Same-Day Micro-deposits  ======================== #### Learn how to authenticate your users with a manually verified micro-deposit  ### Overview  Same-Day Micro-deposits can be used to authenticate any bank account in the US, but is especially useful for the ~2,000 institutions that don't support Instant Auth, Instant Match, or Automated Micro-deposit verification. Plaid will make a deposit that will post within one business day (using Same Day ACH, which is roughly two days faster than the standard micro-deposit experience of two to three days). Users are instructed to manually verify the code in the transaction description deposited in the account. #### The Same-Day Micro-deposit flow  The user clicks an action that opens Plaid Link. (An image of "The user clicks an action that opens Plaid Link.") (An image of "They optionally log in...") (An image of "...select a new institution...") (An image of "...and choose to connect by entering account numbers manually.") (An image of "The user enters their routing number...") (An image of "...account number...") (An image of "...full name...") (An image of "...selects an account type...") (An image of "...and authorizes the transfer.") (An image of "The user enters their phone number to be notified when the transfer has arrived.") (An image of "The user is told to come back in a few days.") (An image of "A day or two later, the user receives an SMS notification that the deposit has arrived.") (An image of "After getting the code from their bank account, they return to Plaid to verify the code.") (An image of "And the account is verified") A user connects their financial institution using the following connection flow: 1. Starting on a page in your app, the user clicks an action that opens Plaid Link with the correct Auth [configuration](https://plaid.com/docs/auth/coverage/same-day/index.html.md#create-a-link_token) . 2. Inside of Plaid Link, the user enters the micro-deposit initiation flow and provides their legal name, account and routing number. 3. Upon [successful authentication](https://plaid.com/docs/auth/coverage/same-day/index.html.md#exchange-the-public-token) , Link closes with a `public_token` and a `metadata` account status of `pending_manual_verification`. 4. Behind the scenes, Plaid sends a micro-deposit to the user's account that will post within one business day. 5. After one business day, the user is prompted to verify the code in the transaction description in their account, by [opening Link with a generated link\_token](https://plaid.com/docs/auth/coverage/same-day/index.html.md#prompt-user-to-verify-micro-deposit-code-in-link) . Plaid will not reverse the $0.01 micro-deposit credit. When these steps are done, your user's Auth data is verified and [ready to fetch](https://plaid.com/docs/auth/coverage/same-day/index.html.md#fetch-auth-data) . ##### Demoing the flow in Link  You can try out the Same-Day Micro-deposits flow in an [Interactive Demo](https://plaid.coastdemo.com/share/67d0ce0df465686c02cc4fd2?zoom=100&step=9) . For more details, see the [testing guide](https://plaid.com/docs/auth/coverage/testing/index.html.md#testing-same-day-micro-deposits) . #### Implementation steps  ##### Enable Same-Day Micro-deposits  Enable Same-Day Micro-deposits via the [Account Verification Dashboard](https://dashboard.plaid.com/account-verification) . Alternatively, you can also enable it by setting the `auth.same_day_microdeposits_enabled: true` parameter when calling [/link/token/create](https://plaid.com/docs/api/link/index.html.md#linktokencreate) . ##### Create a link\_token  Create a `link_token` with the following parameters: * `products` array should include only `auth` or `transfer` as a product when using same-day manual micro-deposit verification. While in most cases additional products can be added to existing Plaid Items, Items created for same-day manual micro-deposit verification are an exception and cannot be used with any Plaid products other than Auth or Transfer. Approximately 30% of Items verified by Same-Day Micro-deposits can also be verified by [/identity/match](https://plaid.com/docs/api/products/identity/index.html.md#identitymatch) or [/signal/evaluate](https://plaid.com/docs/api/products/signal/index.html.md#signalevaluate) . If using Identity Match or Signal Transaction Scores in this way, they should be added to the Item via the `required_if_supported_products`, `optional_products`, or `additional_consented_products` fields rather than the `products` array. For more details, see [Identity Match](https://plaid.com/docs/identity/index.html.md#identity-match) and [Signal Transaction Scores](https://plaid.com/docs/signal/signal-rules/index.html.md#data-availability-limitations) . All Items verified by Same-Day Micro-deposits are also compatible with statement-based verification via [Identity Document Upload](https://plaid.com/docs/identity/identity-document-upload/index.html.md) . * `country_codes` set to `['US']` – Micro-deposit verification is currently only available in the United States. ##### Initialize Link with a link\_token  After creating a `link_token` for the `auth` product, use it to initialize Plaid Link. When the user successfully inputs their account and routing numbers, the `onSuccess()` callback function (or the equivalent field in [/link/token/get](https://plaid.com/docs/api/link/index.html.md#linktokenget) , if using the [Hosted Link](https://plaid.com/docs/link/hosted-link/index.html.md) integration method) will return a `public_token`, with `verification_status` equal to `'pending_manual_verification'`. App.js ```javascript const linkHandler = Plaid.create({ // Fetch a link_token configured for 'auth' from your app server token: (await $.post('/create_link_token')).link_token, onSuccess: (public_token, metadata) => { // Send the public_token and connected accounts to your app server $.post('/exchange_public_token', { publicToken: public_token, accounts: metadata.accounts, }); metadata = { ..., link_session_id: String, institution: { name: null, // name is always null for Same-Day Micro-deposits institution_id: null // institution_id is always null for Same-Day Micro-deposits }, accounts: [{ id: 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D', mask: '1234', name: "Checking...1234", type: 'depository', subtype: 'checking', verification_status: 'pending_manual_verification' }] } }, // ... }); // Open Link on user-action linkHandler.open(); ``` ##### Display a "pending" status in your app  Because Same-Day verification usually takes one business day to complete, we recommend displaying a UI in your app that communicates to a user that verification is currently pending. You can use the `verification_status` key returned in the `onSuccess` `metadata.accounts` object once Plaid Link closes successfully. Metadata verification\_status ```javascript verification_status: 'pending_manual_verification'; ``` You can also [fetch the verification\_status](https://plaid.com/docs/auth/coverage/same-day/index.html.md#check-the-account-verification-status-optional) for an Item's account via the Plaid API, to obtain the latest account status. ##### Exchange the public token  In your own backend server, call the [/item/public\_token/exchange](https://plaid.com/docs/api/items/index.html.md#itempublic_tokenexchange) endpoint with the Link `public_token` to obtain an `access_token`. When using Same-Day Micro-deposit verification, only one account can be associated with each access token. If you want to allow a user to link multiple accounts at the same institution using Same-Day Micro-deposits, you will need to create a new Link flow and generate a separate access token for each account. To test your integration outside of Production, see [Testing Same-Day Micro-deposits in Sandbox](https://plaid.com/docs/auth/coverage/testing/index.html.md#testing-same-day-micro-deposits) . ```bash curl -X POST https://sandbox.plaid.com/item/public_token/exchange \ -H 'Content-Type: application/json' \ -d '{ "client_id": "${PLAID_CLIENT_ID}", "secret": "${PLAID_SECRET}", "public_token": "public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d" }' ``` ```node // publicToken and accountID are sent from your app to your backend-server const accountID = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D'; const publicToken = 'public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d'; // Obtain an access_token from the Link public_token try { const response = await client.itemPublicTokenExchange({ public_token: publicToken, }); const accessToken = response.data.access_token; } catch (err) { // handle error } ``` ```python # publicToken and accountID are sent from your app to your backend-server accountID = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D' publicToken = 'public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d' # Obtain an access_token from the Link public_token token_request = ItemPublicTokenExchangeRequest( public_token=publicToken) token_response = client.item_public_token_exchange(token_request) accessToken = token_response['access_token'] ``` ```ruby # publicToken and accountID are sent from your app to your backend-server accountID = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D' publicToken = 'public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d' # Obtain an access_token from the Link public_token request = Plaid::ItemPublicTokenExchangeRequest.new( { public_token: publicToken } ) token_response = client.item_public_token_exchange(request) access_token = token_response.access_token ``` ```java // publicToken and accountID are sent from your app to your backend-servers String accountID = "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D"; String publicToken = "public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d"; // Obtain an access_token from the Link public_token ItemPublicTokenExchangeRequest tokenRequest = new ItemPublicTokenExchangeRequest() .publicToken(publicToken); Response tokenResponse = plaidClient .itemPublicTokenExchange(tokenRequest) .execute(); String accessToken = tokenResponse.body().getAccessToken(); ``` ```go // publicToken and accountID are sent from your app to your backend-server accountID := "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D" publicToken := "public-sandbox-b0e2c4ee-a763-4df5-bfe9-46a46bce993d" // Obtain an access_token from the Link public_token exchangePublicTokenResp, _, err := client.PlaidApi.ItemPublicTokenExchange(ctx).ItemPublicTokenExchangeRequest( *plaid.NewItemPublicTokenExchangeRequest(publicToken), ).Execute() accessToken := exchangePublicTokenResp.GetAccessToken() ``` Exchange token response ```json { "access_token": "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755", "item_id": "M5eVJqLnv3tbzdngLDp9FL5OlDNxlNhlE55op", "request_id": "m8MDnv9okwxFNBV" } ``` ##### Check the account verification status (optional)  In some cases you may want to implement logic in your app to display the `verification_status` of an Item that is pending manual verification. The [/accounts/get](https://plaid.com/docs/api/accounts/index.html.md#accountsget) API endpoint allows you to query this information. To be notified via webhook when Plaid has sent the micro-deposit to your end user, see [micro-deposit events](https://plaid.com/docs/auth/coverage/microdeposit-events/index.html.md) . ```bash curl -X POST https://sandbox.plaid.com/accounts/get \ -H 'Content-Type: application/json' \ -d '{ "client_id": "${PLAID_CLIENT_ID}", "secret": "${PLAID_SECRET}", "access_token": "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755" }' ``` ```node // Fetch the accountID and accessToken from your database const accountID = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D'; const accessToken = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755'; const request: AccountsGetRequest = { access_token: accessToken, }; try { const response = await client.accountsGet(request); const account = response.data.accounts.find((a) => a.account_id === accountID); const verificationStatus = account.verification_status; } catch (err) { // handle error } ``` ```python # Fetch the accountID and accessToken from your database account_id = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D' access_token = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755' request = AccountsGetRequest(access_token=access_token) response = client.accounts_get(request) accounts = response['accounts'] ``` ```ruby # Fetch the accountID and accessToken from your database account_id = 'vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D' access_token = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755' request = Plaid::AccountsGetRequest.new({ access_token: access_token }) response = client.accounts_get(request) accounts = response.accounts ``` ```java // Fetch the accountID and accessToken from your database String accountID = "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D"; String accessToken = "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755"; AccountsGetRequest request = new AccountsGetRequest() .accessToken(accessToken); Response response = client() .accountsGet(request) .execute(); if (response.isSuccessful()) { AccountBase account = response.body().getAccounts().stream() .filter(a -> a.getAccountId().equals(accountID)) .findFirst() .orElseThrow(); String verificationStatus = account.getVerificationStatus().getValue(); } ``` ```go // Fetch the accountID and accessToken from your database accountID := "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D" accessToken := "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755" accountsGetResp, _, err := client.PlaidApi.AccountsGet(ctx).AccountsGetRequest( *plaid.NewAccountsGetRequest(accessToken), ).Execute() accounts := accountsGetResp.GetAccounts() ``` Account get response ```json { "accounts": [ { "account_id": "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D", "balances": { Object }, "mask": "0000", "name": "Checking...0000", "official_name": null, "type": "depository", "subtype": "checking", "verification_status": "pending_manual_verification" | "manually_verified" | "verification_failed" }, ... ], "item": { Object }, "request_id": String } ``` ##### Prompt user to verify micro-deposit code in Link  After one to two business days, the micro-deposit sent to the user's account is expected to be posted. To securely verify a Same-Day Micro-deposits account, your user needs to come back into Link to verify the code in the transaction description. When the micro-deposit posts to your end user's bank account, the transaction description will be written with the format: Micro-deposit post description ```bash #XXX ACCTVERIFY ``` The `#` will be followed with the three letter code required for verification. The `` is defined by the value of the `client_name` parameter that was used to create the `link_token` that initialized Link. Due to network requirements, the `client_name` will be truncated to the first 11 characters and `ACCTVERIFY` will be added to signify the deposit is for account verification. Users with business or corporate accounts that have ACH debit blocks enabled on their account may need to authorize Plaid's Company / Tax ID, `1460820571`, to avoid any issues with linking their accounts. To optimize conversion, we strongly recommend sending your user a notification (e.g. email, SMS, push notification) prompting them to come back into your app and verify the micro-deposit code. To be notified via webhook when Plaid has sent the micro-deposit to your end user, see [micro-deposit events](https://plaid.com/docs/auth/coverage/microdeposit-events/index.html.md) . (An image of "Plaid Instant Match process: Enter 3-letter code from deposit, confirmation screen, success message linking to Wonderwallet.") Verification of Same-Day Micro-deposits is performed in two steps: 1. In your backend server, create a new `link_token` from the associated `access_token` for the given user. 2. Pass the generated `link_token` into your client-side app, using the `token` parameter in the Link configuration. This will automatically trigger the micro-deposit verification flow in Link. ##### Create a new link\_token from a persistent access\_token  Generate a `link_token` for verifying micro-deposits by passing the user's associated `access_token` to the [/link/token/create](https://plaid.com/docs/api/link/index.html.md#linktokencreate) API endpoint. Note that the `products` field should not be set because the micro-deposits verification flow does not change the products associated with the given `access_token`. ```node // Using Express app.post('/api/create_link_token', async function (request, response) { // Get the client_user_id by searching for the current user const user = await User.find(...); const clientUserId = user.id; const linkTokenRequest = { user: { client_user_id: clientUserId, }, client_name: 'Plaid Test App', language: 'en', webhook: 'https://webhook.sample.com', country_codes: [CountryCode.Us], access_token: 'ENTER_YOUR_ACCESS_TOKEN', }; try { const createTokenResponse = await client.linkTokenCreate(linkTokenRequest); response.json(createTokenResponse.data); } catch (error) { // handle error } }); ``` ```bash curl -X POST https://sandbox.plaid.com/link/token/create \ -H 'Content-Type: application/json' \ -d '{ "client_id": "${PLAID_CLIENT_ID}", "secret": "${PLAID_SECRET}", "client_name": "Plaid Test App", "user": { "client_user_id": "${UNIQUE_USER_ID}" }, "access_token": "${ACCESS_TOKEN}", "country_codes": ["US"], "language": "en", "webhook": "https://webhook.sample.com" }' ``` ```ruby require 'sinatra' require 'plaid' post '/api/create_link_token' do # Get the client_user_id by searching for the current user current_user = User.find(...) client_user_id = current_user.id # Create a link_token for the given user request = Plaid::LinkTokenCreateRequest.new( { user: { client_user_id: client_user_id }, client_name: 'Plaid Test App', access_token: 'ENTER_YOUR_ACCESS_TOKEN', country_codes: ['US'], language: "en", webhook: 'https://webhook.sample.com' } ) response = client.link_token_create(request) content_type :json response.to_json end ``` ```java import com.plaid.client.model.LinkTokenCreateRequest; import com.plaid.client.model.LinkTokenCreateRequestUser; import com.plaid.client.model.LinkTokenCreateResponse; static class GetLinkToken implements HttpHandler { private static PlaidClient plaidClient; public void handle(HttpExchange t) throws IOException { // Create your Plaid client HashMap apiKeys = new HashMap(); apiKeys.put("clientId", CLIENT_ID); apiKeys.put("secret", SECRET); apiKeys.put("plaidVersion", "2020-09-14"); apiClient = new ApiClient(apiKeys); apiClient.setPlaidAdapter(ApiClient.Sandbox); plaidClient = apiClient.createService(PlaidApi.class); // Simplified pseudo-code for obtaining a user_id User userFromDB = db.find(...); String clientUserId = userFromDB.id; LinkTokenCreateRequestUser user = new LinkTokenCreateRequestUser() .clientUserId(clientUserId); // Create a link_token for the given user LinkTokenCreateRequest request = new LinkTokenCreateRequest() .user(user) .clientName("Plaid Test App") .accessToken("ENTER_YOUR_ACCESS_TOKEN") .countryCodes(Arrays.asList(CountryCode.US, CountryCode.CA)) .language("en") .redirectUri(redirectUri) .webhook("https://sample.webhook.com"); Response response = plaidClient .linkTokenCreate(request) .execute(); // Send the data to the client return response.body(); } } ``` ```python # Using Flask @app.route("/create_link_token", methods=['POST']) def create_link_token(): # Get the client_user_id by searching for the current user user = User.find(...) client_user_id = user.id # Create a link_token for the given user request = LinkTokenCreateRequest( access_token ="ENTER_YOUR_ACCESS_TOKEN", client_name="Plaid Test App", country_codes=[CountryCode('US')], language='en', webhook='https://webhook.sample.com', user=LinkTokenCreateRequestUser( client_user_id=client_user_id ) ) response = client.link_token_create(request) link_token = response['link_token'] # Send the data to the client return jsonify(response.to_dict()) ``` ```go import ( "context" "net/http" "os" "github.com/gin-gonic/gin" "github.com/plaid/plaid-go/plaid" ) func createLinkToken(c *gin.Context) { ctx := context.Background() // Get the client_user_id by searching for the current user user, _ := usermodels.Find(...) clientUserId := user.ID.String() // Create a link_token for the given user request := plaid.NewLinkTokenCreateRequest("Plaid Test App", "en", []plaid.CountryCode{plaid.COUNTRYCODE_US}, *plaid.NewLinkTokenCreateRequestUser(clientUserId)) request.SetWebhook("https://webhook.sample.com") request.SetAccessToken("ENTER_YOUR_ACCESS_TOKEN") resp, _, err := testClient.PlaidApi.LinkTokenCreate(ctx).LinkTokenCreateRequest(*request).Execute() // Send the data to the client c.JSON(http.StatusOK, gin.H{ "link_token": resp.GetLinkToken(), }) } ``` ##### Initialize Link with the generated link\_token  In your client-side app, pass the generated `link_token` into the Link `token` parameter. Link will automatically detect that Same-Day verification is required for the Item and will open directly into the verification flow (see the image above). In Link, the user will be prompted to log in to their personal banking portal to confirm the code in the micro-deposit transaction description. Upon successful entry of the code, the `onSuccess` callback will be fired, with an updated `verification_status: 'manually_verified'`. The verification code will be case-insensitive. There is no time limit for the user to verify the deposit. A user has three attempts to enter the code correctly, after which the Item will be permanently locked for security reasons. See [INCORRECT\_DEPOSIT\_VERIFICATION](https://plaid.com/docs/errors/invalid-input/index.html.md#incorrect_deposit_verification) and [PRODUCT\_NOT\_READY](https://plaid.com/docs/errors/item/index.html.md#product_not_ready) for errors that may occur during the micro-deposit initiation and verification flow. App.js ```javascript const linkHandler = Plaid.create({ token: await fetchLinkTokenForMicrodepositsVerification(), onSuccess: (public_token, metadata) => { metadata = { accounts: [{ ..., verification_status: 'manually_verified', }], }; }, // ... }); // Open Link to verify micro-deposit amounts linkHandler.open(); ``` An Item's `access_token` does not change when verifying micro-deposits, so there is no need to repeat the exchange token process. ##### Fetch Auth data  Finally, we can retrieve Auth data once the user has manually verified their account through Same-Day Micro-deposits: ```bash curl -X POST https://sandbox.plaid.com/auth/get \ -H 'Content-Type: application/json' \ -d '{ "client_id": "${PLAID_CLIENT_ID}", "secret": "${PLAID_SECRET}", "access_token": "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755" }' ``` ```node const accessToken = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755'; // Instantly fetch Auth numbers const request: AuthGetRequest = { access_token: accessToken, }; try { const response = await client.authGet(request); const numbers = response.data.numbers; } catch (err) { // handle error } ``` ```python access_token = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755' # Instantly fetch Auth numbers auth_request = AuthGetRequest(access_token=access_token) auth_response = client.auth_get(auth_request) numbers = auth_response['numbers'] ``` ```ruby access_token = 'access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755'; # Instantly fetch Auth numbers auth_get_request = Plaid::AuthGetRequest.new auth_get_request.access_token = access_token auth_response = client.auth_get(auth_get_request) numbers = auth_response.numbers ``` ```java String accessToken = "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755"; // Instantly fetch Auth numbers AuthGetRequest authGetRequest = new AuthGetRequest() .accessToken(accessToken); Response authResponse = client() .authGet(authGetRequest) .execute(); if (authResponse.isSuccessful()) { AuthGetResponse.Numbers numbers = authResponse.body().getNumbers(); } ``` ```go accessToken := "access-sandbox-5cd6e1b1-1b5b-459d-9284-366e2da89755" // Instantly fetch Auth numbers authGetResp, _, err := client.PlaidApi.AuthGet(ctx).AuthGetRequest( *plaid.NewAuthGetRequest(accessToken), ).Execute() numbers := authGetResp.GetNumbers() ``` Auth response ```json { "numbers": { "ach": [ { "account_id": "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D", "account": "1111222233330000", "routing": "011401533", "wire_routing": "021000021" } ], "eft": [], "international": [], "bacs": [] }, "accounts": [ { "account_id": "vzeNDwK7KQIm4yEog683uElbp9GRLEFXGK98D", "balances": { Object }, "mask": "0000", "name": "Checking ...0000", "official_name": null, "verification_status": "manually_verified", "subtype": "checking", "type": "depository" } ], "item": { Object }, "request_id": "m8MDnv9okwxFNBV" } ``` Check out the [/auth/get](https://plaid.com/docs/api/products/auth/index.html.md#authget) API reference documentation to see the full Auth request and response schema. #### Using Text Message Verification  Text Message Verification is an alternative verification method for Same-Day Micro-deposits. With Text Message Verification, Plaid will send your user a one-time SMS message, directing them to a Plaid-hosted website where they can complete the micro-deposit verification process. When the user is done verifying their micro-deposit code, you will receive a [SMS\_MICRODEPOSITS\_VERIFICATION](https://plaid.com/docs/api/products/auth/index.html.md#sms_microdeposits_verification) webhook, telling you that the user has completed the process and that it is now safe to retrieve Auth information. Text Message Verification can and should be used alongside the usual verification flow of prompting your user to verify their code inside your app through Link. The user may not receive the SMS message (for example, if they clicked "continue as guest" or provided no phone number), may choose not to receive an SMS message, or they might simply ignore the message, so it is important for your app to still provide a way for your user to complete the process. ##### Implementation steps  Text Message Verification is enabled by default as long as Same-Day Micro-deposits have been enabled. To opt out of Text Message Verification, use the [Dashboard Account Verification pane](https://dashboard.plaid.com/account-verification) to disable it, or, if not using the Account Verification Dashboard, set `auth.sms_microdeposits_verification_enabled: false` in your [/link/token/create](https://plaid.com/docs/api/link/index.html.md#linktokencreate) call. 1. When calling [/link/token/create](https://plaid.com/docs/api/link/index.html.md#linktokencreate) , make sure you have specified a URL for your webhook receiver, so you can receive the [SMS\_MICRODEPOSITS\_VERIFICATION](https://plaid.com/docs/api/products/auth/index.html.md#sms_microdeposits_verification) webhook. 2. Listen for the [SMS\_MICRODEPOSITS\_VERIFICATION](https://plaid.com/docs/api/products/auth/index.html.md#sms_microdeposits_verification) webhook. When the user completes the verification process, Plaid will send a [SMS\_MICRODEPOSITS\_VERIFICATION](https://plaid.com/docs/api/products/auth/index.html.md#sms_microdeposits_verification) webhook to the webhook receiver URL that you specified earlier. When you receive this webhook, review the value of the `status` field. Example webhook ```json { "webhook_type": "AUTH", "webhook_code": "SMS_MICRODEPOSITS_VERIFICATION", "status": "MANUALLY_VERIFIED", "item_id": "eVBnVMp7zdTJLkRNr33Rs6zr7KNJqBFL9DrE6", "account_id": "dVzbVMLjrxTnLjX4G66XUp5GLklm4oiZy88yK", "environment": "sandbox" } ``` A value of `MANUALLY_VERIFIED` indicates that the user successfully entered the micro-deposit code and has verified their account information. You can now retrieve Auth information on behalf of this user, and you should remove any pending in-app messages asking the user to complete the verification process. If you re-open Link and ask the user to verify their code after they have already verified it using Text Message Verification, Link will close immediately and fire the `onSuccess` callback. So even if you don't act on this webhook, your application will continue to function normally. A `status` field of `VERIFICATION_FAILED` indicates that the user failed the verification process. Verification cannot be retried once this status has been triggered; you will need to create a new Item. ##### User experience  When the user goes through the Same-Day Micro-deposit flow in Link, they will be prompted to enter their phone number, as long as they did not opt out of using or creating a Plaid account. Users who skip the Plaid account process and click "Continue as guest" instead will not be prompted to enter their phone number and cannot participate in Text Message Verification. After the micro-deposit has been placed in their account, if the user authorized Plaid to send the text message, Plaid will contact the user via SMS with a URL pointing to a Plaid-hosted page where the user can complete the verification process. The text message itself will contain the following message: Sample SMS message ```bash Plaid: On behalf of [client_name], a $0.01 deposit was sent to your account ending in 1234. Verify this deposit here: https://hosted.plaid.com/link/lp1234. Then, return to [client_name] to complete your account setup. ``` Currently, the text message is only provided in English and will not be localized according to your Link customization settings. ##### Testing text message verification  Text message verification cannot be tested in the Sandbox environment. Text messages will only be sent in Production, and will only be sent to users who do not click "Continue as guest" on the Link consent pane. To test receipt of the `SMS_MICRODEPOSITS_VERIFICATION` webhook in Sandbox, you can use [/sandbox/item/fire\_webhook](https://plaid.com/docs/api/sandbox/index.html.md#sandboxitemfire_webhook) ; in Sandbox, this endpoint will always fire a webhook with the status of `MANUALLY_VERIFIED` regardless of the actual verification status. #### Same-Day Micro-deposit flow configuration options  In addition to the default flow, Same-Day Micro-deposits has several optional flow settings you can enable. To expose more users to the Same-Day Micro-deposit flow, you can enable [Auth Type Select](https://plaid.com/docs/auth/coverage/flow-options/index.html.md#adding-manual-verification-entry-points-with-auth-type-select) , or to limit users' exposure to the flow, you can enable [Reroute to Credentials](https://plaid.com/docs/auth/coverage/flow-options/index.html.md#removing-manual-verification-entry-points-with-reroute-to-credentials) . To provide an alternative flow that allows users to skip micro-deposit verification and instead relies on recognizing a known bank account within the Plaid network, you can enable [Database Auth](https://plaid.com/docs/auth/coverage/database-auth/index.html.md) . The setting that is best for you will depend on your use case, your risk exposure, and which other Plaid products you use. Learn more about how to optimize your configuration and manage risk under [best practices](https://plaid.com/docs/auth/coverage/same-day-link-best-practices/index.html.md) . Same-Day Micro-deposit flow options are configured on a Link customization level (if using the Account Verification Dashboard) or on a Link token level (if configuring the options directly in the [/link/token/create](https://plaid.com/docs/api/link/index.html.md#linktokencreate) call). This enables you to decide which sessions are enabled for which flows; for example, you can enable different verification methods based on users' risk profiles. #### Handling Link events  When a user goes through the Same-Day Micro-deposits flow, the session will have the `TRANSITION_VIEW (view_name = NUMBERS)` event and a `TRANSITION_VIEW` (`view_name = SAME_DAY_MICRODEPOSIT_AUTHORIZED`) event after the user authorizes Plaid to send a micro-deposit to the submitted account and routing number. In the `onSuccess` callback the `verification_status` will be `pending_manual_verification` because the user will have to return to Link to verify their micro-deposit at a later Link session. Sample Link events for Same-Day Micro-deposits where user enters flow from empty Search state ```bash OPEN (view_name = CONSENT) TRANSITION_VIEW (view_name = SELECT_INSTITUTION) SEARCH_INSTITUTION TRANSITION_VIEW (view_name = NUMBERS) TRANSITION_VIEW (view_name = LOADING) TRANSITION_VIEW (view_name = CONNECTED) HANDOFF onSuccess (verification_status: pending_manual_verification) ``` When a user goes through the Same-Day Micro-deposits flow with Reroute to Credentials, you will additionally see `TRANSITION_VIEW (view_name = NUMBERS_SELECT_INSTITUTION)` with `view_variant = SINGLE_INSTITUTION` or `view_variant = MULTI_INSTITUTION`. Sample Link events for Same-Day Micro-deposits flow where user encounters Reroute to Credentials ```bash OPEN (view_name = CONSENT) TRANSITION_VIEW (view_name = SELECT_INSTITUTION) SEARCH_INSTITUTION TRANSITION_VIEW (view_name = NUMBERS) TRANSITION_VIEW (view_name = NUMBERS_SELECT_INSTITUTION, view_variant = SINGLE_INSTITUTION) TRANSITION_VIEW (view_name = LOADING) TRANSITION_VIEW (view_name = CONNECTED) HANDOFF onSuccess (verification_status: pending_manual_verification) ``` When a user goes through the Same-Day Micro-deposits flow with the Auth Type Select configuration, you will additionally see `TRANSITION_VIEW (view_name = SELECT_AUTH_TYPE)` and also `SELECT_AUTH_TYPE (selection = flow_type_manual)` Sample Link events for Same-Day Micro-deposits flow where user enters flow from Auth Type Select ```bash OPEN (view_name = CONSENT) TRANSITION_VIEW (view_name = SELECT_AUTH_TYPE) SELECT_AUTH_TYPE (selection = flow_type_manual) TRANSITION_VIEW (view_name = NUMBERS) TRANSITION_VIEW (view_name = LOADING) TRANSITION_VIEW (view_name = CONNECTED) HANDOFF onSuccess (verification_status: pending_manual_verification) ``` #### Testing in Sandbox  Learn how to test each Auth flow in the Sandbox [View guide](https://plaid.com/docs/auth/coverage/testing/index.html.md) #### Manual verification flow best practices  Minimize fraud by following best practices [View guide](https://plaid.com/docs/auth/coverage/same-day-link-best-practices/index.html.md) #### Micro-deposit events  Learn how to use webhooks to receive micro-deposit status updates [View guide](https://plaid.com/docs/auth/coverage/microdeposit-events/index.html.md)