a user that verification is currently pending.

You can use the verification_status key returned in the onSuccess metadata.accounts object once Plaid Link closes successfully.

1verification_status: 'pending_manual_verification';

You can also fetch the verification_status for an Item's account via the Plaid API, to obtain the latest account status.

In your own backend server, call the /item/public_token/exchange endpoint with the Link public_token to obtain an access_token.

When using same-day micro-deposit verification, only one account can be associated with each access token. If you want to allow a user to link multiple accounts at the same institution using same-day micro-deposits, you will need to create a new Link flow and generate a separate access token for each account.

To test your integration outside of Production, see Testing Same Day Micro-deposits in Sandbox.

1// publicToken and accountID are sent from your app to your backend-server
2const accountID = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D';
3const publicToken = 'public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d';
4
5// Obtain an access_token from the Link public_token
6const response = await client
7  .itemPublicTokenExchange({
8    public_token: publicToken,
9  })
10  .catch((err) => {
11    // handle error
12  });
13const accessToken = response.access_token;

1{
2  "access_token": "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755",
3  "item_id": "M5eVJqLnv3tbzdngLDp9FL5OlDNxlNhlE55op",
4  "request_id": "m8MDnv9okwxFNBV"
5}

In some cases you may want to implement logic in your app to display the verification_status of an Item that is pending manual verification. The /accounts/get API endpoint allows you to query this information.

1// Fetch the accountID and accessToken from your database
2const accountID = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D';
3const accessToken = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755';
4const request: AccountsGetRequest = {
5  access_token: accessToken,
6};
7const response = await client.accountsGet(request).catch((err) => {
8  // handle error
9});
10const account = response.accounts.find((a) => a.account_id === accountID);
11const verificationStatus = account.verification_status;

1{
2  "accounts": [
3    {
4      "account_id": "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D",
5      "balances": { Object },
6      "mask": "0000",
7      "name": "Checking...0000",
8      "official_name": null,
9      "type": "depository",
10      "subtype": "checking",
11      "verification_status":
12        "pending_manual_verification" |
13        "manually_verified" |
14        "verification_failed",
15    },
16    ...
17  ],
18  "item": { Object },
19  "request_id": String
20}

After one to two business days, the micro-deposit sent to the user's account is expected to be posted. To securely verify a Same Day Micro-deposits account, your user needs to come back into Link to verify the code in the transaction description.

When the micro-deposit posts to your end user's bank account, the transaction description will be written with the format:

1#XXX <clientName> ACCTVERIFY

The # will be followed with the three letter code required for verification. The <clientName> is defined by the value of the client_name parameter that was used to create the link_token that initialized Link. Due to network requirements, the client_name will be truncated to the first 11 characters and ACCTVERIFY will be added to signify the deposit is for account verification.

Users with business or corporate accounts that have ACH debit blocks enabled on their account may need to authorize Plaid's Company / Tax ID, 1460820571, to avoid any issues with linking their accounts.

Verification of Same Day Micro-deposits is performed in two steps:

1. In your backend server, create a new link_token from the associated access_token for the given user.
2. Pass the generated link_token into your client-side app, using the token parameter in the Link configuration. This will automatically trigger the micro-deposit verification flow in Link.

Generate a link_token for verifying micro-deposits by passing the user's associated access_token to the /link/token/create API endpoint. Note that the products field should not be set because the micro-deposits verification flow does not change the products associated with the given access_token.

1// Using Express
2app.post('/api/create_link_token', async function (request, response) {
3  // Get the client_user_id by searching for the current user
4  const user = await User.find(...);
5  const clientUserId = user.id;
6  const request = {
7    user: {
8      client_user_id: clientUserId,
9    },
10    client_name: 'Plaid Test App',
11    language: 'en',
12    webhook: 'https://webhook.sample.com',
13    country_codes: [CountryCode.Us],
14    access_token: 'ENTER_YOUR_ACCESS_TOKEN',
15  };
16  try {
17    const createTokenResponse = await client.linkTokenCreate(request);
18    response.json(createTokenResponse.data);
19  } catch (error) {
20    // handle error
21  }
22});

In your client-side app, pass the generated link_token into the Link token parameter. Link will automatically detect that Same Day verification is required for the Item and will open directly into the verification flow (see the image above).

In Link, the user will be prompted to log in to their personal banking portal to confirm the code in the micro-deposit transaction description. Upon successful entry of the code, the onSuccess callback will be fired, with an updated verification_status: 'manually_verified'. The verification code will be case-insensitive.

There is no time limit for the user to verify the deposit. A user has three attempts to enter the code correctly, after which the Item will be permanently locked for security reasons. See INCORRECT_DEPOSIT_VERIFICATION and PRODUCT_NOT_READY for errors that may occur during the micro-deposit initiation and verification flow.

1const linkHandler = Plaid.create({
2  token: await fetchLinkTokenForMicrodepositsVerification(),
3  onSuccess: (public_token, metadata) => {
4    metadata = {
5      accounts: [{
6        ...,
7        verification_status: 'manually_verified',
8      }],
9    };
10  },
11  // ...
12});
13
14// Open Link to verify micro-deposit amounts
15linkHandler.open();

An Item's access_token does not change when verifying micro-deposits, so there is no need to repeat the exchange token process.

Finally, we can retrieve Auth data once the user has manually verified their account through Same Day Micro-deposits:

1const accessToken = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755';
2
3// Instantly fetch Auth numbers
4const request: AuthGetRequest = {
5  access_token: accessToken,
6};
7const response = await client.authGet(request).catch((err) => {
8  // handle error
9});
10const numbers = response.numbers;

1{
2  "numbers": {
3    "ach": [
4      {
5        "account_id": "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D",
6        "account": "1111222233330000",
7        "routing": "011401533",
8        "wire_routing": "021000021"
9      }
10    ],
11    "eft": [],
12    "international": [],
13    "bacs": []
14  },
15  "accounts": [
16    {
17      "account_id": "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D",
18      "balances": { Object },
19      "mask": "0000",
20      "name": "Checking ...0000",
21      "official_name": null,
22      "verification_status": "manually_verified",
23      "subtype": "checking",
24      "type": "depository"
25    }
26  ],
27  "item": { Object },
28  "request_id": "m8MDnv9okwxFNBV"
29}

Check out the /auth/get API reference documentation to see the full Auth request and response schema.

Text Message Verification is an alternative verification method for the Same Day Micro-deposit flow. With Text Message Verification, Plaid will send your user a one-time SMS message, directing them to a Plaid-hosted website where they can complete the micro-deposit verification process. When the user is done verifying their micro-deposit code, you will receive a SMS_MICRODEPOSITS_VERIFICATION webhook, telling you that the user has completed the process and that it is now safe to retrieve Auth information.

Text Message Verification can and should be used alongside the usual verification flow of prompting your user to verify their code inside your app through Link. The user may choose not to receive an SMS message from Plaid, or they might simply ignore the message, so it is important for your app to still provide a way for your user to complete the process.

Text Message Verification is enabled by default as long as Same Day Micro-deposits have been enabled. To opt out of Text Message Verification, use the Dashboard Account Verification pane to disable it, or, if not using the Account Verification Dashboard, set auth.sms_microdeposits_verification_enabled: false in your /link/token/create call.

1. When calling /link/token/create, make sure you have specified a URL for your webhook receiver, so you can receive the SMS_MICRODEPOSITS_VERIFICATION webhook.

2. Listen for the SMS_MICRODEPOSITS_VERIFICATION webhook.

   When the user completes the verification process, Plaid will send a SMS_MICRODEPOSITS_VERIFICATION webhook to the webhook receiver URL that you specified earlier. When you receive this webhook, review the value of the status field.

   Example webhook

   Copy

   1{
   2  "webhook_type": "AUTH",
   3  "webhook_code": "SMS_MICRODEPOSITS_VERIFICATION",
   4  "status": "MANUALLY_VERIFIED",
   5  "item_id": "eVBnVMp7zdTJLkRNr33Rs6zr7KNJqBFL9DrE6",
   6  "account_id": "dVzbVMLjrxTnLjX4G66XUp5GLklm4oiZy88yK",
   7  "environment": "sandbox"
   8}

   A value of MANUALLY_VERIFIED indicates that the user successfully entered the micro-deposit code and has verified their account information. You can now retrieve Auth information on behalf of this user, and you should remove any pending in-app messages asking the user to complete the verification process.

   If you re-open Link and ask the user to verify their code after they have already verified it using Text Message Verification, Link will close immediately and fire the onSuccess callback. So even if you don't act on this webhook, your application will continue to function normally.

   A status field of VERIFICATION_FAILED indicates that the user failed the verification process. Verification cannot be retried once this status has been triggered; you will need to create a new Item.

When the user goes through the Same Day Micro-deposit flow in Link, they will be prompted to enter their phone number. After the micro-deposit has been placed in their account, Plaid will contact the user via SMS with a URL pointing to a Plaid-hosted page where the user can complete the verification process. The text message itself will contain the following message:

1Plaid: On behalf of [client_name], a $0.01 deposit was sent to your account ending in 1234. Verify this deposit here: https://hosted.plaid.com/link/lp1234. Then, return to [client_name] to complete your account setup.

Currently, the text message is only provided in English and will not be localized according to your Link customization settings.

Text message verification cannot be tested in the Sandbox environment. Text messages will only be sent in Production.

In addition to the default flow, Same Day Micro-deposits has several optional flow settings you can enable.

To expose more users to the Same Day micro-deposit flow, you can enable Auth Type Select, or to limit users' exposure to the flow, you can enable Reroute to Credentials.

To provide an alternative flow that allows users to skip micro-deposit verification and instead relies on recognizing a known bank account within the Plaid network, you can enable Database Auth.

The setting that is best for you will depend on your use case, your risk exposure, and which other Plaid products you use. Learn more about how to optimize your configuration and manage risk under best practices.

Same Day Micro-deposit flow options are configured on a Link customization level (if using the Account Verification Dashboard) or on a Link token level (if configuring the options directly in the /link/token/create call). This enables you to decide which sessions are enabled for which flows; for example, you can enable different flows based on users' risk profiles.

When a user goes through the Same Day micro-deposits flow, the session will have the TRANSITION_VIEW (view_name = NUMBERS) event and a TRANSITION_VIEW (view_name = SAME_DAY_MICRODEPOSIT_AUTHORIZED) event after the user authorizes Plaid to send a micro-deposit to the submitted account and routing number. In the onSuccess callback the verification_status will be pending_manual_verification because the user will have to return to Link to verify their micro-deposit at a later Link session.

1OPEN (view_name = CONSENT)
2TRANSITION_VIEW (view_name = SELECT_INSTITUTION)
3SEARCH_INSTITUTION
4TRANSITION_VIEW (view_name = NUMBERS)
5TRANSITION_VIEW (view_name = LOADING)
6TRANSITION_VIEW (view_name = CONNECTED)
7HANDOFF
8onSuccess (verification_status: pending_manual_verification)

When a user goes through the Same Day micro-deposits flow with Reroute to Credentials, you will additionally see TRANSITION_VIEW (view_name = NUMBERS_SELECT_INSTITUTION) with view_variant = SINGLE_INSTITUTION or view_variant = MULTI_INSTITUTION.

1OPEN (view_name = CONSENT)
2TRANSITION_VIEW (view_name = SELECT_INSTITUTION)
3SEARCH_INSTITUTION
4TRANSITION_VIEW (view_name = NUMBERS)
5TRANSITION_VIEW (view_name = NUMBERS_SELECT_INSTITUTION, view_variant = SINGLE_INSTITUTION)
6TRANSITION_VIEW (view_name = LOADING)
7TRANSITION_VIEW (view_name = CONNECTED)
8HANDOFF
9onSuccess (verification_status: pending_manual_verification)

When a user goes through the Same Day micro-deposits flow with the Auth Type Select configuration, you will additionally see TRANSITION_VIEW (view_name = SELECT_AUTH_TYPE) and also SELECT_AUTH_TYPE (selection = flow_type_manual)

1OPEN (view_name = CONSENT)
2TRANSITION_VIEW (view_name = SELECT_AUTH_TYPE)
3SELECT_AUTH_TYPE (selection = flow_type_manual)
4TRANSITION_VIEW (view_name = NUMBERS)
5TRANSITION_VIEW (view_name = LOADING)
6TRANSITION_VIEW (view_name = CONNECTED)
7HANDOFF
8onSuccess (verification_status: pending_manual_verification)