Link Web SDK

Reference for integrating with the Link JavaScript SDK and React SDK

Prefer to learn with code examples? Check out our GitHub repo with working example Link implementations for both JavaScript and React.

Installation

Select group for content switcher

Include the Plaid Link initialize script on each page of your site. It must always be loaded directly from https://cdn.plaid.com, rather than included in a bundle or hosted yourself.

index.html
Copy
1<script src="https://cdn.plaid.com/link/v2/stable/link-initialize.js"></script>

CSP directives

If you are using a Content Security Policy (CSP), use the following directives to allow Link traffic:

 
Select Language
Copy
1default-src https://cdn.plaid.com/
2script-src https://cdn.plaid.com/link/v2/stable/link-initialize.js
3frame-src https://cdn.plaid.com/
4connect-src https://production.plaid.com/

If using Sandbox or Development instead of production, make sure to update the connect-src directive to point to the appropriate server (https://sandbox.plaid.com or https://development.plaid.com).

Create

Plaid.create accepts one argument, a configuration Object, and returns an Object with three functions, open, exit, and destroy. Calling open will display the Consent Pane view, calling exit will close Link, and calling destroy will clean up the iframe.
When using the React SDK, this method is called usePlaidLink and returns an object with four values, open, exit, ready, and error. The values open and exit behave as described above. ready is a passthrough for onLoad and will be true when Link is ready to be opened. error is populated only if Plaid fails to load the Link JavaScript. There is no separate method to destroy Link in the React SDK, as unmount will automatically destroy the Link instance.
Note: Control whether or not your Link integration uses the Account Select view from the Dashboard.

create

token

string

Specify a link_token to authenticate your app with Link. This is a short lived, one-time use token that should be unique for each Link session. In addition to the primary flow, a link_token can be configured to launch Link in update mode for Items with expired credentials, or the Payment Initiation (UK and Europe) flow. See the /link/token/create endpoint for a full list of configurations.

onSuccess

callback

A function that is called when a user successfully links an Item. The function should expect two arguments, the public_token and a metadata object. See onSuccess.

onExit

callback

A function that is called when a user exits Link without successfully linking an Item, or when an error occurs during Link initialization. The function should expect two arguments, a nullable error object and a metadata object. See onExit.

onEvent

callback

A function that is called when a user reaches certain points in the Link flow. The function should expect two arguments, an eventName string and a metadata object. See onEvent.

onLoad

callback

A function that is called when the Link module has finished loading. Calls to plaidLinkHandler.open() prior to the onLoad callback will be delayed until the module is fully loaded.

receivedRedirectUri

string

A receivedRedirectUri is required to support OAuth authentication flows when re-launching Link on a mobile device.

key

deprecatedstring

The public_key is no longer used for new implementations of Link. If your integration is still using a public_key, see the migration guide to upgrade to using a link_token. See the maintenance guide to troubleshoot any public_key issues.

Create example
Select Language
Copy
1// The usePlaidLink hook manages Plaid Link creation
2// It does not return a destroy function;
3// instead, on unmount it automatically destroys the Link instance
4const config: PlaidLinkOptions = {
5  onSuccess: (public_token, metadata) => {}
6  onExit: (err, metadata) => {}
7  onEvent: (eventName, metadata) => {}
8  token: 'GENERATED_LINK_TOKEN',
9  //required for OAuth; if not using OAuth, set to null or omit:
10  receivedRedirectUri: window.location.href,
11};
12
13const { open, exit, ready } = usePlaidLink(config);

onSuccess

The onSuccess callback is called when a user successfully links an Item. It takes two arguments: the public_token and a metadata object.

onSuccess

public_token

string

Displayed once a user has successfully linked their Item.

metadata

object

Displayed once a user has successfully linked their Item.

institution

nullableobject

An institution object. If the Item was created via Same-Day micro-deposit verification, will be null.

name

string

The full institution name, such as 'Wells Fargo'

institution_id

string

The Plaid institution identifier

accounts

object

A list of accounts attached to the connected Item. If Account Select is enabled via the developer dashboard, accounts will only include selected accounts.

id

string

The Plaid account_id

name

string

The official account name

mask

nullablestring

The last 2-4 alphanumeric characters of an account's official account number. Note that the mask may be non-unique between an Item's accounts. It may also not match the mask that the bank displays to the user.

type

string

The account type. See the Account schema for a full list of possible values

subtype

string

The account subtype. See the Account schema for a full list of possible values

verification_status

nullablestring

Indicates an Item's micro-deposit-based verification status. Possible values are:
pending_automatic_verification: The Item is pending automatic verification
pending_manual_verification: The Item is pending manual micro-deposit verification. Items remain in this state until the user successfully verifies the two amounts.
automatically_verified: The Item has successfully been automatically verified
manually_verified: The Item has successfully been manually verified
verification_expired: Plaid was unable to automatically verify the deposit within 7 calendar days and will no longer attempt to validate the Item. Users may retry by submitting their information again through Link.
verification_failed: The Item failed manual micro-deposit verification because the user exhausted all 3 verification attempts. Users may retry by submitting their information again through Link.
null: micro-deposit-based verification is not being used for the Item.

class_type

nullablestring

If micro-deposit verification is being used, indicates whether the account being verified is a business or personal account.

account

deprecatednullableobject

Deprecated. Use accounts instead.

link_session_id

string

A unique identifier associated with a user's actions and events through the Link flow. Include this identifier when opening a support ticket for faster turnaround.

transfer_status

nullablestring

The status of a transfer. Returned only when Transfer UI is implemented.

COMPLETE – The transfer was completed.
INCOMPLETE – The transfer could not be completed. For help, see Troubleshooting transfers.

Possible values: COMPLETE, INCOMPLETE

wallet

nullableobject

An crypto wallet object. Returned only when Wallet Onboard is implemented.

name

string

The crypto wallet name, such as 'MetaMask'

onSuccess example
Select Language
Copy
1import {
2  PlaidLinkOnSuccess,
3  PlaidLinkOnSuccessMetadata,
4} from 'react-plaid-link';
5
6const onSuccess = useCallback<PlaidLinkOnSuccess>(
7  (public_token: string, metadata: PlaidLinkOnSuccessMetadata) => {
8    // log and save metadata
9    // exchange public token
10    fetch('//yourserver.com/exchange-public-token', {
11      method: 'POST',
12      headers: {
13        'Content-Type': 'application/json',
14      },
15      body: {
16        public_token,
17      },
18    });
19  },
20  [],
21);

Metadata schema
Copy
1{
institution: {
  name: 'Wells Fargo',
  institution_id: 'ins_4'
},
accounts: [
  {
    id: 'ygPnJweommTWNr9doD6ZfGR6GGVQy7fyREmWy',
    name: 'Plaid Checking',
    mask: '0000',
    type: 'depository',
    subtype: 'checking',
    verification_status: ''
  },
  {
    id: '9ebEyJAl33FRrZNLBG8ECxD9xxpwWnuRNZ1V4',
    name: 'Plaid Saving',
    mask: '1111',
    type: 'depository',
    subtype: 'savings'
  }
  ...
],
link_session_id: '79e772be-547d-4c9c-8b76-4ac4ed4c441a'
25}

onExit

The onExit callback is called when a user exits Link without successfully linking an Item, or when an error occurs during Link initialization. It takes two arguments, a nullable error object and a metadata object. The metadata parameter is always present, though some values may be null.

onExit

error

nullableobject

A nullable object that contains the error type, code, and message of the error that was last encountered by the user. If no error was encountered, error will be null.

error_type

String

A broad categorization of the error.

error_code

String

The particular error code. Each error_type has a specific set of error_codes.

error_message

String

A developer-friendly representation of the error code.

display_message

nullableString

A user-friendly representation of the error code. null if the error is not related to user action. This may change over time and is not safe for programmatic use.

metadata

object

Displayed once a user has successfully linked their Item.

institution

nullableobject

An institution object. If the Item was created via Same-Day micro-deposit verification, will be null.

name

string

The full institution name, such as Wells Fargo

institution_id

string

The Plaid institution identifier

status

string

The point at which the user exited the Link flow. One of the following values.

requires_questions

User prompted to answer security questions

requires_selections

User prompted to answer multiple choice question(s)

requires_code

User prompted to provide a one-time passcode

choose_device

User prompted to select a device on which to receive a one-time passcode

requires_credentials

User prompted to provide credentials for the selected financial institution or has not yet selected a financial institution

requires_account_selection

User prompted to select one or more financial accounts to share

requires_oauth

User prompted to enter an OAuth flow

institution_not_found

User exited the Link flow after unsuccessfully (no results returned) searching for a financial institution

link_session_id

string

A unique identifier associated with a user's actions and events through the Link flow. Include this identifier when opening a support ticket for faster turnaround.

request_id

string

The request ID for the last request made by Link. This can be shared with Plaid Support to expedite investigation.

onExit example
Select Language
Copy
1import {
2  PlaidLinkOnExit,
3  PlaidLinkOnExitMetadata,
4  PlaidLinkError,
5} from 'react-plaid-link';
6
7const onExit = useCallback<PlaidLinkOnExit>(
8  (error: PlaidLinkError, metadata: PlaidLinkOnExitMetadata) => {
9    // log and save error and metadata
10    // handle invalid link token
11    if (error != null && error.error_code === 'INVALID_LINK_TOKEN') {
12      // generate new link token
13    }
14    // to handle other error codes, see https://plaid.com/docs/errors/
15  },
16  [],
17);

Error schema
Copy
1{
2  error_type: 'ITEM_ERROR',
3  error_code: 'INVALID_CREDENTIALS',
4  error_message: 'the credentials were not correct',
5  display_message: 'The credentials were not correct.',
6}

Metadata schema
Copy
1{
2  institution: {
3    name: 'Wells Fargo',
4    institution_id: 'ins_4'
5  },
6  status: 'requires_credentials',
7  link_session_id: '36e201e0-2280-46f0-a6ee-6d417b450438',
8  request_id: '8C7jNbDScC24THu'
9}

onEvent

The onEvent callback is called at certain points in the Link flow. It takes two arguments, an eventName string and a metadata object.
The metadata parameter is always present, though some values may be null. Note that new eventNames, metadata keys, or view names may be added without notice.
The onEvent callback is not guaranteed to fire exactly at the time of a user action in Link. If you need to determine the exact time when an event happened, use the timestamp in the metadata.
The following callback events are stable, which means that they will not be deprecated or changed: OPEN, EXIT, HANDOFF, SELECT_INSTITUTION, ERROR, BANK_INCOME_INSIGHTS_COMPLETED, IDENTITY_VERIFICATION_PASS_SESSION, IDENTITY_VERIFICATION_FAIL_SESSION. The remaining callback events are informational and subject to change.

onEvent

eventName

string

A string representing the event that has just occurred in the Link flow.

BANK_INCOME_INSIGHTS_COMPLETED

The user has completed the Assets and Bank Income Insights flow.

CLOSE_OAUTH

The user closed the third-party website or mobile app without completing the OAuth flow.

ERROR

A recoverable error occurred in the Link flow, see the error_code metadata.

EXIT

The user has exited without completing the Link flow and the onExit callback is fired.

FAIL_OAUTH

The user encountered an error while completing the third-party's OAuth login flow.

HANDOFF

The user has exited Link after successfully linking an Item.

IDENTITY_VERIFICATION_START_STEP

The user has started a step of the Identity Verification flow. The step is indicated by view_name.

IDENTITY_VERIFICATION_PASS_STEP

The user has passed a step of the Identity Verification flow. The step is indicated by view_name.

IDENTITY_VERIFICATION_FAIL_STEP

The user has failed a step of the Identity Verification flow. The step is indicated by view_name.

IDENTITY_VERIFICATION_PENDING_REVIEW_STEP

The user has reached the pending review state.

IDENTITY_VERIFICATION_CREATE_SESSION

The user has started a new Identity Verification session.

IDENTITY_VERIFICATION_RESUME_SESSION

The user has resumed an existing Identity Verification session.

IDENTITY_VERIFICATION_PASS_SESSION

The user has successfully completed their Identity Verification session.

IDENTITY_VERIFICATION_FAIL_SESSION

The user has failed their Identity Verification session.

IDENTITY_VERIFICATION_OPEN_UI

The user has opened the UI of their Identity Verification session.

IDENTITY_VERIFICATION_RESUME_UI

The user has resumed the UI of their Identity Verification session.

IDENTITY_VERIFICATION_CLOSE_UI

The user has closed the UI of their Identity Verification session.

MATCHED_SELECT_INSTITUTION

The user selected an institution that was presented as a matched institution. This event can be emitted either during the Returning User Experience flow or if the institution's routing_number was provided when calling /link/token/create. To distinguish between the two scenarios, see metadata.match_reason.

MATCHED_SELECT_VERIFY_METHOD

The user selected a verification method for a matched institution. This event is emitted during the Returning User Experience flow.

OPEN

The user has opened Link.

OPEN_MY_PLAID

The user has opened my.plaid.com. This event is only sent when Link is initialized with Assets as a product

OPEN_OAUTH

The user has navigated to a third-party website or mobile app in order to complete the OAuth login flow.

SEARCH_INSTITUTION

The user has searched for an institution.

SELECT_AUTH_TYPE

The user has chosen whether to Link instantly or manually (i.e., with micro-deposits). This event emits the selection metadata to indicate the user's selection.

SELECT_BRAND

The user selected a brand, e.g. Bank of America. The SELECT_BRAND event is only emitted for large financial institutions with multiple online banking portals.

SELECT_DEGRADED_INSTITUTION

The user selected an institution with a DEGRADED health status and was shown a corresponding message.

SELECT_DOWN_INSTITUTION

The user selected an institution with a DOWN health status and was shown a corresponding message.

SELECT_INSTITUTION

The user selected an institution.

SUBMIT_ACCOUNT_NUMBER

The user has submitted an account number. This event emits the account_number_mask metadata to indicate the mask of the account number the user provided.

SUBMIT_CREDENTIALS

The user has submitted credentials.

SUBMIT_DOCUMENTS

The user is being prompted to submit documents for an Income verification flow.

SUBMIT_DOCUMENTS_ERROR

The user encountered an error when submitting documents for an Income verification flow.

SUBMIT_DOCUMENTS_SUCCESS

The user has successfully submitted documents for an Income verification flow.

SUBMIT_MFA

The user has submitted MFA.

SUBMIT_ROUTING_NUMBER

The user has submitted routing number. This event emits the routing_number metadata to indicate user's routing number.

TRANSITION_VIEW

The TRANSITION_VIEW event indicates that the user has moved from one view to the next.

VIEW_DATA_TYPES

The user has viewed data types on the data transparency consent pane.

metadata

object

An object containing information about the event.

account_number_mask

nullablestring

The account number mask extracted from the user-provided account number. If the user-inputted account number is four digits long, account_number_mask is empty. Emitted by SUBMIT_ACCOUNT_NUMBER.

error_type

nullablestring

The error type that the user encountered. Emitted by: ERROR, EXIT.

error_code

nullablestring

The error code that the user encountered. Emitted by ERROR, EXIT.

error_message

nullablestring

The error message that the user encountered. Emitted by: ERROR, EXIT.

exit_status

nullablestring

The status key indicates the point at which the user exited the Link flow. Emitted by: EXIT

institution_id

nullablestring

The ID of the selected institution. Emitted by: all events.

institution_name

nullablestring

The name of the selected institution. Emitted by: all events.

institution_search_query

nullablestring

The query used to search for institutions. Emitted by: SEARCH_INSTITUTION.

match_reason

nullablestring

The reason this institution was matched, which will be either returning_user or routing_number. Emitted by: MATCHED_SELECT_INSTITUTION

routing_number

nullablestring

The routing number submitted by user at the micro-deposits routing number pane. Emitted by SUBMIT_ROUTING_NUMBER.

mfa_type

nullablestring

If set, the user has encountered one of the following MFA types: code, device, questions, selections. Emitted by: SUBMIT_MFA and TRANSITION_VIEW when view_name is MFA

view_name

nullablestring

The name of the view that is being transitioned to. Emitted by: TRANSITION_VIEW.

ACCEPT_TOS

The view showing Terms of Service in the identity verification flow.

CONNECTED

The user has connected their account.

CONSENT

We ask the user to consent to the privacy policy.

CREDENTIAL

Asking the user for their account credentials.

DATA_TRANSPARENCY

We disclose the data types being shared.

DATA_TRANSPARENCY_CONSENT

We ask the user to consent to the privacy policy and disclose data types being shared.

DOCUMENTARY_VERIFICATION

The view requesting document verification in the identity verification flow (configured via "Fallback Settings" in the "Rulesets" section of the template editor).

ERROR

An error has occurred.

EXIT

Confirming if the user wishes to close Link.

KYC_CHECK

The view representing the "know your customer" step in the identity verification flow.

LOADING

Link is making a request to our servers.

MATCHED_CONSENT

We ask the matched user to consent to the privacy policy and SMS terms.

MATCHED_CREDENTIAL

We ask the matched user for their account credentials to a matched institution.

MATCHED_MFA

We ask the matched user for MFA authentication to verify their identity.

MFA

The user is asked by the institution for additional MFA authentication.

NUMBERS

The user is asked to insert their account and routing numbers.

OAUTH

The user is informed they will authenticate with the financial institution via OAuth.

RECAPTCHA

The user was presented with a Google reCAPTCHA to verify they are human.

RISK_CHECK

The risk check step in the identity verification flow (configured via "Risk Rules" in the "Rulesets" section of the template editor).

SCREENING

The watchlist screening step in the identity verification flow.

SELECT_ACCOUNT

We ask the user to choose an account.

SELECT_AUTH_TYPE

The user is asked to choose whether to Link instantly or manually (i.e., with micro-deposits).

SELECT_BRAND

The user is asked to select a brand, e.g. Bank of America. The brand selection interface occurs before the institution select pane and is only provided for large financial institutions with multiple online banking portals.

SELECT_INSTITUTION

We ask the user to choose their institution.

SELFIE_CHECK

The view in the identity verification flow which uses the camera to confirm there is real user that matches their ID documents.

UPLOAD_DOCUMENTS

The user is asked to upload documents (for Income verification).

VERIFY_SMS

The SMS verification step in the identity verification flow.

request_id

string

The request ID for the last request made by Link. This can be shared with Plaid Support to expedite investigation. Emitted by: all events.

link_session_id

string

The link_session_id is a unique identifier for a single session of Link. It's always available and will stay constant throughout the flow. Emitted by: all events.

timestamp

string

An ISO 8601 representation of when the event occurred. For example 2017-09-14T14:42:19.350Z. Emitted by: all events.

selection

nullablestring

Either the verification method for a matched institution selected by the user or the Auth Type Select flow type selected by the user. If selection is used to describe selected verification method, then possible values are phoneotp or password; if selection is used to describe the selected Auth Type Select flow, then possible values are flow_type_manual or flow_type_instant. Emitted by: MATCHED_SELECT_VERIFY_METHOD and SELECT_AUTH_TYPE.

onEvent example
Select Language
Copy
1import {
2  PlaidLinkOnEvent,
3  PlaidLinkOnEventMetadata,
4  PlaidLinkStableEvent,
5} from 'react-plaid-link';
6
7const onEvent = useCallback<PlaidLinkOnEvent>(
8  (
9    eventName: PlaidLinkStableEvent | string,
10    metadata: PlaidLinkOnEventMetadata,
11  ) => {
12    // log eventName and metadata
13  },
14  [],
15);

Metadata schema
Copy
1{
error_type: 'ITEM_ERROR',
error_code: 'INVALID_CREDENTIALS',
error_message: 'the credentials were not correct',
exit_status: null,
institution_id: 'ins_4',
institution_name: 'Wells Fargo',
institution_search_query: 'wellsf',
mfa_type: null,
view_name: 'ERROR'
request_id: 'm8MDnv9okwxFNBV',
link_session_id: '30571e9b-d6c6-42ee-a7cf-c34768a8f62d',
timestamp: '2017-09-14T14:42:19.350Z',
selection: null,
15}

open()

Calling open will display the Consent Pane view to your user, starting the Link flow. Once open is called, you will begin receiving events via the onEvent callback.

open example
Select Language
Copy
1const { open, exit, ready } = usePlaidLink(config);
2
3// Open Link
4if (ready) {
5  open();
6}

exit()

The exit function allows you to programmatically close Link. Calling exit will trigger either the onExit or onSuccess callbacks.
The exit function takes a single, optional argument, a configuration Object.

exit

force

boolean

If true, Link will exit immediately. If false, or the option is not provided, an exit confirmation screen may be presented to the user.

Graceful exit example
Select Language
Copy
1const { open, exit, ready } = usePlaidLink(config);
2
3// Graceful exit - Link may display a confirmation screen
4// depending on how far the user is in the flow
5exit();

Forced exit example
Select Language
Copy
1const { open, exit, ready } = usePlaidLink(config);
2
3// Force exit - Link exits immediately
4exit({ force: true });

destroy()

The destroy function allows you to destroy the Link handler instance, properly removing any DOM artifacts that were created by it. Use destroy() when creating new replacement Link handler instances in the onExit callback.

Destroy example
Select Language
Copy
1// On unmount usePlaidLink hook automatically destroys any
2// existing link instance

OAuth

Using Plaid Link with an OAuth flow requires some additional setup instructions. For details, see the OAuth Guide.

Supported browsers

Plaid officially supports Link on the current and previous versions of Chrome, Firefox, and Safari, as well as Internet Explorer 11 and the current version of Microsoft Edge. Browsers are supported on Windows, Mac, Linux, iOS (Safari), and Android (Chrome).

Ad-blocking software is not supported with Link web, and some ad-blockers have known to cause conflicts with Link.

Example code in Plaid Pattern

For a real-life example of using Plaid Link for React, see LaunchLink.tsx. This file illustrates the code for implementation of Plaid Link for React for the Node-based Plaid Pattern sample app.