Handling an invalid Link Token

Catch the error in the onExit callback and refetch a new link_token for the next time the user opens Link

Occasionally, the end user may invalidate the existing link_token that was used to open Link by taking too long to go through the flow (30+ minutes), or attempting too many invalid logins. If this happens, Link will exit with an INVALID_LINK_TOKEN error code.

To allow your user to open Link again, recognize the error in the onExit callback, fetch a new link_token, and use it to reinitialize Link. You can obtain a new link_token by making another /link/token/create request:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
// Using Express
const express = require('express');
const app = express();
app.use(express.json());
const plaid = require('plaid');
const client = new plaid.Client({
clientID: process.env.PLAID_CLIENT_ID,
secret: process.env.PLAID_SECRET,
env: plaid.environments.sandbox,
});
app.post('/create_link_token', async (request, response) => {
try {
// Get the client_user_id by searching for the current user
const user = await User.find(...);
const clientUserId = user.id;
// Create the link_token with all of your configurations
const tokenResponse = await client.createLinkToken({
user: {
client_user_id: clientUserId,
},
client_name: 'Plaid Test App',
products: ["auth"],
country_codes: ['US'],
language: 'en',
webhook: 'https://webhook.sample.com',
});
response.json(tokenResponse);
} catch (e) {
// Display error on client
return response.send({ error: e.message });
}
});

For the Link web integration, reinitializing Link means creating a new iframe. To avoid stacking iframes for each Link initialization, you can clean up the old iframe by calling the destroy() method on the Plaid Link handler.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
// Initialize Link with a new link_token each time.
const configs = {
token: (await $.post('/create_link_token')).link_token,
onSuccess: (public_token, metadata) => {
// Send the public_token to your app server.
},
onExit: (err, metadata) => {
// The user exited the Link flow with an INVALID_LINK_TOKEN error.
// This can happen if the token expires or the user has attempted
// too many invalid logins.
if (err != null && err.error_code === 'INVALID_LINK_TOKEN') {
linkHandler.destroy();
linkHandler = Plaid.create({
...configs,
// Fetch a new link_token because the old one was invalidated.
token: (await $.post('/create_link_token')).link_token,
});
}
// metadata contains the most recent API request ID and the
// Link session ID. Storing this information is helpful
// for support.
},
};
let linkHandler = Plaid.create(configs);

When the user is ready, they will be able to reopen Link and go through the authentication process again.