Add Investments Move to your app
=================================
#### Use Investments Move to streamline brokerage-to-brokerage account transfers
In this guide, we'll start from scratch and walk through how to use Investments Move to get the data required to set up an ACATS transfer. If you are already familiar with using Plaid and are set up to make calls to the Plaid API, make sure to initialize Link with the `investments_auth` product; you can then skip ahead to [Fetching Investments Move data](https://plaid.com/docs/investments-move/add-to-app/index.html.md#fetching-investments-move-data) .
#### Get Plaid API keys and complete application profile
If you don't already have one, you'll need to [create a Plaid developer account](https://dashboard.plaid.com/signup) . After creating your account, you can find your [API keys](https://dashboard.plaid.com/developers/keys) under the Developers menu on the Plaid Dashboard.
You will also need to complete your [application profile](https://dashboard.plaid.com/settings/company/app-branding) on the Dashboard. The information in your profile will be shared with users of your application when they manage their connection on the [Plaid Portal](https://my.plaid.com) . Your application profile must be completed before connecting to certain institutions in Production.
#### Install and initialize Plaid libraries
You can use our official server-side client libraries to connect to the Plaid API from your application:
```node
// Install via npm
npm install --save plaid
```
```bash
## Not applicable with curl calls
```
```ruby
# Available as a gem
gem install plaid
```
```java
/*
For Gradle, add the following dependency to your build.gradle and replace {VERSION} with the version number you want to use from
- https://github.com/plaid/plaid-java/releases/latest
*/
implementation "com.plaid:plaid-java:{VERSION}"
/*
For Maven, add the following dependency to your POM and replace {VERSION} with the version number you want to use from
- https://github.com/plaid/plaid-java/releases/latest
*/
com.plaid
plaid-java
{VERSION}
```
```python
# Install through pip, only supports Python 3
pip install --upgrade plaid-python
```
```go
go get github.com/plaid/plaid-go
```
After you've installed Plaid's client libraries, you can initialize them by passing in your `client_id`, `secret`, and the environment you wish to connect to (Sandbox or Production). This will make sure the client libraries pass along your `client_id` and `secret` with each request, and you won't need to explicitly include them in any other calls.
```node
// Using Express
const express = require('express');
const app = express();
app.use(express.json());
const { Configuration, PlaidApi, PlaidEnvironments } = require('plaid');
const configuration = new Configuration({
basePath: PlaidEnvironments.sandbox,
baseOptions: {
headers: {
'PLAID-CLIENT-ID': process.env.PLAID_CLIENT_ID,
'PLAID-SECRET': process.env.PLAID_SECRET,
},
},
});
const client = new PlaidApi(configuration);
```
```bash
## Not applicable with curl calls
```
```ruby
require 'sinatra'
require 'plaid'
set :port, ENV['APP_PORT'] || 8000
configuration = Plaid::Configuration.new
configuration.server_index = Plaid::Configuration::Environment[ENV['PLAID_ENV'] || 'sandbox']
configuration.api_key['PLAID-CLIENT-ID'] = ENV['PLAID_CLIENT_ID']
configuration.api_key['PLAID-SECRET'] = ENV['PLAID_SECRET']
api_client = Plaid::ApiClient.new(
configuration
)
client = Plaid::PlaidApi.new(api_client)
```
```java
import java.net.*;
import java.io.*;
import retrofit2.Response;
import java.util.Arrays;
import com.sun.net.httpserver.*;
import com.plaid.client.ApiClient;
import com.plaid.client.request.PlaidApi;
public class PlaidExample {
private static final String CLIENT_ID = System.getenv("PLAID_CLIENT_ID");
private static final String SECRET = System.getenv("PLAID_SECRET");
public static void main(String[] args) {
HttpServer server = HttpServer.create(
new InetSocketAddress("localhost", 8000), 0);
server.createContext("/create_link_token", new GetLinkToken());
server.setExecutor(null);
server.start();
}
// Additional server code goes here
}
```
```python
import plaid
from plaid.api import plaid_api
from flask import Flask
from flask import render_template
from flask import request
from flask import jsonify
app = Flask(name)
configuration = plaid.Configuration(
host=plaid.Environment.Sandbox,
api_key={
'clientId': PLAID_CLIENT_ID,
'secret': PLAID_SECRET,
}
)
api_client = plaid.ApiClient(configuration)
client = plaid_api.PlaidApi(api_client)
# Additional server code goes here
if __name__ == "__main__":
app.run(port=8000)
```
```go
import (
"context"
"net/http"
"os"
"github.com/gin-gonic/gin"
"github.com/plaid/plaid-go/v3/plaid"
)
configuration := plaid.NewConfiguration()
configuration.AddDefaultHeader("PLAID-CLIENT-ID", os.Getenv("CLIENT_ID"))
configuration.AddDefaultHeader("PLAID-SECRET", os.Getenv("SECRET"))
configuration.UseEnvironment(plaid.Sandbox)
client := plaid.NewAPIClient(configuration)
func main() {
r := gin.Default()
// Server endpoints would be declared here
// e.g. r.POST("/create_link_token", createLinkToken)
r.POST("/create_link_token", createLinkToken)
err := r.Run(":8000")
if err != nil {
panic("unable to start server")
}
}
```
#### Create an Item in Link
Plaid Link is a drop-in module that provides a secure, elegant authentication flow for each institution that Plaid supports. Link makes it secure and easy for users to connect their bank accounts to Plaid. Note that these instructions cover Link on the web. For instructions on using Link within mobile apps, see the [Link documentation](https://plaid.com/docs/link/index.html.md) .
Using Link, we will create a Plaid _Item_, which is a Plaid term for a login at a financial institution. An Item is not the same as a financial institution account, although every account will be associated with an Item. For example, if a user has one login at their bank that allows them to access both their checking account and their savings account, a single Item would be associated with both of those accounts.
First, on the client side of your application, you'll need to set up and configure Link. If you want to customize Link's look and feel, you can do so from the [Dashboard](https://dashboard.plaid.com/link) .
When initializing Link, you will need to specify the products you will be using in the product array.
##### Create a link\_token
```node
app.post('/api/create_link_token', async function (request, response) {
// Get the client_user_id by searching for the current user
const user = await User.find(...);
const clientUserId = user.id;
const linkTokenRequest = {
user: {
// This should correspond to a unique id for the current user.
client_user_id: clientUserId,
},
client_name: 'Plaid Test App',
products: ['investments_auth'],
language: 'en',
webhook: 'https://webhook.example.com',
redirect_uri: 'https://domainname.com/oauth-page.html',
country_codes: ['US'],
};
try {
const createTokenResponse = await client.linkTokenCreate(linkTokenRequest);
response.json(createTokenResponse.data);
} catch (error) {
// handle error
}
});
```
```bash
curl -X POST https://sandbox.plaid.com/link/token/create \
-H 'Content-Type: application/json' \
-d '{
"client_id": "${PLAID_CLIENT_ID}",
"secret": "${PLAID_SECRET}",
"client_name": "Plaid Test App",
"user": { "client_user_id": "${UNIQUE_USER_ID}" },
"products": ["investments_auth"],
"country_codes": ["US"],
"language": "en",
"webhook": "https://webhook.example.com",
"redirect_uri": "https://domainname.com/oauth-page.html"
}'
```
```ruby
post '/api/create_link_token' do
# Get the client_user_id by searching for the current user
current_user = User.find(...)
client_user_id = current_user.id
# Create a link_token for the given user
request = Plaid::LinkTokenCreateRequest.new(
{
user: { client_user_id: client_user_id },
client_name: 'Plaid Test App',
products: ['investments_auth'],
country_codes: ['US'],
language: "en",
redirect_uri: nil_if_empty_envvar('PLAID_REDIRECT_URI'),
webhook: 'https://webhook.example.com'
}
)
response = client.link_token_create(request)
content_type :json
response.to_json
end
```
```java
import com.plaid.client.model.Products;
import com.plaid.client.model.CountryCode;
import com.plaid.client.model.LinkTokenCreateRequest;
import com.plaid.client.model.LinkTokenCreateRequestUser;
import com.plaid.client.model.LinkTokenCreateResponse;
public class PlaidExample {
...
static class GetLinkToken implements HttpHandler {
private static PlaidApi plaidClient;
public void handle(HttpExchange t) throws IOException {
// Create your Plaid client
HashMap apiKeys = new HashMap();
apiKeys.put("clientId", CLIENT_ID);
apiKeys.put("secret", SECRET);
ApiClient apiClient = new ApiClient(apiKeys);
apiClient.setPlaidAdapter(ApiClient.Sandbox);
plaidClient = apiClient.createService(PlaidApi.class);
// Get the clientUserId by searching for the current user
User userFromDB = db.find(...);
String clientUserId = userFromDB.id;
LinkTokenCreateRequestUser user = new LinkTokenCreateRequestUser()
.clientUserId(clientUserId);
// Create a link_token for the given user
LinkTokenCreateRequest request = new LinkTokenCreateRequest()
.user(user)
.clientName("Plaid Test App")
.products(Arrays.asList(Products.fromValue("investments_auth")))
.countryCodes(Arrays.asList(CountryCode.US))
.language("en")
.redirectUri("https://domainname.com/oauth-page.html")
.webhook("https://webhook.example.com");
Response response = plaidClient
.linkTokenCreate(request)
.execute();
// Send the data to the client
return response.body();
}
}
}
```
```python
from plaid.model.link_token_create_request import LinkTokenCreateRequest
from plaid.model.link_token_create_request_user import LinkTokenCreateRequestUser
from plaid.model.products import Products
from plaid.model.country_code import CountryCode
@app.route("/create_link_token", methods=['POST'])
def create_link_token():
# Get the client_user_id by searching for the current user
user = User.find(...)
client_user_id = user.id
# Create a link_token for the given user
request = LinkTokenCreateRequest(
products=[Products("investments_auth")],
client_name="Plaid Test App",
country_codes=[CountryCode('US')],
redirect_uri='https://domainname.com/oauth-page.html',
language='en',
webhook='https://webhook.example.com',
user=LinkTokenCreateRequestUser(
client_user_id=client_user_id
)
)
response = client.link_token_create(request)
# Send the data to the client
return jsonify(response.to_dict())
```
```go
func createLinkToken(c *gin.Context) {
ctx := context.Background()
// Get the client_user_id by searching for the current user
user, _ := usermodels.Find(...)
clientUserId := user.ID.String()
// Create a link_token for the given user
request := plaid.NewLinkTokenCreateRequest("Plaid Test App", "en", []plaid.CountryCode{plaid.COUNTRYCODE_US}, *plaid.NewLinkTokenCreateRequestUser(clientUserId))
request.SetWebhook("https://webhook.sample.com")
request.SetRedirectUri("https://domainname.com/oauth-page.html")
request.SetProducts([]plaid.Products{plaid.PRODUCTS_INVESTMENTS_AUTH})
resp, _, err := testClient.PlaidApi.LinkTokenCreate(ctx).LinkTokenCreateRequest(*request).Execute()
// Send the data to the client
c.JSON(http.StatusOK, gin.H{
"link_token": resp.GetLinkToken(),
})
}
```
When using Investments Move, you can also configure options in the [/link/token/create](https://plaid.com/docs/api/link/index.html.md#linktokencreate) call to allow more brokerage accounts to be added, with the tradeoff that Plaid may not be able to verify all of the information. For details, see [Fallback flows](https://plaid.com/docs/investments-move/index.html.md#fallback-flows) .
##### Install Link dependency
index.html
```html
Connect a bank
```
##### Configure the client-side Link handler
app.js
```javascript
const linkHandler = Plaid.create({
token: (await $.post('/create_link_token')).link_token,
onSuccess: (public_token, metadata) => {
// Send the public_token to your app server.
$.post('/exchange_public_token', {
public_token: public_token,
});
},
onExit: (err, metadata) => {
// Optionally capture when your user exited the Link flow.
// Storing this information can be helpful for support.
},
onEvent: (eventName, metadata) => {
// Optionally capture Link flow events, streamed through
// this callback as your users connect an Item to Plaid.
},
});
linkHandler.open();
```
#### Get a persistent access\_token
Next, on the server side, we need to exchange our `public_token` for an `access_token` and `item_id`. The `access_token` will allow us to make authenticated calls to the Plaid API. Doing so is as easy as calling the [/item/public\_token/exchange](https://plaid.com/docs/api/items/index.html.md#itempublic_tokenexchange) endpoint from our server-side handler. We'll use the client library we configured earlier to make the API call.
Save the `access_token` and `item_id` in a secure datastore, as they're used to access `Item` data and identify `webhooks`, respectively. The `access_token` will remain valid unless you actively choose to expire it via rotation or remove the corresponding Item via [/item/remove](https://plaid.com/docs/api/items/index.html.md#itemremove) . The `access_token` should be stored securely, and never in client-side code. A `public_token` is a one-time use token with a lifetime of 30 minutes, so there is no need to store it.
```node
app.post('/api/exchange_public_token', async function (
request,
response,
next,
) {
const publicToken = request.body.public_token;
try {
const tokenResponse = await client.itemPublicTokenExchange({
public_token: publicToken,
});
// These values should be saved to a persistent database and
// associated with the currently signed-in user
const accessToken = tokenResponse.data.access_token;
const itemID = tokenResponse.data.item_id;
response.json({ public_token_exchange: 'complete' });
} catch (error) {
// handle error
}
});
```
```bash
curl -X POST https://sandbox.plaid.com/item/public_token/exchange \
-H 'Content-Type: application/json' \
-d '{
"client_id": "${PLAID_CLIENT_ID}",
"secret": "${PLAID_SECRET}",
"public_token": "public-sandbox-12345678-abcd-1234-abcd-1234567890ab"
}'
```
```ruby
access_token = nil
post '/api/exchange_public_token' do
request = Plaid::ItemPublicTokenExchangeRequest.new(
{
public_token: params["public_token"]
}
)
response = client.item_public_token_exchange(request)
# These values should be saved to a persistent database and
# associated with the currently signed-in user
access_token = response.access_token
item_id = response.item_id
content_type :json
{public_token_exchange: "complete"}.to_json
end
```
```java
import com.plaid.client.model.ItemPublicTokenExchangeRequest;
import com.plaid.client.model.ItemPublicTokenExchangeResponse;
public class PlaidExample {
...
static class GetAccessToken implements HttpHandler {
private static PlaidClient plaidClient;
private String publicToken;
private String accessToken;
private String itemId;
public void handle(HttpExchange t) throws IOException {
// Simplified pseudo-code for obtaining public_token
InputStream is = t.getRequestBody();
publicToken = is.publicToken();
// Create your Plaid client
HashMap apiKeys = new HashMap();
apiKeys.put("clientId", CLIENT_ID);
apiKeys.put("secret", SECRET);
apiKeys.put("plaidVersion", "2020-09-14");
apiClient = new ApiClient(apiKeys);
apiClient.setPlaidAdapter(ApiClient.Sandbox);
plaidClient = apiClient.createService(PlaidApi.class);
// Exchange public_token for an access_token
ItemPublicTokenExchangeRequest request = new ItemPublicTokenExchangeRequest()
.publicToken(publicToken);
Response response = plaidClient
.itemPublicTokenExchange(request)
.execute();
// These values should be saved to a persistent database and
// associated with the currently signed-in user
accessToken = response.body().getAccessToken();
itemId = response.body().getItemId();
String message = "{\"public_token_exchange\": \"complete\"}";
return Response
.status(Response.Status.OK)
.entity(message)
.type(MediaType.APPLICATION_JSON)
}
}
}
```
```python
access_token = None
item_id = None
@app.route('/exchange_public_token', methods=['POST'])
def exchange_public_token():
global access_token
public_token = request.form['public_token']
request = ItemPublicTokenExchangeRequest(
public_token=public_token
)
response = client.item_public_token_exchange(request)
# These values should be saved to a persistent database and
# associated with the currently signed-in user
access_token = response['access_token']
item_id = response['item_id']
return jsonify({'public_token_exchange': 'complete'})
```
```go
func getAccessToken(c *gin.Context) {
ctx := context.Background()
publicToken := c.PostForm("public_token")
// exchange the public_token for an access_token
exchangePublicTokenReq := plaid.NewItemPublicTokenExchangeRequest(publicToken)
exchangePublicTokenResp, _, err := client.PlaidApi.ItemPublicTokenExchange(ctx).ItemPublicTokenExchangeRequest(
*exchangePublicTokenReq,
).Execute()
// These values should be saved to a persistent database and
// associated with the currently signed-in user
accessToken := exchangePublicTokenResp.GetAccessToken()
itemID := exchangePublicTokenResp.GetItemId()
c.JSON(http.StatusOK, gin.H{"public_token_exchange": "complete"})
}
```
#### Fetching Investments Move data
Now that the authentication step is out of the way, we can begin using authenticated endpoints from the Plaid API. For more detailed information on the schema for account information returned, see [/investments/auth/get](https://plaid.com/docs/api/products/investments-move/index.html.md#investmentsauthget) .
```bash
curl -X POST https://sandbox.plaid.com/investments/auth/get \
-H 'Content-Type: application/json' \
-d '{
"client_id": "${PLAID_CLIENT_ID}",
"secret": "${PLAID_SECRET}",
"access_token": String
}'
```
```node
const request: InvestmentsAuthGetRequest = {
access_token: accessToken,
};
try {
const response = await plaidClient.investmentsAuthGet(request);
const investmentsAuthData = response.data;
} catch (error) {
// handle error
}
```
```python
request = InvestmentsAuthGetRequest(access_token=access_token)
response = client.investments_auth_get(request)
investmentsAuthData = response
```
```java
InvestmentsAuthGetRequest request = new InvestmentsAuthGetRequest()
.accessToken(accessToken);
Response response = client()
.investmentsAuthGet(request)
.execute();
```
```ruby
request = Plaid::InvestmentsAuthGetRequest.new({ access_token: access_token })
response = client.investments_auth_get(request)
```
```go
request := plaid.NewInvestmentsAuthGetRequest(accessToken)
resp, _, err := client.PlaidApi.InvestmentsAuthGet(ctx).InvestmentsAuthGetRequest(*request).Execute()
```
The results of the [/investments/auth/get](https://plaid.com/docs/api/products/investments-move/index.html.md#investmentsauthget) call return the information you need to submit an ACATS transfer, using verified data derived directly from the brokerage. Example response data is below. For more details on the schema of data returned, see the [API Reference](https://plaid.com/docs/api/products/investments-move/index.html.md#investments-auth-get-response-accounts) .
Investments move sample response
```json
{
"accounts": [
{
"account_id": "31qEA6LPwGumkA4Z5mGbfyGwr4mL6nSZlQqpZ",
"balances": {
"available": 43200,
"current": 43200,
"iso_currency_code": "USD",
"limit": null,
"unofficial_currency_code": null
},
"mask": "4444",
"name": "Plaid Money Market",
"official_name": "Plaid Platinum Standard 1.85% Interest Money Market",
"subtype": "money market",
"type": "depository"
},
{
"account_id": "xlP8npRxwgCj48LQbjxWipkeL3gbyXf64knoy",
"balances": {
"available": null,
"current": 320.76,
"iso_currency_code": "USD",
"limit": null,
"unofficial_currency_code": null
},
"mask": "5555",
"name": "Plaid IRA",
"official_name": null,
"subtype": "ira",
"type": "investment"
}
],
"holdings": [
{
"account_id": "xlP8npRxwgCj48LQbjxWipkeL3gbyXf64knoy",
"cost_basis": 1,
"institution_price": 1,
"institution_price_as_of": "2021-05-25",
"institution_price_datetime": null,
"institution_value": 0.01,
"iso_currency_code": "USD",
"quantity": 0.01,
"security_id": "d6ePmbPxgWCWmMVv66q9iPV94n91vMtov5Are",
"unofficial_currency_code": null,
"vested_quantity": 1,
"vested_value": 1
},
{
"account_id": "xlP8npRxwgCj48LQbjxWipkeL3gbyXf64knoy",
"cost_basis": 0.01,
"institution_price": 0.011,
"institution_price_as_of": "2021-05-25",
"institution_price_datetime": null,
"institution_value": 110,
"iso_currency_code": "USD",
"quantity": 10000,
"security_id": "8E4L9XLl6MudjEpwPAAgivmdZRdBPJuvMPlPb",
"unofficial_currency_code": null,
"vested_quantity": null,
"vested_value": null
},
{
"account_id": "xlP8npRxwgCj48LQbjxWipkeL3gbyXf64knoy",
"cost_basis": 40,
"institution_price": 42.15,
"institution_price_as_of": "2021-05-25",
"institution_price_datetime": null,
"institution_value": 210.75,
"iso_currency_code": "USD",
"quantity": 5,
"security_id": "abJamDazkgfvBkVGgnnLUWXoxnomp5up8llg4",
"unofficial_currency_code": null,
"vested_quantity": 7,
"vested_value": 66
}
],
"item": {
"available_products": [
"assets",
"balance",
"cra_base_report",
"cra_income_insights",
"signal",
"identity",
"identity_match",
"income",
"income_verification",
"investments",
"processor_identity",
"recurring_transactions",
"transactions"
],
"billed_products": [
"investments_auth"
],
"consent_expiration_time": null,
"error": null,
"institution_id": "ins_115616",
"item_id": "7qBnDwLP3aIZkD7NKZ5ysk5X9xVxDWHg65oD5",
"products": [
"investments_auth"
],
"update_type": "background",
"webhook": "https://www.genericwebhookurl.com/webhook"
},
"numbers": {
"acats": [
{
"account": "TR5555",
"account_id": "xlP8npRxwgCj48LQbjxWipkeL3gbyXf64knoy",
"dtc_numbers": [
"1111",
"2222",
"3333"
]
}
]
},
"owners": [
{
"account_id": "31qEA6LPwGumkA4Z5mGbfyGwr4mL6nSZlQqpZ",
"names": [
"Alberta Bobbeth Charleson"
]
},
{
"account_id": "xlP8npRxwgCj48LQbjxWipkeL3gbyXf64knoy",
"names": [
"Alberta Bobbeth Charleson"
]
}
],
"request_id": "hPCXou4mm9Qwzzu",
"securities": [
{
"close_price": 0.011,
"close_price_as_of": null,
"cusip": null,
"industry": null,
"institution_id": null,
"institution_security_id": null,
"is_cash_equivalent": false,
"isin": null,
"iso_currency_code": "USD",
"market_identifier_code": null,
"name": "Nflx Feb 01'18 $355 Call",
"option_contract": null,
"proxy_security_id": null,
"sector": null,
"security_id": "8E4L9XLl6MudjEpwPAAgivmdZRdBPJuvMPlPb",
"sedol": null,
"ticker_symbol": "NFLX180201C00355000",
"type": "derivative",
"unofficial_currency_code": null,
"update_datetime": null
},
{
"close_price": 9.08,
"close_price_as_of": "2024-09-09",
"cusip": null,
"industry": "Investment Trusts or Mutual Funds",
"institution_id": null,
"institution_security_id": null,
"is_cash_equivalent": false,
"isin": null,
"iso_currency_code": "USD",
"market_identifier_code": null,
"name": "DoubleLine Total Return Bond I",
"option_contract": null,
"proxy_security_id": null,
"sector": "Miscellaneous",
"security_id": "AE5rBXra1AuZLE34rkvvIyG8918m3wtRzElnJ",
"sedol": "B5ND9B4",
"ticker_symbol": "DBLTX",
"type": "mutual fund",
"unofficial_currency_code": null,
"update_datetime": null
},
{
"close_price": 42.15,
"close_price_as_of": null,
"cusip": null,
"industry": null,
"institution_id": null,
"institution_security_id": null,
"is_cash_equivalent": false,
"isin": null,
"iso_currency_code": "USD",
"market_identifier_code": null,
"name": "iShares Inc MSCI Brazil",
"option_contract": null,
"proxy_security_id": null,
"sector": null,
"security_id": "abJamDazkgfvBkVGgnnLUWXoxnomp5up8llg4",
"sedol": null,
"ticker_symbol": "EWZ",
"type": "etf",
"unofficial_currency_code": null,
"update_datetime": null
},
{
"close_price": 1,
"close_price_as_of": null,
"cusip": null,
"industry": null,
"institution_id": null,
"institution_security_id": null,
"is_cash_equivalent": true,
"isin": null,
"iso_currency_code": "USD",
"market_identifier_code": null,
"name": "U S Dollar",
"option_contract": null,
"proxy_security_id": null,
"sector": null,
"security_id": "d6ePmbPxgWCWmMVv66q9iPV94n91vMtov5Are",
"sedol": null,
"ticker_symbol": null,
"type": "cash",
"unofficial_currency_code": null,
"update_datetime": null
}
]
}
```