Link Web SDK
Reference for integrating with the Link JavaScript SDK and React SDK
Prefer to learn with code examples? Check out our GitHub repo with working example Link implementations for both JavaScript and React.
Installation
Select group for content switcherInclude the Plaid Link initialize script on each page of your site. It must always be loaded directly from https://cdn.plaid.com, rather than included in a bundle or hosted yourself. Unlike Plaid's other SDKs, the JavaScript web SDK is not versioned; cdn.plaid.com will automatically provide the latest available SDK.
1<script src="https://cdn.plaid.com/link/v2/stable/link-initialize.js"></script>To get started with Plaid Link for React, clone the GitHub repository and review the example application and README, which provide reference implementations.
Next, you'll need to install the react-plaid-link package.
With npm:
1npm install --save react-plaid-linkWith yarn:
1yarn add react-plaid-linkThen import the necessary components and types:
1import {2 usePlaidLink,3 PlaidLinkOptions,4 PlaidLinkOnSuccess,5} from 'react-plaid-link';CSP directives
If you are using a Content Security Policy (CSP), use the following directives to allow Link traffic:
1default-src https://cdn.plaid.com/2script-src https://cdn.plaid.com/link/v2/stable/link-initialize.js3frame-src https://cdn.plaid.com/4connect-src https://production.plaid.com/If using Sandbox or Development instead of production, make sure to update the connect-src directive to point to the appropriate server (https://sandbox.plaid.com or https://development.plaid.com).
Create
Plaid.create accepts one argument, a configuration Object, and returns an Object with three functions, open, exit, and destroy. Calling open will display the Consent Pane view, calling exit will close Link, and calling destroy will clean up the iframe.
When using the React SDK, this method is called usePlaidLink and returns an object with four values, open, exit, ready, and error. The values open and exit behave as described above. ready is a passthrough for onLoad and will be true when Link is ready to be opened. error is populated only if Plaid fails to load the Link JavaScript. There is no separate method to destroy Link in the React SDK, as unmount will automatically destroy the Link instance.
Note: Control whether or not your Link integration uses the Account Select view from the Dashboard.
tokenstring
Specify a
link_token to authenticate your app with Link. This is a short lived, one-time use token that should be unique for each Link session. In addition to the primary flow, a link_token can be configured to launch Link in update mode. See the /link/token/create endpoint for a full list of configurations.onLoadcallback
A function that is called when the Link module has finished loading. Calls to
plaidLinkHandler.open() prior to the onLoad callback will be delayed until the module is fully loaded.receivedRedirectUristring
A
receivedRedirectUri is required to support OAuth authentication flows when re-launching Link on a mobile device.keydeprecatedstring
The
public_key is no longer used for new implementations of Link. If your integration is still using a public_key, see the migration guide to upgrade to using a link_token. See the maintenance guide to troubleshoot any public_key issues.1// The usePlaidLink hook manages Plaid Link creation2// It does not return a destroy function;3// instead, on unmount it automatically destroys the Link instance4const config: PlaidLinkOptions = {5 onSuccess: (public_token, metadata) => {}6 onExit: (err, metadata) => {}7 onEvent: (eventName, metadata) => {}8 token: 'GENERATED_LINK_TOKEN',9};1011const { open, exit, ready } = usePlaidLink(config);onSuccess
The onSuccess callback is called when a user successfully links an Item. It takes two arguments: the public_token and a metadata object.
public_tokenstring
Displayed once a user has successfully linked their Item.
metadataobject
Displayed once a user has successfully linked their Item.
institutionnullableobject
An institution object. If the Item was created via Same-Day micro-deposit verification, will be
null.namestring
The full institution name, such as
'Wells Fargo'institution_idstring
The Plaid institution identifier
accountsobject
A list of accounts attached to the connected Item. If Account Select is enabled via the developer dashboard,
accounts will only include selected accounts.idstring
The Plaid
account_idnamestring
The official account name
masknullablestring
The last 2-4 alphanumeric characters of an account's official account number. Note that the mask may be non-unique between an Item's accounts. It may also not match the mask that the bank displays to the user.
typestring
The account type. See the Account schema for a full list of possible values
subtypestring
The account subtype. See the Account schema for a full list of possible values
verification_statusnullablestring
Indicates an Item's micro-deposit-based verification status. Possible values are:
pending_automatic_verification: The Item is pending automatic verificationpending_manual_verification: The Item is pending manual micro-deposit verification. Items remain in this state until the user successfully verifies the deposit.automatically_verified: The Item has successfully been automatically verifiedmanually_verified: The Item has successfully been manually verifiedverification_expired: Plaid was unable to automatically verify the deposit within 7 calendar days and will no longer attempt to validate the Item. Users may retry by submitting their information again through Link.verification_failed: The Item failed manual micro-deposit verification because the user exhausted all 3 verification attempts. Users may retry by submitting their information again through Link.null: micro-deposit-based verification is not being used for the Item.class_typenullablestring
If micro-deposit verification is being used, indicates whether the account being verified is a
business or personal account.accountdeprecatednullableobject
Deprecated. Use
accounts instead.link_session_idstring
A unique identifier associated with a user's actions and events through the Link flow. Include this identifier when opening a support ticket for faster turnaround.
transfer_statusnullablestring
The status of a transfer. Returned only when Transfer UI is implemented.
COMPLETE– The transfer was completed.INCOMPLETE– The transfer could not be completed. For help, see Troubleshooting transfers.
Possible values:
COMPLETE, INCOMPLETE1import {2 PlaidLinkOnSuccess,3 PlaidLinkOnSuccessMetadata,4} from 'react-plaid-link';56const onSuccess = useCallback<PlaidLinkOnSuccess>(7 (public_token: string, metadata: PlaidLinkOnSuccessMetadata) => {8 // log and save metadata9 // exchange public token10 fetch('//yourserver.com/exchange-public-token', {11 method: 'POST',12 headers: {13 'Content-Type': 'application/json',14 },15 body: {16 public_token,17 },18 });19 },20 [],21);1{2 institution: {3 name: 'Wells Fargo',4 institution_id: 'ins_4'5 },6 accounts: [7 {8 id: 'ygPnJweommTWNr9doD6ZfGR6GGVQy7fyREmWy',9 name: 'Plaid Checking',10 mask: '0000',11 type: 'depository',12 subtype: 'checking',13 verification_status: ''14 },15 {16 id: '9ebEyJAl33FRrZNLBG8ECxD9xxpwWnuRNZ1V4',17 name: 'Plaid Saving',18 mask: '1111',19 type: 'depository',20 subtype: 'savings'21 }22 ...23 ],24 link_session_id: '79e772be-547d-4c9c-8b76-4ac4ed4c441a'25}onExit
The onExit callback is called when a user exits Link without successfully linking an Item, or when an error occurs during Link initialization. onExit takes two arguments, a nullable error object and a metadata object. The metadata parameter is always present, though some values may be null. Note that onExit will not be called when Link is destroyed in some other way than closing Link, such as the user hitting the browser back button or closing the browser tab on which the Link session is present.
errornullableobject
A nullable object that contains the error type, code, and message of the error that was last encountered by the user. If no error was encountered, error will be null.
error_typeString
A broad categorization of the error.
error_codeString
The particular error code. Each
error_type has a specific set of error_codes.error_messageString
A developer-friendly representation of the error code.
display_messagenullableString
A user-friendly representation of the error code.
null if the error is not related to user action. This may change over time and is not safe for programmatic use.metadataobject
Displayed if a user exits Link without successfully linking an Item.
institutionnullableobject
An institution object. If the Item was created via Same-Day micro-deposit verification, will be
null.namestring
The full institution name, such as
Wells Fargoinstitution_idstring
The Plaid institution identifier
statusstring
The point at which the user exited the Link flow. One of the following values.
requires_questionsUser prompted to answer security questions
requires_selectionsUser prompted to answer multiple choice question(s)
requires_codeUser prompted to provide a one-time passcode
choose_deviceUser prompted to select a device on which to receive a one-time passcode
requires_credentialsUser prompted to provide credentials for the selected financial institution or has not yet selected a financial institution
requires_accountUser prompted to select one or more financial accounts to share
requires_oauthUser prompted to enter an OAuth flow
institution_not_foundUser exited the Link flow after unsuccessfully (no results returned) searching for a financial institution
institution_notUser exited the Link flow after discovering their selected institution is no longer supported by Plaid
link_session_idstring
A unique identifier associated with a user's actions and events through the Link flow. Include this identifier when opening a support ticket for faster turnaround.
request_idstring
The request ID for the last request made by Link. This can be shared with Plaid Support to expedite investigation.
1import {2 PlaidLinkOnExit,3 PlaidLinkOnExitMetadata,4 PlaidLinkError,5} from 'react-plaid-link';67const onExit = useCallback<PlaidLinkOnExit>(8 (error: PlaidLinkError, metadata: PlaidLinkOnExitMetadata) => {9 // log and save error and metadata10 // handle invalid link token11 if (error != null && error.error_code === 'INVALID_LINK_TOKEN') {12 // generate new link token13 }14 // to handle other error codes, see https://plaid.com/docs/errors/15 },16 [],17);1{2 error_type: 'ITEM_ERROR',3 error_code: 'INVALID_CREDENTIALS',4 error_message: 'the credentials were not correct',5 display_message: 'The credentials were not correct.',6}1{2 institution: {3 name: 'Wells Fargo',4 institution_id: 'ins_4'5 },6 status: 'requires_credentials',7 link_session_id: '36e201e0-2280-46f0-a6ee-6d417b450438',8 request_id: '8C7jNbDScC24THu'9}onEvent
The onEvent callback is called at certain points in the Link flow. It takes two arguments, an eventName string and a metadata object.
The metadata parameter is always present, though some values may be null. Note that new eventNames, metadata keys, or view names may be added without notice.
The onEvent callback is not guaranteed to fire exactly at the time of a user action in Link. In general, the OPEN event will fire in real time; subsequent events will fire at the end of the Link flow, along with the onSuccess or onExit callback. If you need to determine the exact time when an event happened, use the timestamp in the metadata.
The following callback events are stable, which means that they will not be deprecated or changed: OPEN, EXIT, HANDOFF, SELECT_INSTITUTION, ERROR, BANK_INCOME_INSIGHTS_COMPLETED, IDENTITY_VERIFICATION_PASS_SESSION, IDENTITY_VERIFICATION_FAIL_SESSION. The remaining callback events are informational and subject to change.
eventNamestring
A string representing the event that has just occurred in the Link flow.
BANK_INCOME_INSIGHTSThe user has completed the Assets and Bank Income Insights flow.
CLOSE_OAUTHThe user closed the third-party website or mobile app without completing the OAuth flow.
CONNECT_NEWThe user has chosen to link a new institution instead of linking a saved institution. This event is only emitted in the Link Remember Me flow.
ERRORA recoverable error occurred in the Link flow, see the
error_code metadata.FAIL_OAUTHThe user encountered an error while completing the third-party's OAuth login flow.
HANDOFFThe user has exited Link after successfully linking an Item.
IDENTITY_VERIFICATIONThe user has started a step of the Identity Verification flow. The step is indicated by
view_name.IDENTITY_VERIFICATIONThe user has passed a step of the Identity Verification flow. The step is indicated by
view_name.IDENTITY_VERIFICATIONThe user has failed a step of the Identity Verification flow. The step is indicated by
view_name.IDENTITY_VERIFICATIONThe user has reached the pending review state.
IDENTITY_VERIFICATIONThe user has started a new Identity Verification session.
IDENTITY_VERIFICATIONThe user has resumed an existing Identity Verification session.
IDENTITY_VERIFICATIONThe user has successfully completed their Identity Verification session.
IDENTITY_VERIFICATIONThe user has failed their Identity Verification session.
IDENTITY_VERIFICATIONThe user has completed their Identity Verification session, which is now in a pending review state.
IDENTITY_VERIFICATIONThe user has opened the UI of their Identity Verification session.
IDENTITY_VERIFICATIONThe user has resumed the UI of their Identity Verification session.
IDENTITY_VERIFICATIONThe user has closed the UI of their Identity Verification session.
MATCHED_SELECTThe user selected an institution that was presented as a matched institution. This event can be emitted either during the Returning User Experience flow or if the institution's
routing_number was provided when calling /link/token/create. To distinguish between the two scenarios, see metadata.match_reason.MATCHED_SELECT_VERIFYThe user selected a verification method for a matched institution. This event is emitted during the Returning User Experience flow.
OPENThe user has opened Link.
OPEN_MY_PLAIDThe user has opened my.plaid.com. This event is only sent when Link is initialized with Assets as a product
OPEN_OAUTHThe user has navigated to a third-party website or mobile app in order to complete the OAuth login flow.
SEARCH_INSTITUTIONThe user has searched for an institution.
SELECT_AUTH_TYPEThe user has chosen whether to Link instantly or manually (i.e., with micro-deposits). This event emits the
selection metadata to indicate the user's selection.SELECT_BRANDThe user selected a brand, e.g. Bank of America. The
SELECT_BRAND event is only emitted for large financial institutions with multiple online banking portals.SELECT_DEGRADEDThe user selected an institution with a
DEGRADED health status and was shown a corresponding message.SELECT_DOWNThe user selected an institution with a
DOWN health status and was shown a corresponding message.SELECT_FILTEREDThe user selected an institution Plaid does not support all requested products for and was shown a corresponding message.
SELECT_INSTITUTIONThe user selected an institution.
SKIP_SUBMIT_PHONEThe user has opted to not provide their phone number to Plaid. This event is only emitted in the Link Remember Me flow.
SUBMIT_ACCOUNT_NUMBERThe user has submitted an account number. This event emits the
account_number_mask metadata to indicate the mask of the account number the user provided.SUBMIT_CREDENTIALSThe user has submitted credentials.
SUBMIT_DOCUMENTSThe user is being prompted to submit documents for an Income verification flow.
SUBMIT_DOCUMENTS_ERRORThe user encountered an error when submitting documents for an Income verification flow.
SUBMIT_DOCUMENTSThe user has successfully submitted documents for an Income verification flow.
SUBMIT_MFAThe user has submitted MFA.
SUBMIT_PHONEThe user has submitted their phone number. This event is only emitted in the Link Remember Me flow.
SUBMIT_ROUTING_NUMBERThe user has submitted a routing number. This event emits the
routing_number metadata to indicate user's routing number.TRANSITION_VIEWThe
TRANSITION_VIEW event indicates that the user has moved from one view to the next.VERIFY_PHONEThe user has successfully verified their phone number using OTP. This event is only emitted in the Link Remember Me flow.
VIEW_DATA_TYPESThe user has viewed data types on the data transparency consent pane.
metadataobject
An object containing information about the event.
account_number_masknullablestring
The account number mask extracted from the user-provided account number. If the user-inputted account number is four digits long,
account_number_mask is empty. Emitted by SUBMIT_ACCOUNT_NUMBER.error_typenullablestring
The error type that the user encountered. Emitted by:
ERROR, EXIT.error_codenullablestring
The error code that the user encountered. Emitted by
ERROR, EXIT.error_messagenullablestring
The error message that the user encountered. Emitted by:
ERROR, EXIT.exit_statusnullablestring
The status key indicates the point at which the user exited the Link flow. Emitted by:
EXITinstitution_idnullablestring
The ID of the selected institution. Emitted by: all events.
institution_namenullablestring
The name of the selected institution. Emitted by: all events.
institution_searchnullablestring
The query used to search for institutions. Emitted by:
SEARCH_INSTITUTION.is_update_modenullablestring
Indicates if the current Link session is an update mode session. Emitted by:
OPEN.match_reasonnullablestring
The reason this institution was matched.
This will be either
returning_user or routing_number if emitted by: MATCHED_SELECT_INSTITUTION.
Otherwise, this will be SAVED_INSTITUTION or AUTO_SELECT_SAVED_INSTITUTION if emitted by: SELECT_INSTITUTION.routing_numbernullablestring
The routing number submitted by user at the micro-deposits routing number pane. Emitted by
SUBMIT_ROUTING_NUMBER.mfa_typenullablestring
If set, the user has encountered one of the following MFA types:
code, device, questions, selections. Emitted by: SUBMIT_MFA and TRANSITION_VIEW when view_name is MFAview_namenullablestring
The name of the view that is being transitioned to. Emitted by:
TRANSITION_VIEW.ACCEPT_TOSThe view showing Terms of Service in the identity verification flow.
CONNECTEDThe user has connected their account.
CONSENTWe ask the user to consent to the privacy policy.
CREDENTIALAsking the user for their account credentials.
DATA_TRANSPARENCYWe disclose the data types being shared.
DATA_TRANSPARENCYWe ask the user to consent to the privacy policy and disclose data types being shared.
DOCUMENTARYThe view requesting document verification in the identity verification flow (configured via "Fallback Settings" in the "Rulesets" section of the template editor).
ERRORAn error has occurred.
EXITConfirming if the user wishes to close Link.
KYC_CHECKThe view representing the "know your customer" step in the identity verification flow.
LOADINGLink is making a request to our servers.
MATCHED_CONSENTWe ask the matched user to consent to the privacy policy and SMS terms.
MATCHED_CREDENTIALWe ask the matched user for their account credentials to a matched institution.
MATCHED_MFAWe ask the matched user for MFA authentication to verify their identity.
MFAThe user is asked by the institution for additional MFA authentication.
NUMBERSThe user is asked to insert their account and routing numbers.
OAUTHThe user is informed they will authenticate with the financial institution via OAuth.
RECAPTCHAThe user was presented with a Google reCAPTCHA to verify they are human.
RISK_CHECKThe risk check step in the identity verification flow (configured via "Risk Rules" in the "Rulesets" section of the template editor).
SCREENINGThe watchlist screening step in the identity verification flow.
SELECT_ACCOUNTWe ask the user to choose an account.
SELECT_AUTH_TYPEThe user is asked to choose whether to Link instantly or manually (i.e., with micro-deposits).
SELECT_BRANDThe user is asked to select a brand, e.g. Bank of America. The brand selection interface occurs before the institution select pane and is only provided for large financial institutions with multiple online banking portals.
SELECT_INSTITUTIONWe ask the user to choose their institution.
SELECT_SAVED_ACCOUNTThe user is asked to select their saved accounts and/or new accounts for linking in the Link Remember Me flow.
SELECT_SAVEDThe user is asked to pick a saved institution or link a new one in the Link Remember Me flow.
SELFIE_CHECKThe view in the identity verification flow which uses the camera to confirm there is real user that matches their ID documents.
SUBMIT_PHONEThe user is asked for their phone number in the Link Remember Me flow.
UPLOAD_DOCUMENTSThe user is asked to upload documents (for Income verification).
VERIFY_PHONEThe user is asked to verify their phone OTP in the Link Remember Me flow.
VERIFY_SMSThe SMS verification step in the identity verification flow.
request_idstring
The request ID for the last request made by Link. This can be shared with Plaid Support to expedite investigation. Emitted by: all events.
link_session_idstring
The
link_session_id is a unique identifier for a single session of Link. It's always available and will stay constant throughout the flow. Emitted by: all events.timestampstring
An ISO 8601 representation of when the event occurred. For example
2017-09-14T14:42:19.350Z. Emitted by: all events.selectionnullablestring
Either the verification method for a matched institution selected by the user or the Auth Type Select flow type selected by the user. If
selection is used to describe selected verification method, then possible values are phoneotp or password; if selection is used to describe the selected Auth Type Select flow, then possible values are flow_type_manual or flow_type_instant. Emitted by: MATCHED_SELECT_VERIFY_METHOD and SELECT_AUTH_TYPE.1import {2 PlaidLinkOnEvent,3 PlaidLinkOnEventMetadata,4 PlaidLinkStableEvent,5} from 'react-plaid-link';67const onEvent = useCallback<PlaidLinkOnEvent>(8 (9 eventName: PlaidLinkStableEvent | string,10 metadata: PlaidLinkOnEventMetadata,11 ) => {12 // log eventName and metadata13 },14 [],15);1{2 error_type: 'ITEM_ERROR',3 error_code: 'INVALID_CREDENTIALS',4 error_message: 'the credentials were not correct',5 exit_status: null,6 institution_id: 'ins_4',7 institution_name: 'Wells Fargo',8 institution_search_query: 'wellsf',9 mfa_type: null,10 view_name: 'ERROR'11 request_id: 'm8MDnv9okwxFNBV',12 link_session_id: '30571e9b-d6c6-42ee-a7cf-c34768a8f62d',13 timestamp: '2017-09-14T14:42:19.350Z',14 selection: null,15}open()
Calling open will display the Consent Pane view to your user, starting the Link flow. Once open is called, you will begin receiving events via the onEvent callback.
1const { open, exit, ready } = usePlaidLink(config);23// Open Link4if (ready) {5 open();6}exit()
The exit function allows you to programmatically close Link. Calling exit will trigger either the onExit or onSuccess callbacks.
The exit function takes a single, optional argument, a configuration Object.
forceboolean
If
true, Link will exit immediately. If false, or the option is not provided, an exit confirmation screen may be presented to the user.1const { open, exit, ready } = usePlaidLink(config);23// Graceful exit - Link may display a confirmation screen4// depending on how far the user is in the flow5exit();1const { open, exit, ready } = usePlaidLink(config);23// Force exit - Link exits immediately4exit({ force: true });destroy()
The destroy function allows you to destroy the Link handler instance, properly removing any DOM artifacts that were created by it. Use destroy() when creating new replacement Link handler instances in the onExit callback.
1// On unmount usePlaidLink hook automatically destroys any2// existing link instanceOAuth
Using Plaid Link with an OAuth flow requires some additional setup instructions. For details, see the OAuth Guide.
Supported browsers
Plaid officially supports Link on the latest versions of Chrome, Firefox, Safari, and Edge. Browsers are supported on Windows, Mac, Linux, iOS, and Android. Previous browser versions are also supported, as long as they are actively maintained; Plaid does not support browser versions that are no longer receiving patch updates, or that have been assigned official end of life (EOL) or end of support (EOS) status.
Ad-blocking software is not officially supported with Link web, and some ad-blockers have known to cause conflicts with Link.
Example code in Plaid Pattern
For a real-life example of using Plaid Link for React, see LaunchLink.tsx. This file illustrates the code for implementation of Plaid Link for React for the Node-based Plaid Pattern sample app.